Data-processing controller and contacts
The data-processing controller is Livia Lo Presti, Via Giuseppe Bovini 35 – 48123 Ravenna – VAT Code 02303370395. The data-processing controller can be contacted via the email address firstname.lastname@example.org.
WHAT ARE THE PROCESSED DATA?
The processed data are browsing data and data provided spontaneously by the user.
IT systems and software procedures adopted to ensure the running of this website acquire, during their normal exercise, certain personal data, the transmission of which is implicit in the use of Internet communication protocols.
This information is not gathered so as to be associated with identified subjects. Nevertheless, by their nature they might, through elaboration and association with data by third parties, allow the identification of users.
In this data category we may mention: IP addresses or the domain names of the computers adopted by users connecting to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the method used to submit the request to the server, the file dimension obtained as a response, the numeric code indicating the server data response status (success, error, etc.) and other parameters related to the operative system and IT environment of the user.
Data provided spontaneously by the user
PURPOSES AND LEGAL BASIS OF THE PROCESSING
Browsing data: PURPOSES AND LEGAL BASIS
Browsing data are acquired to obtain statistical information on use of the website, for security purposes and to check the correct functioning of the website. Data may be used to verify liabilities in case of computer crimes damaging the website.
The legal basis of the processing of such data is legitimate interest and, in case of a request by the Authorities, legal obligations.
Data provided spontaneously by the user: PURPOSES AND LEGAL BASIS
Personal data given by the user spontaneously by contacting the controller are used only to answer their requests.
The legal basis for processing such data is therefore the execution of precontractual measures.
If necessary, data will be used where the controller has a legitimate interest in verifying the security and correct functioning of the adopted IT systems and enacting defensive measures or defending a right in a Court.
Gathered data are processed with IT tools and, only on a residual basis, on paper. Adequate security measures have been adopted in order to prevent the loss of data, illegal or incorrect use and non-authorized access.
Servers located within the European territory are used for data processing related to hosting services of the website.
The controller uses third-party services (GSuite) that entail an international transfer of data, taking place with the guarantee offered by the Adequacy Decision taken by the European Commission (Privacy Shield) and by standard contractual clauses.
Data directly provided by the data subjects are stored for the strictly limited period of time necessary to respond to the data subjects’ requests and then are subsequently cancelled, excepting cases where an assignment is being confirmed (in this case the data will be kept for the whole duration of the relationship and in compliance with legal obligations) and defensive needs (that might require further conservation).
Browsing data do not exist for more than seven days and are immediately erased after their aggregation, unless required for criminal investigations by the Judicial Authority.
WHAT HAPPENS IF DATA ARE NOT PROVIDED?
With the exception of browsing data which are necessary to perform IT and electronic transmissionc protocols, provision of data by users via the available modalities is free and optional. However, in the absence of this provision of data, the controller will not be able to answer the data subjects’ requests and data subjects will not be able to submit any request.
WHO IS ENTITLED TO KNOW THE DATA?
Data shall be made known to the empowered Authorities in case of specific requests which the controller has the legal obligation to answer. Data shall be also made known to companies and advisors consulted by the controller to receive the hosting service and the assistance and maintenance services of the adopted services, as well as to advisors handling legal disputes and legal assistance on occasion of disputes requiring their involvement.
It is specified that some of the indicated subjects are responsible for the processing and that communications to those acting as independent controllers are performed in compliance with legal obligations or as necessary to fulfil the obligations deriving from the contract or in the controller’s legitimate interest to maintain the security of the IT systems and perform defence activities via legal advisors.
The data subject may request from the controller the list of external subjects who perform activities as data processing controllers.
Such communication is however limited to data categories for which the transmission is necessary to perform the activities and purposes pursued.
The rights of data subjects
The Law acknowledges the right to ask the data controller for access to personal data, their rectification or cancellation, or the limitation to their processing or to oppose to their processing, in addition to the right to data portability.
The data subject may, at any time, assert his/her rights, with no formalities, by writing to the controller at the email address email@example.com.
Here follow the rights acknowledged by current legislation regarding the protection of personal data.
The data subject is informed that, in case in case he/she believes that the processing of his/her personal data is violating what stated on the GDPR, he/she has the right to lodge a complaint with the Privacy Authority as per Art. 77 of the Regulation, or to bring the issue before the appropriate judicial offices (Art. 79 of the Regulation).