Privacy Policy
p
Intro
This Privacy Policy (hereinafter, the “Policy”) is issued pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter “GDPR”). It provides clear, detailed, and transparent information regarding the processing of personal data collected through the website www.xomero.org (hereinafter, the “Website”).
Data Controller
The Data Controller, as defined under Article 4(7) of the GDPR, is:
Xomero Consulting
via Padova 4, Treviso, Italy
Email: info@xomero.org
The Data Controller determines the purposes and means of the processing of personal data collected through the Website.
Categories of Personal Data Processed
The personal data collected and processed may include, but are not limited to:
Identification Data: First and last name, email address, phone number, gender.
Company-Related Information: Company name, size, industry sector.
Technical Data: IP address, browser type, operating system, and device type.
Usage Data: Information regarding user interactions with the Website.Personal data are collected directly from the data subject or through automated tools, such as cookies and tracking technologies.
Purposes and Legal Basis for Processing
Personal data are processed for the following purposes, in accordance with the legal bases specified under Article 6 of the GDPR:
To Respond to Inquiries:
Purpose: To communicate with users and provide requested information or services.
Legal Basis: Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR).
To Analyze and Optimize the Website:
Purpose: To monitor and improve website performance through analytics.
Legal Basis: Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR).
To Conduct Marketing Activities:
Purpose: To send newsletters, promotions, or other materials.
Legal Basis: Explicit consent provided by the data subject (Art. 6(1)(a) GDPR).
Compliance with Legal Obligations:
Purpose: To fulfill obligations imposed by applicable laws or regulations.
Legal Basis: Compliance with a legal obligation (Art. 6(1)(c) GDPR).
Retention Period
Personal data will be retained only for as long as necessary to fulfill the purposes for which they were collected or to comply with applicable legal obligations. Specifically:
Inquiries and Customer Service Data:
Retained for the duration necessary to handle the inquiry and up to 2 years thereafter.Analytics Data:
Retained in anonymized form or in compliance with third-party provider policies.Marketing Data:
Retained until consent is withdrawn. Data may be stored for longer periods where required by legal, regulatory, or contractual obligations.
Rights of the Data Subject
Pursuant to Articles 15-22 of the GDPR, data subjects have the following rights:
Right of Access:
Obtain confirmation as to whether personal data are being processed, and access such data.Right to Rectification:
Request correction of inaccurate or incomplete personal data.Right to Erasure:
Request deletion of personal data under the conditions set out in Article 17 GDPR.Right to Restriction:
Request restriction of processing in specific circumstances.Right to Data Portability:
Receive personal data in a structured, commonly used, and machine-readable format.Right to Object:
Object to processing based on legitimate interest or direct marketing.Right to Lodge a Complaint:
File a complaint with the competent Supervisory Authority (in Italy: Garante per la Protezione dei Dati Personali). Data subjects may exercise their rights by contacting the Data Controller at info@xomero.org.
Recipients and Transfers of Personal Data
Personal data may be accessed by the following:
Internal personnel of the Data Controller authorized to process data.
Service providers engaged by the Data Controller (e.g., IT and analytics providers).Data will not be transferred outside the European Economic Area (EEA). If a transfer is necessary, it will be conducted in compliance with Articles 44-49 of the GDPR, ensuring appropriate safeguards.
Cookies and Similar Technologies
This Website uses cookies in compliance with Regulation (EU) 2019/2088 (ePrivacy Directive) and GDPR.
Types of Cookies:
Technical Cookies: Necessary for the proper functioning of the Website.
Analytics Cookies: Used to understand user behavior in anonymized form.
Third-Party Cookies: May collect personal data and monitor user activity.
Cookie Management:
Users can manage preferences through the cookie banner or browser settings. For more details, refer to the Use of Cookies.
Data Security Measures
The Data Controller implements appropriate technical and organizational measures pursuant to Article 32 GDPR to ensure the security of personal data, including:
SSL encryption for data transmission.
Regular security audits and vulnerability assessments.
Restricted access to personal data based on roles and responsibilities.
Data Breach Notification
In the event of a personal data breach, the Data Controller will notify the competent Supervisory Authority without undue delay and, where feasible, within 72 hours, as required by Article 33 GDPR. Where the breach poses a high risk to the rights and freedoms of data subjects, affected individuals will also be informed in accordance with Article 34 GDPR.
Third-Party Services
This Website uses services such as Google Analytics, ensuring compliance with GDPR through measures such as anonymization of IP addresses. For details on Google Analytics’ data processing practices, refer to their privacy policy.
Amendments to the Policy
The Data Controller reserves the right to amend this Policy to reflect changes in legal or regulatory requirements. Users will be informed of significant changes through appropriate communication channels.
Contact Information
For inquiries or to exercise data protection rights, contact:
Agency: XOMERO Consulting Enterprise
Address: Via Padova 4, Treviso, Italy
Email: info@xomero.org
Website: www.xomero.org
