EN Privacy Policy

Effective date: 06 January 2025
Last updated in English: 25 February 2025

Warning. This information is only valid for IT infrastructures. You can find the one concerning members by clicking here.

Data controller

Agesci Group Prato 4 APS Group

leaders protempore

Registered office: via della Fortezza, 1 – 59100 Prato, PO – Italy/Italie

Certified e-mail (PEC): prato4[at]pec.agesci.it (certified mail only)

Types of Data Collected

Prato4.it collects some Personal Data of its Users; among the Personal Data collected by Prato4.it, independently or through third parties, are:

• Tracking Tools;
• Usage data;
• first name;
• surname;
• telephone number;
• country;
• email;
• various types of data;
• sector of activity;
• user ID;
• language;
• device information;
• city;
• POSTCODE;
• state;
• province; province;
• latitude (of the city) and longitude (of the city);
• metropolitan area;
• geographical region;
• IP address and IP version
• app information;
• device logs;
• operating systems;
• browser information;
• launches;
• number of sessions;
• session duration;
• page-scrolling interactions;
• mouse movements;
• position relative to scrolling;
• keypress events;
• motion sensor events;
• touch events;
• video display data;
• clicks;
• browsing history;
• search history;
• session statistics;
• pageviews;
• interaction events;
• page events;
• customised events;
• opening the application;
• username;
• data communicated during use of the service;
• answers to questions;
• Data disclosed in order to use the Service;
• password;
• geographical location;
• image;
• profile picture;
• prefix;
• number of users;
• metadata;
• time zone;
• diagnostic events;
• layout details;
• location information;
• website;
• Universal Unique Identifier (UUID);
• approximate location.

We collect this data in order to provide you with the best browsing experience within the application and to ensure maximum security.

Full details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the collection of the Data themselves.
Personal Data may be freely provided by the User or, in the case of Usage Data, automatically collected during the use of Prato4.it.
Unless otherwise specified, all the Data requested by Prato4.it are compulsory; if the User refuses to communicate them, it may be impossible for Prato4.it to provide the Service.

In cases where Prato4.it indicates some Data as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or its operation.
Users who may have doubts about which Data are mandatory are encouraged to contact the Owner.
The possible use of Cookies – or other tracking tools – by Prato4.it or the owners of third party services used by Prato4.it has the purpose of providing the Service requested by the User, in addition to the additional purposes described in this document and in the Cookie Policy.

The User assumes responsibility for the Personal Data of third parties obtained, published or shared through Prato4.it.

Method and location of data processing

Treatment modes

The Data Controller adopts appropriate security measures aimed at preventing unauthorised access, disclosure, modification or destruction of Personal Data.
The processing is carried out by means of computer and/or telematic tools, with organisational methods and logics
strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other subjects
involved in the organisation of Prato4.it (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, Data Processors by the Data Controller, may have access to the Data. The updated list of the
Data Processors can always be requested from the Data Controller.

LOCATION

The Data are processed at the Data Controller’s premises and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controller.
The User’s Personal Data may be transferred to a country other than the one where the User is located. You may refer to the section on Personal Data processing details for further information on the location of the processing.

STORAGE period

Unless otherwise stated in this document, Personal Data is processed and kept for the time required by the purpose for which it was collected and may be kept for a longer period due to any legal obligation or on the basis of Users’ consent.

Purposes of Data Processing

User Data is collected to enable the Data Controller to provide the Service, comply with legal obligations, respond to requests or enforcement actions, protect its rights and interests (or those of Users or third parties), detect any malicious or fraudulent activities, as well as for the following purposes: Statistics, Contacting the User, Registration and authentication, Traffic optimization and distribution, Spam and bot protection, Hosting and backend infrastructure, Contact management and message sending, Tag management, Productivity management, Collection of privacy preferences, Display of
content from external platforms, Creation and management of Prato4.it, Heat mapping and session recording, Commenting on
content, Saving and managing backups, Advertising, Interaction with social networks and external platforms, Managing data collection and online surveys and Platform and hosting services.

In order to obtain detailed information on the purposes of the processing and the Personal Data processed for each purpose, the User may refer to the section ‘Personal Data Processing Details’.

Details of Personal Data Processing

Personal Data are collected for the following purposes and using the following services:

Commentary on contents

The comment services allow Users to formulate and publish their own comments regarding the content of Prato4.it. Users, depending on the settings decided by the Owner, may also leave the comment in an anonymous form. In the event that the Personal Data provided by the User includes email, this may be used to send notifications of comments on the same content. Users are responsible for the content of their comments. In the event that a
commenting service provided by third parties is installed, it is possible that, even if Users do not use the commenting service, it will collect traffic data relating to the pages where the commenting service is installed.

Directly managed commentary system (Prato4.it)

Prato4.it has its own content commenting system.

Personal data processed: email; website; tracking tools; username.

Contacting the User

Contact form (Prato4.it)

The User, by filling in the contact form with his/her Data, consents to the use of such Data to respond to requests for information, quotes, or of any other nature indicated in the header of the form.

Personal Data processed: surname; email; User ID; country; name; telephone number; business sector; various types of Data.

Mailing list or newsletter (Prato4.it)

By registering for the mailing list or newsletter, the User’s email address is automatically added to a list of contacts to whom email messages may be sent containing information, including commercial and promotional information, relating to Prato4.it. The User’s email address may also be added to this list as a result of registering with Prato4.it or after making a purchase.

Personal data processed: surname; email; name; Tracking Tools.

Contact by phone (Prato4.it)

Users who have provided their telephone number may be contacted for commercial or promotional purposes related to Prato4.it, as well as to fulfil support requests.

Personal data processed: telephone number.

Creation and management of Prato4.it

The main components of Prato4.it are created and managed directly by the owner using the software mentioned below.

Firri Tech / Firrincieli Technologies

This website uses digital tools developed, managed and controlled by Firrincieli Technologies, also known as “FirriTech” or “Firri Tech”.

You can consult Firri Tech’s privacy policy at https://firrincie.li/privacy.

WordPress (self-hosted) (Prato4.it)

Prato4.it is also developed and managed by the Data Controller through a CMS (Content Management System) software called WordPress. Personal data processed: Usage Data; email; device information; language; country; name; password; username. Managing contacts and sending messages
This type of service allows the management of a database of email contacts, telephone contacts or contacts of any other type,
used to communicate with the User.
These services may also allow the collection of data relating to the date and time of viewing of messages by the User, as well as the User’s interaction with them, such as information on clicks on links inserted in messages.

Amazon Simple Email Service (SES)

Amazon Simple Email Service (SES) is an address management and email messaging service provided by Amazon.com, Inc. Personal Data Processed: email.
Place of Processing: United States – Privacy Policy; Luxembourg – Privacy Policy.

Region used for the service: EU West 1 ( Ireland)

Tag Management

This type of service is functional for the centralised management of tags or scripts used on Prato4.it.
The use of these services involves the flow of User Data through them and, where appropriate, their retention.



Google Tag Manager

Google Tag Manager is a tag management service provided by Google LLC or Google Ireland Limited, depending on how the Data Controller manages the processing of the Data.

To find out how Google uses the Data, please see their partner policy and their Business Data page. Personal Data Processed: Usage Data; Tracking Tools.
Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Productivity Management

This type of services helps the Owner to manage tasks, work projects and in general activities related to productivity. When using this type of service, Users’ Data will be processed and may be stored, depending on the purpose of the activity in question.
These services may be integrated with a wide range of third party services mentioned within this privacy policy to allow the Data Controller to import or export the Data needed for the corresponding activity.

Google Workspace

Google Workspace is an integrated set of cloud-based productivity, collaboration and storage services provided by Google LLC or Google Ireland Limited, depending on how the Data Controller manages the processing of the Data. Gmail or other G Suite services are not analysed by Google for advertising purposes. Furthermore, Google does not collect or use data within these services for advertising purposes in any other way.

Personal data processed: surname; email; first name; username.

Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Google Sheets

Google Sheets is an online spreadsheet editing and workflow management service provided by Google LLC or Google Ireland Limited, depending on how the Data Controller manages the processing of the Data.

Personal Data processed: Data communicated during the use of the service.

Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Management of data collection and online surveys

This type of service allows Prato4.it to manage the creation, implementation, administration, distribution and analysis of online forms and surveys in order to collect, store and re-use Data of responding Users. The Personal Data collected depend on the information requested and provided by Users in the corresponding online form.

These services may be integrated with a wide range of third party services to enable the Controller to perform subsequent actions with the processed Data – for example, contact management, message sending, statistics, advertising and payment processing.

Google FORMS

Google Forms is a form generator and data collection platform provided by Google LLC or Google Ireland Limited, depending on how the Data Controller manages the processing of the Data.

Personal Data processed: answers to questions.

Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Microsoft Forms

Microsoft Forms (formerly Office 365 Forms) is an online survey creator that is part of Microsoft 365. The service is provided by Microsoft Corporation, in collaboration with the University of Pisa (UniPi).
We use this service to collect anonymous surveys for scientific and statistical research on our applications and the relationship with users.

Place of processing (Microsoft Corp.): United States – Privacy Policy; Ireland – Privacy Policy

Place of processing (University of Pisa): Italy – Privacy Policy

Heat Mapping and Session Recording

Heat mapping services are used to identify the areas of Prato4.it that Users interact with most frequently, in order to detect which areas attract the most interest. These services monitor and analyse traffic data and are used to keep track of User behaviour.
Some of these services may record sessions and make them available for later viewing.

Microsoft Clarity (Microsoft Corporation)

Microsoft Clarity is a heat mapping and session recording service provided by Microsoft Corporation. Microsoft processes or receives Personal Data through Microsoft Clarity, which in turn may be used for any purpose in
accordance with Microsoft’s Privacy Policy, including improving and delivering Microsoft Advertising.

Personal Data Processed: Clicks; Usage Data; Layout Details; Session Duration; Interaction Events; Page Events; Diagnostic Events; Custom Events; Time Zone; Location Information; Device Information; Interactions at
Page Scrolling; Mouse Movement; Country; Tracking Tools.

Place of processing: US; Switzerland; Germany; UK; France; Netherlands; Ireland. Related Privacy Policy available here.

Hosting ed infrastruttura backend

These types of services have the function of hosting Data and files that allow Prato4.it to function, enable its distribution and provide a ready-to-use infrastructure to deliver specific Prato4.it features.

Some of the services listed below, if any, may operate on geographically distributed servers, making it difficult to determine the actual location where Personal Data is stored.

Amazon Web Services (AWS) (Amazon Web Services, Inc.)

Amazon Web Services (AWS) is a hosting and backend service provided by Amazon Web Services, Inc. Personal Data processed: various types of Data as specified by the privacy policy of the service.

Place of processing: United States – Privacy Policy; Ireland – Privacy Policy ; France – Privacy Policy ; Germany – Privacy Policy ; United Kingdom – Privacy Policy ; Italy – Privacy Policy.

Amazon S3 (Amazon Web Services, Inc.)

Amazon S3 is a cloud storage service provided by Amazon Web Services, Inc. Personal Data Processed: Usage Data.
Place of processing: United States and Luxembourg – Privacy Policy.

Interaction with Social Networks and External Platforms

This type of service allows you to interact with social networks, or other external platforms, directly from the pages of Prato4.it. The interactions and information acquired by Prato4.it are in any case subject to the User’s privacy settings related to each social network. This type of service may still collect traffic data for pages where the service is installed, even when Users do not use it. It is recommended that you disconnect from the respective services to ensure that data processed on Prato4.it is not linked back to your profile.

Facebook Like Button and Social Widgets (Meta Platforms, Inc.)

Facebook

The Facebook ‘Like’ button and social widgets are services for interaction with the social network Facebook, provided by Meta Platforms, Inc.

Personal Data Processed: Usage Data; Tracking Tools. Place of processing: United States – Privacy Policy & Opt out.

X (ex Twitter)

X social button and widgets are services that allow you to interact with the X social network provided by X Corp. Personal Data Processed: Usage Data; Tracking Tools.
Place of processing: United States – Privacy Policy.

Pinterest

Pinterest “Pin it” button and social widgets (Pinterest, Inc.)

Pinterest’s “Pin it” button and social widgets are services for interacting with the Pinterest platform, provided by Pinterest Inc. Personal Data Processed: Usage Data; Tracking Tools.
Place of processing: United States – Privacy Policy.

Tumblr

Tumblr’s social button and widgets (Tumblr Inc.)

Tumblr’s social button and widgets are services for interacting with the Tumblr social network, provided by Tumblr Inc. Personal Data Processed: Usage Data; Tracking Tools.
Place of processing: United States – Privacy Policy.

LinkedIn

LinkedIn social button and widgets (LinkedIn Corporation)

LinkedIn’s social button and widgets are services for interaction with the Linkedin social network, provided by LinkedIn Corporation.

Personal Data Processed: Usage Data; Tracking Tools. Place of Processing: Ireland – Privacy Policy & Opt Out; United States – Privacy Policy & Opt Out.

Reddit

The reddit button and widgets are services for interaction with the reddit platform, provided by reddit inc. Personal data processed: Usage Data; Tracking Tools.

Place of processing: United States – Privacy Policy.

WhatsApp

We use the WhatsApp and WhatsApp Business APIs in order to enable you to share our content easily and instantly, within your chats, channels and groups.

The integrations are provided by WhatsApp LLC and WhatsApp Ireland Limited, companies owned by Meta.

Place of processing: Ireland – Privacy Policy; United States – Privacy Policy.

Telegram

We use the Telegram API in order to enable you to share our content easily and instantly within your chats, channels and groups.

The integrations are provided by Telegram Group Inc, Telegraph Inc. and Telegram FZ-LLC.

Place of processing: British Virgin Islands – Privacy Policy; United Arab Emirates – Privacy Policy.

Representation for EU/EEA: Belgium – Privacy Policy.

Traffic Optimisation and Content Delivery Network (CDN)

This type of service allows Prato4.it to distribute its content through servers located throughout the territory and to optimise the performance of the same.
The Personal Data processed depends on the characteristics and method of implementation of these services, which by their nature filter communications between Prato4.it and the User’s browser.
Given the distributed nature of this system, it is difficult to determine the locations to which content is transferred, which may contain the User’s Personal Data.

Cloudflare (Cloudflare Inc.)

Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc. The way Cloudflare is integrated means that it filters all Prato4.it traffic, i.e. communications between Prato4.it and the User’s browser, also allowing the collection of statistical data on it.

Personal data processed: Tracking Tools; various types of Data as specified by the privacy policy of the service.

Place of processing: United States – Privacy Policy.

Amazon CloudFront (Amazon Web Services, Inc.)

Amazon CloudFront is a traffic optimisation and distribution service provided by Amazon Web Services, Inc.

Personal Data processed: metropolitan area; postal code; city; Usage Data; browser information; device information; IP address; latitude (of city); longitude (of city); country; province; geographic region; operating systems; state.

Place of processing: United States; France; Germany; Ireland; Switzerland; United Kingdom; Luxembourg; Italy. Privacy policy here.

Smush (Incsub, LLC)

Smush is a traffic optimisation and distribution service provided by Incsub, LLC. This service optimises the images used on Prato4.it and can be used by Users to optimise the loading speed of Prato4.it.

Personal Data processed: metadata; various types of Data. Place of processing: United States – Privacy Policy.

Spam and Bot Protection

Cloudflare Bot Management (Cloudflare Inc.)

Cloudflare Bot Management is a malicious bot protection and management service provided by Cloudflare Inc.

Personal Data processed: Application opening; metropolitan area; postcode; city; click; search history; browsing history; Usage data; video view data; session duration; interaction events; page events; keypress events; custom events; motion sensor events; touch events; browser information; device information; app information; page-scrolling interactions; IP address; launches; latitude (of
city); language; device logs; longitude (of city); mouse movements; country; number of sessions; pageviews; location relative to scroll; province; geographic region; operating systems; session statistics; status; Tracking Tools.

Place of processing: United States – Privacy Policy.

hCaptcha (Intuition Machines, Inc)

hCaptcha is a SPAM protection service provided by Intuition Machines, Inc.

Personal Data processed: Data disclosed in order to use the Service; Usage Data; keypress events; motion sensor events; touch events; mouse movements; location relative to scrolling; answers to questions; Tracking Tools.

Place of Processing: United States – Privacy Policy.

Google reCAPTCHA

Google reCAPTCHA is a SPAM protection service provided by Google LLC or Google Ireland Limited, a
depending on how the Data Controller manages the processing of the Data. Use of the reCAPTCHA system is subject to Google’s privacy policy and terms of use.

To learn about Google’s use of Data, please see their partner policy and their Business Data page.

Personal Data processed: clicks; Usage Data; keypress events; motion sensor events; touch events; mouse movements; scrolling position; answers to questions; Tracking Tools.

Place of Processing: United States – Privacy Policy; Ireland – Privacy Policy.

Wordfence (Defiant, Inc.)

Wordfence is a security service for WordPress websites provided by Defiant, Inc. Personal Data Processed: Usage Data; Approximate Location; Tracking Tools.
Place of Processing: United States – Privacy Policy.

Advertising

This type of service allows the use of User Data for commercial communication purposes. These communications are displayed on Prato4.it in the form of banners and other forms of advertising, also related to the User’s interests. This does not mean that all Personal Data is used for this purpose. Data and conditions of use are set out below.
Some of the services mentioned below may use Tracking Tools to identify the User, or use the technique of behavioral retargeting, i.e. displaying advertisements tailored to the User’s interests and behavior, or measuring the performance of advertisements. For more information on this, we suggest that you check the privacy policies of the respective services. Services of this type usually allow Users to opt-out of such tracking. Users can learn how to opt-out of interest-based advertising by visiting the relevant opt-out section in this document.

Microsoft Advertising (Microsoft Corporation)

Microsoft Advertising is an advertising service provided by Microsoft Corporation. Personal Data Processed: Usage Data; Tracking Tools.
Place of processing: United States – Privacy Policy & Opt Out.

Google Campaign Manager 360 (Google LLC)

Google Campaign Manager 360 is an advertising service provided by Google LLC with which the Owner may conduct advertising campaigns jointly with external advertising networks with which the Owner, unless otherwise specified in
this document, has no direct relationship. Google Campaign Manager 360 also allows the Owner to measure the performance of the advertising campaign, to manage placements, advertisements, creativity and to verify the correct implementation of the tags (such as the presence of errors in the formatting of the advertisement). Prato4.it, through Google Campaign Manager 360, collects and transmits User Data to media buyers who bid on your inventory. These buyers may collect and store such Data for retargeting or other advertising purposes.

Users may decide to disable all ad customisation Tracking Tools by visiting the Google Ads Settings page.

To learn about Google’s use of Data, please see their partner policy and their Business Data page. Personal Data processed: Usage Data; Geographic Location; Tracking Tools.
Place of Processing: United States – Privacy Policy.

Collection of Privacy Preferences

This type of service allows Prato4.it to collect and store Users’ preferences regarding the collection, use and processing of their personal information, as required by applicable privacy legislation.

Cookie Solutions by CookieYes

Prato4.it makes use of the tools provided by CookieYes, to collect and manage user preferences within the application, in accordance with current regulations.

Personal data processed: Data communicated during use of the service; IP address; Tracking Tools.

Place of processing: United Kingdom (England and Wales) – Privacy Policy.

Registration and Authentication

By registering or authenticating you allow Prato4.it to identify you and give you access to dedicated services.
Depending on what is indicated below, registration and authentication services may be provided with the help of third parties. Where this occurs, Prato4.it may access some Data stored by the third party service used for registration or identification.
Some of the services below may also collect Personal Data for targeting and profiling purposes; please refer to the description of each service to learn more.

Google OAuth

Google OAuth is a registration and authentication service provided by Google LLC or Google Ireland Limited, depending on how the Data Controller manages the processing of the Data, and connected to the Google network.

Personal Data processed: various types of Data as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Direct Registration and Profiling (Prato4.it)

By registering or authenticating the User allows Prato4.it to identify him and give him access to dedicated services. The Controller may process Data collected upon registration or authentication by Users for targeting and profiling purposes; to learn more, Users may contact the Controller using the contact details provided in this document.

Personal Data processed: Postcode; surname; Usage Data; email; User ID; image; profile picture; language; country; name; password; geographic location; area code; business sector; Tracking Tools; various types of Data.



Backup Storage and Management

This type of service allows the saving and management of Prato4.it backups on external servers operated by the provider of the
service itself. These backups may include both the source code and its contents and the data provided to Prato4.it by the User.

Backup ON Google Drive

Google Drive is a backup storage and management service provided by Google LLC or Google Ireland Limited, depending on how the Data Controller manages the processing of the Data.

Personal Data processed: various types of Data as specified by the privacy policy of the service. Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Platform and Hosting Services

These services are intended to host and operate key components of Prato4.it, making it possible to deliver Prato4.it from a single platform. These platforms provide the Owner with a wide range of tools such as, for example,
analytical tools, user registration management, comment and database management, e-commerce, payment processing etc. The use of these tools involves the collection and processing of Personal Data. Some of these services operate through servers located geographically in different places, making it difficult to determine the exact location where Personal Data are stored.

BOX.com

We use the storage services provided by Box, Inc. for the better and proper management of content within our platform. When you read a document of ours provided through the domains of Box, Inc., the terms of services of that company apply to citizens and users temporarily residing or based in the European Economic Area, the
Swiss Confederation and the United Kingdom of Great Britain and Northern Ireland.

Analytics

The services contained in this section allow the Data Controller to monitor and analyse traffic data and serve to keep track of the User’s behaviour.

Google Analytics (Universal Analytics)

Google Analytics (Universal Analytics) is a web analytics service provided by Google LLC or Google Ireland Limited, depending on how the Data Controller manages the processing of the Data, (“Google”). Google uses the Personal Data collected in order to track and examine the use of Prato4.it, compile reports and share them with other services developed by Google. Google may use Personal Data to contextualise and personalise ads in its advertising network.

To find out how Google uses this Data, please consult their partner policy and their Commercial Data page. Personal Data Processed: Usage Data; Tracking Tools.
Place of processing: United States – Privacy Policy & Opt Out; Ireland – Privacy Policy & Opt Out.

Cloudflare Web Analytics (Cloudflare Inc.)

Cloudflare Web Analytics is an anonymized statistics service provided by Cloudflare Inc. that allows the Owner to obtain information on the use of Prato4.it by Users, without the need to identify them. Further information is available here and in the privacy policy of the service.

Personal data processed: Usage data; device information; language.

Place of processing: United States – Privacy Policy.

Google Analytics (Universal Analytics) with Anonymised IP

Google Analytics (Universal Analytics) is a web analytics service provided by Google LLC or Google Ireland Limited, depending on how the Data Controller manages the processing of the Data, (“Google”). Google uses the Personal Data collected in order to track and examine the use of Prato4.it, compile reports and share them with other services developed by Google. Google may use Personal Data to contextualise and personalise ads in its advertising network. This Google Analytics integration anonymises your IP address. The anonymisation works by abbreviating the IP address of Users within the borders of the member states of the European Union or other countries which are party to the Agreement on the European Economic Area. Only in exceptional cases will the IP address be sent to Google’s servers and abbreviated within the United States.

To learn about Google’s use of the Data, please consult their partner policy and their Commercial Data page. Personal Data Processed: Usage Data; Tracking Tools.
Place of processing: United States – Privacy Policy & Opt Out; Ireland – Privacy Policy & Opt Out.

Google Analytics 4

Google Analytics is a statistics service provided by Google LLC or Google Ireland Limited, depending on how the Data Controller manages the processing of the Data, (“Google”). Google uses the Personal Data collected in order to track and examine the use of Prato4.it, compile reports and share them with other services developed by Google. Google may use Personal Data to contextualise and personalise ads in its advertising network. In Google Analytics 4, IP addresses are used at the time of collection and then deleted before the data is recorded in any data centre or server. To find out more, you can consult Google’s official documentation.

To learn about Google’s use of Data, please consult their partner policy and their Business Data page. Personal Data processed: Usage Data; Number of Users; Session Statistics; Tracking Tools.
Place of Processing: United States – Privacy Policy & Opt Out; Ireland – Privacy Policy & Opt Out.

Displaying Content from External Platforms

This type of service allows you to view content hosted on external platforms directly from the pages of Prato4.it and interact with them. These services are often called widgets, which are small elements inserted into a website or application. They provide specific information or perform a particular function and often allow interaction with the user.
This type of service may still collect data on web traffic related to the pages where the service is installed, even when users are not using it.

Gravatar

Gravatar is an image display service operated by Automattic Inc. that allows Automattic Inc. or Aut O’Mattic A8C Ireland Ltd., depending on how the Data Controller manages the processing of the Data, to integrate such content within its pages. Please note that if Gravatar images are used for commenting systems, the commenter’s email address (or parts thereof) may be sent to Gravatar, even if he or she is not subscribed to this service.

Personal data processed: Usage Data; email.

Place of processing: United States – Privacy Policy ; Ireland – Privacy Policy.

Google Fonts

Google Fonts is a font style display service operated by Google LLC or Google Ireland Limited, depending on how the Data Controller manages the processing of the Data, which allows Prato4.it to integrate such content within its pages.

Personal Data processed: Usage Data; Tracking Tools.

Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Font Awesome (Fonticons, Inc. )

Font Awesome is a font style display service operated by Fonticons, Inc. which allows Prato4.it to integrate such content within its pages.

Personal data processed: Usage Data; Tracking Tools. Place of processing: United States – Privacy Policy.

Widget Google Maps e API Google Maps

Google Maps is a map display service operated by Google LLC or Google Ireland Limited, depending on how the Data Controller manages the processing of Data, which allows Prato4.it to integrate such content within its pages.

Personal Data processed: Usage Data; Tracking Tools.

Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

YouTube IFrame Player (Google LLC)

The YouTube IFrame Player is a video content display service managed by Google LLC that allows Prato4.it to integrate such content within its own pages.

Through this Service, Prato4.it may collect Data directly or indirectly on or from the User’s devices, including by using Tracking Tools. Users can limit this access to their Data via the security settings page provided by Google. Users may, at any time, contact the Data Controller to request further information on privacy settings through the contact details provided in this document.

The Data collected through the Service may also be used to help third parties display personalised advertisements based on interests. Users can choose not to receive such personalised advertising by adjusting their device settings or visiting the Network Advertising Initiative’s opt-out page.

Personal Data processed: Usage Data; device information; Tracking Tools.

Place of processing: United States – Privacy Policy & Opt out.

Widget Video YouTube

YouTube is a video content display service operated by Google LLC or Google Ireland Limited, depending on how the Data Controller manages the processing of Data, which allows Prato4.it to integrate such content within its pages.

Personal Data processed: Usage Data; Tracking Tools.

Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Widget Video YouTube (Advanced Privacy Mode)

YouTube is a video content display service operated by Google LLC or Google Ireland Limited, depending on how the owner manages the processing of Data, which allows Prato4.it to integrate such content within its pages. This widget is set up so that YouTube does not save information and cookies about Users on Prato4.it unless they play the video.

Personal Data Processed: Usage Data; Universal Unique Identifier (UUID); Tracking Tools. Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Widget Instagram

Instagram is an image display service operated by Meta Platforms, Inc. or by Meta Platforms Ireland Limited, depending on how the Data Controller manages the processing of Data, which allows Prato4.it to integrate such content within its pages.

Personal Data processed: Usage Data; Tracking Tools.

Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Information on How to Disable Interest-Based Ads

In addition to any opt-out function provided by any of the services listed in this document, Users can read more about how to disable interest-based advertisements in the relevant section of the Cookie Policy.

Cookie Policy

As previously stated, Prato4.it uses Tracking Tools. For more information, Users can refer to the full Cookie Policy. Here, they can also adjust preferences for optional cookies (Cookie Choices).

Additional Information for Users

Legal Basis for Processing

The Controller processes Personal Data relating to the User if one of the following conditions exists: the User has given consent for one or more specific purposes.
the processing is necessary for the performance of a contract with the User and/or the execution of pre-contractual measures; the processing is necessary to fulfil a legal obligation to which the Controller is subject;
the processing is necessary for the performance of a task of public interest or for the exercise of public powers vested in the Controller;
the processing is necessary for the pursuit of the legitimate interest of the Controller or of third parties.

However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each processing operation and in particular to specify whether the processing is based on the law, required by a contract or necessary to conclude a contract.

Additional Information on Retention Period

Unless otherwise stated in this document, Personal Data is processed and kept for the time required by the purpose for which it was collected and may be kept for a longer period due to any legal obligation or on the basis of Users’ consent.

Pertanto:

• The Personal Data collected for purposes related to the execution of a contract between the Owner and the User will be retained until the completion of the contract.
• Personal Data collected for purposes connected to the Owner’s legitimate interest will be retained until such interest is fulfilled. The User may obtain further information regarding the legitimate interest pursued by the Owner in the relevant sections of this document or by contacting the Owner.

At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this period, the right of access, cancellation, rectification and the right to Data portability can no longer be exercised.

Al termine del periodo di conservazione i Dati Personali saranno cancellati. Pertanto, allo spirare di tale termine il diritto di accesso, cancellazione, rettificazione ed il diritto alla portabilità dei Dati non potranno più essere esercitati.

User Rights

Rights for Users of the European Economic Area (EU/EEA)

This section applies to Users in these countries/territories:

Norway* 🇳🇴, Iceland 🇮🇸, Liechtenstein 🇱🇮, Austria 🇦🇹, Belgium 🇧🇪, Bulgaria 🇧🇬, Croatia 🇭🇷, Cyprus 🇨🇾, Czech Republic 🇨🇿, Denmark* 🇩🇰, Estonia 🇪🇪, Finland 🇫🇮, France* 🇫🇷, Germany 🇩🇪, Greece 🇬🇷, Hungary 🇭🇺, Ireland 🇮🇪, Italy 🇮🇹, Latvia 🇱🇻, Lithuania 🇱🇹, Luxembourg 🇱🇺, Malta 🇲🇹, Netherlands* 🇳🇱, Poland 🇵🇱, Portugal 🇵🇹, Romania 🇷🇴, Slovakia 🇸🇰, Slovenia 🇸🇮, Spain 🇪🇸, Sweden 🇸🇪, Guadeloupe 🇬🇵, French Guyana 🇬🇫, Martinique 🇲🇶, Reunion 🇷🇪, Mayotte 🇾🇹, Saint-Martin (French part) 🇫🇷, Azores 🇵🇹, Madeira 🇵🇹, Canary Islands 🇮🇨, Ceuta 🇪🇸, Melilla 🇪🇸, Åland Islands 🇦🇽, Akrotiri and Dhekelia 🇬🇧, Mount Athos 🇬🇷

and, for such Users, supersedes any divergent or conflicting information contained in the privacy policy.

Users may exercise certain rights with reference to the Data processed by the Data Controller. In particular, within the limits provided for by law, the User has the right to:

• withdraw consent at any time. The User can withdraw their previously given consent for the processing of their Personal Data.
• object to the processing of their Data. The User can object to the processing of their Data when it is based on a legal ground other than consent.
• access their Data. The User has the right to obtain information regarding their Data processed by the Controller, specific aspects of the processing, and to receive a copy of the Data processed.
• verify and request rectification. The User can verify the accuracy of their Data and request its update or correction.
• obtain restriction of processing. The User can request that the processing of their Data is restricted. In this case, the Controller will not process the Data for any purpose other than its storage.
• obtain the erasure or removal of their Personal Data. The User can request the erasure of their Data by the Controller.
• receive their Data or have it transferred to another controller. The User has the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transferred without hindrance to another controller.
• file a complaint. The User can lodge a complaint with the competent data protection supervisory authority or take legal action.

Users also have the right to obtain information about the legal basis for the transfer of Data abroad, including to any international organisation governed by international law or formed by two or more countries, such as the UN, as well as about the security measures taken by the Data Controller to protect their Data.

*Under the acquis communautaire, the relevant outermost territories are excluded. For more information, please contact the relevant diplomatic-consular offices.

Details on the Right to Object

When Personal Data are processed in the public interest, in the exercise of public powers vested in the Controller or in pursuit of a legitimate interest of the Controller, Users have the right to object to the processing for reasons
related to their particular situation.

Users are reminded that, should their Data be processed for direct marketing purposes, they may object to the processing at any time, free of charge and without giving any reason. Should Users object to the processing for direct marketing purposes, the Personal Data shall no longer be processed for such purposes. To
find out whether the Controller processes Data for direct marketing purposes, Users may refer to the respective sections of this document.

How to Exercise These Rights

Any requests to exercise the User’s rights may be addressed to the Controller through the contact details provided in this document. The request is free of charge and the Data Controller will reply as soon as possible, in any case within one month, providing the User with all the information required by law. Any rectification, cancellation or restriction of processing will be
communicated by the Controller to each of the recipients, if any, to whom the Personal Data have been transmitted, unless this proves impossible or involves a disproportionate effort. The Controller shall notify the User of these recipients if he so requests.

Rights for Users of the Swiss Confederation (CH)

This section applies to Users in these countries/territories:

Switzerland 🇨🇭

and, for such Users, supersedes any divergent or conflicting information contained in the privacy policy.

Further details on the categories of Data processed, the purposes of processing, the categories of recipients of Personal Data, if any, the retention period and other information on Personal Data can be found in the section entitled ‘Detailed information on the processing of Personal Data’ within this document.

User Rights Under the Federal Law on the Protection of Personal Data

Users may exercise certain rights relating to their data within the limits of the law, including the following: the right of access to Personal Data;
the right to object to the processing of their Personal Data (which also allows Users to request the restriction of the processing of Personal Data, the deletion or destruction of Personal Data, the prohibition of the disclosure of Personal Data to third parties);
the right to receive their Personal Data and to transfer them to another data controller (data portability); the right to request the rectification of incorrect Personal Data.

How to Exercise These Rights

Any requests to exercise the User’s rights may be addressed to the Controller through the contact details provided in this document. Such requests are free of charge and the Data Controller will reply as soon as possible, providing Users with the information required by law.

Rights for UK Citizens

United Kingdom of Great Britain and Northern Ireland

This section applies to Users in these Countries/Territories:

Constituent Nations of the United Kingdom of Great Britain and Northern Ireland:

England 🏴󠁧󠁢󠁥󠁮󠁧󠁿, Wales 🏴󠁧󠁢󠁷󠁬󠁳󠁿, Scotland 🏴󠁧󠁢󠁳󠁣󠁴󠁿 and Northern Ireland 🇬🇧

and, for such Users, supersedes any divergent or conflicting information contained in the privacy policy.

This policy does not apply to citizens with other British citizenships (including Hong Kong citizenship), citizens of British Crown Island possessions (see section below) and citizens of British Overseas Territories. By virtue of international agreements, for citizens of Akrotiri and Dhekelia, the provisions of Cypriot law apply and, therefore, see the section on EEA citizens.

International Data Transfers

When personal data is transferred outside the UK, we ensure that the data is adequately protected. We use protection measures such as standard contractual clauses or adequacy decisions issued by the UK government.

Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected and in accordance with legal requirements. Retention periods vary depending on the type of data and the purpose of processing.

User Rights

According to the UK GDPR, users have the following rights:

• Right of Access: to obtain a copy of their personal data.
• Right to Rectification: to correct any inaccurate data.
• Right to Erasure: to request the deletion of personal data
• Right to Restrict Processing: to limit data processing in certain circumstances.
• Right to Data Portability: to receive their data in a structured format.
• Right to Object: to object to data processing for legitimate reasons or for marketing purposes.
• Right to Withdraw Consent: to withdraw consent at any time, where applicable.

Other British Territories and Crown Dependencies

This section applies to Users in these Countries/Territories:

Gibraltar 🇬🇮 , Isle of Man 🇮🇲 , Guernsey 🇬🇬, Jersey 🇯🇪

and, for such Users, supersedes any divergent or conflicting information contained in the privacy policy.

It is not possible to enforce this policy in other British overseas possessions.

Data Processing Principles

• Data must be processed lawfully, fairly and transparently.
• It must be collected for specific, explicit and legitimate purposes and must not be further processed in a way incompatible with those purposes.
• They must be adequate, relevant and limited to what is necessary.

Data Subject Rights

• Right of access: Individuals may access their personal data held by an organisation.
• Right of rectification: Individuals may request the correction of inaccurate personal data.
• Right to erasure: Individuals have the right to request the deletion of their data under certain circumstances.
• Right to restriction of processing: Individuals may request a restriction in the processing of their data.
• Right to object: Individuals may object to the processing of their data on specific grounds.
• Right to data portability: Individuals may request that their data be transferred in a structured, commonly used and machine-readable format.

Legal Basis for Data Processing

• Data processing must be based on a legitimate basis, such as the consent of the data subject, the performance of a contract, the fulfilment of legal obligations, the protection of vital interests, the performance of a public interest task, or the legitimate interest of the data controller.

International Data Transfers

• Queste giurisdizioni adottano misure simili al GDPR per proteggere i dati trasferiti al di fuori del proprio territorio, utilizzando decisioni di adeguatezza o garanzie appropriate come clausole contrattuali standard.

Security Measures

• The regulations require that appropriate technical and organisational measures be adopted to ensure the security of personal data, protecting against unauthorised access, loss, or breaches.

Data Breach Notification

• In the event of a personal data breach, organisations must notify the supervisory authority and, in some cases, the data subjects themselves, within a specified time (usually within 72 hours).

Consent

• Consent must be free, specific, informed and unequivocal, and individuals must be able to revoke it at any time. This can be done through Cookie Choices.

Accountability and Transparency

• Organisations must be responsible for compliance and must be able to demonstrate that they are complying with data protection legislation.

Additional Information on Data Processing

Legal Defence

The User’s Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages of such proceedings to defend against abuse in the use of Prato4.it or related Services by the User.
The User declares to be aware that the Data Controller may be obliged to disclose the Data by order of public authorities.

Specific Notices

At the User’s request, in addition to the information contained in this privacy policy, Prato4.it may provide the User with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.

System Logs and Maintenance

For operation and maintenance purposes, Prato4.it and any third party services used by it may collect system logs, i.e. files that record interactions and which may also contain Personal Data, such as the User’s IP address.

Information Not Contained in This Policy

Further information in connection with the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

Changes to This Privacy Policy

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page and, if possible, on Prato4.it as well as, when technically and legally feasible, by sending a notification to Users through one of the contact details it has. Please consult this page frequently, referring to the date of last modification indicated at the bottom.

If the changes affect processing whose legal basis is consent, the Controller will collect the User’s consent again, if necessary.

Definitions and Legal References

Personal Data (or Data)

Personal data is any information that, directly or indirectly, even in conjunction with any other information, including a personal identification number, makes a natural person identified or identifiable.

Usage Data

This is the information collected automatically through Prato4.it (including by third party applications integrated into Prato4.it), including: IP addresses or domain names of computers used by the user who connects with Prato4.it, URI (Uniform Resource Identifier), the time of the request, the method used to forward the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (e.g. the length of time spent on each page) and the details of the itinerary followed within the Application, with particular reference to the sequence of pages consulted, the parameters relating to the operating system and
the User’s computer environment.

USER

The individual who uses Prato4.it which, unless otherwise specified, coincides with the Data Subject.

Data Subject

The natural person to whom the Personal Data refer.

Data Processor (or Processor)

The natural person, legal entity, public administration and any other entity that processes personal data on behalf of the Controller, as set out in this privacy policy.

Data Controller (or Controller)

The natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data and the instruments adopted, including the security measures relating to the operation and use of Prato4.it. The Data Controller, unless otherwise specified, is the owner of Prato4.it.

Prato4.it (THIS APPLICATION)

The hardware or software tool by which Users’ Personal Data are collected and processed.

SERVICE

The Service provided by Prato4.co.uk as defined in the relevant terms (if any) on this site/application.

EU

Unless otherwise specified, any reference to the European Union in this document shall be deemed to extend to all current member states of the European Union and the European Economic Area.

Cookie

Cookies are Tracking Tools that consist of small portions of data stored within the User’s browser.

Tracking Tool

Tracking Tool means any technology – e.g. cookies, unique identifiers, web beacons, embedded scripts, e- tags and fingerprinting – that allows Users to be tracked, for example by collecting or storing information on the User’s device.

Legal references

This privacy policy is drafted on the basis of multiple legislative orders.

Unless otherwise specified, this privacy policy exclusively concerns Prato4.it, exclusively for the IT platforms developed by Firri Tech.

More information on the disclosures at the following websites:

• European Union
• Kingdom of Novergia
• Republic of Iceland
• Principality of Liechtenstein
• Swiss Confederation
• United Kingdom of Great Britain and Northern Ireland
• Isle of Man
• Bailiwick of Jersey
• Bailiwick of Guernsey
• Gibraltar