Privacy Policy

This communication explains how we manage the personal data we collect - directly or via third parties - for use on the Luca Orselli Consulting website (loc.dyndevicelcms.com) and is valid for all visitors/users of this site. It does not apply to information received by any channel other than this site. This communication aims to provide maximum transparency in relation to the information the site collects and how this is used.

2. General information
Users (from here on in also "interested parties" as defined in the GDPR and the Privacy Code) are notified of the following general principles which apply to all aspects of data processing:
• all data is treated in a way that is legal, correct and transparent in relation to the interested party, in compliance with general GDPR principles and the Privacy Code;
• we only collect and process user data for the purposes explained in this communication or for the specific purposes that have already been communicated to them and/or users have already agreed on;
• our aim is to collect, process and use the least possible amount of personal data;
• when we collect your personal data, we ensure that it is accurate and up to date;
• if personal data is no longer used for any purpose and we are not required by law to store it, we will do all we can to delete, destroy or anonymise it;
• specific security measures are in place to prevent loss of data, incorrect/illegal use and unauthorised access;
• your data will never be shared, sold, made available or passed on to any subject other than those indicated in this notice.
• full details on all types of collected data are provided by the dedicated sections of this Privacy Policy.

3. Collected data and purpose
We wish to inform interested parties that the data collected will be processed using paper tools (subscription forms, order forms, etc.), software (admin/accounting software, etc.) and telematic tools with organisational and processing procedures that are directly linked to the data's specific purpose, and in any case with guaranteed security, integrity and privacy so as to comply with the organisational, physical and logical measures indicated in the relevant regulations.
If the subject providing personal data is under the age of 16, data processing is licit only when its acceptance has been given or authorised by the legal custodian, whose personal data and copy of a document have also been acquired.

3.1 Browsing data 
During standard use, the IT systems and software procedures that regulate the functioning of the above-mentioned websites collect certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected for a specific purpose but, due to their very nature, could enable third parties to profile users after processing and associating it with other data. This category of data includes IP addresses or domain names of PCs used to connect to the site, Uniform Resource Identifier addresses of users involved, time of requests, the path taken to submit a request, the code used to indicate the type of server reply (successful, error etc.) and other information linked with the operating systems and users' system information.
This data is used solely to get anonymous statistical information on the use of a website and its correct functioning. It may also be used to ascertain responsibility in case of cyber crimes agains the site (site owner's legal rights).
Data is exclusively processed by internal staff who are authorised and trained to process data, and will not be communicated to external entities, distributed or transferred to non-EU contries. Only in case of a legal investigation they may be shared with the relevant authorities. Data is normally collected for short periods of time, save in case of prolonged investigative activities. This type of data is not actively provided by users, but instead automatically collected by the site's technical tools.

3.2 Cookies
Cookies are text files which are stored in interested parties' computers or mobile devices and used by websites to enhance navigation and make it more effective.
In order to comply with EU regulations which require visitors to agree to the processing of their personal data via a direct, explicit, unequivocal action which is also required for "navigation cookies", we have created a "GDPR cookie" form which includes all technical tools to manage and revoke permissions and also provides a higher level of cloud security. With this form, interested parties are able to autonomously view all granted permissions and revoke their acceptance of one or more elements of cookie activity should they wish to do so.
For specific information on how we manage cookies you can check our own cookie policy on this page Cookie Policy.

3.3 Data collected after user acceptance and purposes of processing
The optional and voluntary sending of personal data via one of the site's forms, after accepting the privacy notice, results in the acquisition of the sender's name and email address, which are necessary to answer requests, as well as any other personal data inserted in the form. The company managing the IT infrastructure and its employees may be able to access this data for maintenance purposes only. The data will not be distributed or transferred to non-EU countries.

The collected data is processed for the following purposes:

- answer user enquiries about information on DynDevice and its features and to compile quotations; activate Demo platforms as requested by interested parties; answer requests for assistance submitted via tickets; enable users to access the site's reserved area; for administrative and accounting purposes in relation to service contracts, etc.; for marketing research and stats, references on advertisement, preferences on products and services, and so on.

Data is collected on the following pages:

3.3.1 Contacts
The "Contacts and requests for info" page enables users to send an information or quotation request on DynDevice. The form has a number of fields for personal data (Customer type, Company name, Name, Surname, Address, Post code, Town, Tax or fiscal code, Email, Phone, Fax, Mobile). The subscription is dependant on the explicit, free and informed acceptance of the policy. Data is processed exclusively by staff who are properly authorised and trained to process data. Based on the information requested, data is stored for a time that is appropriate for the specific purpose of its collection. Filling mandatory fields is required to receive a reply. Incomplete compilation of mandatory fields or lack of acceptance of the policy results in the services not being accessible. 

3.3.2 – Newsletter subscription
This page consists of a form which enables interested parties to subscribe to DynDevice's newsletter. The newsletter offers information on the e-learning platform, technical news, updates, etc. The form asks for a number of personal information (Company Name, Name, Surname, Email), Email being the only mandatory one while the others are only aimed at providing Mega Italia Media with further information about subscribers to the service. The subscription is dependant on the explicit, free and informed acceptance. The data is processed exclusively by staff who are properly authorised and trained to process data. The data is stored until the time when "unsubscription" from the newsletter service occurs through the link at the bottom of any sent message. The absence of an email address or the lack of acceptance results in the newsletter service non being available.

3.3.3 – Demo request
This page enables interested parties to activate a platform in demo mode so as to give them the opportunity to test drive it. The form on this page contains a number of personal data fields (Customer type, Company name, Name, Surname, Address, Post code, Town, Tax or fiscal code, email, Phone, Fax, Mobile) as well as an indication of the requesting user's needs. The request for a demo is dependant on the explicit, free and informed acceptance of the policy. Data is processed exclusively by staff who are properly authorised and trained to process data. Based on the information requested, data is stored for a time that is appropriate for the specific purpose of its collection. Filling mandatory fields is required to activate a Demo. Incomplete compilation of mandatory fields or lack of acceptance of the policy results in the services not being accessible.

5. Length of storage
Data that is required to be stored to comply with contractual and accounting regulations are kept for the time needed to complete the relative contractual or accounting relationship. The data of customers who do not buy products or services after being in contact with a company representative will be immediately deleted or used exclusively anonymously, unless its retention is justified, and unless the customers in question have agreed to be part of subsequent promotional activities or marketing research.

6. Legal requirements
The communication of personal data is mandatory in terms of legal and contractual obligations, therefore refusal to provide some or all of it may result in the non-availability of the services requested. The company processes optional user data based on acceptance, i.e. with the explicit approval of this privacy policy and in compliance with the procedures and purposes described above. 

7. User rights
In accordance to EU regulation 679/2016 (GDPR) and national regulations, interested parties can exercise the following rights in the ways and with the limitations allowed by the law:
• request confirmation of the existence of personal data related to them (right of access);
• be informed about its origin;
• receive intelligible communication on the matter;
• be informed about the logic, modes and purposes of its processing;
• request its update, rectfiication, integration, deletion, transformation into anonymous data, block of data used against the law, including data that is no longer necessary for the purposes it was collected;
• in the case of acceptance-based processing, receive all data provided in a structured and readable form from a data processor and in a commonly-used format;
• the right to make a complaint to the controlling Authority.
Exercising customer rights can take place via emails sent to the data processing officer.

8. Transfer of personal data out of the EU area
Personal data will be stored and handled by the Company holding the data and/or specifically-delegated companies on servers located in the European Union. Data will not be transferred out of the EU. It is in any case implied that the Company, whenever it is deemed necessary, will be entitled to move the servers to non-EU locations. Should this occur, the Company will ensure that the transfer of data is executed in compliance with applicable legal requirements, stipulating agreements to guarantee an adequate level of protection whenever necessary.

9. Holder of data and contacts
The company in charge of holding and processing data is Luca Orselli Consulting Sas, legally represented by Luca Orselli (tel. 3356451774 - email: orselli@lucaorselliconsulting.eu) who can be contacted for any issue related to the implementation of all user rights indicated in the GDPR and the Privacy Code (right of access, change, rectification, deletion, restriction, portability, opposition), or to revoke any acceptance previously granted; should a request go unanswered, interested parties can submit a complaint to the Authority in charge of protecting personal data.

10. Policy updates
This notice was most recently updated on May 22nd, 2018 and may be subject to periodic revision, also in relation to the referring laws and jurisprudence. In the event of significant variations, these will be clearly shown on the site's homepage for a reasonably extended time. Users are nonetheless encouraged to regularly check this page.