PRIVACY POLICY

 

INFORMATION NOTICE PURSUANT TO ARTICLES 13-14 OF EU REGULATION NO. 2016/679 FOR THE PROCESSING OF PERSONAL DATA

Dear user, LEM S.r.l. hereby informs you that, pursuant to and for the purposes of Articles 13 and 14 of European Regulation No. 2016/679 GDPR, the data acquired and/or provided by you will be processed in compliance with the regulations referred to below.

ROLES

The Data Controller is: Guelfo Gubernari, Viale Regina Margherita, 140 Rome 00198 RM, lemsrl@lemsrl.eu

PURPOSE OF NON-MANDATORY PROCESSING

Processing of personal data for profiling purposes

With your free and optional consent (Article 6, paragraph 1, letter a) of the GDPR), which can be given by selecting the appropriate consent box on the website, LEM S.r.l. will process your personal data for profiling purposes, in order to send you personalised promotional communications consistent with your profile, to carry out statistical analyses and processing of your personal characteristics for ‘clustering’ activities, i.e. for the creation of ‘target groups’ for internal analysis and monitoring of market and consumption trends, for the creation of new user ‘clusters’ based on similar browsing habits and interests. If you do not consent to the processing of your personal data for profiling purposes, your ability to browse the website and benefit from its features will not be compromised in any way, nor will you suffer any other prejudicial consequences. In any case, you may freely and free of charge revoke your consent to the processing of your personal data for profiling purposes at any time by sending us a request in the appropriate contact section.

METHOD OF TREATMENT

The processing consists, for example, of the collection, recording, organisation, storage, retrieval, consultation, use, disclosure and erasure of personal data. It is carried out for the aforementioned purposes in accordance with the principles (pursuant to Article 5 of GDPR No. 2016/679) of lawfulness, fairness, transparency, data minimisation and accuracy. The data is processed by telephone, on paper, electronically and telematically. The processing is carried out using appropriate tools and technical and organisational measures to ensure security, integrity and confidentiality, avoiding in particular the risk of loss, unauthorised access, unlawful use and dissemination, in compliance with the provisions of Article 32 of GDPR No. 2016/679, by the subjects and in compliance with the provisions of Article 29 of GDPR No. 2016/679 and Article 2-quaterdecies of the Privacy Code.

NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL TO RESPOND

The provision of data for mandatory purposes does not require explicit consent. Without such data, we will not be able to provide our services. The provision of data for other purposes is optional and requires your explicit consent. If you do not give your consent, you will not be able to receive newsletters, information material or commercial communications regarding the services offered by the Data Controller or third-party companies. However, you will still have access to our services.
We only process your personal information when there is a legal basis for such processing. The legal bases include:

• Your consent to the processing activities in question
• Compliance with legal obligations that we are required to meet
• The implementation of rules laid down by laws or regulations, or by contracts, agreements or other legal instruments
• Studies conducted by research bodies, preferably on anonymised personal information
• The performance of a contract and related pre-contractual obligations, if you are party to such a contract
• The exercise of our rights in court, in administrative proceedings or in arbitration
• The defence or protection of your physical safety or that of a third party
• The protection of health, in the context of procedures implemented by entities or professionals in the healthcare sector
• Our legitimate interest, provided that your rights and fundamental freedoms do not override those interests
• Credit protection.

ACCESS TO DATA

Your data may be made accessible for the purposes set out below:

• To employees and collaborators of the Data Controller in their capacity as data processors and/or system administrators;
  To third-party companies or other entities (for example: professional firms, consultants, software houses that provide management systems, credit institutions, insurance companies, etc.) that perform outsourced activities on behalf of the Data Controller, in their capacity as external data processors.

Among the Personal Data collected by this Website, either independently or through third parties, are: Tracking Tools; Usage Data; name; email address; website; unique device identifiers for advertising (e.g. Google Advertiser ID or IDFA identifier); number of Users; city; device information; session statistics; browser information; answers to questions; clicks; keypress events; motion sensor events; mouse movements; scroll position; touch events.

DATA COMMUNICATION

The Data Controller may disclose your data to the Public Administration, Supervisory Bodies and/or Judicial Authorities, as well as to all other parties to whom disclosure is mandatory or necessary by law. Your data will not be disclosed.

TRANSFER OF DATA TO THIRD COUNTRIES

Your data has been transferred to an external data controller whose headquarters or data processing location is not located in a Member State of the European Union. Prior to the transfer, we ensured that the recipient guarantees an adequate level of data protection through an adequacy decision by the European Commission pursuant to Article 45 of the GDPR, through appropriate safeguards such as self-certification by the beneficiary pursuant to Article 45 of the GDPR, and through the conclusion of so-called EU standard contractual clauses with the data importer, pursuant to Article 46(2)(c) of the GDPR, or you have given your consent to such data transfer pursuant to Article 49(1)(a) of the GDPR.

CONSERVAZIONE DEI DATI

Your data may be made accessible for the purposes set out below:

DATA RETENTION

All personal data provided will be processed in accordance with the principles of lawfulness, fairness, relevance and proportionality, exclusively using the methods necessary, including IT and telematic methods, to pursue the purposes described above. Personal data will be stored for a period of 6 years following the last contact with the data subject or until the data subject requests its deletion. In this case, data related to the legitimate interest of the data controller or necessary for the fulfilment of legal obligations may still be retained. It should be noted that the information systems used to manage the information collected are configured, from the outset, to minimise the use of personal data.

RIGHTS OF THE DATA SUBJECT

As a data subject, you have the rights set out in Articles 15 et seq. and Article 77 of the GDPR, namely the rights to:

• Obtain confirmation from the data controller as to whether or not personal data concerning you are being processed and, if so, obtain access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; where the data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
• Obtain from the data controller the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement;
• Obtain from the data controller information relating to personal data concerning him or her without undue delay, if one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a), and where there is no other legal ground for the processing; the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2); the personal data have been unlawfully processed; the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• Obtain from the data controller the restriction of processing when one of the following applies: the data subject contests the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead that its use be restricted; although the data controller no longer needs it for processing purposes, the personal data is necessary for the data subject to establish, exercise or defend a right in court; the data subject has objected to the processing pursuant to Article 21(1), pending verification of whether the legitimate grounds of the data controller override those of the data subject;
• Receive personal data concerning him/her, which he/she has provided to a data controller, in a structured, commonly used and machine-readable format and transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, where the processing is carried out by automated means. When exercising their rights in relation to data portability, the data subject has the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible;
• Object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Article 6(1)(e) or (f), including profiling based on those provisions. Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling to the extent that it is related to such marketing;
• Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her;
• Right to lodge a complaint with a supervisory authority pursuant to Article 77.

HOW TO EXERCISE YOUR RIGHTS

You may exercise your rights at any time by contacting the Data Controller at the following email address: lemsrl@lemsrl.eu

EXTERNAL MANAGERS AND APPOINTEES

The updated list of external data processors and persons in charge of processing is kept at the registered office of the Data Controller.

MODIFICATION OF THE CURRENT POLICY

This policy was drafted on 06-08-2025 and may be subject to change over time, including as a result of additions or amendments to relevant legislation and regulations. Data subjects are invited to consult this page frequently.