PERSONAL DATA PROCESSING / COOKIE
Data Controller Cargo Start Srl Via Ofanto, 18 - 00195 - Rome VAT/C.F. 15382341004 Holder’s e-mail address: [email protected]
Cargo Start Srl (hereinafter only “Data Controller”), in its capacity as a data controller under the Italian legislation applicable pro tempore on the protection of personal data and EU Regulation 679/2016 -General Data Protection Regulation (“GDPR”)- protects the confidentiality of Personal Data and ensures appropriate and adequate technical and organizational measures taking into account the nature, scope, context, and purpose of the processing, as well as the risk to the rights and freedoms of natural persons. Identity of the data controller and contact details: Cargo Start Srl, with Headquarters in Rome Via Ofanto, 18 - ZIP code 00195, e-mail: [email protected], website: https://www.startracking.aero/ Phone: +39 06 87817387. Before communicating any personal data, the Data Controller invites you to read this document carefully, as it contains essential information on the protection of your data and on the security measures adopted to guarantee their confidentiality in full compliance with the applicable legislation. This Privacy Policy also: • is intended only for the website https://www.startracking.aero/ (“Website”) and does not apply to other websites that may be consulted through external links; • is to be understood as information provided under art. 13 of the regulations applicable to those who interact with the website; • complies with Recommendation 2/2001 on minimum requirements for online data collection in the European Union, adopted on 17 May 2001 by the Article 29 Working Party.
Owner
In light of applicable regulations, the Data Controller of the Site is Cargo Start Srl as defined above.
Personal data subject to processing
“Personal Data” means any information concerning an identified or identifiable natural person with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more characteristic elements of his or her physical, physiological, mental, economic, cultural, or social identity. The personal data collected by the Website are as follows:
Navigation data
The website’s computer systems collect some personal data whose transmission is implicit in Internet communication protocols. However, the data collected do not allow the identification of the interested party, as they are aggregated data for statistical purposes only and analysis of visits (geographical location, type of device from which it is accessed, time spent on individual pages, etc.). In no case will this data be crossed with other data to identify individual users.
Data provided voluntarily
Through the Website, you have the opportunity to voluntarily provide personal data such as name, e-mail address, or cell phone number to subscribe to the newsletter service, to contact the Owner through the “Contact” form. The Owner will process these data in compliance with the applicable legislation, assuming that they refer to you or to third parties who have expressly authorized you to provide them based on a suitable legal basis that legitimizes the data processing in question. Concerning these assumptions, you act as an autonomous data controller, assuming all the obligations and responsibilities of law. In this sense, confer on the point the widest indemnity concerning any dispute, claim, request for compensation for damages from treatment, etc., that the owner may receive from third parties whose personal data have been processed through your use of the Site in violation of applicable law.
Cookies and related technologies
The Controller collects personal data through cookies. More information on the use of cookies and related technologies is available in the document.
Purpose, legal basis, or mandatory or optional nature of the processing
The Data Controller will process your data for the following purposes:
- use of personal data and contact details, both with traditional and electronic methods of communication carried out for communications, e.g., execution of the contract, sending newsletters about the activities of the Data Controller
- purposes of statistical research/analysis on aggregated or anonymous data, without therefore the possibility of identifying the user, aimed at measuring the functioning of the Website, measuring the traffic, and assessing usability and interest;
- purposes relating to the fulfillment of a legal obligation to which the Data Controller is subject;
- purposes necessary to ascertain, exercise, or defend a right in court or whenever judicial authorities exercise their judicial functions. The legal basis for processing personal data for the purposes described in point 1 may be the consent expressed by the interested party. The purpose at point 2. does not imply the processing of personal data, while the purposes at points 3. and 4. represent legitimate processing of personal data according to the applicable legislation since, once the personal data has been provided, the processing is indeed necessary to fulfill a legal obligation to which the Data Controller is subject or to exercise its right of defense in court. Providing your data for the purposes listed above is optional, but failure to provide them may make it impossible for us to respond to your request or fulfill a legal obligation to which the Data Controller may be subject.
Recipients
In addition to the subjects already mentioned in the description of the purposes of the treatment, Personal data may be communicated to the following categories of natural or legal persons, as subjects involved in the treatment, or as subjects whose knowledge of the data is required for the pursuit of the purposes indicated, or as Authorities to the motivated requests to which an answer is required. These subjects will treat the data in their quality of autonomous holders of the treatment:
- subjects necessary for the provision of services offered by the Website including, by way of example, the sending of e-mails and the analysis of the functioning of the Website who typically act as Data Processors of the Data Controller;
- persons authorized by the Data Controller to process personal data which are committed to confidentiality or have an appropriate legal obligation of confidentiality (e.g., employees of the Data Controller);
- judicial authorities in the exercise of their functions when required by applicable law.
Method and place of processing of collected data
The processing and storage in printed paper, computer, and telematic archives may take place at the operating headquarters of the Data Controller or in any other place where the parties involved in the processing are located. Data processed with the help of platforms, virtual spaces, or applications developed, for example, by suppliers operating on an international scale (e.g., Google, Microsoft, Dropbox) or suppliers operating, however, outside the Italian Republic, may also be stored at the offices of the latter, even outside the territory of the European Union. Where it is necessary or appropriate to transfer the data to subjects located in a third country or an international organization, such transfers will be made:
- In compliance with adequacy decisions;
- In compliance with applicable adequate safeguards;
- In compliance with binding corporate rules, if any. In any case, such transfers may be made only if it is ensured that the Data Subject has enforceable rights and effective legal remedies.
Storage Period
Data is processed and stored for the time required by the purposes for which it was collected. Therefore: Personal Data will be retained as long as necessary concerning the legitimate purposes for which they were collected unless a willingness to remove them is expressed. In this case, it is subject to the needs of the Data Controller about those data whose processing or storage is required by legal obligations or specific interests, or cases in which the removal of content is not possible or involves a disproportionate effort for the Data Controller. In particular, the maximum retention time is identified with the following criteria
- The actual time limit for performance of the contract with the customer;
- Term of the period within which it may be necessary for the Data Controller to comply with a legal obligation;
- End of the period within which the Controller may pursue its legitimate interest. It is in any case without prejudice to the obligation of the data controller to provide information to the interested party in case of request.
Personal Data Processing Details
Collection, processing, and use of personal data
Personal information is any information about identities, such as the user’s name, address, e-mail address, or telephone number. This data will only be saved if you provide it to Cargo Start Srl in cases such as subscribing to the newsletter or requesting a demo. We collect, process, and use this data following the EU General Data Protection Regulation (EU-GDPR) provisions. We take state-of-the-art technical and organizational measures pursuant to Art. 32 para. 1 GDPR in order to protect your data from unauthorized access by third parties. In addition, your data is protected against accidental or intentional manipulation, loss, and destruction. The security measures are regularly reviewed and improved in line with technological progress.
Collection and processing of access data
When you visit our Web pages and download files, we collect access information (IP address, date and time, URL of the Web page being accessed, browser type, operating system, amount of data uploaded, and transfer status) about these actions on the Web server. Your web browser automatically transmits this information to the webserver. This data is partly personal. However, we cannot match it to a person, and we will not use it for any purpose other than related to our legitimate interest (Art. 6 _1f GDPR) for the operational security of this website, geolocation (see the next section), for statistical purposes and to provide necessary information to law enforcement in case of cyberattacks. The data will be deleted after 30 days.
Use of cookies
What “cookies” are and what they are used for Cookies are information (small strings of text) placed on the user’s browser when a website is visited. They carry out different and essential functions within the network, connected, for example, to the correct use of the website and its functions, monitoring sessions or pages consulted, memorizing information on specific configurations regarding users who access and memorizing preferences. Depending on their characteristics and functions, diverse types of cookies may persist on your device for different periods: the so-called session cookies, which are automatically deleted when you close the browser, and the so-called persistent cookies, which remain on your device until a predetermined time. In line with applicable law, your prior consent for the use of cookies is not always required. In particular, such consent is not required for “technical cookies,” e.g., those used for the sole purpose of carrying a communication through an electronic communication network or strictly necessary to provide a service expressly requested by the user. In other words, cookies are indispensable for the operation of a site. Instead, your prior consent is required for non-anonymized “analytical” cookies and for profiling cookies, e.g., those that provide statistical analysis on the use of a website or create user profiles to send them advertising messages in line with the preferences they have expressed while browsing.
Types of cookies used by the Website and how to de-select them
As you browse the Website, you will receive the following cookies: Technical cookies Cookies for the installation of which no consent is required from the user. Technical cookies are divided into:
- Navigation or session cookies: fundamental to allow the user to move normally within our Website.
- Since they are not memorized on the user’s computer, they disappear when the browser is closed;
- Functionality cookies: only aimed at improving and speeding up navigation on the Website by storing certain choices made by the user during the first or subsequent accesses to the Website;
- Analytical cookies: used by the operator of the website to collect information about users who visit the website;
- Social Cookies: used to enable interaction with social networks.
Third-party cookies
This refers to cookies from third-party websites or servers that are different from the cookies used by this website. Please note that these third parties, listed below with the corresponding links to their privacy policies and opt-out mechanisms, process your Personal Data as data controllers. These third parties have signed data processing agreements with the site operator, and the cookies have been anonymized by masking IP addresses. The third-party cookies are:
- Google Analytics (with anonymous function) This website uses the service “Google Analytics” to analyze the use of the website by users. The service uses “cookies,” meaning text files stored on your device, from Google itself (Google Analytics cookies) and so-called third-party cookies (DoubleClick cookies). The information collected by the cookie is usually transmitted to and stored by Google, Inc. on servers in the United States. You can prevent the storage of cookies on your device by activating the appropriate settings in your browser. There is no guarantee that you will be able to access all features of this website without restrictions if your browser does not allow cookies. In addition, you may use a browser plugin to prevent the information collected by cookies (including your IP address) from being sent to and used by Google, Inc. Google Analytics is operated by: Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, https://www.google.com. The data processing is in our legitimate interest based on Art. 6 para. 1 f GDPR. The legitimate interest arises from the targeted monitoring of our website.
- Social plugins On this website, plugins of the social networks Twitter, LinkedIn are used, with which users can comment, forward, and share individual contributions in these social networks. These social plugins are equipped with a script, which connects with the corresponding social network only when you click on the link/button. Therefore, no IP addresses and other browser behaviors are transmitted to the services when visiting our web pages. This will allow you to decide whether you want to share information on social networks and whether data will be transmitted to these services. If you are not yet signed into the corresponding social network, you will first be asked to sign in. Then you can share our content in a separate browser window. We have no knowledge or influence on the further potential use of your data by these social networks. Please note the privacy policies of the respective services. a. Twitter Twitter is operated by: Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA Website: https://www.twitter.com Privacy: https://twitter.com/en/privacy
b. LinkedIn LinkedIn is managed by: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland Website: https://www.linkedin.com Privacy: http://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
Cryptography
Your data will only be transmitted encrypted. This website uses state-of-the-art encryption at least 128-bit. Your IP address will also be encrypted as part of the message transfers. Excluded from this is the transfer of your IP address by your web browser to access this website.
Data protection in e-mails
Our e-mail servers offer so-called opportunistic encryption. Encryption is only guaranteed on the transmission path if all systems involved allow e-mail encryption. Therefore, it is not within the sphere of influence of Cargo Start whether the content of a message is encrypted. We hereby point out that if you use e-mail communication with us, your message can be read and changed unauthorized and unnoticed on the transmission path. We also use security software to reject the message or filter it according to criteria (antivirus and SPAM filters).
Newsletter
Purpose of the newsletter
Our newsletter provides interested parties with information about our company, products, news, and events. We use the Mailup tool.
Technical procedures and stored data
If you would like to subscribe to our newsletter, we need your company e-mail address and the personal data requested in the form. You will receive an automated e-mail with a link, through which you confirm that you are the owner of the e-mail address provided and that you agree to receive the newsletter (double opt-in procedure). We will hereby save your IP address and the date and time of your subscription. This data is only collected to send you the newsletter and to document our permission to do so. Subscriptions to the newsletter and your consent to store your e-mail address can be deleted at any time for future use, or you can unsubscribe from the newsletter (opt-out procedure).
Data Retention
The e-mail newsletter (MailUp) is managed by: Growens S.p.A., with registered office in Via Pola 9, 20124 Milan (Italy), (“MailUp”)
Consent
You consent to the storage of your data in the provider’s area of responsibility below, as well as the monitoring of the newsletter, by subscribing to our newsletter. Your data will be processed exclusively for the above-mentioned purposes and will not be passed on to third parties. Unsubscribing from the newsletter is automatically considered revocation, and your data will be deleted from the systems.
Your rights
To ensure the correct and transparent treatment of personal data, the data controller guarantees the interested party the right to exercise the following rights after communication to the above-mentioned addresses and the extent permitted by law:
- The right to obtain confirmation of the existence or not of personal data concerning him, even if not yet recorded, and their communication in intelligible form;
- The right of the data subject to request from the data controller access to the personal data concerning him/her;
- The right to obtain from the data controller the rectification of inaccurate personal data concerning him without undue delay;
- The right to obtain from the data controller the deletion of personal data concerning him without undue delay, if they are no longer necessary for processing or if this is assumed to be unlawful, provided that the conditions provided for by law and in any case unless the treatment is not justified by another reason equally legitimate;
- The right to obtain from the data controller, where its accuracy is contested, the limitation of the same for the period necessary for the data controller to carry out the appropriate checks;
- The right to receive in a structured, commonly used, and machine-readable format the personal data concerning him/her and the right to transmit such data to another Data Controller without impediment from the Data Controller to whom he/she has provided them, in the cases provided for by Article 20 of the GDPR, and the right to obtain the direct transmission of personal data from one Data Controller to another, if technically feasible and involving a not disproportionate effort;
- The right to revoke consent to the processing of one’s data previously given, [where the processing is based on Article 6(1)(a) or Article 9(2)(a)] at any time without affecting the lawfulness of the processing based on the consent given prior to the revocation and except where the processing is lawful on other legal grounds or conditions;
- The right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her under Article 6(1)(e) or (f), including profiling based on those provisions. In this case, the Data Controller shall refrain from further processing the personal data unless it demonstrates the existence of legitimate grounds for processing that override the interests, rights, and freedoms of the Data Subject, or the need to continue processing in order to allow the establishment, exercise, or defense of a legal claim.
- The right to lodge a complaint with a Control Authority, whose contact details can be found for Italy at the website www.garanteprivacy.it.
Changes
This information is drafted in adherence to the indications of the GDPR. A time-to-time updated version is made available on the website of the Data Controller.
This is the Privacy Policy of www.startracking.aero
Cargo Start Srl Via Ofanto, 18 - 00198 Rome - Italy E-mail: [email protected] Phone: +39 06 87817387 If you have any questions about this privacy policy, please feel free to contact us directly by mail or e-mail