PRIVACY POLICY

To obtain information regarding your personal data collected, the purposes, and the parties with whom the data are shared, please contact the Data Controller.

Data Controller

Scandurra Studio Architettura SRL
viale Stelvio,66 – 20159 Milano
VAT No. / Tax Code: 10125530963

Data Controller’s email address: sgq@scandurrastudio.com

Types and Nature of Processed Data

The Data Controller is required to specify precisely the categories of Personal Data collected. Complete and specific details on each category of processed Personal Data, including the purposes of processing and the related legal basis, are provided in the dedicated sections of this Privacy Policy and, where necessary, through specific informational texts displayed before the collection of the Data itself.

Personal Data may be freely provided by the Data Subject or, in the case of Usage Data (e.g., navigation data), collected automatically during the use of this service or Application.

Mandatory Nature of Data Provision

Unless otherwise specified, all Data requested by this Application are necessary for the provision of the Service or for the fulfilment of legal obligations. Failure to provide such Data may make it impossible for the Controller to provide the Service, entirely or in part.

In cases where this Application indicates the provision of certain Data as optional, Data Subjects are free to refrain from communicating them, without affecting the availability or operation of the main Service.

The possible use of Cookies or other tracking tools by this Application or third-party services is governed by the provisions specified in the dedicated Cookie Policy and has the purpose of providing the requested Service or pursuing the further purposes specified therein.

The Data Subject who communicates Personal Data of third parties guarantees to have obtained consent for the processing of such data in compliance with the GDPR, assuming all related responsibility.

Methods and Place of Data Processing

Methods of Processing

The Data Controller adopts appropriate technical and organisational security measures aimed at preventing unauthorised access, disclosure, modification, or destruction of Personal Data.1

Processing is carried out using IT and/or telematic tools, with organisational methods and logic strictly related to the indicated purposes. In addition to the Data Controller, in some cases, other parties involved in the organisation of this Application2 (such as administrative, commercial, marketing, legal personnel, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data. These parties, if necessary, are appointed as Data Processors by the Data Controller. The updated list of Processors may always be requested from the Data Controller.

Place of Processing

The Data are processed at the operational offices of the Data Controller and in any other place where the parties involved in the processing are located. The Personal Data of the Data Subject may be transferred to a country other than the one where the Data Subject is located.

To obtain further information on the place of processing, the Data Subject is invited to refer to the section concerning the details on the processing of Personal Data. In any case, it is possible to contact the Data Controller.

Data Retention Period

Unless otherwise indicated in this document, Personal Data are processed and stored for the time required by the specific purpose for which they were collected. Such data may also be stored for a longer period due to any legal obligations (e.g., tax or civil law) or on the basis of the specific consent of the Data Subjects, where provided.

Further Information for Data Subjects

Legal Basis of Processing

The Data Controller processes Personal Data relating to the Data Subject exclusively when one of the following legal conditions is met, in accordance with Art. 6 of the GDPR:

  • The Data Subject has given consent for one or more specific purposes.
    • Note: In some jurisdictions other than the European one, the Data Controller may be authorised to process Personal Data without explicit consent, until the Data Subject objects (“opt-out”) to such processing. This provision is not applicable where the processing of Personal Data is governed by European legislation on Personal Data protection.
  • Processing is necessary for the performance of a contract with the Data Subject and/or for the execution of pre-contractual measures adopted at the request of the Data Subject.
  • Processing is necessary for compliance with a legal obligation to which the Data Controller is subject.
  • Processing is necessary for the performance of a task carried out in the public interest or for the exercise of official authority vested in the Data Controller.
  • Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

It is always possible to request the Data Controller to clarify the concrete legal basis of each processing operation and, in particular, to specify whether the processing is based on a legal obligation, provided for by a contract, or necessary for the conclusion of a contract.

Further Information on Retention Time

Unless otherwise indicated in this document, Personal Data are processed and stored for the time required by the purpose for which they were collected and may be stored for a longer period due to any legal obligations or on the basis of the Data Subjects’ consent.

Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Data Controller and the Data Subject will be retained until the complete execution of such contract.
  • Personal Data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until such interest is satisfied. The Data Subject may obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.
  • When processing is based on the Data Subject’s consent, the Data Controller may retain the Personal Data for a longer period, until such consent is revoked.

Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, Personal Data will be deleted. Therefore, upon expiry of this term, the right to access, erasure, rectification, and the right to data portability can no longer be exercised.

Rights of the Data Subject

Data Subjects may exercise specific rights with reference to the Data processed by the Data Controller. In particular, within the limits provided by law, the Data Subject has the right to:

  • Withdraw consent at any time. The Data Subject may revoke consent to the processing of their Personal Data previously expressed.
  • Object to the processing of their Data. The Data Subject may object to the processing of their Data when it occurs on a legal basis other than consent.
  • Access their Data. The Data Subject has the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing, and to receive a copy of the processed Data.
  • Verify and request rectification. The Data Subject may verify the correctness of their Data and request their update or correction.
  • Obtain the restriction of processing. The Data Subject may request the restriction of the processing of their Data. In this case, the Data Controller will not process the Data for any other purpose than their mere storage.
  • Obtain the erasure or removal of their Personal Data. The Data Subject may request the Data Controller to erase their Data.
  • Receive their Data or have them transferred to another controller (Right to Data Portability). The Data Subject has the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to obtain their transfer without hindrance to another controller.
  • Lodge a complaint. The Data Subject may lodge a complaint with the competent Personal Data Protection Supervisory Authority or take legal action.

Data Subjects also have the right to obtain information regarding the legal basis for the transfer of Data abroad, including to any international organisation, as well as regarding the security measures adopted by the Data Controller to protect their Data.

Details on the Right to Object

When Personal Data are processed in the public interest, in the exercise of official authority vested in the Data Controller, or to pursue a legitimate interest of the Data Controller, Data Subjects have the right to object to the processing for reasons related to their particular situation.

Data Subjects are informed that, where their Data are processed for direct marketing purposes, they may object to the processing at any time, free of charge, and without providing any reason. If Data Subjects object to processing for direct marketing purposes, Personal Data will no longer be processed for such purposes. To find out whether the Data Controller processes Data for direct marketing purposes, Data Subjects can refer to the respective sections of this document.

How to Exercise Rights

To exercise their rights, Data Subjects may address a request to the contact details of the Data Controller indicated in this document. The request can be submitted free of charge, and the Data Controller will respond as quickly as possible, in any case within one month of receipt, providing the Data Subject with all information required by law.

Any rectification, erasure, or restriction of processing will be communicated by the Data Controller to each recipient, if any, to whom the Personal Data have been transmitted, unless this proves impossible or involves disproportionate effort. The Data Controller will inform the Data Subject about such recipients if the Data Subject requests it.

Further Information on Processing

Legal Defense

The Data Subject’s Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages for their possible institution for defense against abuse in the use of this Application or related Services by the Data Subject. The Data Subject declares to be aware that the Data Controller may be obliged to disclose the Data by order of public authorities.

Specific Disclosures

Upon request of the Data Subject, in addition to the information contained in this Privacy Policy, this Application may provide the Data Subject with additional and contextual disclosures regarding specific Services or the collection and processing of Personal Data.3

System Logs and Maintenance4

For operational and maintenance purposes, this Application and any third-party services it uses may collect system logs, which are files that r5ecord interactions and may also contain Personal Data, such as the Data Subject’s IP address.

Information Not Contained in This Policy

Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.6

Changes to This Privacy Policy7

The Data Controller reserves the right to make changes to this Privacy Policy at any time, notifying Dat8a Subjects on this page and, if possible, on this Application, as well as, where technically and legally feasible, by sending a notification to Data Subjects through one of the contact details in its possession. Please therefore consult this page frequently, referring to the date of last modification indicated at the bottom of the document.

If the changes affect processing whose legal basis is consent, the Data Controller will collect the Data Subject’s consent again, if necessary.

In Order to consult our privacy policy, please contact the Data Processor: sgq@scandurrastudio.com

COOKIE POLICY This Application uses Tracking Tools. To find out more, Users may consult the Cookie Policy.