We are committed to protecting your privacy and protecting the personal data you entrust to us according to the principles of transparency – fairness – equity.
New Privacy and Data Protection Notice
We are committed to protecting your privacy and protecting the personal data you entrust to us according to the principles of transparency – fairness – equity.
New Privacy and Data Protection Notice
First issued in May 2018.
Last updated on the 15th April 2020.
Drafted in compliance with arts. 13 and 14 of EU Regulation 679/2016 (GDPR) and in re-placement of the previous Information provided pursuant to art. 13 of Legislative Decree no. 196/2003, the Italian Data Protection Act.
This information is inspired by the principle of transparency, as provided at section 2 of the European Regulation on the protection of personal data. It is therefore designed to be concise, transparent, intelligible and easily accessible, so that the content can be communicated to the general public, and with particular attention at underage subjects.
The services offered by Guglielmo S.r.l. are aimed at the general public and do not specifically target underage subjects. However, we are aware that minors deserve specific protection. We are therefore committed to immediately erase information in the event that a violation of this sort comes to our attention.
If necessary, this Notice may be accompanied by a specific form for the issuance of consent – as provided for in section 7 of the Regulation – which will be tailored on the use we intend to make of your Personal Data, according to the type of service that Guglielmo Srl provides.
Why are you reading this notice?
Personal data are extremely valuable today. The new EU Regulation establishes that information not only has a key role to play, but must also be dynamic, subject to change and constantly updated in order to guarantee data subjects correct, timely information regarding the processing of their personal data.
We therefore suggest that you pay the utmost attention, without excessive fears: personal data can and must circulate safely and for the benefit of all.
What does the current notice mean by “personal data”?
Overall, the New Regulation defines as personal data any information concerning an identified or identifiable natural person (“data subject”). An “identifiable” person is considered to be a natural person who can be linked, directly or indirectly, by an element such as personal details (name, surname, date of birth, etc.), venue, online account, characteristics of physical, physiological, genetic, psychic, economic, cultural or social identity, bank details, telephone number, address, place and type of work, photographs, videos of you and the sites you visit. All these elements, although indirectly, tell a lot about us, for example preferences and habits.
In order to better understand the context of this notice, it is specified, for the benefit of all users, that the use of any communication network, without exception, including cellular or “wired” networks, is a process that leaves traces that go well beyond the data processed in the exercise of Guglielmo Srl’s business activities and which are the subject of this present document. These traces are scattered on the device you are using and on all the network devices involved. In some cases, they are easy to intercept by external devices. Therefore, the activity of connection to a network, such as the Internet in particular, must never be considered as a “private” action in any of its aspects, regardless of the activity/service performed by Guglielmo S.r.l..
On the basis of these clarifications Guglielmo S.r.l. considers of fundamental importance the protection of personal data of its current and/or potential future customers and users. For this reason, it ensures that the processing of personal data, carried out by any means, both automated and manual, is performed in full compliance with the guarantees and rights recognized by Regulation (EU) no. 2016/679 of the European Parliament and of the 27 April 2016 Council on the protection of individuals, with regard to the processing of personal data and on the free movement of such.
Types of Collected Personal Data
Guglielmo S.r.l. collects different data depending on the type of service provided, on the type of the venue where they are collected and, on the different types of customers. Therefore, Guglielmo S.r.l. may process personal data directly, i.e. as Data Controller, or on “assignment” of other “third party” data controllers, i.e. as Data Processor.
Data that may be collected by Guglielmo S.r.l., even on request and on behalf of “third” customers, or by Social Media via login, and/or provided by the user during registration to one of the services offered by Guglielmo S.r.l. are:
All the different types of data processed are specifically listed and differently detailed within the information notice provided for the single, specific service offered.
Moreover, there are data that can be collected by Guglielmo S.r.l. through its web site:
Data is collected for several reasons: it may be required by the law in force, by one of our customers or to provide specific services to the customer or user. The subsequent processing of collected data, carried out by Guglielmo Srl, is based on the identifiers of the devices which are utilized by users and detected automatically. This is not directly attributable to a person, and not unique. Processing operations result in the classification of users into groups. It never leads to the reconstruction of the activities of the each individual user.
Based on automatically collected data, Guglielmo does not normally perform analysis to determine the identity of a user.
An exception to this situation is when, by law or at the request of our customers (not physical persons but companies), the user is required to enter data directly. In these cases, this data is used to make the classification more precise or to interact with the user (so-called profiling), based on the relative consent and always in respect of the privacy and security of each individual user.
Analysis carried out by Guglielmo focus on data related to the device you use and with which you access the “network”, whose transmission is implicit in the use of Internet communication protocols and whose collection is, in some cases, imposed by the law on the management of Internet connections. Such data are anonymous in themselves, but may be associated with those provided by the user during registration.
Guglielmo Srl offers its customers services that include analysis based on the location of the devices (for example, geolocation via mobile phones, smartphones, PCs). The data are analyzed in an aggregated way in order to identify groups of behavior. Data sources can be multiple, from wireless device radio interfaces to GPS. All sources can be deactivated by the user. In these cases, the end user is asked and then given the right and informed consent, if necessary, as well as being adequately alerted and informed.
In some cases the services offered by Guglielmo Srl include analyses based on the period of time in which these services were provided, that is during the time of connection to the Internet by the devices used and/or the traffic generated. The collection of such data is based on the operation of the Internet itself, without alterations, and is similar to a log collection activity. It is therefore not linked to “man-in-the-middle” activities, nor to services able to violate encryption systems or mechanisms known as data “tunnels” (for example, we are not able to read searches made on Google, intercept the content of posts on Social Media networks, searches on Amazon or encrypted VPN, etc.). All our activities always take place in full compliance with privacy and user safety regulations.
What are cookies?
Cookies are short fragments of text (letters and/or numbers) that allow the web server to store information on the client (the browser) to be reused during the same visit to the site (session cookies) or later, even days later (persistent cookies). Cookies are stored, according to the user’s preferences, by the browser on the specific device used (computer, tablet, smartphone). Similar technologies, such as, for example, web beacons, transparent GIFs and all forms of local storage introduced with HTML5, can be used to collect information on user behavior and use of services. We will refer to cookies and all similar technologies using the term “cookies” below.
First-party cookies typologies and preferences management
We only use technical and analytical cookies.
Technical cookies are necessary for the proper functioning of certain areas of the website. They include both persistent cookies and session cookies. In the absence of such cookies, the website or parts of it may not function properly. Cookies in this category are always sent from our domain.
Analytical cookies are used to collect information on website activity. They are the basis for statistical analysis, for actions of improvement and simplification of functionalities, for monitoring the correct functioning. This type of cookies collects information in anonymous form about user activity on the site and how they arrived at the site and the pages visited.
Our website also contains third party cookies i.e. cookies from other sites and content in various elements hosted on our pages (social network icons that allow visitors to interact with it). Cookies in this category are sent by the domains of the websites that offer the functionalities present on our own, therefore they are not included or read by Guglielmo. Third parties may use the collected data for their own purposes. For more information about these cookies and how each third party uses them, you can use the links below.
Guglielmo uses the Google Analytics service of Google Inc. to understand how visitors interact with the website content. Google Analytics uses a set of cookies to collect information and generate statistics on the website activity, avoiding the identification of individual visitors.
We also integrate certain features of third-party websites into our own website. This especially occurs with Social Media networks (Google, Facebook and Auth0). These features sometimes incorporate scripts or other elements that can recognize, and sometimes place cookies from Social Media networks on your device. We have no access to or control over these cookies or the data collected by these cookies, but because we integrate Social Media login features and services on the Guglielmo and ICEPro website we would like to inform you about the use of these elements. For more information, please see the list of possible Social Media networks cookies below.
Click on the links below to read the different information notices. You can opt in or out:
Auth0 Login. It allows you to access your Auth0 account and interact with our websites through your account: https://auth0.com/docs/sessions/concepts/cookies
Facebook Login. It allows you to access your Facebook account and interact with our websites through your account: https://www.facebook.com/policies/cookies
Google Login. It allows you to access your Google account and interact with our websites through your account: https://policies.google.com/privacy?hl=it
You still have the option to deny consent to the use of different cookies. In this case, you will be able to continue browsing our site on a regular basis, but as some features are no longer active you may encounter some problems, such as accessing the configuration portal of your ICEPro device.
To disable the use of different types of cookies, select the appropriate setting on your browser that allows you to block or delete them at the end of each session. Below are the links with instructions on how to disable cookies on the most popular browsers.
Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: https://support.google.com/chrome/answer/95647
Mozilla Firefox: https://support.mozilla.org/it/kb/Bloccare%20i%20cookie
Policy and policy updates
Mobile App integration
The Guglielmo platform also includes a library, Software Development Kit (SDK), that can be used by Mobile Application developers. The library is able to collect an identifier and use it for network login procedures. The identifier is chosen and passed to Guglielmo’s SDK by a third-party developer, according to the indications of the company’s Client. Please refer to the information relating to the specific application prepared by the third-party developer for further information on the identifier that may be used.
In case of credit card registration or payment processing
In some cases, the registration procedure requires credit card details. In these cases, Guglielmo S.r.l. redirects the user to third-party services. Throughout this process, Guglielmo does not collect any data. The only trace left of the transaction in Guglielmo’s system is a completely anonymous transaction ID, which no activity is done with unless you directly provide it to the third-party system which managed the transaction for any analysis in case of litigation.
Content of this notice
The information covered by this notice concerns your personal data, both those which have been collected up to this present date and those that will be acquired in the future, according to the contractual relationships that have taken place. Those data are subject to processing by Guglielmo S.r.l., which also assumes direct responsibility for the treatment being, precisely, the Data Controller, in compliance with the above mentioned legislation and confidentiality obligations that our activity inspires.
It is clarified that by the terms “personal data processing” it is meant any operation or set of operations performed with or without the aid of automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as collection, recording, organization, the structuring, storage, processing, selection, blocking, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, deletion or destruction.
Data Controller and Contact Information
Guglielmo S.r.l. is headquartered in Taneto di Gattatico (Reggio Emilia), via Don Minzoni 112, is the Data Controller.
The updated list of Data Processors (if appointed) can be found at the above mentioned offices.
The Data Protection Officer (DPO) can be contacted by sending an email to email@example.com.
The Data Controller is the physical or legal person, public authority, service or other body who, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria applicable to its designation may be determined by Union or Member State law.
Purpose of Treatment
The processing of the data provided, personally or by filling in and sending the forms presented during the provision of our services, will be for institutional purposes only, connected or instrumental to our activity and in compliance with legal obligations. In particular, the processing of data has the following purposes:
During routinary operations, the computer systems and software procedures used to operate our services acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could allow users to be identified through processing and association with data held by third parties.
We remind you that processing may require your specific and informed consent – if the processing concerns data of particular importance and “sensitivity”. Consent can be collected in various ways, such as through a web portal or when downloading a Mobile App.
Information collected via third parties
In some cases, the Guglielmo platform interfaces with external data sources (e.g. CRM, management software, Identity Manager, sensors, Open Data connectors) to complete the profiling and apply the appropriate policies to each device. In these cases, data has been collected by other entities. Please refer to information notices which address such cases purposely and which have been placed on our platforms for the necessary provision of the service. Also in this case the Guglielmo platform processes the data in real time, immediately and irreversibly deleting the data after aggregation without leaving any trace.
In other cases, the Guglielmo platform interfaces with external data sources (e.g. social media, SPID) to obtain information (such as email address) useful for the provision, management, access to the service and the purposes of the above mentioned processing.
The data you provide will be processed through suitable electronic instruments and software platforms, which are equipped with tools that guarantee security and confidentiality and strictly related to the purposes themselves, in order to avoid unauthorized modification or destruction. All the analyses underlying the services offered are carried out guaranteeing the maximum security, according to one of the main distinctive features of the Guglielmo platform.
Human operators, who are specifically appointed and trained for this purpose, participate in the processing of data through strictly controlled access through authentication and tracking procedures.
The treatment could be also carried out by third parties providing specific computational services and tools required to achieve the above mentioned goals.
Place of treatment
The data collected are processed (i) on the premises of the company headquarters, (ii) in a data center outside of the company headquarters, (iii)on machines in operation at the premises of third-party customers, who manage the structure where the service is provided, (iv) as well as in a cloud service managed by a third party provider. From the operational headquarters of the company, maintenance and development operations of the Guglielmo platform are carried out. In all cases, the places assigned to the processing of personal data have characteristics that make them safe and suitable for the purpose and, for this reason, they are constantly monitored, efficient and resilient.
IT systems and software procedures used to operate our services acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected in order to be associated with identified interested parties. However, by their very nature, they could, through processing and association with data held by third parties, play a role in identifying users.
Communication and diffusion
As the Data Controller, Guglielmo S.r.l. commits not to disclose personal data to third parties, except to specific contractually-defined cases; (i) if there is a need to appoint external data processors or external sub-data processors, or (ii) if the service is provided indirectly by third parties (e.g. hotels, restaurants, shops, public spaces, fairs, airports), where our platform is activated / will be activated to offer the services provided to end users (e.g. customers of the aforementioned premises).
Personal data will be stored according to the guidelines indicated above, for the minimum time required by the legislative and contractual nature, i.e. for the limited time to allow the service provided and requested by the customer (e.g. WiFi connection). Upon termination of the contractual relationship with Guglielmo S.r.l., data will be stored for the time period which is strictly necessary and functional to their possible future use, if required by law and connected to the specific service requested by our customers, or for specific legal regulations related to the traceability, for security purposes, of WiFi access. At the time of their elimination, it is possible that the data may still be stored but totally and irreversibly anonymized, i.e. no longer suitable to lead in any way, not even potential, to the identification of a single and specific individual person.
Personal data voluntarily sent to Guglielmo S.r.l., such as curriculum vitae, are deleted after 2 years from the collection date.
Data is stored in such a way that it cannot be changed without leaving a trace. They shall be stored for as long as the service is provided or until the data subject’s consent is revoked, when given.
Data may be retained even after the termination of the service or the user’s request, if required for legal reasons.
Data processed for marketing or profiling purposes will be stored in compliance with the principle of proportionality and, in any case, until the purposes of the processing have been pursued or until – if previously – the withdrawal of specific consent by the data subject.
Data processed for marketing or profiling purposes are kept for a maximum period, which corresponds to that provided by the applicable legislation and, in any case, no longer than 12 months since the last use of the service.
If you exercise your right to oblivion through a request for express cancellation of your personal data which are processed by the owner, please note that such data will be stored – in a protected form and with limited access, only for the purpose of investigation and prosecution of crimes – for a period not exceeding 12 months since the day of the request and then they will be deleted securely or turned anonymous irreversibly.
Finally, we remind you that for the same purposes, data related to telematic traffic – which exclude in any case the contents of communications – will be kept for the maximum time allowed by the law currently in force.
Characters of the Conferral
Data conferral is optional, however the possible non-communication of the requested data may prevent to establish or continue the relationship and may technically prevent the provision of the specific WiFi connection service.
The processing of functional data for the fulfillment of these obligations is necessary for a correct management of the relationship and their conferral is mandatory to implement the above mentioned purposes. The Data Controller also informs that any failure to communicate, or incorrect communication, of one of the mandatory information may make it impossible for the Data Controller to guarantee the appropriateness of the processing itself.
Data Subjects Rights
By data subjects rights it is intended the rights of the user in respect of whom data is collected.
The following paragraphs serve to draw your attention to a number of rights that the Privacy – Data Protection law grants you in order to better protect your personal data.
Pursuant to Article 7 of the Privacy Regulation (to the extent still compatible and as amended by Legislative Decree 101/2018 ) and pursuant to Articles 13, paragraph 2, letters (b) and (d), Articles 15 to 22 of the Regulation (GDPR 679/2016), we inform that, by entrusting Guglielmo Srl with their personal data, you can exercise the following rights, the exercise of which is not subject to any form constraints and is free of charge:
Access, rectification and/or deletion of personal data (right to oblivion)
The right to request to Guglielmo S.r.l., as the designated Data Controller, access to personal data, their rectification, cancellation, the limitation of their processing or to oppose their processing, in the cases specified.
The data subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning him/her are being processed and, if so, to obtain access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organizations;
d) where possible, the intended period of retention of personal data or, if that is not possible, the criteria used to determine that period;
e) the existence of the right of the data subject to ask the Data Controller to rectify or delete personal data or to limit the processing of personal data concerning him/her or to object to its processing;
f) the right to lodge a complaint with the supervisory authority;
g) where the data are not collected directly from the data subject, all available information on their origin;
h) the existence of an automated decision-making process, including profiling as referred to in Article 22, (1) and (4), and, at least in such cases, significant information on the policies adopted as well as the importance and expected consequences of such processing for the data subject.
Where personal data are transferred to a third country or an international organization, the data subject shall have the right to be informed on the existence of adequate safety policies according to Article 46 with respect to the transfer.
The Data Controller provides a copy of the personal data being processed. In case the data subject requests further copies, the Data Controller may charge a reasonable fee based on administrative costs. Where the data subject submits the request by electronic means, and unless otherwise indicated by the data subject, the information shall be provided in an electronic format in common use.
The right to obtain a copy – see in paragraph 3 – shall not prejudice the rights and freedoms of others.
The data subject has the right to obtain from the Data Controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary statement.
The data subject has the right to request and obtain from the Data Controller the cancellation of personal data concerning him/her without undue delay and the Data Controller is bound to erase the personal data without undue delay, if one of the following reasons exists:
a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; 4.5.2016 L 119/43 Official Journal of the European Union EN;
b) the data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) and if there is no other legal basis for the processing;
c) the data subject opposes processing within the meaning of Article 21(1) and there are no overriding legitimate grounds for processing, or opposes processing within the meaning of Article 21(2);
d) personal data have been processed unlawfully;
e) personal data must be erased in order to comply with a legal obligation under the European Union law or the law of the Member State to which the controller is subject;
f) personal data have been collected in the context of the services referred to in Article 8(1).
Where the Data Controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform Controllers which are processing the personal data that the data subject has requested the erasure by such Controllers of any links to, or copy or replication of, those personal data.
Paragraphs 1 and 2 shall not apply in the case the treatment is necessary to:
a) the exercise of the right to freedom of expression and information;
b) the performance of a legal requirement which involve data processing as it is foreseen by the European Union law or in the law of the Member State to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) address reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3);
d) archive in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89(1), in so far as the right referred to in paragraph 1 is likely to render impossible or seriously jeopardize the attainment of the objectives of such processing;
e) ascertain, exercise or defense of a right in court.
1. The data subject has the right to obtain from the Data Controller the restriction of data processing when one of the following cases applies:
a) the data subject objects to the accuracy of personal data, during the time period which is necessary for the Data Controller to verify the accuracy of such data;
b) data processing is unlawful and the person concerned opposes the deletion of personal data and asks instead that its use be limited;
c) although the Data Controller no longer needs data for the purposes of processing, personal data are necessary for the data subject to ascertain, exercise or defend a right in court;
d) the data subject has objected to the processing within the meaning of Article 21 (1), while waiting for the verification as to whether the legitimate reasons of the controller take precedence over those of the data subject.
2.Where processing is restricted in accordance with paragraph 1, personal data shall, except for storage, only be processed with the consent of the data subject or for the establishment, exercise or defense of a right in court or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State. 4.5.2016 L 119/44 Official Journal of the European Union EN
Duty to notify in case of rectification or erasure of personal data or restriction of processing
The Data Controller shall inform each recipient to whom the personal data have been disclosed of any rectification or erasure or restriction of processing carried out pursuant to Articles 16, 17(1) and 18, unless this proves impossible or requires a disproportionate effort.
L’utente ha il diritto di richiedere la documentazione completa relativamente al trattamento dei dati personali forniti a Guglielmo Srl in quanto Titolare del Trattamento. In altre parole se l’interessato intende richiedere i servizi ad altro “gestore” diverso da Guglielmo srl, ha il diritto di chiedere e ottenere da questo la consegna di tutti i dati personali precedentemente forniti.
The user has the right to request complete documentation regarding the processing of personal data provided to Guglielmo Srl as the Data Controller. In other words, if the interested party intends to request the services from another “manager” other than Guglielmo Srl, he or she has the right to request and obtain from the latter the delivery of all personal data previously provided.
Data subjects have the right to receive in a structured, user-friendly and machine-readable format personal data which were provided to the Data Controller. They also have the right to transmit such data to another Data Controller without hindrance by the Data Controller to whom they have provided them if they have provided them:
(a) processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b);
b) processing is carried out by automated tools;
2. Data subjects, in exercising their rights regarding the portability of data in accordance with paragraph 1, shall have the right to obtain direct transmission of personal data from one Data Controller to another, if technically feasible.
3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
4. The data subject’s right described in paragraph 1 shall not affect the rights and freedoms of others.
Data subjects shall have the right to object at any time, on grounds relating to a specific situation, to the processing of their own personal data pursuant to Article 6(1)(e) or (f), including profiling on the basis of those provisions. The Data Controller shall refrain from further processing of personal data unless there is proof that there are compelling legitimate reasons for processing which override the interests, rights and freedoms of the data subjects or for the establishment, exercise or defence of a right in court.
Where personal data is processed for direct marketing purposes, data subjects have the right to object at any time to its processing which is carried out for such purposes, including profiling for direct marketing activities.
If data subjects object to the processing for direct marketing purposes, personal data shall no longer be processed for such purposes. 4.5.2016 L 119/45 Official Journal of the European Union EN.
It is the right of the person concerned to revoke the consent given at any time. This operation must be as easy as the operation that allowed the data to be processed. At the same time, the person concerned has the right to lodge an official complaint with the Authority for the Protection of Personal Data, following the procedures and indications published on the official website – www.garanteprivacy.it.
For further information, please refer to the indications of the Privacy Authority, which can all be consulted at this link:
For the exercise of all your rights, you can contact the Data Controller in the following ways: