Privacy Policy

1. Data Controller

The Data Controller for personal data is:

2. Types of Data Collected

The Controller collects the following types of personal data:

2.1 Data provided voluntarily by the user

• Contact data: name, surname, email address, phone number
• Access data: username, password (encrypted)
• Communication content: messages sent via contact form

2.2 Data collected automatically

• Browsing data: IP address, browser type, operating system, pages visited
• Technical cookies: necessary for service operation
• System logs: operation timestamps, security events

3. Purposes of Processing

Personal data are processed for the following purposes:

3.1 Without consent (legal bases: contract execution, legal obligation, legitimate interest)

• Provision of the LineSkid queue management service
• User account management and authentication
• Compliance with legal, accounting and tax obligations
• Handling of support and assistance requests
• Fraud prevention and IT security

3.2 With user consent

• Sending promotional communications and newsletters
• Profiling to improve user experience

4. Legal Basis for Processing

The processing of personal data is based on the following legal grounds:

• Art. 6(1)(a) GDPR: Consent of the data subject
• Art. 6(1)(b) GDPR: Performance of a contract
• Art. 6(1)(c) GDPR: Compliance with legal obligations
• Art. 6(1)(f) GDPR: Legitimate interests of the Controller

5. Processing Methods and Security

Personal data are processed using electronic and paper means, with logic strictly related to the purposes indicated above and, in any case, in a manner that guarantees the security and confidentiality of the data.

The security measures implemented include:

• Encryption of sensitive data (passwords with bcrypt)
• Secure connections using HTTPS/TLS protocol
• Firewall and perimeter protection systems
• Periodic data backups
• Data access limited to authorized personnel
• Access and operation logs

6. Data Retention Period

Personal data are retained for the time strictly necessary to achieve the purposes for which they were collected:

• Account data: for the entire duration of the contractual relationship and for 10 years thereafter (tax obligations)
• Browsing data: 24 months
• Contact requests: 24 months from the request
• Billing data: 10 years (tax obligations)

7. Data Disclosure and Transfer

Personal data may be disclosed to:

• Employees and collaborators of the Controller, as authorized processors
• Technical service providers (hosting, maintenance) as Data Processors
• Competent authorities, upon request and within legal limits

Data will not be disseminated or transferred to third countries outside the European Union without adequate safeguards.

8. Data Subject Rights

Pursuant to Articles 15-22 of the GDPR, data subjects have the right to:

• Access (Art. 15): obtain confirmation of processing and a copy of the data
• Rectification (Art. 16): correct inaccurate or incomplete data
• Erasure (Art. 17): obtain deletion of data ("right to be forgotten")
• Restriction (Art. 18): restrict processing in certain cases
• Portability (Art. 20): receive data in a structured format
• Objection (Art. 21): object to processing for legitimate reasons
• Withdrawal of consent: withdraw consent at any time

To exercise your rights, please contact the Controller at privacy@itland.it or via certified email (PEC).

9. Complaint to Supervisory Authority

Data subjects have the right to lodge a complaint with the Italian Data Protection Authority:

10. Changes to Privacy Policy

The Controller reserves the right to modify this Privacy Policy at any time. Changes will be published on this page with an indication of the last update date. We recommend checking this page periodically.