We undertake to safeguard your privacy and protect the personal data you entrust to us, in accordance with the principles of transparency – correctness – fairness.

New Information on Privacy and the Protection of Personal Data

Drafted in compliance with arts. 13 and 14 of EU Regulation 679/2016 (GDPR) and in re-placement of the previous Information provided pursuant to art. 13 of Legislative Decree no. 196/2003, the Italian Data Protection Act.

This information is inspired by the principle of transparency , as provided for in art. 12 of the European Regulation on the protection of personal data. It is there-fore designedtobe concise, transparent, intelligible and easily accessible, so that the content is ” comprehensible ” to all the subjects it is aimed at, and with particular attention to cases in which it is aimed at subjects under the age of 18 ”.

Our services are aimed at the general public, and do not specifically target children. However, we are aware that minorsdeservespecific protection. We therefore undertake to immediately erase in-formation in the event a breach comesto our attention.

Why are you reading this information?

Personal data  are extremely valuable these days, so the new EU Regulation establishes that information not only has a key role to play, but must also be dynamic, subject to changeand updated constantly to guarantee data subjects correct, timely information regarding the processing of their personal data.

What do the regulation in force mean by “personal data”?

A few examples

In general terms, the New Regulation defines personal data as any information relating to an identified or identifiable natural person (‘data subject’);anidentifiable natural person is one who can be identified, directly or indirectly, in particular by reference to anidentifier such as your name, surname, date of birth, or any other information that could be used to accurately identify you. It also includes data relating to location, online identifiers, or to one or more factors specificto your physical,physiological, genetic, mental, economic, cultural or social identity, your banking data, telephone number, address,place and type of work, photographs, videos in which you/we appear, websites visited; this information says a great deal about us, such as our preferences and habits.

Maximum attention must be paid, but we should have NO FEAR, because personal data must be able to circulate as widely aspossible,in complete safety and security: this is in EVERYONE’s in-terest!
In order to effectively contextualise this information, it should be noted that the use of any type of communication network,withoutexception – including the cellphone or cable network – is a process that leaves traces that extend far beyond the scope of the data processed by Guglielmo Srl., the object of this document. These traces are spread through the device used and throughout the systems of the networks involved, and in certain cases are also simple to intercept on the partofexternal systems. Therefore, connection to a network, such as Internet in particular, must never be considered asa “private”action in any of its aspects, regardless of the activities of Guglielmo.

Guglielmo Srl. collects different data depending on the type of location and client

In general, data are collected because this is required by the law in force, requested by our client or in order to provide specific services to the client or user. The data collected are then processed by Guglielmo Srl, based on the identifiers of the devices used, which are automatically recorded. These identifiers cannot be directly traced to an individual,andare not unique.This type of processing classifies users into groups, and is never used to reconstruct the activities of a single user.
Processing is based on data collected automatically, and Guglielmo does not carry out analyses designed to determine the identity of an individual user.
An exception to this is cases in which – by law or at the request of our clients – the user is required to enter data directly. In these cases, the data collected are used to make the classification more accurate, or to interact with the user, and not to identify him or her; however, the nature of the analysis remains as described above.

The analyses conducted by Guglielmo focus on data relating to the device used to access the network, the transmission of which is implicit in the use of Internet communication protocols, and the collection of which, in certain cases, is obligatory under the terms of the law governing Internet connections. These data are anonymous, but they may be linked with those provided by the user at the registration stage.

Location
Guglielmo Srl can offer clients services that include analyses based on the position of devices (geolocation using cellphones,smartphone,PC..).The data are analysed in aggregate form in order to identify groups of behaviours. The data may come from multiple sources, from the radio interfaces of wire-less devices to GPS. They can all be deactivated bythe user.

Internet browsing
In certain cases, the services offered by Guglielmo Srl include analyses based on when and for how long devices are connected to Internet, or sometimes on the traffic generated. The collection of these data is based on the functioning of Internet. It does not alter said functioning, and is comparable to log collection. It is NOT related to “man-in-the-middle” activity or to services able to breach encryption systems or data tunnelling mechanisms. (For example: we are not able to read Google searches, intercept the content of Facebook, Twitter or Instagram post… or searches on Amazon or encrypted VPN…)

Other data can be collected, also at the request and on behalf of “third-party” clients
Data provided by the user at the registration stage:

  • Cellphone number
  • E-mail
  • Name
  • Last name
  • Sex
  • Age or Date of Birth
  • Tax code
  • Address
  • Postcode
  • Town/City
  • Province
  • Country
  • Hotel room number
  • Office extension
  • Employee ID
  • Subscription card no.
  • Fidelity card no.
  • Company ID (e.g.: matriculation number)
  • Document ID (ID card, Passport)

Cookies
The Guglielmo platform uses technical cookies for the password memorizing service, which can be voluntarily activated by the user only.
If there is a registration active based on social networks or roaming partners, we cannot rule out the use of cookies on the part of the social network or roaming partner selected; please consult the documentation of the platform concerned. The Guglielmo authentication system currently supports authentication via national and international roaming partners and the following social network platforms: Facebook, Twitter. LinkedIn, Microsoft, Google, Instagram, Yahoo!.

Object of the Information

The information provided here regards your personal data

Please note that the processing of personal data means any operation or set of operations performed on personal data or on sets of personal data, even if not recoded in a data bank, whether or not by automated means, such as collection, recording, organisation, structuring, storage, processing, selection, blocking, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

– both those collected up to now and those that will be acquired in the future in relation to the con-tractual relationshipsenteredinto processed

Please note that the processing of personal data means any operation or set of operations performed on personal data or on sets of personal data, even if not recoded in a data bank, whether or not by automated means, such as collection, recording, organisation, structuring, storage, processing, selection, blocking, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

by Guglielmo WiFi, who takes responsibility for processing in its capacity as Data Controller, in compliance with the regulation referred to above and the confidentiality obligations our activity is inspired by.

Data Controller and Contact Data

The Data Controller is

The Data Controller is the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of processing personal data; when the purposes and means of processing are determined by the law of the European Union or the Member States, the Data Controller or the specific criteria applicable to his or her appointment may be established by the law of the European Union or the Member States.

Guglielmo S.r.l., headquartered in Taneto di Gattatico (Reggio Emilia), in Via Don Minzoni 112.

The company may be contacted by:
TELEPHONE: +39 0522 243811
E-MAIL: info@guglielmo.biz
PEC REGISTERED E-MAIL: guglielmo@gigapec.it
WEBSITE: www.guglielmo.biz

An updated list of Data Processors (if appointed) is available at the address indicated above.

Purposes of the processing of personal data.

Please note that the data you provide, personally or by filling in and electronically sending the forms presented during the provision of our services, will be processed for institutional purposes, purposes connected with or instrumental to our activity and in compliance with legal obligations. Specifically, data are processed for the following purposes:

  1. To perform services requested by the user, specific to Guglielmo S.r.l.’s business activity, such as Internet connection, or specific services designed to offer an improved internet browsing experience.
  2. Mandatory requirements provided for in the regulations in force governing Internet access
  3. To exercise the rights of the Data Controller, for example the right to defend their case in court
  4. Automated Processing – Profiling based on reasoning and criteria defined by our third-party clients. This profiling is always and irreversibly aimed at grouping cases together, never to identifying individual cases. The specific information on the users is processed by the system in real time and is automatically and irrecoverably erased; it is used for the sole purpose of extracting anonymous statistical information on the use of the service and to make sure it is functioning correctly.

During normal operation, the computer systems and software procedures used for the functioning of our services acquire some personal data which are implicitly transmitted in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but given the nature of such data, they may be used to identify users if processed and combined with data held by third parties.

Consent
Please remember that your consent is required for processing. This may be obtained in various ways, such as through a web portal or when a Mobile App is downloaded.

Information we collect from third parties
In certain cases, the Guglielmo platform interfaces with external data sources to complete profiling and apply the adequate policies to each device. In these cases, data have been collected by other bodies, so you could consult the information they provide. Also in this case, the Guglielmo platform processes data in real time, immediately and irreversibly erasing them once they have been aggregated.

Methods of processing
The data you provide us with will be processed with the aid of the appropriate electronic tools and by software platforms  , equipped to guarantee security and confidentiality, for reasons strictly connected to the purposes of processing; any changes to or destruction of data, and prevention to avoid unauthorized changes or destruction, are managed by the same infrastructure, in ways always strictly connected with the purposes of processing. All the analyses underlying the services offered are carried out in real time, in accordance with one of the hallmark features of the Guglielmo platform. Data are therefore aggregated instantly, whether they relate to profiling activities or user segmentation, and are irreversibly destroyed.

HHuman operators intervene only in the event of a technical problem, and this intervention is strictly controlled using authentication and tracking procedures. Because of how they are memorised, the data cannot be traced to individuals or users, and there are no activities contemplated that allow for the copying or alteration of the data.

Place of processing
The data collected are processed on the company premises and in a data centre separate from the company premises, in the cloud managed by a third-party provider and on machines in operation at third-party clients who manage the structure where the service is provided. Operations for the maintenance and development of the Lumen platform are carried out from the operating offices of the company.

For security and strategic reasons, we cannot indicate (unless in a protected situation and where demonstrably necessary) the exact location of our data centre/s, or which providers they use. We guarantee that the partners who provide these services have been chosen from those – all established in Italy – that provide full and complete guarantees regarding the security, storage and accessibility of the data entrusted to them, using computer and physical protection technology.
The company data centre (and all the machinery supporting the service provided by Gugliemo) is located in a facility to which physical access is constantly controlled and for which authorisation is required, and to which a constant supply of electrical energy and connection are guaranteed.
The Guglielmo software platform is created using several software modules, installed and executed in machines in the cloud or at clients’ premises, according to the criteria of limiting latency in the processing of data and optimising performance.

Communication and Dissemination
Guglielmo S.r.l. – the Data Controller undertakes not to divulge personal data to third parties, except, in certain cases, to our client, who manages the structure where our platform is activated, in order to offer the services provided for.

Storage of Data (or Storage Mechanism)
Personal data will be stored using the methods indicated above, for the minimum period of time provided for by law or by contract. At the end of your contractual relationship with Guglielmo S.r.l. y your data will be stored for the length of time strictly necessary for and instrumental to their future use if contemplated by law and connected with the specific service requested by the client.Instead of being erased, data may still be stored, but will be anonymised.

Data are stored in such a way that they cannot be altered without leaving a trace.

  • They are stored for the entire duration of the service, or until the user requests otherwise; until the data subject’s consent is withdrawn, if previously given.
  • Data may be maintained even after the end of the service or the user’s request, if this is required for legal reasons.
  • Example of processing for Marketing or Profiling purposes… Data may be stored in compliance with the principle of proportionality, or in any case until the purposes of the processing have been achieved, or until the data subject’s specific consent has been withdrawn, if earlier.
  • For direct marketing and profiling purposes, we store your data for a maximum period equal to that provided for by the applicable regulation (24 and 12 months respectively).
  • If you wish to exercise your right to be forgotten, by specifically requesting the erasure of the personal data processed by the Data Controller, please remember that said data will be stored – in protected form and with limited access – solely for verifying and tackling crime, for a period of no longer than 12 months from the date of the request, after which they will be securely erased or irreversibly anonymised.
  • Finally, please remember that for the same purposes, data regarding computer traffic, excluding the content of the communications, will be stored for a period of no more than 6 years from the date of communication, pursuant to art. 24 of Law no. 167/2017, incorporating EU Directive 2017/541 on combating terrorism.

Provision of Personal Data
It is not mandatory to provide your data. However, failure to provide the data requested will make it impossible to establish or continue a relationship and, in certain cases, make it technically impossible to provide the specific WiFi connection service.

The processing of data instrumental to complying with these obligations is necessary to properly manage the relationship, and it is mandatory to provide them for the purposes indicated above. The Data Controller wishes to inform you that failure to accurately provide any of the mandatory information may make it impossible for the Data Controller to guarantee the processing is carried out properly.

RIGHTS OF THE DATA SUBJECT: i.e. Your rights
The aim of the points below is to draw your attention to a series of rights the regulation governing privacy and the protection of personal data has established in order to effectively safeguard your personal data.

Pursuant to article 7 of the Italian Data Protection Act (as far as it remains compatible), and pursuant to articles 13, para. 2, letters (b) and (d), and articles 15- 22 of the Regulation, data subjects are herewith informed that when they entrust their personal data to Guglielmo S.r.l., they may exercise the following rights, free of charge and without any formal restrictions:

Access to, rectification and/or erasure of personal data (right to be forgotten)

This is the right to request from Guglielmo S.r.l., in its capacity as Data Controller, access to rectification  or erasure  of personal data or restrictions on the processing  of personal data regarding the data subject, or to object to the processing thereof, in the cases contemplated.

1. The data subject shall have the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

a) the purposes of the processing;

b) the categories of personal data concerned;

c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e) the existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

f) the right to lodge a complaint with a supervisory authority;

g) where the personal data are not collected from the data subject, any available information as to their source;

h) the existence of automated decision-making, including profiling, referred to in article 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to article 46 relating to the transfer.

3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

1. The data subject shall have the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; 4.5.2016 Law no. 119/43 Official Gazette of the European Union IT

b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;

c) the data subject objects to the processing pursuant to article 21(1), and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to article 21(2);

d) the personal data have been unlawfully processed;

e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject;

f) the personal data have been collected in relation to the offer of information society services referred to in article 8(1).

2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the data controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:

a) for exercising the right of freedom of expression and information;

b) for compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;

c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);

d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing: or e) for the establishment, exercise or defence of legal claims.

1. The data subject shall have the right to obtain from the data controller restriction of processing where one of the following applies:

a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

c) the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

d) the data subject has objected to processing pursuant to article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. 4.5.2016 L 119/44 Official Gazette of the European Union IT

Notification obligation regarding rectification or erasure of personal data or restriction of processing

 

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with article 16, article 17(1) and article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

Right to data portability (art. 20)
The user has the right to request complete documentation regarding the processing of his or her personal data provided to Guglielmo S.r.l. in its capacity as Data Controller. In other words, if the data subject intends to request the services of a “manager” other than Guglielmo S.r.l., he or she has the right to request, and to obtain all the personal data previously provided.

1.The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and b) the processing is carried out by automated means. 2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. 3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. 2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. 3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. 4.5.2016 L 119/45 Official Gazette of the European Union IT.

Right to withdraw consent and lodge a complaint
The data subject has the right to withdraw the consent given at any time. This operation must be as easy as giving consent for the processing of data. At the same time, the data subject has the right to lodge an official complaint with the Data Protection Supervisory Authority, following the procedures and indications published on the official website of the Authority: www.garanteprivacy.it

For further information, consult the indications of the Data Protection Supervisory Authority, available at this link:

http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/3118884