Privacy Policy EN

The company Lancio Entertainment S.p.A. (hereinafter “LancioE” or “Data Controller”), notifies that it is the data controller of personal data pursuant to articles 4, n. 7) and 24 of EU General Data Protection GDPR 2016/679 of 27 April 2016 (hereinafter, “GDPR“) and notifies pursuant to art. 13 of the GDPR that will proceed with the related processing for the purposes and with the modalities and means indicated below.

The terms “Data Subject” refers to any natural person whose data are processed for pre-contractual purposes (e.g., persons who contact LancioE making requests) or contractual purposes (e.g., customers who purchase digital contents according to the applicable contractual conditions).

Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The Data Subject’s personal data will be processed with the support of computerized, electronic or telematic means for the pursuit of the purposes specified below and in compliance with both the GDPR (which for the purposes of this Information Notice also indicates the Guidelines issued by the European Data Protection Board – EDPB for its correct application) and – when applicable – of the current Italian legislative decree as of 30^th June 2003, n. 196 (hereinafter, the “Italian Data Protection Code“), as national legislation coordinated with the GDPR.

Information and contact details of the Data Controller.

The details of the Data Controller are:

Lancio Entertainment S.p.A.

Registered office: Viale Bruno Buozzi, 58 00197 Roma

Tel.: +39 06 3350644

Fax: +39 06 3350632

Email: [email protected]

PEC: [email protected]

Website: www.lancio-e.com

(hereinafter, also just “LancioE“)

The foregoing contact details are also provided to the Data Subject to send complaints or requests for data protection rights exercise.

Information and contact details of the Data Protection Officer (DPO).

LancioE has appointed the Data Protection Officer who can be contacted at the following addresses:

Geographical address: Viale Bruno Buozzi, 58 00197 Roma

Dedicated email of the DPO: [email protected]

Purpose of the processing of personal data.

LancioE is a Content Service Provider and Publisher offering digital entertainment contents developed on its own or purchased from third party suppliers. The offer includes games in download or html5 version; apps, wallpapers, personalization content, tests, quizzes, horoscopes, digital pastimes, movies and TV series streaming via web platform, wap or application; thematic streaming channels on various topics; news, weather services, finance, tech, in video and digital format. Below, the set of such content, goods and services is collectively referred to as “Digital Entertainment Content“.

Pre-contractual and contractual purposes.

First of all, the processing of personal data pursues the purposes of making it possible to enter into a contract between the Data Subject and LancioE. “Contract” means as a whole, and as the case may be:

lo negotiate and stipulate one or more contractual relationships between LancioE and the Data Subject for the purchase of one or more Digital Entertainment Content, regardless of the methods, platforms and digital markets where this takes place;
the technical fulfillment of the contract stipulated with the Data Subject, at every stage, to make it possible to use the Digital Entertainment Content purchased, including customer care service and technical support, even remotely, and
the management of complaints or management of any litigation arising from the complaints submitted by the Data Subject.

In addition, before the conclusion or regardless of the conclusion of the Contract, the processing of the personal data of the Data Subject pursues also pre-contractual purposes, whenever the Data Subject contacts LancioE to request and obtain information of any kind, from any communication channel come from the contacts (e.g. filling in online forms on we b websites and applications, electronic platforms, social media; digital markets and stores; etc) . In these cases, processing is necessary in order to take steps at the request of the Data Subject prior to entering into a contract (the “Pre-contractual Purposes“).

Purpose of complying with legal obligation to which the Data Controller is subject.

Where, as illustrated below in detail, processing of identification data of the user who purchases a Digital Entertainment Content occur, the Data Controller shall also pursue in these cases civil, administrative, accounting and tax purposes (in the case of payment management or the need for civil proof) as well as compliance with legal obligation in general.

Modalities of the processing. Categories of personal data processed for pre-contractual and contractual purposes.

When the Data Subject purchases a Digital Entertainment Content at any digital store, LancioE proceeds with the processing specified below.

Processing aimed at allowing users to download the Digital Entertainment Content from the digital store and to install it on their device.

It is possible for any user to download and install the Digital Entertainment Content purchased on any digital store without the need to register or otherwise provide personal identification data. In this case, LancioE does not collect or process identification data or the identity of the user while with regard to the technical data of the device, such as unique identification codes such as ID, IMEI, ICCID, IMSI, UDID, or other data such as: date and time of download and installation, operating system, device model, IP, country and city from which the connection originates, geolocation they are processed only for technical purposes of installation of the Digital Entertainment Content purchased on the user’s device or to identify the user’s device only for the phase of providing remote technical assistance in case of errors or malfunctions. No device tracking technologies are used. LancioE only access to the user’s device to allow the user to download and install Digital Entertainment Content purchased. For greater transparency, LancioE specifies that in these cases the processing of technical data of the device or taken from the device as listed above has no possibility of identifying – either directly or indirectly – the Data Subject to whom the technical data indicated above refer. These technical data are in no way associated with further information – which among other things LancioE does not even collect or may possess in any way – which could make the Data Subject identifiable by association (“pseudonymous data“).

Processing aimed at allowing users to download the Digital Entertainment Content from the digital store and install it on their device through authentication through social login.

In some cases, the user authenticates the Digital Entertainment Content purchased through the so-called social login. In these cases, the platform from time to time considered (eg: Google, Apple, Facebook, etc.) requires the user’s consent to communicate to LancioE some data necessary for download, installation and – where required – authentication. These platforms act as independent Data Controllers and process the data autonomously on their systems and they must collect the consent of the Data Subject to communicate the data to LancioE. The latter receives in addition to the technical data listed in the previous paragraph, also some identification data, in this case: the user’s email and his name and surname. By means of a specific software (Microsoft Playfab SDK), the technical data of the user’s device, such as the ID, are associated with the identification data of the Data Subject. These identification data can be accessed by the LancioE representatives who remotely provide users with technical support. LancioE specifies that in the cases considered here, the identification data (email name and surname) associated with the other technical data indicated above are processed exclusively for technical management, support and assistance purposes in relation to the Digital Entertainment Content purchased by the Data Subject.

Processing aimed at allowing the operation of the functions offered by the Digital Entertainment Content purchased and the use of the other options provided.

By downloading and installing the Digital Entertainment Content purchased, the Data Subject may enjoy all the services and other options he/she may have. In some cases, depending on the Digital Entertainment Content purchased, the user may also make in-app purchases through “Shop” functions (for example – for game apps – the user can purchase game credits by paying the value thereof in Euro or via other digital elements, according to the contractual conditions provided). In these cases, access to functions that allow in-app purchases forward the user to digital stores managed by third parties (eg: Google Play Store or Apple Store, etc.). LancioE is not involved in any processing, and it shall not access nor receive from third parties any identification data of the user. The Data Subject according to the terms and conditions applicable by the owners of the digital stores concerned, may be subject to the processing of his/her identification data (eg: email, account and similar) for authentication purposes by these third party handling the digital stores concerned.

Processing for non-identifying statistical surveys on the use of the Digital Entertainment Content purchased.

Other possible purposes of data processing pursued by LancioE are statistical non-identifying purposes, LancioE may process information and that can be taken from the user’s device without this device being in any way attributable to an identified or identifiable individual. LancioE specifies again that even in these cases of processing of technical data from the Data Subject’s device – even if carried out at an individual and non-aggregate level – there is no possibility of identifying – either directly or indirectly – the Data Subject / owner of the device, in any way. Nor can the technical data such as ID, IP, etc. collected for these purposes be associated with further information – which LancioE does not even collect or can possess in any way – which could make the individual owner of the device identifiable by association. Even in the cases indicated above where LancioE potentially processes identification data (eg: name and surname and email in case of social login), statistical surveys are carried out through specific technical safeguards that lead to the erasure of the association of such data with the technical data tracked and detected, resulting a processing in all respects anonymous in the sense indicated by Recital 26 of GDPR 679/2016: ” To ascertain whether means are reasonably likely to be used to identify the natural person, account should be taken of all objective factors, such as the costs of and the amount of time required for identification, taking into consideration the available technology at the time of the processing and technological developments. The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes“.

The anonymous or anonymized statistical surveys (also in aggregate or taken from Google Analytics) about the use of the Digital Entertainment Content purchased concern, for example: number of downloads, number of game sessions, overall scores, used features, average time online, device brand, access to the Shop, overview of the first activations or the number of sessions during which the Digital Entertainment Content purchased was opened for the first time on a device, app version, country/region, traffic source data, total number of screens displayed per session, order in which screens are displayed, the amount of expenditure incurred; number of technical errors, including crashes of the Digital Entertainment Content, frequency of return of the user, duration of sessions, loading time of individual elements of the Digital Entertainment Content, actions on certain element, specific to the Digital Entertainment Content, etc.

Excluding, as specified above, the collection of data and / or content stored on the user’s mobile device, LancioE specifies for maximum transparency that the purposes of the processing explained here do not pursue any purpose of profiling and the data – as mentioned – are processed in an absolutely non-identifying way and without the possibility of tracing the identity of a specific user.

Processing to carry out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the contractor or user to provide the service (Cookies Policy)

Definition of “cookies”.

Cookies are usually text strings that an electronic platform (especially websites) visited by the user – called “publisher” – or electronic platforms, sites or different web servers (cd. “third parties”) place and store – directly, in the case of publishers and indirectly, that is, through the latter, in the case of “third parties” – within a terminal device in the availability of the user himself. The terminals referred to are, for example, a computer, a tablet, a smartphone, or any other device capable of storing information. The information encoded in cookies may include personal data, such as an IP address, username, unique identifier or email address, but may also contain non-personal data, such as language settings or information about the type of device a person is using to browse the site.

The same result can also be achieved through the use of similar tracking technologies based on other online identifiers, web beacons, GIFs, or fingerprinting, ie the technique that allows to identify the device used by the user through the collection of all or some of the information relating to the specific configuration of the device itself adopted by the Data Subject. On mobile devices, tracking procedures and technologies such as Client/Device Generated Identifier, Statistical ID, HTML5 Cookie Tracking and Universal Login Tracking are used to collect data from online tracking.

The term ‘Cookies‘ refers below to all the technologies and methods of tracking the user just indicated above operating on web or mobile platforms.

Depending on the characteristics and use of cookies, various types of cookies can be distinguished:

Technical cookies. These cookies are essential for the proper functioning of a website that are used to manage various services related to websites (such as a login or access to reserved functions on the sites). These cookies perform important and different functions, including the monitoring of sessions, the storage of information on specific configurations regarding users who access the server, the facilitation in the use of online content etc. For example, they can be used to keep track of the items in an online shopping cart or the information used to fill out a computer form. Through technical cookies it is possible to allow, among other things, web pages to load faster, as well as to route information over a network – in line with obligations strictly related to the operation of the websites themselves. The duration of cookies is strictly limited to the working session or they can make use of a longer stay time in order to remember the visitor’s choices. Disabling strictly necessary cookies may compromise the experience of using and browsing the website.

Profiling cookies. These are cookies used to bring back to specific, identified or identifiable subjects, specific actions or recurring behavioral patterns in the use of the features offered (patterns) in order to group the different profiles within homogeneous clusters of different sizes, so that it is possible for the owner, among other things, also to modulate the provision of the service in an increasingly personalized way beyond what is strictly necessary for the provision of the service, as well as send targeted advertising messages, that is, in line with the preferences expressed by the user in the context of surfing the net. Through profiling cookies, for example, it is possible to convey behavioral advertising (so-called “behavioral advertising”) and then measure the effectiveness of the advertising message, or to conform the type and methods of services rendered to the behavior of the user subject of previous observation.

Analysis (analytics) and performance cookies. They are cookies used to collect and analyze the traffic and use of a website anonymously. These cookies, even without identifying the user, allow, for example, to detect if the same user returns to connect at different times. They also allow you to monitor the system and improve its performance and usability. The deactivation of these cookies can be performed without any loss of functionality and will be treated in detail later.

Types of cookies used by Lancio Entertainment.

Lancio Entertainment uses on its web or mobile platforms exclusively:

Technical cookies that allow essential functions such as authentication, validation, management of a browsing session, personalization (for example, for the choice of the navigation language, recall ID and password complete with the typing of the first characters), fraud prevention.

Anonymous analysis cookies that pursue exclusively statistical purposes and collect information in aggregate form without the possibility of tracing back to the identification of the individual user. In any case, it is possible to deactivate analysis cookies on the web platform as follows: open your browser, select the Settings menu, click on Internet Options, open the privacy tab and choose the desired level of cookie blocking. If you want to delete cookies already saved in memory, simply open the security tab and delete the history by checking the “delete cookies” box.

Lancio Entertainment does not use or transmit profiling cookies.

Purposes of the processing and purposes of technical session cookies.

The cookies used have the sole purpose of performing computer authentication or monitoring sessions and storing specific technical information regarding users accessing the servers. With this in mind, some operations on its web or mobile platforms of Lancio Entertainment could not be carried out without the use of Cookies, which in such cases are therefore technically necessary. “Technical” cookies can be used even without the consent of the Data Subject, such as the following:

cookies with data compiled by the user (session identifier), lasting a session or persistent cookies limited to a few hours in some cases;
authentication cookies, used for the purposes of authenticated services, for the duration of one session;
user-centric security cookies, used to detect authentication abuses, for a limited persistent duration;
session cookies for media players, such as cookies for “flash” players, lasting one session;
session cookies for load balancing, lasting one session;
persistent cookies for the personalization of the user interface, lasting a session (or a little more);
cookies for sharing content through third-party social plug-ins, for members of a social network who have logged in.

With reference to anonymous analysis cookies that pursue exclusively statistical purposes and collect information in aggregate form without the possibility of tracing back to the identification of the single user (so-called “single out”) Lancio Entertainment adopts a cookie analytics structure according to which the same cookie refers not only to one, but to several devices and at least the fourth component of the IP address is masked. In this way, analytics cookies can be assimilated to technical cookies and do not require Lancio Entertainment to collect any consent from the Data Subject for their use.

Third-party cookies

By visiting a website or an electronic platform you can receive cookies from electronic platforms or websites managed by other organizations (“third parties”) that may reside in Italy or abroad, such as: YouTube, Google API, Google Maps, use of “social plugins” for Facebook, Twitter, Google, LinkedIn, etc. The management of information collected by “third parties” is governed by the relevant information to which reference is made. To ensure greater transparency and convenience, the following are the web addresses of the various information and methods for managing cookies, specifying that Lancio Entertainment has no responsibility for the operation of third-party cookies on this Site.

Google information: on the use of data at the link http://www.google.com/policies/technologies/cookies/ and complete information at the link http://support.google.com/analytics/answer/6004245

Google (configuration): The general opt-out guide for Google services (Maps, YouTube…) is available at the web address http://support.google.com/accounts/answer/61416?hl=it

Facebook information: https://www.facebook.com/help/cookies/ and https://it-it.facebook.com/about/privacy/cookies

Facebook (configuration): log in to your account. Privacy section. Or follow the various guides on the web for example https://support.mozilla.org/en-US/kb/disable-third-party-cookies

Twitter information: https://support.twitter.com/articles/20170514

Twitter (configuration): https://twitter.com/settings/security and https://support.twitter.com/articles/20170519-uso-dei-cookie-e-di-altre-tecnologie-simili-da-parte-di-twitter

Linkedin information: https://www.linkedin.com/legal/cookie-policy

Linkedin (configuration): https://www.linkedin.com/settings/

Lancio Entertainment is unrelated to the operation of third-party cookies, the sending of which is the responsibility of these third-party companies. The obligation to inform the user about the use of cookies and to acquire their prior consent is incumbent on these “third parties”.

Data retention times and other information.

The data will be kept for the times defined by the reference legislation, which are specified below pursuant to art. 13, paragraph 2, letter (a) of GDPR 679/2016 for each of the technical cookies operating on this Site:

Cookie	Description	Duration
__cfduid	The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address and apply security settings based on the client. It does not match any user ID in the Web application and does not store personally identifiable information.	1 month
_gcl_au	This cookie is used by Google Analytics to understand – in a completely anonymous way – the user’s interaction with the website.	2 months
_ga	This cookie is installed by Google Analytics. The cookie is used to calculate the data of visitors, sessions, campaigns and track the use of the site for the site analysis report. Cookies store information anonymously and assign a randomly generated number to identify unique visitors.	2 years
_gid	This cookie is installed by Google Analytics. The cookie is used to store information about how visitors use a website and helps to create an analytical report on the progress of the website. The data collected including the number of visitors, the source from which they come and the pages visited anonymously.	1 day
_dc_gtm_UA-159216498-1	Non-persistent technical cookie used by Google Tag manager to control the loading of Google Analytics tag scripts.	1 minute

Legal basis of the processing.

Pursuant to Article 6 of the GDPR, the legal basis of the processing, in all cases and processing provided for in this paragraph A, is represented by the following: processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Pursuant to Directive 2002/58 EEC on the protection of personal data in the context of electronic communications, as implemented, on this point, by Article 122 of the Italian Data Protection Code, with regard to access to the user’s device for downloading and installing the Digital Entertainment Content purchased, a positive action of the user before the Digital Entertainment Content is downloaded and installed meets the requirement of acquisition and expression of consent as an exclusive prerequisite for accessing the device. In accordance with the provisions of the Opinions of the Working Party EU 29 no. 02/2013 and no. 9/2014 on the collection of technical data of and from the device – it is necessary to collect consent to allow LancioE to access the user’s device for the sole purpose of allowing the installation or maintenance of the Digital Entertainment Content following the download requested by the user as explained in this Information Notice. The consent is given by the user through the positive action of clicking on the button or link or other icon to start the download and installation on the device.

Withdrawal of consent (when necessary) and deletion of data.

Users always have the possibility to withdraw their consent – where required or mandatory based on the above – in a simple way. Data Subject may also withdraw consent to the processing of data by uninstalling the Digital Entertainment Content with the consequence of automatically obtain the deletion of any identifying data – if held and processed.

Processing of personal data by third parties.

LancioE does not communicate or disseminate data or receive – except in the cases of social login of the user as indicated above – identification data from third parties. The Data Subject is informed that possible third parties that collect technical information taken from the user’s device (which are personal data) may be manufacturers of operating systems and devices, app stores, such as application distributors and telecommunications operators. These entities – such as social networks or managers of digital stores, depending on the case and pursuant to the aforementioned Opinion 02/2013 – are not “third parties” but independent data controllers subject on their own to the full compliance with the data protection rules. It must be specified that even if the Data Subject subscribes a particular Digital Entertainment Content, the activation of the subscription is completely managed by other independent data controllers, such as Google or Apple, etc. processing the data as independent data controllers. Further, it has to be specified that LancioE – while being able to access the ranking of the best game scores – is not able to identify users / (identified only by nickname) nor to identify them through association or correlation with other personal information.

Scope of communication and dissemination of data. Obligation or not of consent for the communication of personal data.

In all the cases illustrated above – and where LancioE actually processes user identification data – LancioE will communicate the personal data processed exclusively to:

suppliers of the ICT services sector for installation, assistance and maintenance services of electronic platforms and all services functionally connected and necessary for providing the services covered by the Contract with the Data Subject (eg: technical support to the user for the management and resolution of problems related to the Digital Entertainment Content purchased);
LancioE staff, based on roles or functions and/or specific internal company procedures. The personal data of the Data Subject will be made accessible only to those who need it due to their job or hierarchical position. These subjects are appropriately identified as persons authorized to process pursuant to articles 29 and 32 of the GDPR and 2-quaterdecies of the Italian Data Protection Code and are obliged to the legal commitment to confidentiality and specifically instructed in order to avoid loss, destruction, unauthorized access or unauthorized processing of the data;
any other external third party to whom the communication is due by law or by order of the judicial or other authority and who has the right to receive the data pursuant to the precautions and guarantees provided for by the GDPR.

The personal data of the Data Subject will not be disseminated,.

In all cases of communication to third party recipients LancioE is not obliged to acquire the specific consent of the user to the communication, having to LancioE perform obligations deriving from a contract of which the Data Subject is a party or to fulfill, before the conclusion of the contract, specific requests of the Data Subject; the processing may also be necessary to fulfill an obligation provided for by law, by a regulation or by community legislation.

Where the Data Subject does not intend to provide the personal data requested and necessary on the basis of the foregoing, the consequence would be that of the impossibility of proceeding with the execution of the Contract and the provision of the Digital Entertainment Content that from time to time are the subject. In this case, the navigation of the electronic platforms of LancioE would always be possible.

Transfer of personal data to countries outside the European Economic Area.

Pursuant to art. 13, paragraph 1, letter (f) of the GDPR, we inform you that where LancioE processes identification data of the Data Subject in the specific capacity of Data Controller, these are not transferred to third countries outside the European Economic Area (European Union + Norway + Iceland + Liechtenstein).

Please note that any third parties (e.g. Google, Apple, Facebook, etc.) who communicate user data to LancioE in their respective capacity as independent data controllers are required to comply with the GDPR in the event of processing or storage of the identification data of their users on servers or platforms outside the European Economic Area. LancioE is extraneous to such activities nor can it be considered to process data outside the EEA.

Data retention terms and other information.

Where LancioE process identification data of the Data Subject in as Data Controller, the data will be kept for civil proof of the legal relationship and to comply with the legal obligation, which in some cases require to store the data up to ten years. However, in compliance with the principle of proportionality and limitation of storage times (Art. 5 GDPR), LancioE will delete all data from the systems (if there is processing of identification data based on what is explained in this Information Notice) when the contractual relationship with the user has terminated or when the Data Subject deletes the Digital Entertainment Content purchased.

Exercise of rights by the Data Subject.

The following rights can only be exercised in case of processing of identification data by LancioE, pursuant to what is explained in this Policy.

On the reference digital store or in some cases in the settings of the Digital Entertainment Content purchased, you can click on the dedicated link to send requests to exercise the rights mentioned below to the single point of contact [email protected].

Pursuant to articles 13, paragraph 2, letters (b) and (d), from 15 to 22 of the GDPR, the Data Subject is informed that:

you have the right to ask LancioE for access to, rectification or cancellation of personal data or limitation of processing concerning you or to oppose their processing, in the cases provided for;
has the right to lodge – in Italy – a complaint to the Guarantor for the protection of personal data, if competent authority, following the procedures and indications published on the official website of the Authority on www.garanteprivacy.it;
alternatively, you have the right to lodge a complaint with another competent European Privacy Authority located in the place of habitual residence or domicile in Europe of those who dispute a violation of their rights, following the procedures and indications of the case;
any corrections or cancellations or limitations of the processing carried out at the request of the Data Subject – unless this proves impossible or involves a disproportionate effort – will be communicated by LancioE to each of the recipients to whom the personal data have been transmitted. LancioE may communicate these recipients to the Data Subject if the Data Subject requests it.

The exercise of rights is not subject to any form constraint and is free of charge. Only in the event of a request for further copies of the data requested by the Data Subject, the Company may charge a reasonable fee based on administrative costs. If the Data Subject submits the request by electronic means, and unless otherwise indicated by the Data Subject, the information is provided in a commonly used electronic format. The specific address of LancioE to transmit requests for the exercise of rights as recognized by the GDPR is as follows: [email protected]. No other formalities are required. The feedback will be given within the terms provided for in Article 12, paragraph 3 of the GDPR (“The data controller provides the Data Subject with information relating to the action taken regarding a request pursuant to articles 15 to 22 without undue delay and, in any case, at the latest within one month of receipt of the request itself. That period may be extended by two months, if necessary, taking into account the complexity and number of requests. The data controller informs the Data Subject of this extension, and of the reasons for the delay, within one month of receipt of the request. If the Data Subject submits the request by electronic means, the information is provided, where possible, by electronic means, unless otherwise indicated by the Data Subject“)

According to the provisions of the Guidelines on transparency WP 260/2017 issued by the EU Group of Guarantors, in the indication of the rights of the Data Subject the data controller must specify a summary / summary of each right in question and must provide separate indications on the right to portability.

Specific information on the right to portability of personal data.

LancioE informs the Data Subject about the specific right to portability. Article 20 of the General Data Protection GDPR introduces the new right to data portability. This right allows the Data Subject to receive the personal data provided to LancioE in a structured format, commonly used and readable by automatic device, and – under certain conditions – to transmit them to another data controller without hindrance.

Only personal data that (a) concern the data subject, and (b) have been provided by the Data Subject to Lancio, and (c) are processed electronically as part of the conclusion of a contract are portable.

Data portability includes the right of the data subject to receive a subset of the personal data concerning him or her processed by LancioE and to retain them for further use for personal purposes. Such storage can take place on a personal medium or on a private cloud, without necessarily entailing the transmission of data to another holder. Portability is a sort of integration and strengthening of the different right of access to personal data, also provided for by art. 15 of the GDPR.

If the Data Subject requests portability together with the direct transmission of his data to another data controller, please note that this right is subject to the condition of technical feasibility: Article 20, paragraph 2 of the GDPR provides that the data can be transmitted directly from one owner to another at the request of the Data Subject, and where this is technically possible. The technical feasibility of transmission from one holder to another shall be assessed on a case-by-case basis. Recital 68 of the GDPR clarifies the limits of what is “technically feasible”, specifying that “it should not entail an obligation for the holders to adopt or maintain technically compatible processing systems”.

We also inform you that pursuant to the WP242 Data Portability Guidelines, holders who comply with a request for portability have no specific obligation to verify the quality of the data before transmitting them. In addition, portability does not impose on LancioE any obligation to retain data for a period longer than necessary or beyond that specified. Above all, it does not impose any additional obligation to retain personal data for the sole purpose of fulfilling a potential request for portability.

The exercise of the right to data portability (or any other right under the GDPR) does not affect any of the other rights. The Data Subject can continue to use and benefit from the service offered by LancioE even after a portability operation has been completed. Portability does not entail the automatic deletion of data stored in the Company’s systems and does not affect the retention period originally envisaged for the data being transmitted. The Data Subject may exercise the rights as long as the processing carried out by the Company continues.

LancioE undertakes to process requests for portability within 30 days of receipt of the request, reserving, pursuant to Article 12, paragraph 3 of the GDPR, the right to find the request within the longer term of three months in cases of greater complexity. The request for portability should be addressed to the following specific email address: [email protected]

Summary information on the other rights of the Data Subject.

The GDPR gives the Data Subject a series of rights that pursuant to the WP 260 Transparency Guidelines it is mandatory to summarize in their main content within the information. These rights are summarized and summarized below:

Right of access (to personal data only): right to obtain from the data controller confirmation as to whether or not personal data concerning the data subject are being processed and in this case, to obtain access to personal data and to be informed about the purposes of the processing; about the categories of personal data in question; about the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations; when possible, the envisaged retention period of the personal data or, if this is not possible, the criteria used to determine that period; if the data have not been collected from the Data Subject, right to receive all available information on their origin; right to receive information on the existence of an automated decision-making process, including profiling and significant information on the logic used, as well as the importance and expected consequences of such processing for the Data Subject.

Right of rectification and integration: The Data Subject has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the Data Subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration. The data controller communicates to each of the recipients to whom the personal data have been transmitted any corrections, unless this proves impossible or involves a disproportionate effort. The data controller communicates these recipients to the Data Subject if the Data Subject requests it.

Right to cancellation: the Data Subject has the right to obtain from the data controller the cancellation of personal data concerning him without undue delay (and where there are no specific reasons of Article 17 paragraph 3 of the GDPR which on the contrary relieve the owner from the obligation to cancel) if the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; or if the Data subject revokes consent and there is no other legal basis for the processing; or if the data subject opposes the processing for marketing or profiling purposes, including by withdrawing consent; if the personal data have been processed unlawfully or concern information collected from minors, in violation of Article 8 of the GDPR. The data controller communicates to each of the recipients to whom the personal data have been transmitted any cancellations unless this proves impossible or involves a disproportionate effort. The data controller communicates these recipients to the Data Subject if the Data Subject requests it.

Right to restriction of processing: the Data Subject has the right to obtain from the data controller the limitation of processing (that is, pursuant to the definition of “limitation of processing” provided by Article 4 of the GDPR: “the mark of personal data stored with the aim of limiting their processing in the future”) when one of the following hypotheses occurs: the Data Subject contests the accuracy of the personal data, for the period necessary for the controller to verify the accuracy of such personal data; the processing is unlawful and the Data Subject opposes the cancellation of personal data and instead requests that their use be limited; although the data controller no longer needs it for the purposes of processing, the personal data are necessary for the Data Subject to ascertain, exercise or defend a right in court; the Data Subject has opposed the marketing processing, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the Data Subject. If the processing is limited, such personal data are processed, except for storage, only with the consent of the Data Subject or for the assessment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of important public interest The Data Subject who has obtained the restriction of processing is informed by the data controller before that restriction is lifted. The data controller shall inform each of the recipients to whom the personal data have been transmitted of any limitations unless this proves impossible or involves a disproportionate effort. The data controller communicates these recipients to the Data Subject if the Data Subject requests it.

Right to object: the Data Subject has the right to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him carried out by the owner or for the execution of a task of public interest or connected to the exercise of public powers of which the data controller is invested or carried out for the pursuit of the legitimate interest of the data controller or third parties (including the profiling). Furthermore, the Data Subject, if personal data are processed for direct marketing or commercial profiling purposes, has the right to object at any time to the processing of personal data concerning him carried out for these purposes.

Right not to be subjected to automated decisions, including profiling: the Data Subject has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person in a similar way, except in cases where the automated decision is necessary for the conclusion or execution of a contract between the Data subject and a data controller; is required by law, in compliance with measures and precautions; is based on the explicit consent of the Data Subject.

For utility, however, the link to articles 15 to 23 of the GDPR on the rights of the Data Subject is reported below.

Information Notice on the processing of personal data (EU General Data Protection GDPR no. 679/2016 – Art. 13)

INDEX