Privacy & Cookie Policy


Notice to customers and suppliers issued by DataRiver s.r.l. pursuant to art. 13 of the 2016/679 European Regulations
This information is prepared and released pursuant to art. 13 of the 2016/679 European Regulation (also referred to simply as European Regulation), which introduced significant regulatory changes.
The present informative has the purpose to describe the modalities of management of this web site (hereinafter also “Site”), with reference to the treatment of the personal data of the users who consult it. These rules apply in all cases in which a user accesses the Site and decides to navigate within the pages, even in the cases in which you use the services that require registration. The following applies exclusively to sites related to the registered domains datariver.it and datariver.health and not to other sites accessible via links.
By visiting the Website, you accept the terms and conditions set out below. If the user considers that he / she does not accept the following Privacy Policy, he / she is invited not to access or use the contents and services offered through the Website.
DataRiver s.r.l. reserves the right to modify, add or delete parts of this Privacy Policy, making it known to the interested parties by publishing the changes in this section. Each user is required to periodically check this page to make sure of any changes that occurred after the last consultation. In any case, the use of the Site and its services implies acceptance of changes that have occurred in the meantime.
Having said that, it should be noted that:
1. as a result of the establishment of the business relationship and during the course of the same, our company will collect and process your personal data;
2. we specify for the sake of clarity, the following definitions given by the aforementioned European Regulation:
Personal data: any information concerning an identified or identifiable natural person (‘concerned’); an individual is identified as identifiable, either directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social;
Treatment: any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, preservation, adaptation o the modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
Data Controller and Data Protection Officer
The Site is managed and controlled by DataRiver s.r.l. Via Emilia Est n. 985, 41122 Modena, as data controller of the personal data of users who consult and use it. You can contact DataRiver’s Data Protection Manager (“DPO”) by writing to the e-mail address privacy@datariver.it.

Types of data processed
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and could be used to ascertain responsibility in case of hypothetical computer crimes against the site. Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected.
Data provided voluntarily by the user
The voluntary registration to the services provided through the Website by filling in web forms, allows DataRiver to acquire all the data entered by the user, and proceeds to their processing in accordance with the individual information made ad hoc for each web form. At any time, in relation to the data provided, the user can always exercise all the rights recognized by law, such as requesting modification and / or cancellation.
Cookies
DataRiver through its website can use the types of cookies described below.
Based on the permanence of the cookies used are distinguished in:
• temporary or session – are not stored permanently but only limited to the duration of the browsing session. This means that they are deleted from the device used by the user to navigate once the latter has left the Site and has closed the browser;
 permanent – are stored on the user’s device until they are deleted or until their expiration date is reached if set. They are therefore not automatically deleted from the user’s device when he leaves the website.
Based on the origin of the cookies used are distinguished in:
• First-party cookies: these are cookies issued by the website visited at the moment; the site is the one corresponding to the address typed by the user (website displayed in the URL window);
 Third-party cookies: these are cookies issued by a website other than that visited by the user.
According to the purposes pursued, the cookies used are distinguished in:
• Strictly necessary cookies: these cookies are essential to navigate the site and use some features. Without these cookies, some online services that the user requires (eg access to protected areas) can not be provided. This type of cookie does not collect personal information from users and therefore can not be identified. The strictly necessary cookies used by the Site are first and permanent.
• Performance cookies: these cookies collect anonymous information on how users interact with the Site, for example which pages are most visited, navigation time, any error messages, etc. Cookies for services used through the Site collect information only on an aggregated and anonymous basis, and are used to improve the operation and the browsing experience of the user. Cookies for the services used through the Website are third-party and permanent.
• Functionality cookies: these cookies allow the site to remember the choices you make (such as language preference, what content you are interested in, etc.) and to provide you with the customized features you have selected, in to improve his browsing experience. In some cases these cookies can also be used to offer online services (eg offer a live chat service) or to prevent the user from repeatedly being offered services that he has already rejected in the past. Cookies for the functionalities used through the Site can be of first or third part, temporary or permanent.
The Site does not use so-called promotional or targeting cookies, or cookies used to collect

Google Analytics (Google).
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses data collection to track and examine (anonymously) the use of the website, to compile reports on its operation and to share it with other Google services. Google may use the Data collection to contextualise and personalize the advertisements of its advertising network. Personal Data collected: browsing and using Data and Cookies. Place of processing: USA
Nature of the provision of data
With regard to navigation data, the anonymous acquisition is necessary to allow access and consultation of the contents of the Site. With reference to data sent spontaneously by the user, the conferment is optional; failure to issue may result in DataRiver being unable to respond to requests submitted by the user or services requested by the latter.
Methods of processing collected data
The Data Controller processes the Personal Data of Users by adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. Processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may have access to the Data subjects of the persons involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (as suppliers of third party technical services, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, Data Processors by the Data Controller. The updated list of the Managers can always be requested from the Data Controller.
Place
The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For more information, contact the owner.
Times
The Data is processed for the time necessary to perform the service requested by the User, or required by the purposes described in this document, and the User can always ask for the interruption of treatment or deletion of data.
Purpose and legal basis of the processing of collected data
The data will be processed for the following purposes related to the implementation of obligations related to legislative or contractual obligations:
• purposes necessary to ascertain, exercise or defend a right in court or whenever the jurisdictional authorities exercise their jurisdictional duties;
• Advanced navigation purposes or personalized content management;
• purposes related to the execution of a contract or the execution of pre-contractual measures taken at the request of the customer
• purposes of statistical research / analysis on aggregated or anonymous data, without the possibility of identifying the user, aimed at measuring the functioning of the Site, measuring traffic and evaluating usability and interest.
Scope of communication and dissemination of data
The navigation data may be communicated to data processing companies for the provision and management of IT services, for example in the case of hosting activities entrusted to third parties and related to the use of the Site. The data may then be known and processed within DataRiver, by personnel expressly designated as Distributor and / or Process Manager according to the respective authorization profiles. Distributors and Managers will be able to perform the operations of consultation, use, processing, comparison and any other appropriate operation, even automated, only in cases where this has been expressly authorized. In case of express request and in the circumstances authorized by law, the data may be communicated by DataRiver to the Public Safety Authorities and to the Police forces. With reference to the information generated by third-party cookies used by our sites, these are communicated to Google Inc. within the limits indicated on this page.
No navigation data is in any way disseminated.

Rights of the interested party
The interested party has the right to obtain confirmation of the existence or not of personal data concerning him / her, even if not yet registered, their communication in an intelligible form and the possibility of making a complaint to the Supervisory Authority.
The interested party has the right to obtain the indication:
1. of the origin of personal data;
2. of the purposes and methods of the processing;
3. of the logic applied in case of treatment carried out with the aid of electronic instruments;
4. of the identification details of the data controller, of the data processors and of the designated representative pursuant to article 5, paragraph 2;
5. of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents.
The interested party has the right to obtain:
1. updating, rectification or, when interested, integration of data;
2. the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
3. the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where this fulfillment is it proves impossible or involves a use of means manifestly disproportionate to the protected right;
4. data portability.
The interested party has the right to object, in whole or in part:
1. on legitimate grounds, to the processing of personal data concerning him / her, even though they are relevant to the purpose of the collection;
2. to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.