Where required by EU Reg. 2016/679, explicit consent from the user will be required before proceeding with the processing of their personal data. If the user provides personal data of third parties, they must ensure that the communication of the data to INDAKO Studios Srl and the subsequent processing for the purposes specified in the privacy information notice is in compliance with EU Reg. 2016/679 and applicable regulations.
2. Identifying details of the Data Controller and Data Processor
The Data Controller for the personal data processing is INDAKO Studios Srl (hereinafter referred to as “Data Controller” or INDAKO Studios Srl), with registered office in Rome (RM), registered in the Rome Business Register, Tax Code and VAT number n. 00000000000
The Data Processor for the Website’s data is INDAKO Studios Srl (hereinafter referred to as “Data Processor”) represented by Mr. Xenior Yen who, in the execution of his duties, avails himself of colleagues/work consultants responsible for the operational management of personal data for the processing and purposes described below.
3. Type of data processed
Visiting and consulting the Site generally involves collecting navigation data and cookies, as specified below, as well as processing the user’s personal data for the purpose of enjoying the Site’s commercial proposals, particularly for subscribers. In addition to the so-called “navigation data” (see below), personal data voluntarily provided by the user may be processed when the user interacts with the Site’s functionality or requests to use the services offered on the Site. In compliance with the Privacy Code, the RESPONSIBLE PARTY may also collect the user’s personal data from third parties in the course of their activity.
4. Cookies and browsing data
• “session” cookies, which are deleted immediately upon closing the browsing browser;
• “persistent” cookies, which remain within the browser for a certain period of time. They are used, for example, to recognize the device connecting to a site, facilitating user authentication;
• “own” cookies, generated and managed directly by the manager of the website on which the user is browsing;
• “third-party” cookies, generated and managed by subjects other than the manager of the website on which the user is browsing.
There are also two macro-categories of cookies: technical cookies and profiling cookies.
Technical cookies are necessary for the correct functioning of a website and to allow user navigation; without them, the user may not be able to properly display the pages or use some services. Profiling cookies, on the other hand, have the task of creating user profiles in order to send advertising messages in line with the preferences expressed by the user during navigation.
5. Cookies used on this site
The Site may contain links to other sites (so-called third-party sites). In such case:
• The RESPONSIBLE does not perform any access or control over cookies, web beacons and other user tracking technologies that may be used by third-party sites that the user may access from the Site;
• The RESPONSIBLE does not perform any control over contents and materials published by or obtained through third-party sites, or on the related methods of processing personal data of the user, and expressly disclaims any related responsibility for such occurrences.
6. Data retention
Personal data is stored and processed through computer systems by the RESPONSIBLE PARTY; for more details please refer to section 11 “Right of access” that follows. Data is only processed by specifically authorized personnel, including personnel responsible for performing ordinary and extraordinary maintenance operations.
7. Purposes and methods of data processing
The RESPONSIBLE party may process the user’s personal data for the following purposes:
• use by users of services and features on the Site;
• management of requests and reports from their users;
• sending newsletters;
• management of applications received through the Site;
• other related to the management of subscriptions or services provided through the Site.
In addition, with the further and specific optional consent of the user, the RESPONSIBLE PARTY may process personal data for marketing purposes, that is to send the user promotional material and/or commercial communications relating to the Company’s services, at the addresses indicated, both through traditional means of contact (such as mail, telephone calls with an operator, etc.) and automated means (such as internet communications, fax, e-mail, SMS, mobile device applications such as smartphones and tablets – referred to as APPS -, social network accounts – for example via Facebook or Twitter -, telephone calls with an automatic operator, etc.). Personal data is processed both in paper and electronic form and entered into the company’s information system in full compliance with EU Regulation 2016/679, including security and confidentiality profiles and inspired by the principles of fairness and legality of treatment. In compliance with EU Regulation 2016/679, data is kept and stored for the maximum period provided for by the applicable laws.
8. Security and Quality of Personal Data
The RESPONSIBLE party commits to protecting the security of the user’s personal data and complies with security provisions as required by applicable legislation, in order to prevent data loss, unauthorized or illegal use of data, and unauthorized access to such data, with particular reference to the Technical Discipline on minimum security measures. Additionally, the information systems and computer programs used by the RESPONSIBLE party are configured to minimize the use of personal and identifying data; such data is only processed for the specific purposes pursued at any given time. The RESPONSIBLE party uses multiple advanced security technologies and computer procedures to promote the protection of users’ personal data; for example, personal data is stored on secure servers, located in access-controlled and protected locations. The user can help the RESPONSIBLE party to update and keep their personal data correct by communicating any changes related to their address, qualifications, contact information, etc.
9. Scope of Communication and Access of Data
The user’s personal data may be communicated to:
• all subjects to whom the right of access to such data is recognized by legislative provisions and the explicit consent of the data subject;
• our collaborators, employees, within the scope of their respective duties;
• all physical and/or legal entities, public and/or private when the communication is necessary or functional to the conduct of our business and in the ways and for the purposes previously outlined.
10. Nature of personal data collection
The collection of some personal data by the user is mandatory in order to allow the Company to manage communications, requests received from the user or to re-contact the user for the purpose of following up on their request. This type of data is marked with an asterisk [*] and in this case, the collection is mandatory in order for the Company to follow up on the request, which otherwise cannot be fulfilled. On the other hand, the collection of other data not marked with an asterisk is optional: the failure to provide them will not have any consequences for the user. The collection of personal data by the user for marketing purposes, as specified in the “Purpose and methods of processing” section, is optional and the refusal to provide them will have no consequences. The consent given for marketing purposes is understood to extend to the sending of communications via both automated and traditional means of contact, as exemplified above.
11. Rights of the Data Subject
11.1 Article 15 (right of access), 16 (right to rectification) of EU Regulation 2016/679 The data subject has the right to obtain from the CONTROLLER confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- the planned duration of storage of the personal data or, if not possible, the criteria used to determine that duration;
- the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject, or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- the existence of automated decision-making, including profiling, and at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
11.2 Right under Article 17 of EU Regulation 2016/679 – Right to Erasure (“right to be forgotten”)
The data subject has the right to obtain from the RESPONSIBLE the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• the data subject withdraws consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) and where there is no other legal ground for the processing;
• the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
• the personal data have been unlawfully processed;
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of EU Regulation 2016/679.
11.3 Right under Article 18 Right to restriction of processing
The interested party has the right to obtain from the RESPONSIBLE the limitation of processing when one of the following situations occurs:
• The interested party disputes the accuracy of the personal data, for the period necessary for the Data Controller to verify the accuracy of such personal data;
• The processing is illegal and the interested party opposes to the deletion of personal data and instead request the limitation of their use;
• Although the Data Controller no longer needs them for processing purposes, personal data are necessary for the interested party for the establishment, exercise or defense of a legal claim;
• The interested party has opposed to the processing under Article 21, paragraph 1, EU Regulation 2016/679, pending verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the interested party.
11.4 Right under Article 20 – Right to Data Portability
The data subject has the right to receive their personal data, which is handled by the controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller without hindrance from the controller.
12. Revocation of consent for processing
The data subject has the right to revoke their consent for the processing of their personal data by sending a registered letter to the following address: INDAKO Studios Srl, Via Nazionale 45, 20121 Rome (RM), along with a photocopy of their ID, with the subject line: <>. Upon completion of this process, their personal data will be removed from the archives as soon as possible.
13. Contact Channels
If you wish to receive further information on the processing of your personal data, or to exercise your rights under point 11 above, you may send a written communication via PEC to the following address: firstname.lastname@example.org or a registered letter to the following address: INDAKO Studios Srl, Via Nazionale 45, 20121 Rome (RM). Before providing or modifying any information, it may be necessary to verify your identity and answer some questions. Only then will it be possible to follow up on requests related to personal data.