The processing of personal data
The Consortium for the Protection of Strachitunt Valtaleggio (hereafter “CONSORZIO STRACHITUNT”) as the Data Controller of the Personal Data, informs you that access to the website and/or registration to the various sections of it and/or any requests for information or services require the provision of personal data that will be processed in full compliance with the European Regulation 2016/679 (herafter “GDPR”). Through this information, users will be able to know, in advance, the methods of treatment necessary to use certain areas of the website and/or to subscribe to the newsletter. In accordance with the law, this treatment will be based on the principles of fairness, lawfulness and transparency, protecting your privacy and your rights. The policy is effective exclusively for this site and does not extend to other websites that may be consulted by the user through external links.
CHANGES TO THIS INFORMATION NOTICE
CONSORZIO STRACHITUNT reserves the right to make changes to this policy at any time by notifying the users also on this page. Please consult this page often, taking as a reference the date of last modification stated at the bottom. In the case of non-acceptance of the changes made to this Information Notice, the user is required to stop using this platform and, using the appropriate function in the reserved area or by requesting directly from the Data Controller, remove their personal data. Unless otherwise specified, the previous Statement will continue to apply to the personal data collected until then.
DATA CONTROLLER AND PROCESSING MANAGERS
The Data Controller of the processing treatment is the Consortium for the protection of Strachitunt Valtaleggio based at the City Hall of Vedeseta (BG), in Piazza Don Arrigoni, 7 – 24010 Vedeseta (BG). The full list of Personal Data Processing Managers is available upon written request to the Controller by writing to the office or by sending an email to firstname.lastname@example.org.
THE PURPOSE OF THE DATA PROCESSING AND LEGAL BASE
According to the needs of the user at the time they access the various sections of the Site (and with the exception of special rules and information for individual operations that involve the delivery of specific personal data, published from time to time on the Website), listed hereunder are the purposes of processing personal data, i.e. those provided directly by users by filling out online forms or direct access, via link, to the e-mail address for the required service, that is, those auto-captured during navigation (see the following section “Categories of Personal Data processed”) (hereafter “Personal Data”):
1. Respond to requests received by direct request (web area “contact us”). Legal basis for treatment: implementation of pre-contractual measures (art. 6 (1)(b));
2. To comply with requests for the provision of services provided by CONSORZIO STRACHITUNT. Legal basis for treatment: implementation of pre-contractual and/or contractual measures (article 6 (1)(b));
3. With your consent and until you have revoked it, to carry out marketing activities such as, but not limited to: market research, sending information and promotional material, sending free product samples, marketing and advertising activities relating to the products and services of the CONSORZIO STRACHITUNT also using the e-mail address provided to us. Legal basis for treatment: consent (article 6 (1) (a)).
MEANS OF PROCESSING
Data processing is any operation or group of operations, carried out with or without the aid of electronic means or otherwise automated, relating to the collection, registration, organization, storage, processing, modification, extraction, comparison, use, communication, dissemination, interconnection, blocking, erasing, destruction and selection of the data themselves.
Personal Data will be treated in a predominantly automated but also paper form, with means closely related to the above purposes, through data bases, electronic platforms managed by the Data Controller or by third parties appointed as managers of data processing (for the updated list the user can contact the Data Controller at the address indicated) and/or integrated computing systems and/or websites property of or used by CONSORZIO STRACHITUNT. The Data Controller has taken appropriate technical and organizational security measures to protect users against the risk of loss, abuse or alteration of Data. In particular, it uses the protected protocols of transmitting data known as HTTPS. It also stores user data on Server sites in the European territory. Servers are subject to an advanced and daily system of back up and disaster recovery.
DURATION OF TREATMENT
The data communicated are kept for a period of time no longer than necessary to achieve the purposes for which personal data is processed, or for a longer period, for purposes permitted by law, and in any case deleted without unjustified delay.
For the purpose of requesting information: in relation to the type of request for the time it takes to comply with the regulatory obligation of preservation and/or for any legal requirements. For general requests up to 12 months.
Personal Data is processed primarily at the Data Controller’s office and/or in the places where the Managers are located. For more information, users can contact the Data Controller by writing an email to email@example.com.
NATURE AND MEANS OF PROVISION OF THE PERSONAL DATA OF USERS
Providing personal data is optional, but failure to provide it will not enable the request to be processed. The provision of Personal Data may be done by filling in the appropriate fields in the various sections of the Site or by sending requests by e-mail where enabled.
CATEGORIES OF PERSONAL DATA PROCESSED
In addition to the Personal Data provided directly by users (such as first name, surname, postal address, e-mail address, etc.), when connecting to the Site, the computer systems and software procedures in charge of the operation of the Site itself automatically and/or automatically and indirectly acquire some information that could constitute personal data, the transmission of which is implicit in the use of Internet communication protocols (such as, by way of example C.D.s “cookies” (as specified hereafter), “IP” addresses, domain names of computers used by users connecting to the Site, the “Url” addresses of the requested resources, the time of the request to the server, navigation on the Site.
CATEGORIES OF SUBJECTS THAT MAY MANAGE PERSONAL DATA OF USERS
Employees or collaborators of the Data Controller may come into contact with the user’s Personal Data. Operating under the direct authority of the Data Controller, they may process data and are appointed as responsible for or authorized for processing under Articles. 24-29 of the 2016/679 European Regulation or system administrators who will receive appropriate operational instructions from the Data Controller; the same will be done – by the Managers appointed by the Data Controller – with respect to the employees or collaborators of the Managers themselves. Managers appointed by the Data Controller may be third-party companies or other entities (by way of example but not limited to those entrusted with service, communication, promotions and sales of products and/or services, IT service providers, managers and/or developers of websites or applications contained in them, electronic platform managers, partners) who perform outsourcing activities on behalf of CONSORZIO STRACHITUNT.
FIELD OF COMUNICATION OR DISCLOSURE OF OF USERS’ PERSONAL DATA
Personal Data will not be disclosed to third parties or disseminated.
NON-EU TRANSFER OF USERS’ PERSONAL DATA
Personal Data will not be transferred to non-EU countries.
The site does not deal with the data of minors.
Users may exercise the rights of articles. 16-21 European Reg. 2016/679 (Right to rectify, right to be forgotten, right to restrict processing, right to data portability, right of opposition). Finally, users will be able to complain to the Guarantor Authority if necessary, or contact them to request information about exercising their rights arising from the European Regulation 2016/679. Specifically:
- The right of access: to obtain confirmation or rectification of their personal data and to obtain access to that data and to specific information (e.g. the purpose of processing, categories of data in question, the recipients to whom the data will be communicated);
The right to rectification: to obtain the correction of inaccurate data that relates to it without unwarranted delay. In this case, the Data Controller is obliged to report the adjustment to all recipients to whom the data has been transmitted, unless this involves disproportionate effort;
The right to cancellation: in order to obtain the cancellation of the data concerning the user without unjustified delay and the Data Controller has an obligation to delete them without unjustified delay if there are certain reasons (e.g. personal data are no longer necessary for the purposes for which they were collected; if the user withdraws their consent; if they need to be cancelled for a legal obligation). In this case, it is the duty of the Data Controller to communicate the cancellation to all recipients to whom the data has been transmitted, unless this involves disproportionate effort;
- The right to restrict processing: the user may request that the Data Controller have restrictions on the processing of their data, for example, limited to the sole retention with the exclusion of any other use, in certain cases (e.g. if the treatment is unlawful and the user is opposed to the cancellation of the data; if the user disputes the accuracy, within the limits of the verification period of the accuracy…). In this case, the Data Controller is obliged to communicate the limitation of processing to all recipients to whom the data has been transmitted, unless this involves disproportionate effort;
- The right to portability of data: to obtain the return of personal data provided and transmitted to others or to request transmission from one controller to another, if technically feasible;
- The right to opposition: to oppose treatment at any time for purposes of public interest or for legitimate interest; marketing purposes; scientific, historical or statistical research.
Those concerned can make a complaint if necessary to the Garantor Authority at www.garanteprivacy.it, or simply contact the latter for information relating to the exercise of their rights as recognised by the EU Reg. 2016/679.