Privacy Policy

This policy is drafted pursuant to and for the purposes of Art. 13 of EU General Data Protection Regulation 2016/679 (GDPR)

WHY ARE WE PROVIDING YOU WITH THIS INFORMATION?
Pursuant to Art. 13 of Regulation EU 679/2016 (hereinafter referred to as “Regulation”) this page describes how personal data is processed. This policy is drafted in compliance with the provisions of Art. 13 of EU Regulation 679/2016 - GDPR. This policy is not applicable to other websites of Third Parties that may be accessible via links on this website, for which no liability is accepted.

Processable personal data:

Personal data: means any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Data of contracting parties / users
Browsing data
The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. Such data include IP addresses or user computer and terminal domain names, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the answering file, the numerical code showing the status of the server answer (successful, error, etc.) and other parameters concerning the user’s operating system and IT environment.
Data submitted on a voluntary basis
The discretionary, explicit and voluntary sending of messages to the contact addresses on this website, as well as the completion of data collection forms involves the collection of the sender’s address, which is necessary to reply to requests, as well as the collection of any other personal data entered.

Information on the processing of personal data carried out through Social Media Platforms
With regard to the processing of personal data carried out by the social media platform managers used by the Data Controller, please refer to information provided by said managers in their Privacy Policies. The Data Controller processes the personal data provided by users through the pages of the dedicated social media platforms, in order to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation.

Specific Privacy Policies
Specific Privacy Policies may be available on the pages of this website in relation to particular services or processing of the data provided.

Cookies and other tracking technologies. What are they? What are they used for?
For Cookies and other tracking technologies see the Cookie Policy available in the footer of the website and at the following link.

1. WHO IS THE DATA CONTROLLER? HOW TO CONTACT THE DATA CONTROLLER?
Data Controller is OTAM S.R.L., with registered office in via Cibrario, 2 - 16154 Sestri Ponente (GE), represented by its pro tempore legal representative, who can be contacted for any information email at the following e-mail address matteo.belardinelli@otam.it

3. PURPOSE OF PROCESSING, LAWFULNESS OF PROCESSING, DATA RETENTION PERIOD AND NATURE OF DATA PROVISION

PURPOSE OF DATA PROCESSING	LAWFULNESS OF PROCESSING	DATA RETENTION PERIOD	NATURE OF DATA PROVISION
Navigation of this website. Data necessary for the enjoyment of the web services shall be processed, also with the purpose of obtaining statistical information on the use of said services (most popular pages, number of visitors per time slot or day, geographical areas of origin, etc.); monitoring the correct operation of the services offered. The data will be used to ascertain liability in the event of any computer offences against the website.	Data processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a Third Party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, having considered the reasonable expectations of the data subject and the activities strictly necessary for the website functionality and navigation. (Art. 6 par. 1 (f) and recital 47 GDPR) Information on the Data Balancing Test carried out can be obtained on request.	Browsing data will be stored for the duration of the browsing session, but no longer than thirty days (except in the event of checks required by the Judicial Authorities to ascertain possible offences).	Provision of personal data is necessary for browsing the website.
Use of cookies and similar technologies. Please refer to the Cookie Policy available in the footer of the website.	For cookies and similar technologies that are not necessary, the processing is based on consent to the processing of personal data (Art. 6 par. 1 (a) and recitals 42 and 43 GDPR) Consent is given through the cookie policy consent banner shown on the website.	Please refer to the Cookie Policy available in the footer of the website.	Please refer to the Cookie Policy available in the footer of the website.

In addition to navigation, personal data will also be processed for:

PURPOSE OF DATA PROCESSING	LAWFULNESS OF PROCESSING	DATA RETENTION PERIOD	NATURE OF DATA PROVISION
A) CONTACTS, sending contact requests and requests for information	A) CONTACTS, sending contact requests and requests for information Data processing is necessary for the management of a contract to which the data subject is party or for the management of pre-contractual measures taken at the data subject's request; (Recital 44 Art. 6 par. 1 (b) GDPR 12 months maximum The provision of personal data is necessary. Failure to provide the necessary personal data shall entail the impossibility to be contacted and receive information.	12 months maximum	The provision of personal data is necessary. Failure to provide the necessary personal data shall entail the impossibility to be contacted and receive information.
B) HANDLING OF YOUR REQUESTS and of requests from other data subjects, pursuant to Art. 15 et seq. GDPR (data subject’s rights)	Data processing is necessary for compliance with a legal obligation to which the controller is subject (Recital 45) Art. 6 par. 1 (c) GDPR	5 years after closing of the request, except in the event of litigation	Provision of personal data is mandatory as it is required for the fulfilment of all legal obligations.

4. TO WHICH RECIPIENTS OR CATEGORIES OF RECIPIENTS WILL PERSONAL DATA BE DISCLOSED? DATA RECIPIENTS
The Personal Data provided may be disclosed, depending also on the purposes envisaged in specific areas, to recipients, who shall process them in their capacity as Autonomous Data Controllers or Data Processors (Art. 28 GDPR) and/or as individuals (natural persons) operating under the authority of the Data Controller and Data Processors (Art. 29 GDPR) on the basis of specific instructions given on the purposes and methods of processing, for the relevant purposes based on the specific areas. More specifically, data may be transferred to recipients in the following categories:

To Entities/parties, that provide services for the management of the website and of the communication networks, including e-mail, host and website management (also Group companies, subsidiaries and affiliated companies);
To Entities/parties/companies with headquarters in Italy with which the Data Controller has signed business contracts with prior consent, where applicable;
Competent authorities who enforce the law and/or regulations by public bodies, upon request;

The list of the appointed Data Processors is constantly updated and is available upon request to be sent to the email address matteo.belardinelli@otam.it or by writing to the other contact details specified above.

5. WILL PERSONAL DATA BE TRANSFERRED TO COUNTRIES OUTSIDE THE EEA?
Personal data will not be transferred to countries outside the EEA. In particular, please note that the data will be stored in Italy for the purpose of hosting, management, development and maintenance of the website. All Third Parties to whom the data may be transferred are based in Italy.

6. IS THERE ANY AUTOMATED DATA PROCESSING?
Personal data will be subject to traditional manual, electronic and automated processing Please note that no fully automated decision-making processes are carried out.

7. WHAT ARE YOUR RIGHTS? HOW CAN YOU EXERCISE THEM?
You shall be able to exercise your rights under Articles 15 et seq. of the GDPR by contacting the Data Controller at the following e-mail address matteo.belardinelli@otam.it or at the above-mentioned contact details. You shall have the right to obtain, at any moment, from the Data Controller, access to Your personal data (Art. 15), their rectification (Art. 16) or erasure (Art. 17), as well as the restriction of their processing (Art. 18). The Data Controller shall inform (Art. 19) each of the recipients to whom the personal data have been transferred of any rectification or erasure or restriction of processing carried out. The Data Controller shall inform the Data Subject of these recipients if the Data Subject so requests. Where envisaged, You shall have the right to the portability of Your personal data (Art. 20), and if You so wish, the Data Controller shall provide You with the Personal Data concerning You in a structured, commonly used and machine-readable format. Moreover, You shall have the right to object (Art. 21) to the processing of Your personal data based on the legitimate interest at any time and, when processing is based on consent, You shall have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
in the event that the Data Subjects consider that the processing of their personal data carried out by the Data Controller is in breach of the provisions of Regulation (EU) 2016/679, they shall have the right to lodge a complaint with the Data Protection Authority of the Member State in which they are habitually resident or work, or of the place where the alleged violation took place (the Italian Data Protection and Privacy Authority is called Garante Privacy and can be contacted at https://www.garanteprivacy.it/), or to take appropriate legal action.

8. AMENDMENTS TO THE PRIVACY POLICY
The Data Controller reserves the right to amend, update, add or remove parts of this privacy policy at its sole discretion and at any time. In order to facilitate this review, the policy will contain an indication of the date on which the policy was updated.

Updated on: 26th July 2024

Name	Provider	Purpose	Expiry	Type
.ASPXANONYMOUS	Otam.it	Used to provide user data when authorising different applications on the website	69 days	HTTP
Gdpr.CookieConsents	Otam.it	Used to store that consent has been given by the user	1 year	HTTP
CONSENT	youtube.com	Used to detect whether the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for the GDPR compliance of the website.	2 years	HTTP

Name	Provider	Purpose	Expiry	Type
_ga	google.com	It registers only one ID used to generate statistical data on how the user uses the website.	2 years	HTTP
_gat	google.com	Used by Google Analytics to limit the frequency of requests.	1 day	HTTP
_gid	google.com	It registers only one ID used to generate statistical data on how the user uses the website.	1 day	HTTP

Name	Provider	Purpose	Expiry	Type
VISITOR_INFO1_LIVE	youtube.com	It tries to estimate the speed of the user's connection on pages with embedded YouTube videos	179 days	HTTP
YSC	youtube.com	It registers only one ID for statistics related to which YouTube videos have been viewed	Session	HTTP
ytidb::LAST_RESULT_ENTRY_KEY	youtube.com	It stores the preferences of the user's video player using the embedded YouTube video	Cookies with no fixed duration, and dependent on the user's choices. The user may deactivate it at any time by changing their preferences through the massive opt-out platforms of Network Alliance Initiative (https://optout.networkadvertising.org/), Digital Alliance Organization (https://optout.aboutads.info/) and Your Online Choices (https://www.youronlinechoices.com/).	HTML
yt-remote-cast-available	youtube.com	It stores the preferences of the user's video player using the embedded YouTube video	Session	HTML
yt-remote-cast-installed	youtube.com	It stores the preferences of the user's video player using the embedded YouTube video	179 days	HTML
yt-remote-connected-devices	youtube.com	It stores the preferences of the user's video player using the embedded YouTube video	Cookies with no fixed duration, and dependent on the user's choices. The user may deactivate it at any time by changing their preferences through the massive opt-out platforms of Network Alliance Initiative (https://optout.networkadvertising.org/), Digital Alliance Organization (https://optout.aboutads.info/) and Your Online Choices (https://www.youronlinechoices.com/).	HTML
yt-remote-device-id	youtube.com	It stores the preferences of the user's video player using the embedded YouTube video	Cookies with no fixed duration, and dependent on the user's choices. The user may deactivate it at any time by changing their preferences through the massive opt-out platforms of Network Alliance Initiative (https://optout.networkadvertising.org/), Digital Alliance Organization (https://optout.aboutads.info/) and Your Online Choices (https://www.youronlinechoices.com/).	HTML
yt-remote-fast-check-period	youtube.com	It stores the preferences of the user's video player using the embedded YouTube video	Session	HTML
yt-remote-session-app	youtube.com	It stores the preferences of the user's video player using the embedded YouTube video	Session	HTML
yt-remote-session-name	youtube.com	It stores the preferences of the user's video player using the embedded YouTube video	Session	HTML