DROP SHOT SRL, represented by Eugenia Pronzati, with registered office at via Lorenzo Mascheroni 31, 20145, Milano, VAT IT11185790968. The data controller has adopted proactive behaviors to effectively implement measures to protect the rights established by the GDPR. The data controller has configured personal data processing activities, ensuring essential safeguards at every stage to meet the requirements of the law, considering the overall context in which the processing takes place, and the risks to the rights and freedoms of data subjects. The principles applied to personal data processing are those set out in Article 5 of the GDPR: fairness, lawfulness, transparency, purpose and storage limitation, minimization and accuracy, integrity and confidentiality, as well as the principle of accountability.
The data controller processes Personal Data in accordance with the principles of fairness, lawfulness, transparency, confidentiality, and minimization. In particular, the data controller commits, in accordance with Article 5(1)(c) of the GDPR, not to use Personal Data if the intended purposes can be achieved using anonymous data or other methods that allow identifying the User only if necessary or upon request by authorities and law enforcement. To ensure that Personal Data is accurate and up to date, relevant, and complete, please notify us of any changes preferably via e-mail at email@example.com.
Types of Data Processed and Purposes of Processing
3.1 Navigation Data
The IT systems of this Website collect certain data – necessary for using Internet communication protocols – potentially identifiable with specific Users, including: Internet Protocol (IP) address of Users connecting to the Website; type of browser and device (computer, tablet, smartphone, etc.) used to connect to the Website; date and time of visit; country of origin.
3.2 Legal Basis and Purposes of Processing
The data is used for: obtaining statistical information about the use of the Website and ensuring its proper functioning in accordance with Article 6(1)(f) of the GDPR; security reasons (anti-spam filters, firewall, intrusion detection), where the automatically recorded data may be used, in accordance with applicable laws, to block attempts to damage the Website itself or prevent harm to other Users, or to prevent fraudulent activities, also under Article 6(1)(f) of the GDPR. Please note that the Data is not used to identify or profile the User (the Data Controller is unable to identify visitors to the site) or combined with other data or provided to third parties, but used solely for the protection of the Website and its Users. Usage data is retained for the time strictly necessary for technical purposes and for no longer than twelve months, unless further retention is required (e.g., for reporting offenses, such as in the case of attacks on the Site or requests from judicial authorities).
3.3 Common Data Provided Directly by the User
The Data Controller may also collect User data (name, email, phone number, etc.) provided voluntarily by the User for newsletter subscription, requests for commercial information, inquiries about job offers, or following the submission of a CV.
3.4 Legal Basis – Purposes of Processing
The Data will be processed to respond to a User’s request:
- for reservations or commercial information, and therefore the processing will be necessary for pre-contractual or contractual reasons under Article 6(1)(b) of the GDPR, and will be retained for the duration of the relationship, unless a different period is required to comply with legal obligations.
- for general information, and therefore the processing will be carried out for the legitimate interests of the Data Controller under Article 6(1)(b) of the GDPR, and will be limited to the time necessary to respond to the User’s request.
- regarding job offers, and therefore the processing will be carried out for pre-contractual measures upon the User’s request under Article 6(1)(b), as well as Article 9(2)(b) and (e) of the GDPR, to receive information from Genevoism, and therefore the processing will be based on the User’s consent under Article 6(1)(a) of the GDPR.
For any additional processing carried out for different purposes or legal bases, separate information will be provided, and consent obtained if necessary.
Nature of Data Provision
Except for Navigation Data, which is necessary for accessing the Website, the provision of additional Data is optional; therefore, any refusal by the User to provide them, even if not attributable to the Data Controller, will result in the impossibility for the Data Controller to fulfill the User’s requests.
Location of Data Processing
The processing of Personal Data takes place within the European territory in accordance with the GDPR and the Privacy Code.
Recipients of Personal Data
All collected data may be communicated to collaborators of the Data Controller in compliance with current regulations.
Access to Processing
Personal Data is processed exclusively by authorized individuals acting under the authority of the Data Controller.
The User has the right to exercise the rights provided for in Articles 15 and following of the GDPR and the Privacy Code, including: right of access to Data and related information (e.g., processing purposes; categories of Data; recipients or categories of recipients to whom Data has been or will be disclosed; retention period of Data or the criteria to determine it, etc.); right to rectification of inaccurate Data and integration of incomplete Data; right to erasure of Data (“right to be forgotten”); right to restriction of processing (e.g., in case of disputes or unlawful processing); right to lodge a complaint with the Privacy Authority under Article 77 of the GDPR (for more information, visit www.garanteprivacy.it); right to data portability; right to object to processing (e.g., in case of profiling, marketing purposes, or scientific, historical, statistical research, etc.); right to withdraw consent, if given.