Information relative to Art. 13 of Regulation (EU) 2016/679 - PRIVACY POLICY ENG

 

This website uses technology to collect useful information to improve your online experience. This policy refers to the use of cookies and the ways in which they may be managed.

We reserve the right to change this policy at any time. Any change in this policy will take effect from the date of publication on the Website. The Data Controller takes great care to protect your personal data and in this document ("Cookie Policy") provides information on the processing of your personal data through cookies. Furthermore, the Data Controller may also process other personal data and therefore encourages you to also read the complete information accessible from the website.

 

DATA CONTROLLER OF TREATMENT

Biancoperla srl  Email:  dario.sali@biancoperla.eu;   P.IVA / CF:  01782540478; 

 

TYPES OF DATA PROCESSED

The data processing activities carried out are targeted at acquiring the following personal data:

- Cookie: Profiling cookies.
- Behavioral data: Geolocation data.
- Common data: Data registered at the Anagrafe (Registry Office).

 

CATEGORIES OF INTERESTED PARTIES:

The processing activities carried out are aimed at the following categories of interested parties:

Categoria
Clients
web users

PURPOSE OF DATA PROCESSING AND LEGAL BASIS

 

1.WEBSITE - Navigation data
Obtain anonymous statistical information on use, check the correct functioning of the website, ascertain responsibility in the event of hypothetical
computer crimes against the Data Controller.

Legal basis of data processing: Legitimate Interest - Art. 6, c.1, let. f. GDPR.

Purpose of data processing:
- Data analysis to carry out the development and maintenance of the website.
- Assessment of responsibility in the event of potential computer crimes against the website
and/or the interested data subjects.
- Anonymous statistical analysis on the use of the website.

 

Nature of the provision: Mandatory - Failure to provide the data will make it impossible for
the company to provide the web service.
Personal data retention period: The data are kept for 30 days.

Methods of Data Processing: The data processing is performed with IT tools.

 

 

2. WEBSITE - Requests from the Website
Requests made by interested parties through the website of the Data Controller.

Legal basis of data processing: Contract Execution- Art. 6, c.1, let. b. GDPR

Purpose of data processing:
- Sending requests through instruments of the web platform.

Nature of the provision: Optional - Failure to provide the data will make it impossible for the Data Controller to respond to the requests of the interested party.
Personal data retention period: Time needed to process the request.

Methods of Data Processing: The data processing is performed with IT tools.

3. WEBSITE - Use of the service into reserved area
Use of the services offered trough the reserved area of the owner's website.

Legal basis of data processing: Contract Execution- Art. 6, c.1, let. b. GDPR

Purpose of data processing:

• Registration within the reserved area.

• Use of the service provided by accessing the reserved area of the site.

Nature of the provision: Optional - Failure to provide the data will make it impossible for the Data Controller to respond to the requests of the interested party.

Personal data retention period: User deletion.

Methods of Data Processing: The data processing is performed with IT tools.

 

4. FACEBOOK FAN PAGE

 When the users use the Page administered by the Owner, Facebook ("Social Media") collects information such as the types of content viewed or interacted with, the actions performed as well as information on the devices used (IP addresses, operating system, type of browser, language settings, cookie data).

Page Insights are aggregate statistics created by certain events recorded by the Facebook server when users interact with the Pages and the content they contain.

As illustrated in the Facebook Privacy Policy, Social Media collects and uses information also to provide statistical data collection services called page insights to the page administrators to allow them to understand how people interact with the contents in them.

Details on the processing methods performed by Facebook are available at the following link:

https://www.facebook.com/privacy/explanation

Details on the personal data processed for Insights are available at the following link:

https://www.facebook.com/legal/terms/information_about_page_insights_data

Details on the cookies used by Facebook are available at the following link:

https://www.facebook.com/policies/cookies/

The Data Controller as administrator of the Page and Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) are joint controllers in accordance with Article 26 of the GDPR for the processing of such personal data registered for events delivered through Page Insights ("Insights Data").

The joint ownership agreement between the Owner and Facebook covers the creation of these events and their aggregation in Insights on the page provided to each administrator.

 The legal basis of the processing is the legitimate interest of the Data Controller, art. 6, paragraph 1, letter f), GDPR. Therefore, it is not necessary to acquire your prior consent to the processing.

Legal basis of data processing: Legitimate Interest - Art. 6, c.1, let. f. GDPR

Purpose of data processing:
- Statistical surveys relating to the use of elements contained within the Facebook page administered by the Data Controller.

Nature of the provision:  Mandatory - Failure to provide the requested data will make it impossible for the Owner to provide services through the Page published on Facebook.

Personal data retention period: The data collected will be processed for the time strictly for the realization of the purposes described above as specified in the Facebook policies described above.

Methods of Data Processing: The treatment is carried out by computerized means by the Co-owner Facebook3. SOCIAL FACEBOOK PAGE

 

5. Google reCAPTCHA
In order to guarantee the maximus level of security and protection of the site, for the benefit of the user and the organization of the Owner, we use the Google reCAPTCHA service provided, for the European area, by Google Ireland Limited (Gordon House, Barrow Street Dublino 4, Ireland)

Legal basis of data processing: Consent - Art. 6, c.1, let. to. GDPR

Purpose of data processing:

• Use of the Google reCAPTCHA service in orde to verify that the user of the site corresponds to a person thus excluding potential automatic visits of sotware such as bots.

Nature of the provision: Optional - Failure to provide the data will make it impossible for the interested to register and/or access the services provides by the site.

Personal data retention: Consent to use Google reCAPTCHA service involves the trasnfer of your personal data to Google. 

Methods of Data Processing: reCAPTCHA service saves an additional cookie in the user's browser and also takes a snapshot of the browser window.

 TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION

Personal data is processed exclusively within the European Union.

 

 

RECIPIENTS OF THE TREATMENT

-Data Processor: HIVE SRLS e SYSTEM & SOFTWARE SRL 

 

 

 RIGHTS OF THE DATA SUBJECT-COMPLAINTS TO THE CONTROLLING AUTHORITY

 In relation to the treatments described in this document, as the Data Subject you may, under the conditions provided for by the GDPR, exercise the rights enshrined in articles 15 to 22 of the GDPR and, in particular, the following rights:

- right of access - article 15 GDPR: right to obtain confirmation as to whether or not personal data concerning you is in the course of being processed and, in this case, to obtain access to your personal data;
 - right to rectification - Article 16 of the GDPR: the right to rectify, without undue delay, inaccurate personal data concerning you and/or to add supplementary information to incomplete personal data;
 - right to erasure (right to be forgotten) - Article 17 of the GDPR: right to erase, without undue delay, personal data concerning you. The right to erasure does not apply to the extent that the processing is necessary for the fulfillment of a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise, or defense of a legal claim in judicial court.
  - right to restriction of data processing - Article 18 GDPR: right to restrict data processing when: a) the Data Subject disputes the accuracy of personal data; b) the data processing is unlawful and the Data Subject opposes the erasure of personal data and instead requests that its use be restricted; c) personal data is necessary for the Data Subject to establish, exercise, or defend a legal claim in judicial court; d) the Data Subject opposed data processing pending verification of whether the legitimate motives of the Data Controller override those of the Data Subject.
  - right to data portability - article 20 GDPR: right to receive, in a structured, commonly used and machine-readable format, personal data concerning you provided to the Data Controller and the right to transmit them to another Data     Controller without impediments, if the processing is based on consent and is carried out by automated means. Furthermore, the right to have your personal data be transmitted directly from this     Data Controller to another Data Controller if this is technically feasible;
  - right to object - article 21 GDPR: right to object, at any time, to the processing of personal data concerning you based on the condition of legitimacy of the interest, including profiling, unless there are legitimate motives for the Data Controller to continue data processing which prevail over the     interests, rights, and freedoms of the Data Subject or for the assessment, exercise, or defense of a legal claim in court.
  - right not to be subjected to an automated decision-making process - article 22 GDPR: the Data Subject has the right not to be subjected to a decision based solely on automated data processing, including     profiling, which produces legal effects concerning you or similarly significantly affects your person, unless this is necessary for the     conclusion or execution of a contract or you have given your     consent. In any case, an automated decision-making process cannot     involve your personal data and you can at any time obtain human intervention from the Data Controller, express your opinion and contest the decision.
  - right to file a complaint with the Autorità Garante (Italian Data Protection Authority) for the protection of personal data: http://www.garanteprivacy.it;
  - revocation of consent given in any case and with the same ease with which it was provided without prejudice to the lawfulness of the data processing based on the consent given  before revocation.