0. INTRODUCTORY STATEMENT
1. DATA CONTROLLER AND DATA PROTECTION OFFICER
The data Controller is Aria29, VAT number 04187810264, with registered office in Via Carniei, 21 - Follina (TV) - Italy. Aria29 has appointed a Data Protection Officer (DPO) who can be contacted by email at firstname.lastname@example.org for any information concerning the processing of Aria29's personal data, including the list of authorized data processors.
2. TYPES OF DATA COLLECTED
The data Controller informs that the proper functioning of the website requires the processing of certain data that can be defined as “personal data”. Personal data refers to any information relating to an individual, identified or identifiable (even indirectly), by referencing any other information, including a personal ID.
The following personal data may be processed on this website:
a) Navigation data
During the proper functioning of the website, the computer systems and software procedures acquire some personal data whose transmission is implicit in the use of Internet communication protocols. Although this information is not specifically collected to be associated with identified Users, it could allow Users to be identified through data processing or association with other data owned by third parties. This category of data includes the IP addresses or domain names of the computers used by Users who access the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file generated in response, the numerical code indicating the status of the response generated by the server (successful, error, etc.) and other parameters pertaining to the User’s operating system and IT settings.
b) Common personal data
In order to use some services offered by the website, the User may be required to provide common personal data. Such personal data may include (for instance): first and last name, email address, phone number, etc.
3. PURPOSE OF DATA PROCESSING
The data provided by the User, including personal data and any particular data, shall be processed for the following purposes:
a. respond to any contact requests received by email or after filling out the dedicated form on the Contact page;
b. send newsletters or commercial / marketing information;
c. carry out generic administrative and accounting services. In compliance with the provisions on the protection of personal data, the data processing carried out for administrative and accounting purposes must be connected to the performance of organizational, administrative, financial and accounting activities, regardless of the nature of the data processed. In particular, internal organizational activities, those functional to the fulfillment of contractual and pre-contractual obligations and information activities pursue these purposes.
4. METHODS OF DATA PROCESSING
The data processing shall be carried out, in paper and/or digital form, by specifically skilled, designated professionals who in any case shall implement suitable measures to guarantee the User maximum security. The data collected for the purposes referred to in section 3 (a, c) shall be stored for a period of time necessary for the full implementation of the same purposes. When data is processed for commercial and marketing purposes (referred to in section 3 (b)), the retention period is 24 months. Users can request more information about the data retention period and the criteria followed to determine such period by emailing Aria29 at email@example.com.
5. LEGAL BASIS AND CASES OF MANDATORY / OPTIONAL DATA PROCESSING
For the purposes referred to in section 3 (b), the legal basis for the processing of personal data is Article 6 (1) (a) of the Regulation, as the processing is subject to the provision of explicit consent. For the purposes referred to in section 3 (a, c), the legal basis for the processing of personal data is Article 6 (1) (b) of the Regulations, as the processing is necessary for the provision of services or for the fulfillment of the User’s requests. Although the provision of personal data for these purposes is optional, failure to provide it would make it impossible to implement the services provided by the website or to fulfill any relevant requests.
6. WITH WHOM PERSONAL DATA ARE SHARED (RECIPIENTS)
For the purposes referred to in section 3, the User’s personal data may be shared with:
a. subjects who act as data processors, that is: subjects with whom it is necessary to interact for the provision of services (e.g. hosting providers), or subjects appointed to carry out technical maintenance;
b. subjects, institutions or authorities with whom it is mandatory to share the User’s personal data in accordance with provisions of the law or authorities concerned;
c. subjects authorized by Aria29 to process the User’s personal data as a necessary operation and strictly in the context of the provision/implementation of services. These subjects must have agreed to sign a confidentiality agreement (e.g. Aria29 employees).
7. USER RIGHTS
The User is granted specific rights:
1. the User has the right to know if there are personal data concerning him/her – even if not yet registered – and has the right to receive such data in intelligible form;
2. the User has the right to receive information on the following: the origin of personal data; the purposes and methods of data processing; the criteria applied in case of treatment carried out with the support of electronic devices; the identification details of the data Controller, of the managers and of the designated representative and the relevant contact details; the subjects or categories of subjects with whom the personal data may be shared or who can access the data as appointed representatives (within the national territory), managers or agents.
3. the User also has the right to receive: the legitimate interests of the data Controller or by third parties, any recipients or any categories of recipients of the personal data; the intention of the data controller to transfer the personal data to a foreign country or to an international organization and the existence/lack of an adequacy decision by the Commission; whenever possible, the data retention period, or alternatively the criteria followed to determine this period; the existence of an automated decision-making process; the right to lodge a complaint with the supervisory authority; the right to be informed if the data sharing constitutes a legal/contractual obligation or a necessary requirement for the fulfillment of the contract.
4. the User also has the right to receive: a) updating, rectification or – if interested – integration of the data; b) the cancellation/changing into anonymous form or blocking of any data processed in violation of the law, including data that do not need to be stored in consideration of the original purpose(s) of collecting or subsequently processing them; c) written confirmation that the operations referred to in letters a) and b) of this paragraph have been made known, also with regard to their content; the name of the subjects with whom the data have been made known or shared, except if this information is impossible to acquire or its acquisition involves procedures evidently disproportionate to the right itself.
5. Finally, the User has the right to object, entirely or partially: a) for legitimate reasons, to the processing of personal data concerning him/her, even if relevant to the purpose of the data collection; b) to the processing of personal data concerning him/her for the purpose of sending advertising/sales material or for carrying out market research or sending commercial communications.
The User can exercise the rights listed above by contacting the Data Protection Officer at the following address: firstname.lastname@example.org.
Aria29 shall promptly provide appropriate feedback, and in any case within a period not exceeding 1 month. According to the relevant Regulations, if the response is deemed particularly complex, it can be 3 months. The data Controller shall in any case notify the User within 1 month of the request, even in case of refusal (if the refusal is expressly provided for by the current provisions).
8. COMPLAINT TO THE SUPERVISORY AUTHORITY
Pursuant to art. 77 et seq. Of EU Reg. 2016/679, if the User deems his rights violated, he/she may contact the Guarantor for the protection of personal data as well as the ordinary judicial authority.
Any translation of this originally Italian document into a foreign language is exclusively provided for information purposes. In case of discrepancies, the only legally valid and binding version of this document is the Italian one.
Via Carniei, 21
Follina (TV) - Italy
P. IVA 0418781026
REA TV - 339280