Privacy Policy

Information Notice pursuant to EU Regulation 2016/679 (“GDPR”)

This privacy notice does not apply to websites that may be accessed through links on the website https://starttalkingtherapies.com, for which the Data Controller is not responsible in any way for the processing of personal data carried out by third‑party websites.

 

Who We Are: Data Controller and Contact Details

The Data Controller is:

  • Andrea Di Giovenale, Via …, 00100 Rome (RM), Italy Tax Code: 12345678901 Email: contacts@starttalkingtherapies.com

The Data Protection Officer (DPO) is:

  • Andrea Di Giovenale, Via …, 00100 Rome (RM), Italy Tax Code: 12345678901 Email: contacts@starttalkingtherapies.com

 

Personal Data Processed and Purposes of Processing

Browsing Data

The IT systems and software procedures used to operate this website acquire certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or domain names of the computers and terminals used by users, URI/URL addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.

These data—necessary for the use of web services—are also processed for the purpose of:

  • obtaining statistical information on the use of services (most visited pages, number of visitors by time slot or day, geographical areas of origin, etc.);

  • checking the correct functioning of the services offered.

Browsing data are retained for no more than seven days and are deleted immediately after aggregation (except where required by judicial authorities for the investigation of crimes).

 

Data Provided Voluntarily by the User

The optional, explicit, and voluntary sending of messages to the contact addresses published on the website, as well as the completion and submission of forms (e.g., information requests), entail the acquisition of the sender’s contact details—necessary to respond—as well as any personal data included in the communication.

Specific information notices are provided on pages dedicated to particular services, with requests for consent where required.

 

Data Acquired Through Social Media

If the user connects to a WEB2U social page via social login (i.e., using their social media account), the Data Controller may acquire the data published by the user on that social network, depending on the user’s privacy settings (e.g., information contained in messages/posts for support requests, images, or information from the public profile). Specific privacy notices for data processing carried out by social platforms are provided by the platforms themselves (e.g., https://www.facebook.com/privacy/explanation (facebook.com in Bing)).

 

Cookies

Please refer to the Cookie Policy available on the dedicated page: https://starttalkingtherapies.web2u.it/cookie.html (starttalkingtherapies.web2u.it in Bing)

 

Purposes and Legal Basis of Processing

Personal data are collected and processed by the Data Controller to respond to information requests, promote the services offered to the public, and facilitate communication with the website.

The legal basis for processing is the pursuit of public interest purposes and the user’s consent, only when required.

The website is also used to comply with transparency obligations under Italian Legislative Decree 33/2013.

Except for browsing data, users are free to provide personal data in service request forms. Failure to provide such data may make it impossible to obtain the requested service.

 

Methods of Processing

Data are stored in an electronic database and/or in paper archives.

Data are not subject to automated decision‑making or profiling of any kind.

 

Data Recipients

Personal data may be accessed by collaborators and employees of the Data Controller, who are authorized and properly instructed.

Data may be communicated to external parties (e.g., companies managing web platforms, affiliated companies, external consultants, subcontractors) when necessary for the purposes described above. These parties will act as independent Data Controllers or will be designated as Data Processors.

Data may also be communicated to supervisory bodies, judicial authorities, and any other parties to whom communication is mandatory by law.

Data are stored within the EU, on servers located in the EU belonging to the Data Controller and/or third‑party companies duly appointed as Data Processors.

 

Data Retention Period

The Data Controller will retain personal data for the time strictly necessary to achieve the purposes described above and to meet any needs for data access or recovery.

After 24 months from acquisition (or 7 days for browsing data), if no further contact or legal obligation requires retention, the data will be deleted.

 

Data Subject Rights

Data subjects have the right to:

  • request access to their personal data and related information; request rectification of inaccurate data or completion of incomplete data; request deletion of personal data (under the conditions of Article 17(1) GDPR and subject to the exceptions in Article 17(3)); request restriction of processing (under the conditions of Article 18(1) GDPR);

  • request and obtain—when processing is based on consent or contract and carried out by automated means—their personal data in a structured, machine‑readable format, including for transmission to another Data Controller (right to data portability);

  • object at any time to the processing of personal data based on specific personal circumstances;

  • withdraw consent at any time, where processing is based on consent for one or more specific purposes and concerns common personal data (e.g., date and place of birth, residence) or special categories of data (e.g., health data, sexual life). Processing carried out before withdrawal remains lawful.

Users may request at any time to stop processing and receiving email communications from the Data Controller, by contacting the addresses provided above.

 

Right to Lodge a Complaint

If a data subject believes that their personal data have been processed unlawfully, they may lodge a complaint with the Supervisory Authority of their habitual residence, workplace, or the place where the alleged violation occurred.

In Italy, complaints may be submitted to the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).