Information document pursuant to and for the purposes of Article 13 Regulation (EU) 2016/679 (GDPR)
In compliance with the provisions of EU Reg. 2016/679 (European Regulation for the protection of personal data) we provide you with the necessary information regarding the processing of personal data provided relating to users who interact with the website www.labirintodifrancomariaricci.it through the sending of specific requests and information or even through the sole consultation of the contents of its pages. The information is not to be considered valid for other external websites that may be consulted via links on the websites in the domain of the owner, which is not to be considered in any way responsible for the websites of third parties.
Personal data that can be processed:
“personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social; (C26, C27, C30).
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
Data communicated by the interested party
The optional, explicit and voluntary sending of messages to the contact addresses, as well as the compilation and forwarding of the forms on the site of the Owner, involves the acquisition of the sender’s contact data, necessary to reply, as well as all the data personal data included in the communications.
Informative specifiche saranno presenti nelle pagine del Sito in relazione a particolari servizi o trattamenti dei Dati forniti.
1. Data Controller
Pursuant to articles 4 and 24 of EU Reg. 2016/679, the Data Controller is:
Masone S.r.l., with registered office in Strada Masone 125 – 43012 Fontanellato (PR)
Tel. +39 0521 827081 – mail: firstname.lastname@example.org
2. The role of Data Protection Officer (DPO)
has not been identified as the mandatory conditions set forth in art. 37 c.1 of EU Reg. 2016/679
3. Purpose of the Processing, legal basis, data retention period and nature of the provision
I. Browsing the website
- Legal basis: legitimate interest art. 6 lett. f) and recital 47: the processing is necessary for the pursuit of the legitimate interest of the data controller or of third parties, provided that the interests or fundamental rights and freedoms of the data subject who require the protection of personal data do not prevail, taking into account the reasonable expectations fed by the interested party based on his relationship with the data controller. Activities strictly necessary for the functioning of the site and for the provision of the navigation service on the platform.
- Nature of the Contribution: with the exception of what is specified for navigation data (which are necessary in order to allow navigation of the website), the user is free to provide personal data.
II. Filling out the information request and contact form
- Legal Basis: based on the execution of pre-contractual measures adopted also at the request of the interested party
- Data retention period: The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 5 years from the collection of data for Marketing Purposes.
- Nature of the Provision: the provision of data is optional or necessary depending on the specific purpose for which the data is processed. Failure to provide the data marked with the symbol * or wording (required) will make it impossible to obtain what has been requested or to use the services of the data controller.
III. Direct Marketing
If the interested party fills in dedicated forms for data collection, subject to consent and up to his opposition for direct marketing activities of the Data Controller, in specific areas for the purposes of: market research, direct sales, surveys of the degree of satisfaction, sending newsletters and promotional, commercial and advertising material or material relating to events and initiatives, by the Data Controller via automated means of e-mail, fax, SMS or other types of messages, as well as by operator-operated telephone calls, including automated and paper mail and other information material. To compare and possibly improve the results of communications, the Data Controller uses systems for sending newsletters and promotional communications with reports. Thanks to the reports, the Owner will be able to know, for example: the number of readers, openings, unique “clickers” and clicks; the devices and operating systems used to read the communication; details on the activity of individual users; the details of the e-mails sent, e-mails delivered and not, and those forwarded; All these data are used for the purpose of comparing, and possibly improving, the results of the communications.
- Legal basis: Consent art. 6 par. 1 lit. a): the interested party has given his consent to the processing of his personal data.
- Data Retention Period: Up to your opposition (opt-out/withdrawal of consent)
- Nature Of Contribution: The provision of data for purpose B) is optional and in the absence of the same, your data will not be processed for the pursuit of this purpose, the refusal of consent will not affect the usability of the purposes referred to in point A ).
4. Managers and appointees
The personal data provided will be shared with subjects, who will process the data as managers (Article 28 of EU Reg. 2016/679) and/or as natural persons acting under the authority of the Data Controller and the Manager (art. 29 of EU Reg. 2016/679), for the purposes listed above.
5. Data transfers
Personal data is stored on servers located within the European Union.
Within the scope of the purposes indicated in this disclosure, the personal data collected may be communicated/transferred to third parties established in countries belonging to the European Union or in non-EU countries in accordance with the provisions of the regulation, based on Article 44 – General principle for the transfer; Article 45 – Transfer based on an adequacy decision; Article 46 – Transfer subject to adequate guarantees, specifically the data will be transferred: – to third countries international organizations for which the Commission has intervened with an adequacy assessment (Article 45 of EU Reg. 2016/679)
– towards third countries or international organizations that have provided adequate guarantees and where the interested party has enforceable rights and effective means of memory (art. 46 EU Reg. 2016/679, also with contractual clauses and the other provisions referred to in 46(3))
– towards third countries or international organizations on the basis of binding corporate rules for companies belonging to the same business group (art. 47 EU Reg. 2016/679)
– towards third countries international organizations on the basis of derogations in specific situations (art. 49 EU Reg. 2016/679).
The interested party can obtain information about the guarantees for the transfer by writing to email@example.com
6. Automated process
We do not use decision-making processes based on automatic processing, including profiling without your consent.
7. Rights of the interested party
You will be able to assert your rights as expressed by the articles 15, 16, 17, 18, 19, 20, 21 of EU Regulation 2016/679, by contacting: firstname.lastname@example.org. You have the right, at any time, to ask the Data Controller for access to your personal data, rectification, cancellation of the same, limitation of treatment and portability of your data, if applicable. Furthermore, you have the right to object, at any time, to the processing of your data based on consent and/or legitimate interest.
To stop receiving automated direct marketing communications (e.g. e-mail, sms) it will be sufficient to write an e-mail to the address email@example.com with the subject “unsubscribe from automated” at any time or use our systems automatic cancellation provided for e-mails only.
To stop receiving traditional direct marketing communications (telephone calls with an operator and postal mail), it will be sufficient to write an e-mail at the address firstname.lastname@example.org with the subject “unsubscribe from traditional“. Without prejudice to any other administrative and judicial appeal, if you believe that the processing of data concerning you violates the provisions of EU Reg. 2016/679, pursuant to art. 15 letter f) of the aforementioned EU Reg. 2016/679, you have the right to lodge a complaint with the Guarantor for the protection of personal data (Supervisory Authority www.garanteprivacy.it).
8. Further information