Dear User, in the case of direct collection of data, art. 13, para 1 of the European Data Protection Regulation (GDPR) requires the data subject to be informed about the fundamental aspects of the processing of their data as specified in subsection 1, points (a) to (f) of the said article. Therefore, please note the following:
DATA PROCESSING PROCEDURES
The personal data you contribute will be processed in compliance with the aforesaid legislation and the confidentiality obligations on which the Data Controller bases its operations. The data will be processed with IT tools, both on paper media and on all other suitable media (e.g. cloud systems, digital filing and alternative storage systems), in accordance with the adequate technical and organisational security measures envisaged by the GDPR.
The data processed may include your personal details such as:
- Data collected automatically During their normal operation, the IT systems and procedures which operate the website acquire personal data the transmission of which is implicit in the use of Internet communications protocols. These data are not gathered for association with identified data subjects, but by their very nature, when processed or associated with data held by third parties, they might allow users to be identified. This category of data includes IP addresses or domain names of the PC’s used by users who connect to the site, as well as Uniform Resource Identifiers of the requested resources, the time of the request, the method utilized in presenting a request to the server, the size of the file obtained in response, the numerical code specifying the state of the response provided by the server (positive outcome, error, etc..) and other parameters concerning the operating system and the IT environment of the user. These data are processed for the sole purpose of obtaining statistical information concerning use of the website and monitoring its correct operation.
SOURCE OF PERSONAL DATA:
The personal data held by the Data Controller are acquired directly from the data subject.
PURPOSES FOR WHICH DATA ARE PROCESSED AND LEGAL BASIS: the purpose and legal basis of the processing of your data are:
- For data collected automatically, the legal basis is the legitimate interest of the data controller and the purpose is to ensure and improve the web browsing experience.
RECIPIENTS OF THE DATA:
Within the limits relevant to the stated processing purposes, your data may be disclosed to entities designated as Data Processors by the Data Controller (the list of these entities is available from the Data Controller itself). The personal data collected are also processed by CANGINI BENNE S.R.L staff, acting on the basis of specific instructions supplied with regard to the processing of data for particular tasks and functions which require the formal acceptance of specific non-disclosure obligations. Your data will not be disseminated in anyway.
TRANSFER OF DATA TO NON-EU MEMBER STATES:
No transfer of your data to a non-EU member state is currently envisaged; if any such transfer should occur, it will take place in compliance with the relevant legal requirements, further to signing of the standard contract clauses required by the European Commission, and notification of data subjects if necessary.
DATA STORAGE PERIOD
Under the principle of restriction of storage (art.5, GDPR), the obsolescence of stored data with regard to the purposes for which they were collected is periodically verified. In particular:
- Data collected automatically are processed, for the time strictly necessary, for the sole purpose of obtaining statistical information concerning use of the website and to check that it is operating correctly, also for security purposes or in accordance with the periods required by law.
- Data contributed voluntarily by the user will be stored for a period of time no longer than necessary for the achievement of the purposes for which they are processed or in accordance with the periods required by law.
RIGHTS OF THE DATA SUBJECT:
The data subject is entitled, at all times, to ask the Data Controller for access to their data, their rectification or erasure or the restriction of the processing, or to object to the processing, to request the portability of the data, and to withdraw consent to the processing, and to exercise these and the other rights envisaged by GDPR through simple notification to the Data Controller. The data subject may also lodge a complaint with a supervisory authority.
WHETHER OR NOT THE CONTRIBUTION OF PERSONAL DATA IS COMPULSORY:
The contribution of your data is compulsory during browsing of our website with regard to points 1 and 2 of the aforesaid purposes, in order to allow the correct provision of the service.