When a user uses the Page administered by the Data Controller, Facebook (“Social Media”) collects information such as the types of content viewed or interacted with, the actions performed, and information about the devices used (IP addresses, operating system, browser type, language settings, cookie data).

Page Insights are aggregated statistics created from certain events recorded by Facebook servers when users interact with Pages and the content on them. As explained in Facebook’s Privacy Policy, the Social Media also collects and uses information to provide statistical data collection services called Page Insights to page administrators to help them understand how people interact with the content on their pages.

Details on how Facebook processes data are available at the following link:

https://www.facebook.com/privacy/explanation

Details on the personal data processed for Insights are available at the following link:

https://www.facebook.com/legal/terms/information_about_page_insights_data

Details about the cookies used by Facebook are available at the following link:

https://www.facebook.com/policies/cookies/

The Data Controller, as administrator of the Page, and Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are joint controllers in accordance with Article 26 of the GDPR for the processing of such personal data recorded for events provided through Page Insights (‘Insights Data’).

The joint controller agreement between the Controller and Facebook covers the creation of such events and their aggregation in Insights on the Page provided to each administrator.

The legal basis for the processing is the legitimate interest of the Data Controller, Article 6(1)(f) of the GDPR. Therefore, it is not necessary to obtain your prior consent to the processing.

Condition for lawful processing:
Legitimate interest – Art. 6(1)(f) GDPR

Purpose of processing:
1) Statistical surveys relating to the use of elements contained within the Facebook page administered by the Data Controller.

Nature of the transfer:

Mandatory – Failure to provide the requested data will make it impossible for the Data Controller to provide services through the Page published on Facebook.

Period of retention of personal data:

The data collected will be processed for the time strictly necessary to achieve the purposes described above, as specified in the Facebook policies described above.

Treatment Method:

The processing is carried out by electronic means by the joint controller Facebook.

Transfer of data outside the EU

Personal data is processed exclusively within the European Union.

Recipients of the processing

• Data Controller:
  Hosting Service Providers; ICT System Maintenance Services;
• Data Processor:
  Staff employed by the Data Controller;

Rights of the data subject – complaint to the supervisory authority

In relazione ai trattamenti descritti nella presente Informativa, in qualità di interessato potrai, alle condizioni previste dal GDPR, esercitare i diritti sanciti dagli articoli da 15 a 22 del GDPR e, in particolare, i seguenti diritti:

• right of access
  : the right to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to your personal data;
• right of rectification
  : the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data;
• Right to erasure (right to be forgotten)
  : the right to obtain, without undue delay, the erasure of personal data concerning you. The right to erasure does not apply to the extent that processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims;
• Right to restriction of processing
  – Article 18 GDPR: right to obtain restriction of processing where: a) the accuracy of the personal data is contested by the data subject; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the personal data are required by the data subject for the establishment, exercise or defence of legal claims; d) the data subject has objected to processing pending verification of whether the legitimate grounds of the controller override those of the data subject.
• right to restriction of processing
  : the right to obtain restriction of processing;
• right to data portability
  : the right to receive, in a structured, commonly used and machine-readable format, personal data concerning you and to provide it to another controller;
• right to object
  : the right to object to the processing of personal data concerning you for reasons related to your particular situation and, in any case, to the use of your data for marketing purposes.

If processing is based on consent, you may withdraw this consent (withdrawal of consent). You may also withdraw your consent at any time and with the same ease with which it was given, without prejudice to the lawfulness of processing based on consent given prior to withdrawal.

You also have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect or significantly affects you. However, we may make an automated decision if it is necessary for entering into or performing a contract with us, if it is authorised by Italian or European Union law, or if you have given your consent.

In any case, you have the opportunity to challenge the decision, express your opinions on the matter, and request the intervention of someone who can review it.

You may lodge a complaint with the Data Protection Authority at any time:
http://www.garanteprivacy.it

The above rights may be exercised in relation to the Data Controller by contacting the references described above.