Dear User,,

Thank you for visiting the official website of SPEEDNETWEB S.r.l.

This privacy notice is provided in accordance with Article 13 of Regulation (EU) 2016/679 (“GDPR”) and the applicable national legislation on personal data protection, with reference to the processing of personal data of users who browse and interact with the website www.speednetweb.it.

Data Controller

SPEEDNETWEB S.r.l.

Piazza Castello, 6 – 82019 Sant’Agata de’ Goti (BN)

P.IVA 01674590623

PEC: speednetweb@pec.it

The Data Controller can be contacted using the details provided above.

Fundamental Principles

The Privacy Policy and Standards adopted by SPEEDNETWEB S.r.l. for the protection of personal data are consistent with the principles established by Regulation (EU) 2016/679 (“GDPR”) and the applicable national legislation, according to which personal data are:

1. processed lawfully, fairly, and transparently in relation to the data subject (“lawfulness, fairness, and transparency”); at the time of any data provision, the data subject is provided with clear, complete information in accordance with Article 13 of the GDPR;
2. collected for specific, explicit, and legitimate purposes and subsequently processed in a way that is not incompatible with those purposes; the purposes of processing are communicated to the data subjects at the time of collection. Any further processing, if not compatible with the original purposes, is preceded by appropriate information and, where necessary, by a request for consent. Personal data may be disclosed to third parties as required by applicable law or if necessary for the fulfillment of contractual or legal obligations;
3. adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);
4. accurate and, where necessary, kept up to date; all reasonable measures are adopted to ensure that inaccurate data are promptly deleted or rectified. Data are organized and stored in a way that allows the data subject to exercise their rights under Articles 15 and following of the GDPR (access, rectification, deletion, restriction, portability, objection, withdrawal of consent, complaint to the supervisory authority);
5. stored in a form that allows identification of the data subjects for no longer than is necessary to achieve the purposes for which they are processed (“storage limitation”), except where otherwise required by law;
6. processed in a manner that ensures appropriate security of personal data, through adequate technical and organizational measures pursuant to Article 32 of the GDPR, aimed at preventing destruction or loss, whether accidental, unauthorized access, or processing not permitted or not in accordance with the purposes of collection.

These measures are periodically updated in relation to technological progress, the nature of the data being processed, and the risks associated with processing, and they are subject to ongoing verification over time.

Third parties that provide support for the delivery of the requested services and process personal data on behalf of SPEEDNETWEB are designated as Data Processors pursuant to Article 28 of the GDPR and are contractually bound to comply with appropriate security and confidentiality standards. The updated list of Data Processors can be requested from the Data Controller.

SPEEDNETWEB is not responsible for the privacy policies or data management practices adopted by third-party websites that may be accessible via links on this site, nor for the content or data processing activities carried out by external services such as email, web hosting, or forums not directly managed by the Data Controller.

Processing related to the web services offered through this site takes place at the Data Controller’s premises and, where necessary, at the premises of external Data Processors. Processing is carried out by authorized personnel who have been trained in accordance with Article 29 of the GDPR and Article 2-quaterdecies of Legislative Decree 196/2003, for purposes related to the management of requested services, administrative and technical activities, and, where consent is provided, marketing activities.

Scope of data communication

The personal data provided may be disclosed to third parties solely within the limits and for the purposes strictly related to the provision of the requested services, in compliance with the applicable data protection legislation.

In particular, personal data may be disclosed::

1. to comply with legal obligations, regulations, or European Union legislation;
2. in response to orders or requests issued by authorized public authorities, judicial authorities, or supervisory bodies;
3. for the establishment, exercise, or defense of legal claims in judicial proceedings;
4. to third-party service providers involved in activities strictly related and instrumental to the delivery of services or the supply of requested products (including, by way of example, IT service providers, hosting providers, network infrastructure management providers, administrative service providers, and technical or legal consultants).

These parties operate, depending on the case:

1. as Data Processors, appointed in accordance with Article 28 of the GDPR;
2. or as independent Data Controllers, if they independently determine the purposes and means of processing.

The disclosure of data to the parties mentioned above is necessary for the proper execution of the contractual relationship or to comply with legal obligations; without such disclosure, certain services or provisions may not be delivered.

Personal data will not be made public, except in cases expressly provided for by law or when strictly necessary for the nature of the requested service.

If the disclosure involves the transfer of data to countries outside the European Union, such transfer will be carried out in compliance with Articles 44 et seq. of the GDPR and the guarantees provided under applicable law.

Data Voluntarily Provided by the User

The types of personal data collected and processed through this website are limited to those necessary for the provision of the services requested by the user.

Data voluntarily provided by the user are processed both on paper and electronically, using automated and online tools, in a manner strictly related to the purposes for which they are collected.

Providing data marked as mandatory is necessary to allow the Data Controller to deliver the requested services; without such data, these services cannot be provided.

The legal bases for processing are:

1. the performance of a contract or pre-contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR);
2. the compliance with legal obligations to which the Data Controller is subject (Art. 6(1)(c) GDPR);
3. the consent of the data subject, where required by applicable law (Art. 6(1)(a) GDPR);
4. the legitimate interest of the Data Controller to respond to unsolicited user requests and to ensure the security of systems (Art. 6(1)(f) GDPR).

The voluntary sending of emails to the addresses provided on the website involves the collection of the sender’s email address and any other personal data contained in the message. These data will be used solely to respond to the received request or to provide the requested service.

If data are processed for additional purposes, such as sending promotional or informational communications, this will occur only with the explicit consent of the data subject, where required by applicable law.

Browsing Data

The IT systems and software procedures supporting the operation of the website automatically collect certain personal data during their normal operation, the transmission of which is implicit in the use of Internet communication protocols.

These are information types that are not collected to be associated with identified individuals; however, due to their nature, they could, through processing and potential associations with data held by third parties (for example, the user’s internet service provider), allow the identification of users.

Examples of such data include IP addresses or domain names of the devices used by users connecting to the site, the URL (Uniform Resource Locator) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the server’s response status (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.

These data are processed to ensure the proper technical functioning of the website and the delivery of the requested services, protect the security of networks and IT systems, prevent unauthorized access or illegal use, perform statistical analyses in aggregated and anonymized form, comply with any legal obligations, and establish potential liability in the event of cybercrimes.

The processing of browsing data is based on the legitimate interest of the Data Controller to ensure the security, integrity, and proper functioning of the website and its IT systems (Art. 6(1)(f) GDPR), as well as, where applicable, to fulfill legal obligations (Art. 6(1)(c) GDPR), including those related to network and electronic communications security.

Browsing data and related system logs are retained for a limited period, proportionate to the purposes for which they are processed, in accordance with the storage limitation principle under Art. 5 GDPR. Upon request by judicial authorities or other legally authorized entities, data may be provided within the limits established by applicable law.

Providing browsing data is necessary to enable website navigation and the provision of the requested web services.

Retention Period

Personal data collected are retained for no longer than necessary to achieve the purposes for which they are processed, in accordance with the storage limitation principle under Article 5 of Regulation (EU) 2016/679 (GDPR), except where different legal obligations or the protection of the Data Controller’s rights require otherwise.

The criteria for determining the retention period take into account the duration of the contractual relationship, applicable fiscal, administrative, and regulatory obligations, as well as statutory limitation periods provided by law.

The usefulness of the data in relation to the purposes for which they were collected is periodically verified through control and update procedures.

Except as specified for browsing data, the user is free to provide or withhold the personal data requested in the forms on the website.

Some data may be marked as mandatory because they are necessary for the provision of the requested service or for compliance with contractual or legal obligations. Failure to provide such data may result in the impossibility of delivering the requested service.

At the time of providing personal data, the data subject is given a privacy notice in accordance with Article 13 of the GDPR, containing clear and complete information regarding:

1. the purposes and methods of processing;
2. the legal basis for processing;
3. whether the provision of data is mandatory or optional;
4. the consequences of any refusal to provide data;
5. the recipients or categories of recipients to whom the data may be disclosed;
6. any transfer to third countries;
7. the criteria for determining the retention period;
8. the rights recognized under Articles 15 and following of the GDPR (access, rectification, erasure, restriction, portability, objection, withdrawal of consent, complaint to the supervisory authority);
9. the identity and contact details of the Data Controller and, if appointed, the Data Protection Officer (DPO).

The data subject’s consent is required only in cases provided for by applicable law and is obtained in a free, specific, informed, and documented manner.

If the provision of personal data occurs in subsequent stages or for purposes not compatible with those originally stated, an additional privacy notice will be provided and, where necessary, new consent will be requested.

Security Measures Adopted to Protect Collected Data

SPEEDNETWEB S.r.l. implements technical and organizational measures in accordance with Article 32 of Regulation (EU) 2016/679 (GDPR) to protect personal data from unauthorized access, improper disclosure, alteration, destruction, or accidental loss, as well as from processing that is not permitted or not in line with the purposes for which the data were collected.

The security measures in place include perimeter protection systems and firewalls, encryption and secure authentication protocols, access control systems, backup and disaster recovery procedures, monitoring and protection of network infrastructures, and periodic updates of IT systems and security measures.

These measures are continuously updated in relation to technological progress, the nature of the data processed, the context of processing, and the risks to the rights and freedoms of individuals.

Data processing is carried out by authorized personnel who are adequately trained in accordance with Article 29 of the GDPR and Article 2‑quaterdecies of the Italian Legislative Decree. 196/2003.

The data subject has the right, at any time, to: obtain confirmation of the existence of personal data concerning them; access their personal data; correct inaccurate data or complete incomplete data; request the deletion of data in the cases provided for by Article 17 GDPR; request the restriction of processing in the cases provided for by Article 18 GDPR; receive their data in a portable format under Article 20 GDPR; object to processing under Article 21 GDPR.

If processing is based on consent, the data subject also has the right to withdraw consent at any time, with the same ease with which it was given, without affecting the lawfulness of processing carried out prior to the withdrawal.

The right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) remains unaffected.