– does not publish advertising banners and does not use users’ data for advertising purposes or for profiling users;
– uses third-party services for specific website features, which could collect user data and use it for advertising purposes, e.g. the social buttons that users can use to share posts on their favourite social networks and the comments box that enables dialogue with readers;
– consent for use of this data is given via the banner that appears at the top of the page, and in some cases via the contact or service request forms, and this consent can be withdrawn at any time.
In compliance with the obligations arising from European legislation (General Data Protection Regulation no. 2016/679) on the protection of personal data, Mapping Change respects and protects the privacy of visitors and users, making every reasonable and proportionate effort not to infringe their rights.
On what basis do we process data?
Mapping Change processes data primarily on the basis of users’ consent, which is given via the banner that appears at the top of the page,or by using or browsing this website,which is conclusive behaviour that constitutes implicit consent, with which visitors/users consent to the processing of their personal data in the manner and for the purposes described below, including possible disclosure to third parties where this is necessary in order to provide a service. The contact or service request forms are used to collect additional consent relating to the specific purpose of the service (e.g. newsletters).
Providing data and therefore consent to the collection and processing of data is optional. The User may withhold consent and may withdraw previously given consent at any time by means of the browser settings for cookies, by means of the link provided in the newsletter or by sending a request to the Controller using the Contact Information given in this page. However, withholding consent may make it impossible to provide certain services.
In some cases, the legal basis is the fulfilment of contractual obligations or legal obligations (see fundraising). In other cases (statistics and website security services), the legitimate interests of the data controller are the legal basis.
On what basis do we process data?
Mapping Change offers up-to-date news on its consulting services that is as accurate and complete as possible. We need to have an optimised and functional website to perform this task in the best possible way, so that you can use the news quickly and easily. This is why the data we collect is also used for the following purposes:
– Statistics (analysis)
We collect data in aggregate and anonymised form only in order to check that the website is functioning correctly and verify its use by users in order to make it easier and quicker to consult. None of this information is associated with the User of the website and does not identify the User in any way.
We collect data in order to protect the security of the website (spam filters, firewall, virus detection) and Users. The data is recorded automatically and may also include personal data (IP address) which could be used, in accordance with the relevant laws, to block attempts to damage the website or to cause damage to other Users. This data is never used to identify or profile Users and is deleted on a regular basis.
We collect some data only in order to send our newsletter to users who request it. This data is provided to the third-party service (Mailchimp) which, as data processor, processes it for the sole purpose of sending the emails.
– Ancillary activities
Suppliers only have access to the personal data that is necessary in order to perform their tasks. They undertake not to use the data for any other purposes and are obliged to process the personal data in accordance with the regulations in force.
What data do we collect?
Mapping Change collects data in two ways.
1) Data collected automatically.
Some data is collected automatically by the software that runs the website and by the server that hosts the website.
For example, technical data such as the IP address, type of browser, the internet service provider, date and time of visit, time spent on the website, the referer page and exit page. Other data is collected using cookies or similar technologies. See the ‘Cookies’ section for more information.
This data is used for statistical purposes and cannot be used to physically identify the User. The IP address is used only for security purposes and is not cross referenced against any other data.
2) Data provided by the User voluntarily.
The website may collect other data when users voluntarily use the services, such as the comments and communication services (contact forms, newsletters):
– name and surname;
– email address;
– organisation name.
This data is provided voluntarily by the User when requesting the service (e.g. newsletter), or when entering a comment, and will be used solely to provide the requested service and processed only for the time needed to provide the service.
Users release this website from any liability with regard to any breaches of the law. It is up to the User to check that they have permission to enter the personal data of third parties or content protected by national or international regulations.
Where is the data processed?
The data collected by the website is processed at the premises of the Data Controller, and at the data centres (in Italy) of the web hosting company, Aruba S.p.A., which is responsible for processing data on behalf of the controller, is located in the European Economic Area and operates in accordance with European regulations.
How long is the data stored for?
Data is processed for as long as is necessary for the purposes for which it was collected, and in any case no longer than the time periods provided by the law. When this time elapses the data is deleted or anonymised, provided that there is no other purpose for keeping the data.
The collected data is processed for the following time periods:
– for purposes of statistics and analysis: the data is processed in aggregate and therefore anonymous form
– for purposes of security: 30 days
– for the purpose of sending the newsletter: the data is processed until the User unsubscribes from the service.
Who may the data be transferred to?
In the course of our activities, we may have to transfer certain data to third parties who perform specific tasks that are instrumental to those of the website, to carry out security checks or website optimisation, or to provide a specific service requested by Users (e.g. the newsletter, publishing comments), or in response to a legitimate request from a judicial authority only in the cases provided for by law.
Moreover, other third parties acting as autonomous data controllers may become aware of Users’ data, using the data for purposes other than and in addition to those of this website.
Autonomous data controllers are bound by European and national data protection regulations and are personally and independently liable for complying with them.
Data transfer to non-EU countries
We may have to share some of the data collected with services located outside of the European more specifically to Google, Facebook and Microsoft (LinkedIn) via social plug-ins, to Google Analytics and to Mailchimp, the newsletter mailing service. Transfer is authorised on the basis of specific decisions of the European Union and the Data Protection Authority (in Italy, the Garante), more specifically decision no. 1250/2016.
Therefore, no additional consent is needed with respect to the legal basis used for data collection and processing in the EEA. The above companies guarantee their participation in the Privacy Shield.
Mapping Change uses the following categories of cookies:
– technical cookies, used for the sole purpose of transmitting an electronic communication, to ensure that the website is displayed correctly and allow users to navigate within the website. They also make it possible to distinguish between different connected users in order to provide the requested service to the right user (Login – WordPress cookies, newsletter, comments), and for website security reasons. Some of these cookies are deleted when the browser is closed (session cookies), others have a longer duration (such as the cookies required to store the user’s consent in relation to the use of the cookies, which lasts 1 year). No consent is required for these cookies;
– analytical cookies, used to collect information, in aggregate form, on the number of users and how they browse the website. They are equated to technical cookies because the service is anonymised.
– profiling and remarketing cookies, used solely by third parties (e.g. Facebook via the fan page) other than us to collect information about users’ browsing behaviour, interests and consumption habits. Third parties may use them to provide customised advertising on their partner websites (Mapping Change does not carry advertising), but these functions can be disabled by users directly (see the information on individual services).
How can you refuse or withdraw your consent to cookies?
DISABLING COOKIES MAY STOP CERTAIN FUNCTIONS OF THE WEBSITE FROM WORKING PROPERLY, in particular services provided by third parties might not be displayed:
– YouTube videos or other video sharing services;
– social network buttons;
– Google maps.
Instructions on how to disable the cookies or delete the cookies already stored on the User’s device are given in the following webpages:
Google Chrome http://support.google.com/chrome/bin/answer.py?hl=it&answer=95647
Mozilla Firefox http://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
Microsoft Internet Explorer https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge https://support.microsoft.com/it-it/help/4027947/windows-delete-cookies
Apple Safari https://support.apple.com/it-it/HT201265
Third-party services or cookies
This website acts as an intermediary for third-party cookies which are used to provide additional services and features for visitors and to improve the use of the website itself, such as the social buttons or YouTube videos. This website does not have any control over third-party cookies or on how the information collected is used, consequently information on the use of these cookies and on their purposes – and how to disable them – is provided by the third parties directly on the pages indicated below.
It should be noted that user tracking does not identify the User, unless they have already subscribed to the service and are also already logged in, in which case it is understood that the User has already given consent directly to the third party when subscribing to that service (e.g. Facebook).
– Google Inc.
And the page where Google explains how it uses data from partner sites or apps that use its services: https://policies.google.com/privacy/partners?hl
– Google Analytics: used to analyse use of the website by users and how they behave on the website. The data collected does not enable users to be personally identified. It is processed in aggregate form and anonymised (truncated to the last octet). Under a special agreement, Google Inc. is prohibited from cross-referencing this data with data obtained from other Google services.
Data collected: browser identifier, date and time of interaction with website, referer page, IP address.
Place of data processing: European Union since service anonymisation is active.
More information on Google Analytics cookies can be found on the following page: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
You can choose to opt out of Google Analytics by installing the relevant component provided by Google on your browser: https://tools.google.com/dlpage/gaoptout
– YouTube: video-sharing platform owned by Google. The cookies are set when accessing the page containing the embedded video and when starting the video. They do not allow the User to be identified unless the User is already logged into their Google profile.
The ‘advanced privacy (no cookie)’ option has been activated for some videos on the website. https://support.google.com/youtube/answer/171780?expand=PrivacyEnhancedMode#privacy. This option does not store information on visitors unless they intentionally play the video.
Data collected: number and behaviour of users of the service, IP address, information that connects visits to the website to the Google account for users who are already logged in, video display preferences.
Place of data processing: USA.
Mapping Change also embeds plug-ins so that you can share content on your favourite social networks more easily. When you visit a page on our website that contains a social plug-in, your browser connects directly to the servers of the social network where the plug-in was uploaded, this server may track your visit on our website and, if necessary, associate it with your social network account, especially if you are logged in when you visit or if you recently browsed one of the websites containing social plug-ins. If you do not want the social network to record data on your visit to our website, you have to log out of your social network account and probably delete the cookies that the social network has installed on your browser. This website has plug-ins installed that have advanced privacy protections for Users, which do not send cookies or access cookies that have already been installed on the User’s browser when the page was opened but only after the plug-in was clicked.
The collection and use of information by these third parties is regulated by their respective privacy policies which you should consult.
– Facebook https://www.facebook.com/about/privacy/ (cookie https://www.facebook.com/help/cookies/ )
– Twitter https://twitter.com/privacy?lang=it (cookie https://support.twitter.com/articles/20170519-uso-dei-cookie-e-di-altre-tecnologie-simili-da-parte-di-twitter )
– LinkedIn http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv (cookie https://www.linkedin.com/legal/cookie-policy )
– Google+ http://www.google.com/intl/it/policies/privacy/ (cookie http://www.google.it/intl/it/policies/technologies/cookies/ )
Mapping Change processes the data of visitors/users lawfully and fairly, adopting the appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of this data. Data processing is carried out using computer and/or telecommunication tools, with organisational methods and logic that is strictly related to the stated purposes.
We are committed to protecting the security of your personal data which we do by using the Secure Sockets Layer (SSL) software that encrypts the information being transmitted.
What are your rights as regards the data we process?
As a data subject pursuant to Regulation (EU) 679/2016 (GDPR) and 7 del D. Lgs. 30 June 2003, n. 196 http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1311248, you have the following rights:
– to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning you for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communications;
– to request confirmation that personal data concerning you exists (right of access);
– to be informed of the origin of such data;
– to receive communication about such data in intelligible form;
– to receive information concerning the logic involved, methods and purposes of the data processing;
– to request the updating, rectification, integration, erasure, transformation into anonymous form or blocking of data processed in breach of the law, including data that is no longer necessary for the purposes for which it was collected;
– in cases of consent-based processing, to receive – only at the cost of any support – your data provided to the controller, in a structured, machine-readable form and in a format commonly used by an electronic device;
– to lodge a complaint with the supervisory authority (in Italy, the Garante Privacy); http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524 );
– and, more generally, to exercise all the rights granted to you under current legal provisions.
Requests should be addressed to the Data Controller.
Parties involved in data processing
The Data Controller, pursuant to the laws in force, is Mapping Change, in the person of Christian Elevati (tax identification number LVTCRS70P15F205U and VAT no. 08832340965, with registered office in Via Val Pellice, 15 – 20153 – Milan (Italy)
This policy was last updated on 10 January 2020