INFORMATION ON PERSONAL DATA PROCESSING
For users who consult the website in accordance with Article 13 of Regulation (EU) 2016/679 Interactive Thinking Srl, part of Capgemini Italia S.p.A, Viale
Tiziano 25 00196 Roma, (hereinafter "Doing") may collect and process your personal data while browsing the website at the URL www.doing.com.
Doing has a DPO contactable to the mail address firstname.lastname@example.org
The information in this document does not concern any other sites, pages or online services that can be accessed via hypertext links that may be published on the site but it refers to resources outside the registry domain.
WHAT DATA WE PROCESS
Usually during navigation, Doing can collect the following data:
a. Personal and identification data.
Personal data means any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number;
Identifying data, means personal data allowing the direct identification of the data subject
b. Navigation data
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment.
These data, necessary for the use of web services, are also processed for the purpose of:
- obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.);
- to check the correct functioning of the services offered.
c. Data communicated by the user
The optional, explicit and voluntary sending of messages to Doing's contact addresses, as well as the filling in and forwarding of any forms present on Doing's websites, involve the acquisition of the sender's contact data, necessary to reply, as well as all personal data included in the communications.
The data are processed by Doing for the sole purpose of carrying out the activities the correspondence refers to and will not be communicated to parties unrelated to the processing of the same.
WHY WE PROCESS YOUR DATA AND WITH RESPECT TO WHICH LEGAL BASIS
Doing may process your data for the following purposes:
1. To respond to your requests and, in aggregate form, for statistical purposes and to ensure continuity of service and for the improvement of the Site itself;
2. IP may, in some cases, be used for the exclusive purpose of blocking attempts to damage the Site itself, as well as activities constituting an offence under the laws in force;
3. To conduct marketing actions and to offer you personalized offers.
For purposes no. 1. and 2. the processing is lawful because Doing has a legitimate interest in ensuring that your visit to its website and the way in which we interact with each other may represent a positive experience for you.
For the purpose n. 3. the processing is lawful only if you give your free consent; in case of consent to the processing, be aware that you have the right to revoke your consent at any time.
The revocation of consent does not affect the lawfulness of the processing based on consent before the revocation.
HOW WE PROCESS YOUR DATA AND FOR HOW LONG WE STORE IT
The processing of your data is based on principles of correctness, lawfulness and transparency and is carried out through automated methods to store, manage and transmit them.
We process data by means of instruments that are suitable, for whatever reason and are the state of the art, to guarantee security and confidentiality through the use of suitable procedures to avoid the risk of loss, unauthorized access, unlawful use and dissemination.
I AM YOU ARE OBLIGED TO PROVIDE YOUR DATA TO NAVIGATE ON THE SITE
In order to navigate the site, the communication of personal data is not required except for those that are strictly necessary for the purposes indicated above.
However, there are sections of the site that require the personal data in order to respond to user requests.
Your personal data in the sections of the site for profiling and marketing purposes is optional and does not affect the possibility of using the other functions of the site.
TO WHOM YOUR DATA WILL BE COMMUNICATED
Doing is part of the Capgemini Group which is a global organization. Although there are separate legal entities (e.g. national subsidiaries) in many parts of the world, our internal processes and infrastructure are international in scope. Accordingly, you should be aware that we may share your personal data with other legal entities within the Group and transfer it to other countries where we have data centers or where we are engaged in business activities, including countries outside the European Union (EU).
Such transfers are governed by our Binding Corporate Rules (BCR) approved by the National Data Protection Authorities . As a result, your data may benefit from the same level of protection within the Capgemini Group. These BCRs can be consulted at the following address https://www.capgemini.com/wp-content/uploads/2017/07/capgemini_binding_corporate_rules_2017.pdf
WHAT ARE YOUR RIGHTS
It is important for you to know that the GDPR gives data subjects the possibility to exercise specific rights under the conditions set out in the Regulation:
- access to data (art. 15): the data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning him/her are being processed and, if so, to obtain access to the personal data in an electronic format in common use and some information on the processing (e.g. purposes, categories of data processed, recipients to whom the data are communicated, non-EU transfers, implementation of profiling activities, etc.);
- rectification of data (art. 16): the data subject has the right to obtain the rectification of inaccurate personal data concerning him/her without undue delay and/or the integration of incomplete personal data, including by providing a supplementary statement;
- deletion of data or "right to be forgotten" (art. 17): the data subject has the right to obtain from the data controller the deletion of personal data concerning him/her without unjustified delay and the data controller has the obligation to delete personal data without unjustified delay;
- limitation of processing (art. 18): the data subject has the right to obtain from the data controller the limitation of the processing;
- data portability (art. 20): the data subject has the right to receive in a structured format, commonly used and machine-readable format the personal data concerning him/her provided to a data controller and has the right to transmit such data to another data controller without hindrance by the data controller to which he/she has provided them;
- opposition to the processing (art. 21): the data subject has the right to object at any time, for reasons related to his or her particular situation, to the processing of personal data concerning him or her pursuant to Article 6(1)(e) or (f), including profiling on the basis of these provisions.
If you would like to make such a request or file a complaint you can send an e-mail to email@example.com.
You can also file a complaint with the Italian Data Protection Authority - Guarantor for the protection of personal data Piazza Venezia n. 11 - 00187 Roma
NOTIFICATION OF CHANGES TO THIS POLICY