- General indication
The management and maintenance of this Website is in compliance with the regulations in force in the European Union, in particular with Regulation (EU) no. 2016/679 of the European Parliament and of the Council (hereinafter: GDPR), to which the Italian code concerning the protection of personal data has been adapted (legislative decree of 30/06/2003 No. 196, as amended by legislative decree n. 101/2018).
Personal data, that is “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (art. 4, point 1), GDPR), of the Users of this Website, may be processed outside the boundaries of the Italian Republic, according to the legislation currently in force in the European Union.
This Policy therefore applies to all Users, a category that, in our case, includes:
- those who use, in any way, our services;
- those who visit the Website without performing any data entry and / or evaluation or unloading it;
- those who register on the Website and access, through specific registration, to the Reserved Area.
By accessing this Website, the User is required to accept the terms described in this Policy. If he doesn’t want to accept the terms herein, he isn’t allowed to use the Website.
- Persons empowered to the collection and, more generally, processing the Data
Pursuant to the articles 24-28 GDPR, the company “The Best Idea Srl” is the Controller of the processing of personal data. The Processor is Doozy Service Srl – Via Santa Chiara 1/a – 35123 Padova (I).
The Processor (data processor), is a company that operates exclusively in the IT field and deals, through a team of developers, with the design and implementation of corporate, institutional, e-commerce websites, web applications and mobile apps, as well as of the management and assistance of the website, and is able to ensure full reliability in the processing of personal data and to provide the appropriate guarantee of full compliance with the law ((including data security profile).
Personal data will therefore be accessible to the Controller and the Processor for the specific purposes of this Website and the prior consent given by the individual User will then be extended to the Processor or his eventual delegates, in compliance with the provisions of art. 29 GDPR.
- Purpose and method of Data collection and processing
According to the art. 6 GDPR, applies the general principle of informed consent which is requested to the person concerned in relation to one or more specific purposes and that the person concerned has the right to choose in relation to each of them.
Personal data, in some cases included in the special categories pursuant to art. 9 GDPR, will be processed by the Controller, or by his appointees, in order to accomplish the purposes of this Website as described in the relevant web page (“Purpose of the Website=How it Works“), through the consent that must be previously signed also for those further requested to those Users who intend to register in the appropriate Reserved Area.
In the processing of data that can be used to identify the User’s person (such as for example personal data, e-mail address, telephone number, tax/VAT code, etc.), our commitment is to respect the principles established by art. 5 GDPR, in particular of lawfulness, correctness, transparency and “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)” (article 5, letter c).
For this reason, the Website has been configured so that the use of personal data is kept to a minimum as a function of the purposes for which the data was collected and/or processed.
The User’s personal data will not be processed when the purposes pursued in individual cases can be achieved by using anonymous data (such as, for example, searches aimed at improving services or to process internet history to provide personalized content to the Users, or to poll opinions and evaluations for possible business ventures or socio-economic analysis) or through other means, allowing the identification of the person only where absolutely necessary that is on request of public Authorities such as the Judicial Police (such as, for example, for traffic data or IP address) also in order to prevent any illegal activity.
The Controller will process the contents as confidential information and will use and share them in accordance with the purposes of this Website and the aforementioned principles, as competent according to the principle of “accountability“.
The information will not be considered confidential if it has become public domain (not due to the Controller), or was already known to the Controller before he received, or has been sent to the Controller by a third party, or if it has already been acquired or developed independently by the Website Operator.
With regard, in particular, to the so-called “profiling” according to the purposes of this Website (see page Purpose of the Website Page=How it Works), it is emphasised that the registered User who has entered an Idea (the Inventor), will see, in addition to the average rating reached by the whole Voters, also the one divided using the following data, even crossed, but only on condition that, in this way, the vote of the single Voter is not recognized:
- age range <18 years 18-35 years 36-50 years > 50 years
- gender (male female)
- level of education
- state of residence
- area of residence: province or region depending on the number of voters
- connection device (smartphone desktop/tablet)
The Website will collect the internet history of other computer systems that are responsible for the operation of the Website itself; such data is acquired during their normal exercise, whose transmission is implied in the use of Internet communication protocols. These are information that is not collected to be associated with interested parties but which by their very nature could, through elaborations and associations with data held by third parties, allow to identify the Users. This category of data includes the IP addresses or domain names of the computers used by the Users that connect to the Website, the URI (Uniform Resource Identifier) notation addresses of the required resources, the time of the request, the connection device used to submit the Request to the server.
Personal data will be processed in electronic format and, in exceptional circumstances, even in paper format, for example when, due to attempts to destroy information entered in electronic format, this is to prevent violations of intellectual property rights, fraud or theft of information placed in the Website Reserved Area, or anyway to mitigate the consequences.
Personal data will be retained in such a way as to allow the User to be identified for the time required for the purpose for which the data have been collected and subsequently processed and, in any case, under the conditions for the exercise of the consent, as required by current legislation.
In order to ensure that your personal information is always complete and updated, the User is required to enter the changes and updates on the relevant Website page.
For the purposes of our Website, we may process personal information and internet history (so-called “Traffic Data”) arising from the use of our services by any User, either through automated contact modes or through non-automated modes, including use by phone, mail and e-mail, in order to provide the Users with content and information about the initiatives made by this Website or to submit requests for participation in polls or surveys carried out by our Website on Ideas, inventions or other matters of business or socio-economic interest or to send advertising messages in line with the preferences already displayed by the User himself in online browsing or to send any newsletters to which the User is subscribed, without prejudice to the right to withdraw from the subscription or to oppose the receipt of any message or content the Controller had considered interesting to User.
The purposes for which the personal data are processed will however be specifically made known to the User, on the page where the provision of personal data is requested and in particular, where data belonging to the “Special categories“, referred to in art. 9 GDPR.
With regard, in particular, to the possibility of expressing opinions or evaluations on Ideas and responding to inquiries and comparisons of opinions between the Users registered on the Website, the provision of specific personal data is necessary in order to show who has entered an ‘Idea (the Inventor), in addition to the average vote achieved by using all the Voters, including those obtained using the subdivisions according to the types of Voters previously mentioned.
As regards the access to the Reserved Area, the provision of certain personal data is necessary for the accomplishment of the activities provided in that area, including the entry of Ideas or Inventions, the indication of Needs or other innovative initiatives.
In the event that the User intends to report to one of the persons he knew one of the services covered by this Website, before communicating to the Website the relevant data, he must ensure that he receives the consent of the person to whom the data refers and informs him of this Policy. In that case, in fact, the User will be single-handedly responsible for the disclosure of information and data relating to third parties without the express consent of such parties, and for their incorrect use or anyway in breach of current legislation.
In any case, the persons empowered by this Website, as specified above, shall, within the limits of what is prescribed by law, will ensure that it’s possible to inform such third parties and, where necessary, to obtain their express consent in the entry in their archives of their personal data.
Depending on the different areas of access to the Website (free, or through registration and therefore access to the Reserved Area), the User will be informed of the mandatory or optional nature of the communication of personal data by indicating with a special symbol (*) the mandatory information or the data necessary to carry out the specific operation performed through the Website.
In order to perform the visualization of Ideas, Projects, Flashes, Business plans, Surveys, Needs, Brainstorming-Design Thinking, including evaluations, registered Users are required to treat the information acquired through the Website as confidential.
- Any communication to third parties of the User’s data by the Owner
Personal data will not be disclosed to third parties for purposes not permitted by law or without the prior and express consent of the individual User.
Only with the express consent of the person concerned, personal data will be made available, as well as to the Processor or to any person in charge for the processing, also to third parties, independent Controllers, for accessory purposes and related to the activity of the Website or for the purpose of such third parties.
Except as provided above, personal data will not be disclosed or transferred to other third parties without prior notice to Users, and in any case this will be done in compliance with applicable law.
- Security measures
The Controller of processing, as indicated above, has made every reasonable effort to take appropriate security measures to minimize the risks of destruction or loss, including accidental, of personal data, access or unauthorized communication, or unauthorised processing or not respecting the purpose of collection shown on the related page of this Website.
In order to ensure the best possible protection of personal data, the Website Operator, Controller of the personal data processing, signed an agreement with Doozy Service Srl – Via Santa Chiara 1/a – 35123 Padova (Italy), a primary company specialized in the realization and the efficiency of the IT system and the highest degree of security of the Website, which is the Processor.
However, it is necessary for the individual User to ensure that his computer is equipped with appropriate software devices for the protection of data transmission/reception (such as updated antivirus systems) and that his Internet service provider has adopted appropriate Security measures for network data transmission (such as firewalls and anti-spam filters).
While we ensure our commitment to adopting all reasonable measures to ensure the protection of the personal data of Users from access or use or communication, unauthorized or illegal, we cannot give any assurance on this.
In some cases, such as the use of protocols not known by the Website, the transmission of data over the Internet may not be protected against access by third parties. In such situations, we will not be responsible for data security breaches that do not depend on our negligence.
- Mandatory processing
The User’s data may also be processed without his consent only in the cases provided by letters from b) to f) of art. 6 GDPR.
- The rights of the Data subjects in his own data
According to the art. 7 GDPR and subsequent modifications and additions, the User, as “interested party” or the subject to whom the personal data refer, always has the right to know and / or obtain from the Controller or Processor and the persons designated for the purpose:
- the ways in which the Controller has obtained the consent and the right to revoke it at any time, without prejudice to the lawfulness of the processing based on consent before the revocation;
- confirmation of the existence or absence of personal data concerning him, even if not yet registered, and their communication in an intelligible form;
- the indication, a) of the source of personal or sensitive data concerning him; b) the purposes and methods of the processing; c) the logic applied to each electronic processing; d) the identification details of the Processor and of any person in charge for processing; e) the person or categories of persons to whom the personal data, third party names or categories of third parties, may be communicated or may become aware of it;
- the updating, rectification or, if the person concerned has any interest, their integration;
- the limitation of the treatment in the cases indicated by the letters from a) to d) of the art. 18 GDPR
- cancellation, transformation into anonymous form or blocking of data processed in violation of law, as well as data that do not need to be kept for the purposes for which they were collected or subsequently processed;
- the attestation that the operations referred to in the preceding two paragraphs have been made known, also regarding their content, to those to whom the data have been communicated or released (except where such fulfillment is impossible or involves the use of means manifestly disproportionate to the right to be protected).
The person concerned will anyway have the right to oppose in whole or in part:
a) for legitimate reasons, the processing of his personal data, although relevant to the purpose of the collection;
b) the processing of his personal data relating to the pursuit of market research or communication relating to the socio-economic sphere.
For marketing purposes, the right of opposition, in whole or in part, to the processing of personal data through automated contact modes also extends to the processing of data in non-automated modes. It is always possible to express a preference to receive promotional communications exclusively through traditional contact modes.
The person concerned may exercise his/her rights by simple request, without special formalities, to the Controller or the Processor of the data processing, by email (firstname.lastname@example.org or email@example.com), fax or post or by registered mail or other system identified by the Personal Data Protection Authority with reference to new technological solutions.
In order to ensure the effective exercise of the rights of the subjects concerned the data processing, the Controller undertakes to take appropriate measures to facilitate access to personal data by the subject concerned and to simplify the procedures and reduce the time for the response to the applicant of the acquired data, whether acquired directly by the data subject or by a third party, within a reasonable time, however not exceeding thirty days. At the request of the person concerned, data is transposed on a paper or a file, or sent by telematic transmission.
The provision of the User’s identification data (in particular, personal data, e-mail address, etc.) is required when it is necessary to comply with obligations under laws and regulations or the provision of the services provided by the Website at the request of the subject concerned.
Any refusal to provide the data required and necessary for such purposes may result in the impossibility to properly comply with legal and regulatory obligations and/or access to the Website reserved services.
Failure to provide personal data may therefore constitute, as the case may be, a legitimate and justified reason for not providing the services offered by the Website.
Against any violation of the rules regarding the protection of the confidentiality of personal data, the User concerned in the processing of the data, may lodge a complaint with the “Autorità Garante per la protezione dei dati personali”, by postal mail to “Piazza di Monte Citorio n. 121, 00186 Roma – Italy”, by fax (+39 06.69677.3785) or ordinary e-mail (firstname.lastname@example.org) or certified e-mail (email@example.com).
In the cases provided for by current legislation, the interested party has the possibility to provide or deny his consent to use his personal data for the purposes indicated on the Website and to the extent that they are compatible with such purposes, by consent to the documents of the legal Area indicated to at the time of registration and in which the request for consent clearly appears.
In terms of the articles 13 and 14 GDPR, the consent presupposes that information is provided with a minimum, clear and intelligible content.
If, however, the consent is not required by law, the Controller may process the User’s data, in particular where processing is required to comply with a legal obligation or when such processing is necessary to comply with obligations assumed in relation to the services provided to Users.
In any case, it is our obligation to guarantee at any time and without conditions, the right of the User not to receive any communications from the Website Operator related to particular services.
The data being processed may also be transferred to European Union countries. In the event of a transfer to third countries, it will observe the principles and procedures set forth in Articles 44 et seq. GDPR.
The data processed may also be transferred to countries of the European Union or third countries, and consent is also provided under Art. 43, paragraph 1, letter a) of Legislative Decree no. 196/2003.
- Link to other websites
The Website Operator has hyperlinks (the so-called “links”) to other websites that have no connection with the Website Operator.
What are cookies
Cookies are small text files that websites visited by users send to their terminals, where they are stored to be retransmitted to the same websites at the next visit. Cookies of so-called “third party” are instead set up by a website different from that the user is visiting. This is because there are elements (images, maps, sounds, specific links to pages of another domain, etc.) on each website that reside on different servers from the visited website.
Types of cookies
There are so-called “technical” cookies, also said “functionality”, that are essential for the proper functioning of website pages. Without these technical cookies, some features of the website may be compromised, therefore also the access to content may be limited. For example, they allow to keep track of some data entered in forms to be filled in, of pages visited by a user or a website administrator. They are technical cookies also those that serve to understand whether users are new or coming back, how they use the website, how they move between pages, how much time they stay on pages and on the website, from which geographic area they have arrived at the website. Data does not identify the user as a person, but they are aggregated anonymously by the analytics tools. In all cases, the technical cookies mentioned above are completely harmless because they do not collect any personal information from the user.
Profiling or advertising cookies
These are the cookies used to trace the user’s web browsing and create profiles about his tastes, habits, choices, etc. With these cookies, advertisements, in line with the preferences already displayed by the user in online browsing on various websites, can be transmitted to the user’s terminal.
What type of cookie uses our Website
Our Website uses technical cookies to improve navigation and to have detailed statistics on visits made by Users and profiling or advertising cookies for the transmission of advertising messages in line with the preferences already displayed by the same user in online browsing. There are also links to Google Maps, Twitter, Facebook, LinkedIn, Pinterest, Instagram and Google Plus, so when the User connects to such services or websites, cookies can be recalled from their services/websites.
To get information on using cookies on these Websites, please use the following links:
How to manage own cookies
The browsers installed on the User’s computer allow him to define cookie settings (enable, disable, remove). Disabling or removing cookies may prevent access to certain pages of this Website. Cookies management therefore depends on the User’s browser. By clicking on own browser icon User can know how to handle cookies (Google Chrome|Internet Explorer|Mozilla Firefox|Safari – from mobile device: Android – Ios – Windows Phone – Blackberry).
What the law provides
No user consent is required to install technical cookies, while to give the policy is required (Article 13 of the “Codice privacy”). Profiling cookies, on the other hand, can be installed on the user terminal only if he has given his consent after being informed in simplified mode.
Measure 8 May 2014 nr. 229
- Privacy Google Analytics Disclaimer
This Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”).
By using this Website, User agrees to the processing of data by Google for the above-mentioned modalities and purposes.
If the User wants to receive more information on how personal data are processed, changes and updates to this Policy, please send an email to one of the following addresses: firstname.lastname@example.org or email@example.com.