-
INTRODUCTION
-
DATA CONTROLLER AND DATA PROTECTION OFFICER
DATA CONTROLLER
registered office: Corso Lodi 24 Milano, 20135
C.F.: CNTPTR77C30H501B
e.mail address: info@pietrachiara.it (di seguito, “Titolare”)
This information page, produced in accordance with the requirements of EU Reg. 2016/679 ‘General Data Protection Regulation’, contains specific information in the following areas:
-
Navigation data
Purpose and legal basis of processing Browsing data are collected automatically in an exclusively aggregate form in order to verify the correct operation of the site, to obtain anonymous statistical information and for security reasons. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. For security purposes (anti-spam filters, firewalls, virus detection), automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with the laws in force on the subject, to block attempts to damage the site itself or to cause damage to other users, or in any case harmful activities or activities constituting a crime and to ascertain the relative responsibilities; they may therefore be made available to the competent authorities Such data are never used for profiling. They are kept for a maximum period of 6 months.
-
Cookies
For specific information, please consult the cookies policy
-
Data provided voluntarily by filling in forms on the site
Purpose and legal basis of processing
Identification data, contact data and any details of the request are processed, which are necessary in order to be able to handle the requests expressed by interested parties by filling in the form. The legal basis is found in Article 6 paragraph 1 letter f) of Regulation EU/679/2016.
Where necessary, the submission of the request is subject to specific, free and informed consent documented by means of a check-box.
Contribution
The provision of data is voluntary; failure to provide personal data may result in the impossibility of obtaining any services and/or information requested.
Scope of communication
The data are processed by duly authorised and trained personnel and by third parties appointed as Data Processors, guaranteeing the utmost protection of their confidentiality, operating in full compliance with Regulation 2016/679/EU, and only for the purposes stated in this policy. Personal data will not be disseminated.
Data retention period
Data are kept for a period of time compatible with the purpose of collection. -
MODE OF TREATMENT
Data shall be processed in accordance with the principles of fairness, lawfulness, transparency and data minimisation (privacy by design); may be carried out either manually or by automated means for the storage, processing and transmission of the Data and shall be carried out by means of appropriate technical and organisational measures, taking into account the state of the art and the costs of implementation, to ensure, inter alia, the security, confidentiality, integrity, availability and resilience of the systems and services, avoiding the risk of loss, destruction, unauthorised access or disclosure or otherwise unlawful use, as well as by reasonable measures to delete or rectify in a timely manner data that are inaccurate in relation to the purposes for which they are processed.
-
RIGHTS OF THE DATA SUBJECT (ART. 15- 22 of GDPR)
- Data subjects are granted the rights set out in Articles 15 to 22 of the GDPR, where applicable
- In particular, data subjects may ask the Data Controller for access to the Data, rectification of inaccurate Data, integration of incomplete Data, deletion of Data, as well as restriction of processing in the cases provided for by Article 18 of the GDPR.
- Data subjects have the right to object at any time, in whole or in part, to the processing of Data necessary for the pursuit of the legitimate interest of the Data Controller.
- Data subjects also have the right, in the cases provided for by Article 20 of the GDPR for the exercise of the right to portability, to receive in a structured, commonly used and machine-readable format the Data provided to the Data Controller, as well as, if technically feasible, to transmit it to another Data Controller without hindrance.
- Data subjects have the right to withdraw their consent at any time for marketing and/or profiling purposes, as well as to object to the processing of their data for marketing purposes, including profiling related to direct marketing. This is without prejudice to the possibility for the data subject who prefers to be contacted for the aforementioned purposes exclusively by traditional means, to express his or her objection only to the receipt of communications by automated means.
- Data subjects have the right to lodge a complaint with the competent supervisory authority (in particular in the Member State where they habitually reside or work or in the State where the alleged infringement occurred).
- These rights may be exercised, by registered mail or PEC, at the address of the Data Controller or the Data Protection Officer, as identified in point 2.
-
POLICY UPDATE
Please note that this information notice may be subject to periodic revision, also in relation to the reference legislation and jurisprudence. In the event of significant variations, appropriate notice will be given on the home page of the site for an appropriate period of time. The interested party is in any case invited to consult this policy periodically.