This page will describe management of our web site as regards processing the personal data of users that visit us.
This information is provided – also in pursuance of Section 13 of Legislative Decree no. 196/2003 – to any entity having to do with the web-based services that are made available by Smile Capital S.r.l. / GmbH per la protezione dei dati personali (Italian Data Protection Authority) via electronic networks as from the following address:
which corresponds to the home page of our official web site.
The information provided only applies to our web site and does not concern any web sites that may be visited by an user via external links.
The information provided is also based on the guidelines contained in Recommendation no. 2/2001, which was adopted on 17 May 2001 by the European data protection authorities within the Working Party set up under Article 29 of European Directive 95/46/EC in order to lay down minimum requirements for the collection of personal data online – especially with regard to arrangements, timing and contents of the information to be provided by data controllers to users visiting web pages for whatever purpose.
The above Recommendation as well as a summary of its purposes can be found in another section of this site.
Visiting this site may result into the processing of data concerning identified or identifiable persons.
The data controller is Smile Capital S.r.l. with registered office in Pescara (Italy), Via Ruggero Settimo n. 5 – I-65123.
Place Where Data Is Processed
The processing operations related to the web-based services that are made available via this website are carried out at the aforementioned office exclusively by technical staff in charge of said processing, or else by persons tasked with such maintenance activities as may be necessary from time to time.
No data resulting from web-based services is either communicated or disseminated.
Any personal data that is provided by users requesting to be sent information materials such as bulletins, CD-ROMs, newsletters, annual reports, answers to questions, decisions and sundry provisions, etc. is only used to provide the service and/or discharge the tasks requested and is disclosed to third parties only if this is necessary for the said purposes.
Categories of Processed Data
The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols.
Such information is not collected in order to relate it to identified data subjects, however it might allow user identification per se after being processed and matched with data held by third parties.
This data category includes IP addresses and/or the domain names of the computers used by any user connecting with this web site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user’s operating system and computer environment.
These data are only used to extract anonymous statistical information on website use as well as to check its functioning; they are erased immediately after being processed. The data might be used to establish liability in case computer crimes are committed against the website; except for this circumstance, any data on web contacts is currently retained for no longer than seven days.
Data Provided Voluntarily by Users:
Sending e-mail messages to the addresses mentioned on this website, which is done on the basis of a freely chosen, explicit, and voluntary option, entails acquisition of the sender’s address, which is necessary in order to reply to any request, as well as of such additional personal data as is contained in the message(s).
Specific summary information notices will be shown and/or displayed on the pages that are used for providing services on demand.
No personal data concerning users is acquired by the website in this regard.
No cookies are used to transmit personal information, nor are so-called persistent cookies or user tracking systems implemented.
Use of the so-called session cookies – which are not stored permanently on the user’s computer and disappear upon closing the browser – is exclusively limited to the transmission of session ID’s – consisting of server-generated casual numbers – as necessary to allow secure, effective navigation.
The so-called session cookies used by this website make it unnecessary to implement other computer techniques that are potentially detrimental to the confidentiality of user navigation, whilst they do not allow acquiring the user’s personal identification data.
Optional Data Provision
Subject to the specifications made with regard to navigation data, users are free to provide the personal data either to be entered in the application forms submitted to the Office or referred to in contacting the Office to request delivery of information materials and other communications.
Failure to provide such data may entail the failure to be provided with the items requested.
For completeness’ sake, it should be pointed out that in some cases – which are not the subject of the standard management of this website – our Authority may request information pursuant to Section 157(1) of Legislative Decree no. 196/2003 with a view to supervising the processing of personal data. In these cases it is mandatory to comply under penalty of administrative penalties.
Personal data is processed with automated means for no longer than is necessary to achieve the purposes for which it has been collected.
Specific security measures are implemented to prevent the data from being lost, used unlawfully and/or inappropriately, and accessed without authorisation.
Data Subjects’ Rights
Data subjects are entitled at any time to obtain confirmation of the existence of personal data concerning them and be informed of their contents and origin, verify their accuracy, or else request that such data be supplemented, updated or rectified (Section 7 of Legislative Decree no. 196/2003).
The above Section also provides for the right to request erasure, anonymisation or blocking of any data that is processed in breach of the law as well as to object in all cases, on legitimate grounds, to processing of the data.
All requests should be emailed, faxed, or sent via regular mail.
Informative statement on the processing of your personal data nr. 229/2014
What are cookies?
An HTTP cookie (also called web cookie, tracking cookie or simply cookie) are text lines used as a way to automatically authenticate the user, to track the sessions and to store specific information about the users that log to the server as – for example – favourite sites or, in case of online stores, the content of the shopping cart.
Specifically they are small pieces of data sent from a website to a client (usually a browser) and then sent back to the server (without being affected) each time that the client logs in the same page of the same domain.
Each domain or page visited with the browser can set cookies. A typical internet page – e.g. that of a newspaper – contains objects that come from many different domains and each of them can set cookies. It’s therefore usual for the browser to host hundreds of cookies.
How to control cookies
You can control and/or verify cookies at any given time – to know more about it, visit aboutcookies.org. You can delete cookies that are already on your computer and almost all browsers can be set up to prevent from accepting new ones. If you choose this option, you have to modify manually some favourites each time you visit the site and it’s possible that some services or functions are not available anymore.
Which types of cookies do we use?
This site does not use profiling cookies.
Technical cookies, which are cookies of navigation or (web-)sessions and strictly necessary for the functioning of the site or to allow the user to use the contents and the services required.
DATA PROTECTION POLICY
We, Smile Capital GmbH / S.r.l., are pleased that you are visiting our website and are interested in our company. We know that careful handling of your personal data is important to you. We are, of course, committed to protecting your data in compliance with the statutory provisions for the protection of personal data.
In the following Data Protection Policy, we would like to inform you in particular about how we collect and process your personal data when you use our website as well as about your rights in this respect.
Controller within the meaning of Article 4(7) of the EU General Data Protection Regulation (GDPR) for the processing of your personal data in accordance with the statutory provisions on data protection is:
Smile Capital GmbH / S.r.l.
Mail privacy (at) smile-capital.com
2. Data protection officer
If you have any questions regarding data protection or need additional information on data protection-related processes on our website, please feel free to contact our data protection officer:
Mail dataprotection (at) smile-capital.com
3. Information on the collection and processing of data
You can, in principle, visit our website without registration or logging in. Data is only collected and used to the extent governed by the following provisions. We only collect, store or use personal data to the extent that we have a lawful basis to do so or you have consented to such collection, storage and use. The provision of personal data or giving consent is, in principle, voluntary. If you do not give us your consent or provide us with personal data it will, in principle, have no negative effects for you.
“Personal data” means any information relating to an identified or identifiable natural person. These include, in particular, name, address, email address, gender, birthday, phone number, age and bank details.
We collect and process the following data on our website:
3.1. Standard log files when visiting our website (server log)
When you access our websites, the web server automatically collects and stores information. The automatically collected information specified below is collected and processed to ensure the operability and safety of our website.
This automatically collected data includes:
• Domain name or IP address
• Date and time of the server request
• File names and URL you have accessed
• Access status/http status code
• Referrer URL (i.e. the website you have previously accessed)
• Web browser
• Operating system and its interface as well as
• Browser software version and language.
The legal basis for the collection of the IP address is Article 6(1) sentence 1 lit. (f) GDPR. It is necessary to record the IP address in order to ensure the safety and stability of our internet services, e.g. in the event of hacker attacks.
This information is stored separately from the further data you might have transmitted to us, in particular with a view to processing your inquiries. The data specified above is not linked to such further data. The data cannot be traced back to your person or your individual behaviour.
3.2. Under what circumstances and based on what legal basis is further “personal data” collected and processed?
We collect and process further personal data only if this is permissible under the applicable statutory provisions regarding the protection of personal data or you have given us your consent to do so.
If we collect personal data based on your consent, you may withdraw consent at any time notifying the controller (see section 1. above) or the data protection officer (see section 2. above) without the withdrawal of consent affecting the lawfulness of processing based on consent before its withdrawal.
3.2.1. Processing of personal data after contacting us
We collect and store the information and personal data that you provide us with via email for the purpose of making contact or within the context of an inquiry or job application (e.g. email address, name etc.). In order to be able to respond to such inquiries in the first place and to adequately deal with such inquiries as requested and according to the purpose of your inquiry, we need to make use of the personal data provided to us in connection with the respective inquiry by collecting, processing and using such data.
The legal basis for processing your personal data which is provided to us via email and used to respond to and process your email is Article 6(1) sentence 1 lit. (f) GDPR.
Furthermore, our career website uses persistent cookies. Persistent cookies lead to a faster and more convenient access to websites by remembering certain settings and ensuring that these are set in advance when you visit the website again, e.g. by saving your previous selection of language. Persistent cookies are stored for a specified period of time and are only deleted automatically after the expiry of such time.
3.4. Use of Google Analytics
We use Google Analytics, a web analysis service, to analyse the website activities of our visitors and web traffic to our website as well as to optimise our website. Using Google Analytics provides us with statistics the evaluation of which helps us improve our website and enhance its attractiveness to our visitors. Google Analytics is a service of Google LLC, 1600 Parkway, Mountain View, CA 94043, USA, and Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
In order to be able to analyse the use of the website, Google Analytics stores cookies (cf. section 3.3) on your terminal device. As soon as you access our website, the information generated by these cookies is transferred to the servers of Google for the purpose of web analytics. In this context, it is also possible that personal data is transferred to the USA. The set of data generated by the cookies includes not only functional data but also personal data such as your IP address and identifiers generated by Google (e.g. user ID if you have a Google account).
In addition, we use the advertising features of Google Analytics to increase the awareness of our company in the market. These features allocate Google advertising cookies to our users, which are then used to show personalised ads and target ads to particular audiences in the Google Display Network. To this end, you will be allocated a so-called advertiser ID/Advertising ID by Google.
We use Google Analytics in the “anonymizeIP” mode. In this mode, your IP address is truncated prior to being processed ensuring that your terminal device is not identifiable and thus the data cannot be traced back to your person. Hence, a link between the data and an individual can only be established by the identifiers generated by Google itself (e.g. user ID, advertising ID).
Please note that Google analyses the data generated by the cookies on our behalf and merely provides us only with anonymous statistical data that is required for web analytics. At no time, we are able to identify your person on the basis of Google Analytics and the statistical information and advertising services delivered by Google Analytics.
The legal basis for the processing of the data mentioned above is Article 6(1) sentence 1 lit. (f) GDPR.
Please note that we have concluded a data processing agreement with Google (for more information see section 6 of this Data Protection Policy).
You can deactivate the placement of cookies by our website and thus the use of Google Analytics in the settings of your browser. Information on this can be found in the help function of your browser. You can also terminate the evaluation of the collected information by deleting the cookies set by Google Analytics in the settings of your browser. In addition, you can also prevent your data from being processed by Google by downloading the opt-out browser add-on to deactivate Google Analytics (which is available at tools.google.com/dlpage/gaoptout) and installing it on your terminal device. Please note that in such cases you may not be able to fully use all the functions of our website.
For further information as well as the applicable data protection provisions of Google, please see https://policies.google.com/privacy?hl=de.
Please also note that in cases where personal data is also transferred to the USA, Google has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework), which was designed to promote data protection, and is thus required to comply with the data protection standards set forth therein.
4. Duration of the storage of personal data
Your personal data, which we are allowed to process on a lawful basis or to the processing of which you have given your consent, is principally only stored for the duration required for the purposes specified above or, alternatively, until you withdraw your previously given consent to the processing of your personal data or you object to such processing in accordance with section 9 of this Data Protection Policy.
5. Data backup and location of processing activities
All our systems on which personal data is stored are password-protected and only accessible to a limited group of persons. Processing and use of the data will take place exclusively in the territory of the Federal Republic of Germany, in a Member State of the European Union or another contracting state of the Agreement on the European Economic Area.
6. Forwarding of data
We will not pass your personal data on to any third parties, except if we are legally entitled to do so or if you have given your consent.
6.1. Forwarding of data to any state facilities and/or public authorities shall only take place when we are required to do so by mandatory legal provisions or official or judicial orders.
6.2. If necessary, in order to ensure and improve the operability of our website, we pass the data collected in accordance with section 3 above on to IT or web service providers. These service providers require the forwarded data for the processing and maintenance of the website as well as for the purpose of web hosting and technical works to be carried out on our server environment. The legal basis for this forwarding of the data is Article 6(1) sentence 1 lit. (f) GDPR.
6.3. In addition, we cooperate with a processor within the meaning of Article 28 GDPR, which processes your personal data in accordance with section 3 herein exclusively on our behalf pursuant to our instructions and in line with the contracts concluded for this very purpose. In this context, your personal data is forwarded to our web analytics service provider which carries out, on our behalf, the statistical evaluation of the visits to our website to help make sure that our website targets your interests and assists us in the placement of advertisements. The legal basis for such forwarding of your personal data is Article 6(1) sentence 1 lit. (f) GDPR.
6.4. If the aforementioned requirements are not met, we only forward personal data to third parties if you have consented thereto (Article 6(1) sentence 1 lit. (a) GDPR).
7. Your rights
You have the following rights vis-à-vis us regarding your personal data:
• Right of access (Article 15 GDPR),
• Right to rectification or erasure (Articles 16 and 17 GDPR),
• Right to restriction of processing (Article 18 GDPR),
• Right to data portability (Article 20 GDPR).
8. Right to lodge a complaint with the data protection supervisory authority
If you believe that our processing of your personal data is not in compliance with the provisions described herein and/or the applicable data protection laws, you have the right to lodge a complaint with one of the competent data protection supervisory authorities.
9. Right to object
According to Article 21(1) GDPR, you have the right to object at any time to the processing of your personal data within the meaning of Article 6(1) sentence 1 lit. (e) or (f) of GDPR. Furthermore, you can at any time object to the processing of your personal data for advertising purposes and for purposes of market and opinion research. We kindly ask you to indicate in your objection the reasons why we should no longer process your personal data. You may address your objection to the controller (see section 1.) or to our data protection officer (see section 2.). In case of a substantiated objection, we shall no longer use your personal data for the respective purposes and erase them from our system, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.