Fast Track Italian Citizenship

Privacy Policy

Date of last update: 14/08/2024 [please note that this Policy may be subject to change following the introduction of new legislation or as a result of changes to the Site, so users are invited to periodically visit the “Privacy&Cookies” section of the Site].

With this document, Elena Martinolli, Alessia Angelini and Susanna Viola, in their quality of Joint Data Controllers of the data collected through the website www.fastrackitaliancitizenship.com (hereinafter referred to as the “Site“), as well as through the other tools indicated on the Site (for example, telephone, e-mail) or in any case used/supplied by the Joint Data Controllers, intend to inform the following subjects (“data subjects” or “users“) in relation to the processing and protection of their personal data (“data“): users of the Site; customers and potential customers; customers’ family members/ dependents, including minors, or other third parties, suppliers and potential suppliers, including consultants, and their employees; business partners; collaborators and potential collaborators.

This document represents a Policy pursuant to Article 13 and 14 of the European Regulation of April 27, 2016 No. 679 (hereinafter “GDPR“) and is valid only and exclusively for the Site and for the services rendered by the Joint Data Controllers. Therefore, it does not concern data processing carried out through other websites or web pages that can be consulted by the user through links or other interactive links that may be present on the Site. Users are therefore invited to read the information on data processing provided by the owners of each site to which they may be redirected during navigation.

This notice does not exclude the possibility that further information on the processing of data may be provided to the data subjects also in a different manner/timeframe, for instance by sending specific notices following the activation or request of a specific service.

The Joint Data Controllers are established in Italy, where they exercise their activity. The Joint Data Controllers therefore process data in compliance with the GDPR and the Italian legislation on the protection of personal data (in particular, Legislative Decree 196/2003 and subsequent amendments and additions – “Privacy Code“), to which the Joint Data Controllers conform all their activities. Please note that where further data protection regulations apply, the Joint Data Controllers undertake to ensure compliance with them if such regulations are mandatory or, in any case, provide greater protection for the data subjects.

 

1. Identity and contact details of the Joint Data Controllers

The Joint Data Controllers for the purposes described in this information notice are:

  • Elena Martinolli, Fiscal Code: MRTLNE96M44A059N; VAT no.: 01661510295; Adria (RO), Via Carducci n. 19/A;
  • Alessia Angelini, Fiscal Code: NGLLSS95P65D548C; VAT no.: 02163840388; Poggio Renatico (FE), Via Italia n. 34;
  • Susanna Viola, Fiscal code: VLISNN90H46H620R; VAT no.: 01661500296; Villadose (RO), Via Giuseppe Garibaldi n. 61.

Please note that pursuant to Art. 26 GDPR, the Joint Data Controllers have determined their respective responsibilities in a transparent manner by means of a co-ownership agreement. The essential content of said agreement is made available to the data subject, upon request.

For all data processing matters, for the exercise of the rights deriving from the GDPR and, in general, from the applicable data protection legislation (on this point see infra § 9), as well as for any doubts or clarifications concerning this Policy, the data subject may contact each Joint Data Controller, either by sending a registered letter with acknowledgement of receipt to the addresses indicated above or by e-mail privacy@fastrackitaliancitizenship.com

 

2. Purpose and legal basis for processing

Personal data collected are processed for the following purposes:

a. Site management purposes: to check the regular operation of the Site and possibly obtain statistical information on its use in order to improve its performance.

Legal basis: in relation to these purposes, the legal basis consists in the legitimate interest of the Joint Data Controllers (art. 6.1 lett. f) GDPR) to guarantee the proper functioning of the Site and its improvement;

 

b. Management purposes of the requests received through the Site or through the other modalities indicated/provided by the Licensees: to provide assistance and/or to follow up on requests sent by the user through the Site (e.g. “contact” section) or through the modalities indicated therein (e.g. telephone, e-mail) and to manage the activities related to the provision of the requested information or services ( for example, sending of quotes, management of pre-contractual negotiations).

Legal basis: in relation to this purpose, the legal basis consists, depending on the case: in the need to execute a contract or pre-contractual measures taken at the request of the data subject (Art. 6.1 lett. b) GDPR); in the legitimate interest of the Joint Data Controllers (Art. 6.1 lett. f) GDPR) consisting in the need to respond to the data subject’s requests, taking into account his/her reasonable expectations, where the request is not pre-contractual or contractual;

 

c. Purposes of establishment and management of the Contract: if relevant, to establish/execute the contract between the data subject and the Contractors and to manage all related obligations (e.g. tax obligations).

Legal basis: in relation to this purpose, the legal basis consists in the need to execute a contract (Art. 6.1lett. b) GDPR); or, if relevant, in the need to fulfil a legal obligation of the Joint Data Controller (Art. 6.1 lett. c) GDPR). It should be noted that where, for the fulfilment of this purpose, data of third parties other than the data subject entering into the contract are also processed (e.g. data of the customer’s family members or, for suppliers of the Joint Data Controllers, data of the latter’s employees), the legal basis for the processing resides in the legitimate interest of the Joint Data Controllers, consisting in the full and correct performance of the contract, pursuant to Art. 6, par. 1, lett. f), GDPR;

 

d. Purpose of sending newsletters: to send newsletters, i.e. communications by e-mail with promotional and advertising content, to data subjects who expressly consent to the same.

Legal basis: in relation to this purpose, processing will be carried out only after the express consent of the data subject has been acquired (Art. 6.1 lett. a) GDPR). Please note that consent is acquired when the user, having read this Information Notice, declares that he/she wishes to subscribe to the newsletter. It should be noted that the data subject may object at any time to receiving newsletters by contacting the Joint Data Controllers or by using the special link to object to the receipt of unsolicited communications, present in all e-mails with commercial content sent by the Joint Data Controllers;

 

e. Purposes of defending rights in the course of judicial, administrative or extrajudicial proceedings and, in general, in the context of disputes: in the event that the Joint Data Controllers have to take legal action or defend their rights, they may process the data of the Data Subjects involved in the proceedings/controversy.

Legal Basis: legitimate interest of the data subjects (Art. 6.1 lett. f), GDPR) to protect and defend their rights.

 

3. Source of data and Nature conferiment.

As a general rule, data are provided or otherwise collected directly from the person to whom they relate (data subject). However, it may happen that the data are provided by third parties (e.g. the customer for his/her family members). The provision of data for the purposes referred to in point a) is optional but nevertheless necessary for the proper functioning and use of the Site. Refusal to provide data for the aforementioned purposes may make it impossible to navigate on the Site, to view all of its contents and to access its services. The provision of data for the purposes referred to in letters b) and c) is optional; however, any refusal to provide data for the aforementioned purposes may make it impossible, respectively, to carry out the requests of the Interested Party (e.g.: to obtain information on services, quotes, etc.) or to establish/execute the contract. The provision of data and consent for the purposes referred to in point d) is entirely optional. Any refusal will make it impossible for the Joint Data Controllers to send newsletters to the data subject, but will not affect the fulfilment of the other purposes of the processing.

 

4. Categories of data processed.

For the fulfilment of the aforementioned purposes, personal data of a common nature will be processed, such as, but not limited to: identification and personal data (e.g. first name, surname, tax code, date of birth); location data (address of residence or domicile); contact data (telephone number, e-mail); in addition, for customers, data of the customers’ family members or other third parties (including dependents and minors), civil status records, relationships/relationships (e.g. family tree/parental responsibility data); data relating to education and profession (e.g. qualification, professional experience, technical knowledge); income data and, in general, all data necessary for the provision of services. family tree/parental responsibility data); data relating to the education and profession carried out (e.g. educational qualification, professional experience, technical knowledge); data relating to income and, in general, all data necessary for the provision of Services. Please also note that, for the processing carried out on the Site, “surfing data” may also be processed: the computer systems and software procedures used to operate the Site acquire, during their normal operation, certain data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. This data is used for the sole purpose of obtaining statistical information on the use of the Site and to check its correct functioning. The data could be used to ascertain responsibility in the event of computer crimes to the detriment of the Site or other users, for example at the request of the Authorities or supervisory bodies in charge. The above information may be collected automatically through cookies or other similar technologies. For more information and to personalise your browsing choices, we invite you to consult our cookie policy [available in the “Privacy&Cookies” section of the Site].

 

5. Mode of Treatment

All data will be processed in accordance with the principles of correctness, lawfulness and transparency, as well as in compliance with the principle of minimisation, i.e. acquiring and processing the data only to the extent necessary in relation to the purposes pursued. The data may be processed on paper and/or using IT tools, in compliance with the provisions on data protection and, in particular, with the technical and organisational measures set out in Article 32.1 GDPR, as well as with the observance of all precautionary measures to ensure the integrity, confidentiality and availability of the data. Please note that the processing referred to in this Notice is not subject to automated decision-making processes.

 

6. Categories of data recipients

The data will not be disclosed or sold to third parties. The data may be processed not only by the Joint Data Controllers, but also by subjects specifically authorised and instructed by the Joint Data Controllers pursuant to Article 29 GDPR, belonging to the organisation of the Joint Data Controllers. The data may also be communicated, strictly in relation to the purposes indicated above, to the following subjects or categories of subjects:

  1. third parties and companies that provide services to the Joint Data Controllers, such as – by way of example – the management of the information system and telecommunications networks (including e-mail), the development and management of the Site, the sending of commercial communications, etc.;
  2. firms, companies or professionals in the context of assistance and consultancy relationships (e.g. accountant for the management of accounts);
  3. Authorities responsible for fulfilling legal or contractual obligations (e.g. Consulates, Embassies).

We inform you that the subjects referred to in letter c) will process the data as autonomous Data Controllers. In relation to the categories of subjects referred to in letters a) and b), on the other hand, the Joint Data Controllers undertake to rely exclusively on subjects that provide adequate guarantees regarding data protection, appointing them, where required by current legislation, as Data Processors pursuant to Article 28 GDPR. The list of Data Processors is available from the Joint Data Controllers and the data Subject may view it upon request.

 

7. Transfer of personal data to third countries

Data may be transferred to countries outside the European Union/EEA. The Joint Data Controllers guarantee that any transfer of personal data will take place in full compliance with the conditions set out in Chapter V of the GDPR (Art. 44 et seq.), in order to ensure that the level of protection of natural persons guaranteed by the GDPR is not undermined. The transfer will therefore take place to countries that the European Commission has deemed to guarantee an adequate level of protection, in accordance with the provisions of Article 44 GDPR or in compliance with specific standard contractual clauses approved by the European Commission pursuant to Article 46 GDPR, provided that the recipient of the data provides adequate safeguards and that the data subjects have enforceable rights and effective remedies. In this case, the data subject is informed that he/she has the right to request a copy of the standard contractual clauses signed by the Joint Data Controllers. Any exceptions to the above will only take place in compliance with Article 49 GDPR.

 

8. Retention period

Data processed to ensure the operation of the Site and to obtain statistical information on its use (purposes referred to in point a) will be kept for the time necessary to achieve the purposes for which they were collected and, in any case, in accordance with our cookie policy, where applicable. Data processed to fulfil user requests (purposes referred to in point b) will be kept for no longer than 24 months after the request has been fulfilled, unless a contractual relationship is subsequently established, in which case the data will be kept for 10 years after the termination of the contract. For the purposes of c), the data will be retained for a period of 10 years after termination of the contract. For the sending of newsletters (purposes referred to under d) the data will be kept for a period of 24 months from the collection of consent, unless renewed. For the purposes of the exercise of the right of defence of the Joint Data Controllers (purposes referred to in letter e), the data will be processed until the expiry of the applicable appeal or prescription periods. Please note that once the aforementioned retention periods have expired, the data will be subject to irreversible deletion or anonymisation. However, a longer retention period may be determined by requests made by the Public Administration or other Body or Authority.

 

9. Rights granted to the Data Subject

 

 

The data subject may exercise his or her rights under the GDPR and, in general, under the applicable privacy legislation, at any time, in the manner described in § 1 above. In particular, under the GDPR the data subject is entitled to:

 

Right of access

The data subject may ask us whether or not we process any of his or her data, and if so, he or she may obtain access to that data from us in the form of a copy. When the data subject makes a request for access, we also provide him or her with additional information, such as the purposes of processing, the categories of personal data involved, and any other information necessary for the data subject to exercise this right.

 

Right of rectification

The data subject has the right to correct his or her data if it is inaccurate or incomplete. Upon request, we will correct inaccurate personal data and, taking into account the purpose of processing, complete incomplete data.

 

Right of cancellation

Data subjects have the right to have their personal data deleted. The erasure of personal data can only occur in certain cases, listed in Article 17 of the GDPR. This includes situations where the data subject’s personal data is no longer necessary in relation to the initial purposes for which it was processed, as well as situations where it has been processed unlawfully. In relation to how we provide some services, we inform that it may take some time before backup copies are deleted. We also inform you that the Joint Data Controllers will, within the limits of the state of the art, provide for the deletion of the data subject’s personal data, except in cases where their retention is required by law.

 

Right to limitation of processing

The data subject has the right to obtain the restriction of the processing of his or her personal data, which means that we suspend the processing of the data subject’s data for a certain period of time. Circumstances that may give rise to this right (Article 18 GDPR) include situations where the accuracy of personal data has been disputed, but time is needed to verify its (in)accuracy. If the data subject has obtained a restriction on the processing of your data, we will inform him or her before this restriction is lifted.

 

Right of opposition

The data subject has the right to object to the processing of your personal data, which means that you can request us to stop processing your personal data for certain purposes (e.g., direct marketing). Please note that this right is granted to the data subject only in special circumstances (Art. 21 GDPR) and, in particular, in cases where the legal basis for processing is the legitimate interest of the Joint Data Controllers.

 

Right to data portability

The right to data portability means that the data subject can ask us to provide him or her with personal data in a structured, commonly used, machine-readable format and to ask us to transmit such data directly to another data controller, where this is technically feasible.

 

Right to withdraw consent

The data subject has the right to withdraw consent to the processing of personal data at any time if the processing is based on his or her consent. In any case, revocation of consent does not affect the lawfulness of processing based on consent prior to revocation.

Where relevant, the Joint Data Controllers shall ensure the exercise of any further rights granted to the Data Subject under further applicable legislation.

 

10. Right to submit a complaint with the supervisory authority

The data subject also has the right to lodge a complaint with the supervisory authority if he or she believes that a processing operation concerning him or her violates the GDPR and/or current legislation on the processing of personal data.

Please note that in Italy said authority is represented by the Italian Data Protection Authority, based in Rome. A data subject not resident in Italy may lodge a complaint before the Supervisory Authority designated in his or her country of residence.