STAM processes all the personal data of the users/visitors of services offered in full compliance with Italian privacy laws, in particular Legislative Decree 196/2003.
When access to specific services requires registration with prior communication of personal details, specific information is provided when the services themselves are subscribed to.
Acquiring the details requested is the indispensable precondition for accessing services offered on the website.
STAM stores the technical connection data (log) to enable security controls required by law and to improve the services offered and personalise them for user/visitor needs.
Data entered can also be used by STAM to send periodical e-mail messages containing advertising, promotional materials, commercial communications.
The personal data, collected and stored in databases by STAM, is processed by employees and/or collaborators of the process controller appointed to do so. That data is not circulated or communicated to third parties, except in cases foreseen by the information and/or the Law; in any case using ways established therein.
In compliance with laws in force on the subject, STAM records the log files. That data does not enable user identification unless this is following a number of processing and interconnection operations, and necessarily through data provided by other providers. Operations that can only be performed at the request of competent Legal Authorities authorised to do so by specific laws to prevent and/or repress crimes.
Specific security measures are taken to prevent loss of data, illegal or incorrect use and unauthorised access.
STAM cannot take liability for any unauthorised access or for the loss of personal information that is beyond its control.
Users/visitors may exercise the rights set forth in art. 7 of Legislative Decree 196/03. Moreover, exercising the right to withdraw from all services subscribed to, the person may request full deletion of all data provided at any moment.
ART. 7. RIGHT TO ACCESS PERSONAL DATA AND OTHER RIGHTS
1. The interested party has the right to receive confirmation of whether its personal data is being held or not, even if not yet registered, and receive that communication in an intelligible format.
2. The interested party has the right to receive indications:
a) of where the personal data originated;
b) of processing purposes and methods;
c) of the logic applied when data is processed electronically;
d) of the details of the controller, of processors and the representative appointed pursuant to article 5, paragraph 2;
e) of subjects or subject categories that the data can be communicated to or who can gain knowledge of it as the representative appointed in the State territory, of those responsible or appointed.
3. The interested party has the right to receive:
a) updating, rectification or, when there is an interest, integration of data;
b) cancellation, transformation into an anonymous form or blockage of data processed violating the law, including data that does not have to be stored for the purposes for which it was collected or processed;
c) certification that the operations under letters a) and b) have been made known to, also for their content, those the data was communicated or circulated to; except if compliance is impossible or implies use of means that are manifestly disproportionate to the right being protected.
4. The interested party has the right to object, in full or partially:
a) for legitimate reasons to his/her personal data being processed, even if pertinent to the collection purpose;
b) to his/her data being processed to be sent advertising or direct sales materials or for market surveys or commercial communications.