On this page, we describe the methods of managing the website with reference to the processing of personal data of the users who consult it. This information is provided in accordance with Article 13 of Regulation (EU) 2016/679 (“GDPR”) and current national legislation, to those who interact with the web services of VIASAT GROUP, accessible online from the addresses of the group companies’ websites.
The information is provided for the website and its subdomains (e.g.: www.dominioprincipale.it/sottodominio), but not for other external websites that can be consulted by the user using any links present.
The information is pursuant to Recommendation No. 2/2001 that the European authorities for the protection of personal data, assembled in the Group established by Article 29 of Directive no. 95/46/EC, adopted on May 17, 2001, in order to identify some minimum requirements for collecting personal data online, and, in particular, the methods, times, and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.
1. Data controller
The Data Controller is VIASAT GROUP SPA, located at Via Aosta, 23 – 10078 Venaria Reale (TO).
2. Who processes personal data
The Data Controller, i.e. the subject who determines the purposes and means of the processing of personal data, is VIASAT GROUP SPA, located at Via Aosta, 23 – 10078 Venaria Reale (TO), contactable through the contact details available to users.
3. Data Protection Officer (DPO or RPD)
The Controller has appointed a Data Protection Officer (DPO/RPD), who can be contacted at the following address: email@example.com.
4. Type of data processed, purposes and legal basis for processing
4.1. Navigation data
The IT systems and software procedures used to operate this website acquire some personal data during their regular operation, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its very nature, it could allow users to be identified through processing and association with data held by third parties.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and computer environment of the user.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation, and is deleted after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site.
4.2. Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site, also through the filling of specific forms, involves the subsequent acquisition of the sender’s address, which is necessary to reply to requests, as well as any other personal data included in the message.
Personal data voluntarily provided is collected and processed for the following purposes and under the respective legal bases:
|Legal basis (art. 6 GDPR)
|Processing of requests for information on services provided and products/solutions marketed directly by VIASAT GROUP SPA, and processing of reports of any kind, also sent through the contact form
|Specific request by the data subject
|Management of E-recruitment and/or other forms of professional collaboration
|Specific request by the data subject
The collection and recording of data will take place for specific, explicit and legitimate purposes and with methods compatible with these purposes, within the scope of the processing necessary for the functioning of the business activity. Such data will be treated according to the principle of accuracy and, if necessary, appropriately updated, in order to always be relevant, complete, and not exceeding the collection purposes, and their retention will be functional to the period of time necessary for the purpose for which they were collected and subsequently processed according to GDPR 2016/679 and current national legislation.
Personal data may be processed with the aid of both paper-based and electronic tools, and in any case in such a way as to guarantee their security and protect the maximum confidentiality of the Data Subject. Specific security measures are observed to prevent the loss of data, unlawful or incorrect uses, and unauthorized accesses in full compliance with Art. 32 of GDPR 2016/679 and current national legislation.
5. Cookies, plugins and interaction services with external platforms
6. Nature of data provision
Apart from what is specified for navigation data, the provision of user data is necessary to respond to the requests or perform the services requested. Failure to provide data may make it impossible for VIASAT GROUP SPA to carry out the services requested.
If the user wishes to avoid having his or her data processed by the data controller, he or she is requested not to make any requests or, at the very least, to provide as little personal data as possible.
7. Data Communication
Without prejudice to communication and disclosures carried out in compliance with legal obligations, all data collected and processed may be communicated to
- Subjects to whom it is necessary to communicate the data for the performance of a contract to which the Data Subject is party or for the performance of pre-contractual measures taken at the request of the same, as well as, in general, for the pursuit of the purposes mentioned in this notice;
- Subjects that carry out processing on behalf of the Data Controller as Data Processors pursuant to Article 28 GDPR, such as, purely by way of example and without limitation: subjects that provide services for the management of the information system and telecommunications networks (including e-mail). The complete and updated list of the Data Processors is available, to those entitled to it, by simple request at the Data Controller’s head office
- Subjects authorised to access the data by current legislation and/or to whom the data must be communicated in compliance with legal obligations.
Personal data may be processed by employees and collaborators assigned to the competent offices of the Data Controller, explicitly authorized to process them based on what is established by Art. 29 of GDPR 2016/679 and current national legislation.
8. Data transfers abroad
Personal data are not transferred outside the European Community.
Should the need for some type of transfer arise, it will only be carried out for the pursuit of the purposes set out in this information notice, i.e. for strictly technical reasons linked to the structure of the company’s Information System and/or the application of technical and organisational security measures deemed appropriate by the Data Controller (Art. 32 GDPR), and exclusively in compliance with Art. 44 et seq. GDPR, i.e.: in the presence of adequacy decisions (Art. 45 GDPR) and/or adequate safeguards always provided that the data subjects have enforceable rights and effective remedies (Art. 46 and 47 GDPR), or provided that, from time to time, one of the specific exceptions set out in Art. 49 GDPR is applicable.
9. Data retention period
The data shall be kept for a period of time not exceeding the achievement of the purposes indicated in this policy. In particular, the data provided will be kept in our archives according to the following parameters:
- Data provided voluntarily by the user: until the service is provided or according to any deadlines stipulated by law.
In relation to specific statutory limitation periods, data required for the establishment, exercise or defence of a legal claim may be subject to longer storage periods.
Checks on the obsolescence of stored data in relation to the purposes for which they were collected are carried out periodically.
10. Rights of the Data Subject
The Data Subject has the right to obtain, in the cases provided for, access to his or her personal data, rectification, erasure, restriction of processing concerning him or her and to request their portability in a structured format (Art. 15 et seq. of the GDPR), by contacting the Data Controller at the following e-mail address: firstname.lastname@example.org. The data subject may also contact the Data Protection Officer at the following address: email@example.com.
11. Right of opposition
The data subject has the right to object to the processing of personal data based on legitimate interest (Art. 21 GDPR).
The data subject also has the right to withdraw consent in accordance with Article 7 of the GDPR (see also section ‘Nature of the provision of data’).
12. Right to lodge a complain
A data subject who considers that the processing of personal data relating to him or her is in breach of the provisions of the GDPR has the right to lodge a complaint with the Data Protection Authority, as provided for in Article 77 of the GDPR, or to take legal action (Article 79 of the GDPR).
For more information you can contact the Data Controller.