This is an information provided pursuant to Article 13 of the European Regulation for the Protection of Personal Data ("GDPR"). This page describes how the data of each natural person who navigates or uses the services offered by this website ("Interested Party or User") or electronically by connecting to the address: http://www.alcolombo.com and all sub-domains related to the main domain alcolombodelopera ("Site") will be processed.
The purpose of this document is to provide, in a simple and intuitive manner, all the useful and necessary information so that the User can give his/her data in a conscious and informed manner and, at any time, request and obtain clarifications and/or corrections.
1. Who can be contacted
Contact email address: firstname.lastname@example.org
2. Why this information and to whom it is addressed
The Data Controller in coherence with its mission and values is committed to respecting the identity, dignity of every human being and the constitutionally guaranteed fundamental freedoms with regard to the processing of personal data as well as the free movement of such data. This commitment will be constantly followed by the Data Controller company under the principle of accountability by consistently putting in place appropriate technical, organizational and policy measures to ensure and be able to demonstrate that processing is carried out in accordance with the GDPR.
This notice is addressed to Users of the Site. Access to certain sections of the Site and/or any requests for information or services by Users may be subject to the input of Personal Data, the processing of which will be carried out in compliance with the GDPR.
For the use of specific services of the Site, the interested party will be informed by means of this notice and where required, specific consents to the processing of Personal Data will be requested.
This information is provided only for the Site and not also for other websites consulted by users through links possibly referred to in this Site.
The term Personal Data refers to the definition contained in Article 4 at point 1) of the GDPR i.e. "any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier, or to one or more features of his or her physical, physiological, genetic, mental, economic, cultural or social identity"("Personal Data").
The GDPR requires that, before processing Personal Data - by which term is to be understood, according to the definition in Article 4 at 2) of the GDPR, "any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction" ("Processing") it is necessary that the person to whom such Personal Data belongs be informed about the reasons and purposes for which such data is required and how it will be used.
Personal Data may be disclosed to specific entities considered recipients of such Personal Data. Article 4 at point 9) of the GDPR, defines a recipient of Personal Data as "the natural or legal person, public authority, service or other body that receives communication of Personal Data, whether or not it is a third party" (hereinafter the "Recipients").
Personal Data may also be disclosed to specific persons considered under Article 4 at 10) of the GDPR, "persons authorized to process Personal Data under the direct authority of the Controller or the Processor" (hereinafter the "Authorized Persons").
Among other things according to Article 4 at 9), of the GDPR, "public authorities that may receive communication of Personal Data as part of a specific investigation in accordance with Union or Member State law are not considered Recipients."
4. Processing - Data processed: their purpose of processing, legal basis and retention timeframe
The processing of data through the Site is carried out with both manual and computer and telematic tools in compliance with the regulations in force and the principles of correctness, lawfulness, transparency, relevance, completeness and non-excessiveness, data minimization and accuracy and with logics of organization and processing strictly related to the purposes pursued and in any case so as to ensure the security, integrity and confidentiality of the processed data, in compliance with the organizational, physical and logical measures provided for by the provisions in force. Which will be implemented and increased from time to time also in relation to technological development to ensure confidentiality, availability and integrity of processed data.
The Personal Data processed on the Site specifically are:
1. the User's browsing data: the computer systems and software procedures in charge of the operation of this Site acquire, during their normal operation and for the sole duration of the connection, some of the User's data whose transmission is implicit in the use of Internet communication protocols. This information is not collected with the aim of associating it with the identified interested parties but, by its very nature, could, through processing and association with data held by third parties, allow the identification of the visiting users (such as IP address, location, cookies, browser, etc.) the domain names of the terminals used, the addresses in URI (Uniform Resource Identifier) notation of the requestors, the time of the requests, etc. These data, are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its proper functioning.
2. contact data: are the data conferred directly by the User (first name last name email address, country, city phone number, company, specialty and message text), are processed for the sole purpose of following up the User's requests and carry out all communication activities always related to giving response to contact requests. The legal basis can be identified in pre-contractual or contractual obligations related to giving response to requests of the data subject or to the provision of a service, but also in legal obligations to which the Data Controller is subject. In this case, the principle of non-excess will apply and the data will be kept for 10 years from the processing of contact responses, which coincides with the civil law terms.
3. Sending Newsletters: the data provided by the User (first name last name email address and country of origin and type of user), are processed for the purpose of sending communications regarding events, events, promotion of products and services. The legal basis for the purpose of sending Newsletters is the prior, express consent of the Data Subject. Said communications may relate to promotional, commercial and advertising material or inherent to events and initiatives, by the Data Controller through automated means of electronic mail, telefax, messages of the SMS type or other, as well as through operator telephone calls, also automated and of the paper mail and other informative material. Failure to provide consent for these specific purposes has the only consequence of not being able to carry out the communication activities by sending promotional communications or the newsletters. As provided in fact, by the GDPR, if the Data Subject has given consent to the Processing of Personal Data for one or more of the purposes for which it has been requested, he/she may, at any time, revoke it totally and/or partially without affecting the lawfulness of the Processing based on the consent given before the revocation. The ways to withdraw consent are very simple and intuitive just contact the Data Controller using the contact channels reported to you within this Policy. In addition to the above and for the sake of simplicity, should the Data Subject be in the condition of receiving e-mail messages published by the Data Controller that are no longer of interest, it will be sufficient to click on the unsubscribe button placed at the bottom of the same to no longer receive any communication, even through additional contact channels for which consent had been obtained. Please note that the data provided may be processed for the protection of legitimate interests of the owner including defense in court. The data provided for the above-mentioned purposes, will be kept for the period necessary in relation to the purpose and in any case, until the Data Subject's consent is revoked.
5. Automated decisions
The Data Controller declares that it does not make decisions likely to influence the Data Subject based solely on automated processing of personal data. All decision-making processes associated with the processing purposes described above are carried out with human intervention.
6. Disclosure of personal data
Personal Data may be disclosed to specific entities considered Recipients or to Persons Authorized to process such Personal Data under the Authority of the Data Controller. With this in mind, in order to properly carry out all Processing activities necessary to pursue the purposes set forth in this Notice, the following Recipients may be in a position to process Personal Data:
- third parties who carry out part of the Processing activities and/or activities related and instrumental to the same on behalf of the Data Controller, based in the countries of the European Union, who have been entrusted with the execution of services, assistance and/or consulting activities also for the operation of this Site on behalf of the Data Controller. The above-mentioned third parties are essentially included in the following categories: (a) subjects with whom the Data Controller has concluded collaboration agreements; (b) subjects operating in the Sector; (c) suppliers involved in the provision of services (d) Consultants and the employees /or business associates of the Data Controller performing the functions involved in the activity of the Data Controller who have received, in this regard, adequate instructions regarding the security and proper use of personal data,
- public authorities or public entities for the fulfillment of legal obligations to which the Data Controller is subject, and any other public entity entitled to request the data, in cases provided for by law. Where required by law or to prevent or suppress the commission of a crime, Personal Data may be disclosed to public authorities or judicial authorities.
Incidentally, according to Article 4 at 9), of the GDPR, "public authorities that may receive communication of Personal Data in the context of a specific investigation in accordance with Union or Member State law are not considered Recipients."
It is understood that the data processed will only be those necessary to achieve the specific purpose, it follows that data handled through third parties will be limited to the specific purpose.
Personal Data will not be disseminated.
7. International transfers of personal data
Ali Personal Data are processed by the Data Controller within the territory of the European Union.
For this and further hypotheses in which for technical and/or operational issues it will be necessary to use entities located outside the European Union, the transfer of Personal Data, limited to the performance of specific Processing activities, will be regulated in accordance with the provisions of Chapter V of the GDPR. Therefore, all necessary precautions will be taken in order to ensure the fullest protection of Personal Data by basing such transfer: (i) on adequacy decisions of the receiving third countries expressed by the European Commission; (ii) on adequate safeguards expressed by the receiving third party pursuant to Article 46 of the GDPR; (iii) on the adoption of binding corporate rules.
8. The rights of the Data Subject and their exercise
As provided for in Article 15 of the GDPR, the Data Subject may access the Personal Data, request its rectification and updating if incomplete or erroneous, request its deletion if it was collected in violation of a law or GDPR, as well as object to the Processing for legitimate and specific reasons. In particular, the rights that the User may exercise, at any time, against the Data Controller are as follows.
Right of access: the right, pursuant to Article 15(1) of the GDPR, to obtain from the Data Controller confirmation as to whether or not Personal Data is being processed and, if so, to obtain access to such Personal Data and to the following information: (a) the purposes of the Processing; (b) the categories of Personal Data concerned; (c) the Recipients or categories of Recipients to whom the Personal Data have been or will be disclosed, in particular if Recipients from third countries or international organizations; d) when possible, the expected period of retention of Personal Data or, if this is not possible, the criteria used to determine this period; e) the existence of the Data Subject's right to request from the Data Controller the rectification or erasure of Personal Data or the restriction of the Processing of Personal Data concerning him or her or to object to its Processing f) the right to lodge a complaint with a supervisory authority; g) if the Personal Data are not collected from the Data Subject, all available information about their origin; h) the existence of automated decision-making, including profiling as referred to in Article 22(1) and (4) of the GDPR and, at least in such cases, meaningful information about the logic used, as well as the significance and expected consequences of such Processing for the Data Subject.
Right of rectification: in accordance with Article 16 of the GDPR, the rectification of Personal Data that is inaccurate. Taking into account the purposes of the Processing, you may also obtain the integration of Personal Data that are incomplete, including by providing a supplementary statement.
Right to erasure: you may obtain, pursuant to Article 17(1) of the GDPR, the erasure of Personal Data without undue delay and the Data Controller shall be obliged to erase the Personal Data, if there is even one of the following reasons: (a) the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) it has withdrawn the consent on which the Processing of Personal Data is based and there is no other legal basis for its Processing; c) has objected to the Processing pursuant to Article 21(1) or (2) of the GDPR and there is no longer any overriding legitimate reason to proceed with the Processing of the Personal Data; d) the Personal Data has been processed unlawfully; e) it is necessary to delete the Personal Data in order to comply with a legal obligation under an EU or domestic law. In some cases, as provided for in Article 17(3) of the GDPR,the Data Controller is entitled not to provide for the deletion of Personal Data if their Processing is necessary, for example, for the fulfillment of a legal obligation, for reasons of public interest, for archiving purposes in the public interest or for statistical purposes, for the establishment, exercise or defense of a right in court.
Diritto di limitazione del trattamento: potrà ottenere la limitazione del Trattamento, a norma dell’articolo 18 del GDPR, nel caso in cui ricorra una delle seguenti ipotesi: a) ha contestato l’esattezza dei Dati Personali (la limitazione si protrarrà per il periodo necessario al Titolare del Trattamento per verificare l’esattezza di tali Dati Personali); b) il Trattamento è illecito ma si è opposto alla cancellazione dei Dati Personali chiedendone, invece, che ne sia limitato l’utilizzo; c) benché il Titolare del Trattamento non ne abbia più bisogno ai fini del Trattamento, i Dati Personali servono per l’accertamento, l’esercizio o la difesa di un diritto in sede giudiziaria; d) si è opposto al Trattamento ai sensi dell’articolo 21, comma 1, del GDPR ed è in attesa della verifica in merito all’eventuale prevalenza dei motivi legittimi del Titolare del Trattamento rispetto a quelli dell’Interessato. In caso di limitazione del Trattamento, i Dati Personali saranno trattati (informeremo l’Utente prima che tale limitazione venga revocata) salvo che per la conservazione, soltanto con il consenso dell’Interessato o per l’accertamento, l’esercizio o la difesa di un diritto in sede giudiziaria oppure per tutelare i diritti di un’altra persona fisica o giuridica o per motivi di interesse pubblico rilevante.
Right to data portability: the Data Subject may, at any time, request and receive, in accordance with Article 20(1) of the GDPR, that all Personal Data be processed by the Data Controller in a structured, commonly used and readable format or request that it be transmitted to another Data Controller without any particular difficulty. In this case, it will be up to the Data Subject to provide us with all the exact details of the new Data Controller to whom he or she intends to transfer the Personal Data by providing us with written authorization.
Right to object: in accordance with Article 21(2) of the GDPR, the User may object at any time, to the Processing of Personal Data if it is processed for marketing purposes, including profiling insofar as it is related to direct marketing.
Right to lodge a complaint with the supervisory authority: without prejudice to the right to appeal in any other administrative or jurisdictional forum, if the Data Subject considers that the Processing of Personal Data conducted by the Data Controller takes place in violation of the GDPR and/or applicable legislation, he/she may lodge a complaint with the competent Data Protection Authority.
9. These rights may be exercised by contacting the Data Controller
Any instances pursuant to Article 15 of the GDPR must be addressed to the Data Controller at the registered office or by email to the contact email address: email@example.com
In addition, at any time you may consult the "Privacy" section of the Website within which you will find all information regarding the Personal Data Processing Policy applied by the Data Controller, the use and Processing of Personal Data, updated information regarding contacts and communication channels made available to the Data Subject by the Data Controller.