Privacy Notice Pursuant to EU Regulation No. 2016/679
Below you can find information regarding the processing of data of readers who connect to the website owned by I.C.M. – Institut de Certification Méditerranéen – S.A.R.L.; the purpose is to describe the management methods of this Site, with reference to the processing of personal data of users who consult it, and to allow them to understand the purposes and methods of processing of personal data by I.C.M. – Institut de Certification Méditerranéen – S.A.R.L.
The processing of readers’ data will therefore take place in compliance with the principles of lawfulness, fairness, and transparency, as well as for specified, explicit, and legitimate purposes, and in a manner compatible with those purposes. Your personal data will be processed so that they are “adequate,” “relevant,” and “limited” to what is necessary for the purposes for which they are collected; as well as “accurate” and, if necessary, “updated,” and “kept” in a form which permits identification of the data subject for no longer than is necessary for the purposes of the processing, ensuring at the same time their integrity and confidentiality, in compliance with the data protection legislation set out in EU Regulation No. 2016/679 and the Personal Data Protection Code.
This notice is provided only for our Site and not for other websites that may be consulted by the user via links.
Users are required to carefully read this notice before submitting any kind of personal information and/or filling in any electronic form on the Site.
To provide you with the personalized services offered by our websites, I.C.M. – Institut de Certification Méditerranéen – S.A.R.L., as Data Controller, must process certain identification data necessary for the provision of the Service.
1) TYPES OF DATA PROCESSED
1.1 Navigation data
The IT systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (success, error, etc.), and other parameters relating to the user’s operating system and IT environment. These data are used solely for the purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning, and are deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical computer crimes against the site.
1.2 Voluntarily provided personal data
The optional, explicit, and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Furthermore, the user is free to provide identifying personal data (such as name, surname, company name, address, telephone number, e-mail, etc.) included in request forms on the CONTACT, NEWSLETTER, REGISTRATION and SIGN UP pages of the site in order to request informational material or other communications and/or requests for membership and/or contracts for the Controller’s services.
Failure to provide such data may make it impossible to obtain what has been requested.
Specific summary notices will progressively be provided or displayed on pages of the site set up for particular requested services.
1.3 Cookies
No personal user data is acquired by the site in this regard.
No cookies are used for the transmission of personal information, nor are persistent cookies or user tracking systems used.
The use of so-called session cookies (which are not stored persistently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable safe and efficient browsing of the site.
The session cookies used on this site avoid the use of other IT techniques potentially prejudicial to user privacy and do not allow the acquisition of personal identifying data.
The site can also be visited without cookies. Most browsers automatically accept cookies. It is possible to avoid automatic cookie storage by selecting the appropriate option in the browser settings. For more information, refer to the browser instructions. Cookies already stored on the hard disk can be deleted at any time via the browser.
Choosing not to accept cookies may make browsing less convenient or limit the use of applications available through the site.
On our sites we display advertising managed directly and also by third parties (for example: Google Adsense, and statistical services such as Google Analytics and Shinystat, which use cookies). You can exclude or delete cookies using appropriate tools or disable cookies in your browser. By using the sites, you accept the services as offered and described.
If you wish, you can manage cookies directly through your browser settings. For further information and support, you may also visit the help page of the web browser you are using:
2) PURPOSES OF PROCESSING
Your personal data are processed:
A) Without your explicit consent (Art. 6(b), (e) GDPR), for the following Service Purposes:
B) Only with your specific and separate consent (Arts. 23 and 130 Privacy Code and Art. 7 GDPR), for the following Marketing Purposes:
If you are already our member, we may send you commercial communications relating to services and products similar to those you have already used, unless you object (Art. 130(4) Privacy Code).
All your data will be processed for the purposes for which they were collected and therefore for the proper functioning of our site, as well as for statistical analysis and to provide and respond to your requests.
3) METHODS OF PROCESSING
The processing of your personal data is carried out through the operations indicated in Art. 4 of the Privacy Code and Art. 4(2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Your personal data are processed both in paper form and electronically and/or in automated form.
Data will be stored for a period not exceeding that necessary for the purposes for which they were collected or subsequently processed.
Specific security measures are observed to prevent data loss, unlawful or improper use, and unauthorized access.
Data are not transferred to countries outside the European Union.
4) SCOPE OF DATA DISCLOSURE
For the purposes indicated and within the strictly necessary limits, data may be made known to employees or collaborators of I.C.M. – Institut de Certification Méditerranéen – S.A.R.L. within the scope of their assigned duties.
Furthermore, data may be made known to categories of subjects performing activities connected and instrumental to those carried out by I.C.M. – Institut de Certification Méditerranéen – S.A.R.L., to whom the latter may turn – upon appointment as data processors – for the execution of such activities, within the strictly necessary limits and in compliance with the stated purposes. These include, for example, user support providers, IT managers, tax and labor consultants, and logistics operators.
Without the need for explicit consent (Art. 6(b) and (c) GDPR), the Controller may communicate your data for the purposes under Art. 2(A) to supervisory authorities, judicial authorities, and those subjects to whom disclosure is required by law. These subjects will process the data as independent data controllers.
Your data will not be disseminated.
5) DATA TRANSFER
The management and storage of personal data will take place on servers located within the European Union of the Controller and/or third-party companies duly appointed as Data Processors. Currently, servers are located in Italy. Data will not be transferred outside the European Union. However, the Controller reserves the right, if necessary, to move server locations within Italy and/or the EU and/or non-EU countries. In such case, the Controller ensures that any transfer outside the EU will comply with applicable law, including, if necessary, standard contractual clauses approved by the European Commission or other adequate safeguards.
6) DATA CONTROLLER AND DATA PROCESSOR
The “data controller” is I.C.M. – Institut de Certification Méditerranéen – S.A.R.L., with registered office at Bloc C, 9ème étage, Epi Center, 16 Rue de Syrie – 1002 – Tunis – Tunisia.
The Data Protection Officer is Dr. Salvatore Sarago’ – e-mail: sarago.salvatore@gmail.com
Further information on appointed data processors is available upon request at: info@icmmediterraneen.com
7) PLACE OF DATA PROCESSING
Processing related to the web services of this site is carried out at the Controller’s address.
8) MINORS
The Controller does not knowingly collect personal information relating to minors. If such information is unintentionally recorded, it will be promptly deleted upon request.
9) RIGHTS OF DATA SUBJECTS
At any time, pursuant to Art. 15 GDPR, you may obtain confirmation of whether or not personal data concerning you exist, and be informed of their content and origin, verify their accuracy, request integration, updating, rectification, deletion, or restriction of processing in violation of the law, as well as transformation into anonymous form, object to processing, and withdraw consent at any time.
Requests to exercise these rights should be sent to: info@icmmediterraneen.com
or by registered mail to Bloc C, 9ème étage, Epi Center, 16 Rue de Syrie – 1002 Tunis – Tunisia.
If you do not receive a response or receive only a partial response, you may lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) via www.garanteprivacy.it
10) CHANGES TO THIS NOTICE
This Privacy Notice may be subject to changes. It is therefore recommended to check this notice regularly and refer to the most up-to-date version.