1. Data Controller

Data Controller: Dilemma S.r.l.

Registered Office: Via Pietro Colletta, 22 – Milan

E-mail address for contacting the Data Controller: info@dilemma.it

2. Types of Data Processed

The data collected and processed by Dilemma S.r.l. includes common personal identification data directly provided by the data subject. “Personal data refers to any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.”

Among the personal data collected are the following categories: cookies and browsing data.

3. Purpose of Data Processing

User data is collected to enable the Data Controller to provide its services. Specifically:

• Cookies and browsing data are small text strings that a website can send to the User’s device (PC, notebook, smartphone, tablet, etc.) during navigation. The same website that sent them can read and store cookies found on the same device to obtain various types of information. These data are not collected to be associated with identified individuals, but by their very nature, through processing and association with data held by third parties, they could allow users to be identified. Types of personal data processed: IP addresses.

4. Identification and Purpose of Cookies

There are different types of cookies based on their expiration period, ownership, and purpose. Some are essential for browsing the website, while others are optional and depend on the User’s preferences.

• Strictly Necessary Cookies

These cookies are essential for the functioning of the site. They allow the User to use the main functionalities of the website. Without these cookies, the User would not be able to navigate the site properly. The information collected by these cookies is used solely on the User’s device and does not allow any behavioral or identifying tracking. These cookies do not collect any personal information.

• Statistical Cookies

Statistical cookies collect information on user behavior during browsing, particularly to analyze traffic, identify which pages are most frequently visited and for how long, and help website managers improve performance and user experience.

• Marketing Cookies

Advertising cookies determine which ads to display based on the User’s browsing behavior, in order to limit the number of displays, measure the effectiveness of advertising campaigns, or customize ads according to the User’s preferences, provided prior consent has been given.

5. Cookie Management

The User can manage the installation of cookies as follows:

• “the installation of strictly necessary technical cookies is enabled by default; the User cannot disable them as they are essential for the site to function properly;”
• “where applicable, the User may disable or enable the installation of cookies subject to consent (Statistical and Marketing cookies) through the cookie banner or by visiting the Cookie Settings link. Disabling implies refusal to install the respective cookie;”
• “if the User enables cookie storage on their device, cookies embedded in the pages and content visited may be temporarily stored in a dedicated area on the User’s device. Only the issuer can access them.”

If the User disables cookie storage or deletes stored cookies, they are informed that site functionality may differ from that experienced by other users who have accepted cookies (e.g., non-personalized content). This may also occur if the website or one of its service providers is unable to recognize the User’s browser type, display language, settings, or the country from which the device is connected to the internet, due to technical incompatibilities. In such cases, we disclaim any liability for any impaired functioning of the website due to the refusal of cookies by the User.

6. Data Processing and Storage Methods

Data processing will be carried out in both automated and manual form, in compliance with Article 32 of GDPR 2016/679 regarding security measures, by specifically appointed persons and in accordance with Article 29 of GDPR 2016/679.

Security measures will be employed to ensure the confidentiality of the data subject and to prevent unauthorized access by third parties and/or unauthorized personnel. The Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data.

7. Legal Basis for Processing

The personal data collected through the use of technical cookies on our website is processed based on the legitimate interest under Article 6(1)(f) of the GDPR. These cookies are essential for the proper functioning of the website, enabling secure navigation and access to its features and services. Their use is necessary to ensure the effective and secure provision of the service requested by the User.

8. Place of Data Processing

Data is processed at the Data Controller’s operational headquarters. For further information, Users may contact the Controller at the address provided above.

The Controller reserves the right to transfer personal data to a country other than that of the User’s location, ensuring that appropriate security measures are adopted to guarantee the confidentiality and integrity of personal data.

9. Data Retention

In accordance with the principles of lawfulness, purpose limitation, and data minimization (“Article 5 of GDPR 2016/679”), personal data is retained for a period no longer than necessary to achieve the purposes for which it was collected and processed, in compliance with legal requirements.

Where processing is based on the User’s consent, the Controller may retain personal data for a longer period until such consent is revoked. Furthermore, the Controller may be obliged to retain data for a longer period in compliance with legal obligations or upon request of an authority.

Once the retention period has expired, personal data will be deleted. Therefore, at the end of that period, rights of access, erasure, rectification, and data portability can no longer be exercised.

10. Scope of Data Communication and Disclosure

Your data will not be disseminated. Personal data may be communicated, for the purposes indicated above, to third parties contractually linked to Dilemma S.r.l., specifically to the following categories:

1. “public entities to whom the data must be communicated by law (e.g., social security institutions, tax offices)”;
2. “public or private entities where communication is necessary or functional to the execution of our activities”;
3. “our consultants, within the limits necessary to carry out their professional assignments on behalf of the company.”

Subjects working with Dilemma S.r.l. who access personal data provided by clients and collaborators are appointed as Data Processors by the Controller, with specific instructions outlining the security measures they are required to adopt. If such conditions are lacking or deemed insufficient by the Controller, the collaboration may be terminated.

11. Transfer of Data to Non-EU Countries

The Data Controller does not transfer personal data to non-EU countries. However, the use of cloud services is not excluded. In such cases, service providers will be selected based on their ability to offer adequate guarantees, as provided by Article 46 of GDPR 2016/679.

12. Data Subject Rights

At any time, the data subject may exercise their rights by contacting the Controller at the above-mentioned e-mail address, pursuant to Articles 15-22 of GDPR 2016/679:

• request confirmation of the existence or non-existence of their personal data;
• obtain information about:
  • the origin of the data
  • the purposes of processing
  • the categories of personal data
  • the recipients or categories of recipients to whom personal data have been or will be communicated
  • the retention period
• obtain:
  • rectification of data
  • erasure of data
  • restriction of processing
  • data portability, i.e., to receive them from the Controller in a structured, commonly used, and machine-readable format, and transmit them to another Controller without hindrance
• object:
  • to the processing at any time, including processing for direct marketing purposes
  • to automated decision-making, including profiling
• lodge a complaint with the Supervisory Authority (Garante Privacy).

13. Additional Information

Further information regarding the processing of personal data may be requested at any time from the Data Controller using the contact details provided.

14. Amendments to the Privacy Policy

The Controller reserves the right to amend, update, add to, or delete parts of this Privacy Policy at its discretion and at any time. The data subject is responsible for checking for any updates periodically. For ease of reference, the policy will include the date of its latest update. The use of the website following the publication of changes constitutes acceptance of those changes.