Privacy disclaimer

(pursuant to Art. 13 of Regulation (EU) 2016/679 – GDPR)

  1. Data Controller and Contact Information

The Data Controller is Hypermeteo S.r.l. (hereinafter the Controller), with registered office at Via Nazionale, 181, 00184 Roma (RM), Italy, Tax ID and VAT number 16159021001; it processes personal data in compliance with Regulation (EU) 2016/679 (“GDPR”) and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.

Contact information:

  1. Origin and Categories of Data

Through this website, personal data may be collected and processed, falling into the following categories:

    • Identification and contact data voluntarily provided by the user (name, surname, e-mail, phone number, content of messages or requests);
    • Navigation data generated by IT systems and communication protocols (IP address, time of request, device or browser identification, pages visited);
    • Data collected through cookies or other tracking tools installed on the user’s device.

The methods and purposes of using cookies are described in the dedicated Cookie Policy, to which reference is made for technical details and for managing/revoking consent.

2.1. Newsletter Subscription

This policy also applies to personal data provided by users who choose to subscribe to the Controller’s newsletter. Subscription entails the processing of the e-mail address and any additional data voluntarily provided, managed through platforms or e-mail marketing service providers selected by the Controller. The data are used exclusively for sending informative or promotional communications regarding the Controller’s services, products, updates, and initiatives, in full compliance with the preferences expressed by the data subject.

  1. Purposes and Legal Bases

Personal data provided by the user will be processed by the Controller for the following purposes:

  • Management of contact requests and communications (Art. 6(1)(b) GDPR): data provided through forms, e-mails, or other digital channels are processed exclusively to respond to the user’s requests, provide information on services, or initiate any pre-contractual relations.
  • Sending informative or promotional communications (Art. 6(1)(a) GDPR): subject to the explicit consent of the data subject, contact data may be used to send newsletters, updates, commercial communications, sector initiatives, and information on products/services offered. Consent can be withdrawn at any time via the unsubscribe link or by contacting the Controller.
  • Security, abuse prevention, and legal protection (Art. 6(1)(f) GDPR): navigation data and system logs may be processed to ensure website security, prevent illegal or harmful activities, and exercise or defend a legal right, in respect of the Controller’s legitimate interests properly balanced with the rights of users.
  • Statistical analysis and online service improvement (Art. 6(1)(f) or (a) GDPR): site usage data, preferably in aggregated or anonymized form, may be processed to optimize the browsing experience and improve the quality of online offerings. For non-essential or non-technical tools (e.g., profiling cookies), processing will take place only with the user’s prior consent.
 
  1. Processing Methods and Security Measures

Personal data are processed both using traditional methods and by means of IT and telematic tools, in compliance with the organizational and technical measures in place. Processing is carried out through electronic tools and organizational procedures suitable to ensure data confidentiality, integrity, and availability, in accordance with Art. 32 GDPR.

Processing is carried out respecting the principles set out in Art. 5 GDPR and following a privacy by design and by default approach (Art. 25 GDPR), ensuring lawfulness, fairness, transparency, minimization, accuracy, and integrity of data, with periodic checks on the relevance and updating of stored information.

  1. Recipients of Data

Personal data may be disclosed exclusively to parties providing services to the Controller, in compliance with the purposes set out in this Policy and the provisions of Arts. 28 and 29 GDPR. Such parties will be appointed as Data Processors through a specific contractual act or will operate as independent controllers within the limits of their institutional purposes.

The following may access personal data, within the limits of their respective responsibilities and documented authorizations:

  • Employees and collaborators of the Controller, expressly authorized and trained, operating under the direct responsibility and supervision of the Controller;
  • External parties for operational and administrative management of the relationship (non-exhaustive list): hosting providers, IT system maintenance companies, platforms for sending newsletters.

Data disclosure will be made only to parties with whom the Controller has a regulated legal relationship (appointment as Data Processor under Art. 28 GDPR, or independent controller status) and will be limited to the data strictly necessary for performing the relevant activities.

The updated list of Data Processors is available upon request by writing to info@hypermeteo.com.

  1. Transfers Outside the EU

Personal data are managed entirely within the European Economic Area, avoiding transfers to third countries.

If, for specific technical or operational needs (e.g., server location, cloud services, corporate coordination, or group activities), transfers to countries outside the European Union become necessary, the Controller will ensure full compliance with Chapter V of the GDPR and Arts. 44–46, adopting adequate protection measures, including: verifying the level of protection in the destination country; adopting Standard Contractual Clauses (SCC) approved by the European Commission if applicable; or applying an adequacy decision of the European Commission, if available.

  1. Retention Periods

Personal data are retained only for the time strictly necessary to achieve the purposes for which they were collected and, once these purposes are fulfilled, are deleted or irreversibly anonymized, unless legal protection needs or regulatory obligations require longer retention periods. Retention times are determined in compliance with the principles of purpose limitation and data minimization, based on an assessment made by the Controller in relation to the different purposes pursued.

  1. Voluntary Provision of Data

Providing data through forms is optional but necessary to allow the Controller to process the user’s request; failure to provide essential information may prevent handling the request.

Processing of data generated by cookies is governed according to the Cookie Policy.

  1. Data Subject Rights and Complaints

Data subjects may exercise at any time the rights recognized by Arts. 15–22 GDPR, in particular the right of access, rectification, deletion, restriction of processing, objection, and data portability, as well as the right to withdraw consent.

Requests can be sent to: info@hypermeteo.com.

The Controller will respond within 30 days of receiving the request.

Data subjects also have the right to lodge a complaint with the Italian Data Protection Authority www.garanteprivacy.it.

  1. Automated Decision-Making Processes

The Controller does not implement automated decision-making processes or profiling activities that produce legal effects or significantly affect the data subject, pursuant to Art. 22 GDPR.

Any data analysis for statistical, communication, or marketing purposes is carried out only in a limited and non-intrusive manner, following transparent logic aimed at improving user experience and service quality. Such activities are conducted only with the explicit prior consent of the data subject and, when involving third-party tools, are activated exclusively after consent is obtained via site settings or the relevant cookie banner, as detailed in the Cookie Policy.

  1. Updates

The Controller reserves the right to modify or update this Privacy Policy at any time to comply with regulatory changes or changes in data processing activities. The version published on the website is considered the currently applicable one. Users are encouraged to periodically consult this page.

Policy Version: 1.0 – updated November 2025