PRIVACY POLICY - gasparodasalo.it

This page describes how the site is managed with regard to the processing of personal data of users who consult it. This information is also provided pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data (for brevity GDPR 2016/679) - Code on the protection of personal data - to those who interact with the web services, accessible by electronic means from the address: gasparodasalo.it. The information is provided only for this site and not also for other websites that may be consulted or accessed by the user through links. The information is also inspired by the Recommendations that the European authorities for the protection of personal data, have adopted to identify certain minimum requirements for the collection of personal data online, and, in particular, the manner, timing and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.

As a result of consulting this site, data relating to identified or identifiable persons may be processed. The "owner" of their processing is the pro-tempore legal representative of the writer.

The treatments related to the web services of this site, (placed in Hosting at server managed by Ideattiva srl) are carried out at the headquarters of the Company owner of the treatment and are only handled by technical personnel in charge of treatment, or by any persons in charge of occasional maintenance operations adequately trained in the protection of confidentiality.

Until a business relationship is established, no data will be communicated to third parties.

The data may be subject to external communication (consultants, collaborators, public agencies, other suppliers of goods and services), for the purpose of the continuation of normal business and service delivery.

No data resulting from the web service, is disseminated.

Navigation data. The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site: except for this eventuality, at present the data on web contacts do not persist for more than seven days and in any case no longer than is necessary to process the requests submitted. Data provided voluntarily by the user The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.

No personal data of users is acquired by the site in this regard. No use is made of cookies for the transmission of information of a personal nature, nor are so-called persistent cookies of any kind, i.e. systems for tracking users, used. The use of c.d. session cookies (which are not stored persistently on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable the safe and efficient exploration of the site. The so-called session cookies used in this site avoid the use of other computer techniques potentially prejudicial to the privacy of users' browsing and do not allow the acquisition of personal identification data of the user.

Apart from that specified for navigation data, the user is free to provide the personal data indicated in contacts to solicit the sending of informative material or other communications. The acquisition of personal data is optional in nature, however, failure to provide, even partially, the personal data required to complete the registration form for access to the service will result in the impossibility of proceeding to the full provision of the service itself.

The personal data you voluntarily provide when completing the request form will be processed for the following purposes:

purposes directly related and instrumental to the provision of the service offered by the site;

updates, through the forwarding of newsletters, regarding marketing activities and commercial information traceable to products and services offered by the writer.

Personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected or for the time required by current laws of a fiscal nature. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

Art.15 Right of access

1. The data subject shall have the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to the personal data and the following information:

(a) the purposes of the processing;

(b) the categories of personal data concerned;

(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly if recipients in third countries or international organizations;

(d) when possible, the expected period of retention of personal data or, if this is not possible, the criteria used to determine this period;

(e) the existence of the data subject's right to request from the data controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing

(f) the right to lodge a complaint before the Data Protection Authority.

2. Where personal data are transferred to a third country or international organization, the data subject shall have the right to be informed of the existence of adequate safeguards under Article 46 relating to the transfer.

3. The data controller shall provide a copy of the personal data being processed. In case of additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, and unless otherwise specified by the data subject, the information shall be provided in a commonly used electronic format.

4. The right to obtain a copy referred to in paragraph 3 shall not infringe upon the rights and freedoms of others.

The data subject shall have the right to obtain from the controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration.

1. The data subject shall have the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data controller shall be obliged to erase the personal data without undue delay, if any of the following grounds exist:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) the data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) and if there is no other legal basis for the processing;

(c) the data subject objects to the processing pursuant to Article 21(1) and there is no overriding legitimate ground for processing, or objects to the processing pursuant to Article 21(2);

(d) personal data have been processed unlawfully;

(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;

(f) personal data have been collected in connection with the provision of information society services referred to in Article 8(1).

2. The data controller, if it has made personal data public and is obliged under paragraph 1 to erase them, taking into account the available technology and the costs of implementation shall take reasonable measures, including technical measures, to inform data controllers who are processing personal data of the data subject's request to erase any link, copy or reproduction of his or her personal data.

3. Paragraphs 1 and 2 shall not apply to the extent that the processing is necessary:

(a) for the exercise of the right to freedom of expression and information;

(b) for the performance of a legal obligation requiring processing laid down in Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;

(c) for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3);

(d) for purposes of archiving in the public interest, scientific or historical research or statistical purposes in accordance with Article 89(1), insofar as the right referred to in paragraph 1 is likely to render impossible or seriously jeopardize the attainment of the objectives of such processing; or

(e) for the establishment, exercise or defense of legal claims.

1. The data subject shall have the right to obtain from the data controller the restriction of processing when any of the following occurs:

(a) the data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;

b) the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests that their use be restricted;

(c) although the data controller no longer needs the personal data for the purposes of the processing, the personal data are necessary for the data subject to establish, exercise or defend a legal claim; and

(d) the data subject has objected to the processing pursuant to Article 21(1), pending verification as to whether the legitimate grounds of the data controller override those of the data subject.

2. Where processing is restricted pursuant to paragraph 1, such personal data shall be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of a legal claim or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.

1. The data subject shall have the right to receive in a structured, commonly used and machine-readable format personal data concerning him or her that have been provided to a data controller and shall have the right to transmit those data to another data controller without hindrance from the data controller to whom he or she has provided them if:

(a) the processing is based on consent within the meaning of Article 6(1)(a) or Article 9(2)(a) or on a contract within the meaning of Article 6(1)(b); and

(b) the processing is carried out by automated means.

2. When exercising his or her rights with respect to data portability pursuant to paragraph 1, the data subject shall have the right to obtain direct transmission of personal data from one controller to another, if technically feasible.

3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

4. The right referred to in paragraph 1 shall not affect the rights and freedoms of others.

1. The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Article 6(1)(e) or (f), including profiling on the basis of those provisions. The controller shall refrain from further processing the personal data unless the controller demonstrates the existence of compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her carried out for such purposes, including profiling insofar as it is related to such direct marketing.

3. If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

4. The right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information at the latest at the time of the first communication with the data subject.

5. In the context of the use of information society services and without prejudice to Directive 2002/58/EC, the data subject may exercise his/her right to object by automated means using specific techniques.

6. Where personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1), the data subject shall, on grounds relating to his or her particular situation, have the right to object to the processing of personal data concerning him or her, except where the processing is necessary for the performance of a task carried out in the public interest.

Art.12 Right to withdraw consent

Where the processing is based on the data subject's consent he or she has the right to revoke the consent at any time without affecting the lawfulness of the processing based on the consent given before the revocation.

1. Without prejudice to any other administrative or judicial remedy, a data subject who considers that processing concerning him or her is in breach of this Regulation shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which he or she normally resides, works or of the place where the alleged breach occurred.

2. The supervisory authority to which the complaint is made shall inform the complainant of the status or outcome of the complaint, including the possibility of a judicial remedy under Article 78.

3. More information about how to file a complaint can be found by following the procedures and directions published on the official website of theAuthority at www.garanteprivacy.it

1. Without prejudice to any other administrative or judicial remedy, a data subject who considers that processing concerning him or her is in breach of this Regulation shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which he or she normally resides, works or of the place where the alleged breach occurred.

2. The supervisory authority to which the complaint is made shall inform the complainant of the status or outcome of the complaint, including the possibility of a judicial remedy under Article 78.

3. More information about how to file a complaint can be found by following the procedures and directions published on the official website of theAuthority at www.garanteprivacy.it

1. The data controller shall take appropriate measures to provide the data subject with all the communications referred to in Articles 15 to 20 relating to the processing in a concise, transparent, intelligible and easily accessible form, with simple and clear language, particularly in the case of information specifically intended for minors. The information shall be provided in writing or by other means, including, where appropriate, by electronic means. If requested by the person concerned, the information may be provided orally, provided that the identity of the person concerned is proven by other means.

2. The data controller shall facilitate the exercise of the rights of the data subject.

3. The data controller shall provide the data subject with information about the action taken regarding a request without undue delay and, in any case, no later than one month after receipt of the request. This period may be extended by two months, if necessary, taking into account the complexity and number of requests. The data controller shall inform the data subject of such extension, and of the reasons for the delay, within one month of receipt of the request. If the data subject makes the request by electronic means, the information shall be provided, where possible, by electronic means, unless otherwise specified by the data subject.

4. If the data controller fails to comply with the data subject's request, the data controller shall inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for non-compliance and of the possibility of lodging a complaint with a supervisory authority and seeking judicial remedy.

5. The information provided shall be free of charge. If the data subject's requests are manifestly unfounded or excessive, in particular because of their repetitive nature, the data controller may:

(a) charge a reasonable fee taking into account the administrative costs incurred in providing the information or communication or taking the requested action; or

(b) refuse to comply with the request. The burden is on the data controller to demonstrate that the request is manifestly unfounded or excessive.

6. Without prejudice to Article 11, where the data controller has reasonable doubt as to the identity of the natural person making the request, the data controller may request additional information necessary to confirm the identity of the data subject.

7. The information to be provided to data subjects under Articles 13 and 14 may be provided in combination with standardized icons to give, in an easily visible, intelligible and clearly legible manner, an overview of the intended processing. If presented electronically, the icons shall be machine-readable.