Information document pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 (GDPR)
In compliance with the provisions of EU Reg. 2016/679 (European Regulation for the protection of personal data) we provide you with the necessary information regarding the processing of the personal data provided. The information is not to be considered valid for other websites that may be consulted through links on the websites in the domain of the owner, who is not to be considered in any way responsible for the websites of third parties.
Data Controller , pursuant to art. 4 and 24 of the GDPR is Via Amilcare Ponchielli, 51 -24125 Bergamo – VAT number 06253080961 – REA 391562 in the person of the pro tempore legal representative. The contact details of the Data Controller are as follows: e-mail firstname.lastname@example.org.
TYPES OF DATA PROCESSED
Navigation data The computer systems and software procedures used to operate the portal acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the portal, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the portal and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the portal: except for this possibility, the data on web contacts do not currently persist for more than seven days.
Data provided voluntarily by the user The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Summary information and news are reported and displayed on the pages of the site prepared for user registration. The personal data requested from users who subscribe to the newsletter, a username and e-mail address. These data are necessary for sending the newsletter.
COOKIES The portal uses only technical cookies that are useful for the easier use of the services offered. The portal does NOT use profiling cookies on its own.
The portal uses external services that may also use profiling cookies.
PURPOSE – LEGAL BASIS – CONSERVATION PERIOD – NATURE OF THE PROVISION
– Purpose of the processing: Navigation on this website.
– Legal basis: Legitimate interest | rights of the interested party – 6 lett. f) and recital 47 GDPR – Activities strictly necessary for the functioning of the site and its accessibility.
– Nature of the conferment: Necessary for the pursuit of the legitimate interest of the owner.
RIGHT TO PROVIDE DATA
Apart from what is specified for navigation data, the user is free to provide personal data contained in the contact forms to obtain the sending of information material, support, help or other communications. Failure to provide them may make it impossible to obtain what is requested. For the sake of completeness, it should be noted that in some cases the Authority may request news and information pursuant to art. 32, paragraph 1, of law no. 675/1996 (Art.157, Legislative Decree 30 June 2003 n.196 “Code regarding the protection of personal data”) for the purpose of controlling the processing of personal data. In these cases, the reply is mandatory under penalty of an administrative sanction.
Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
RECIPIENTS / CATEGORIES OF DATA RECIPIENTS
Personal data may be processed by recipients who will act as managers (Article 28 of EU Reg. 2016/679), as natural persons acting under the authority of the Data Controller and the Manager (Article 29 of the EU Reg. 2016/679), or as autonomous Data Controllers.
Specifically, the data may be communicated to: – subjects who provide services for the management of the information system used by the Data Controller and of the telecommunications networks (for example: site hosting); ; -free professionals,
firms or companies in the context of assistance and consultancy relationships (eg digital marketing consultants, legal service providers); – competent authorities for the fulfillment of legal obligations and / or provisions of public bodies, upon request.
The always updated list of data processors is available at the headquarters of the data controller
DATA TRANSFER TO AN NON-EU COUNTRY
Personal data will not be transferred to countries outside the European Economic Area.
RIGHTS OF THE INTERESTED PARTIES
The interested natural person may assert their rights as expressed in Articles 15 and ss. of the GDPR, by contacting the Data Controller by writing to the contacts indicated above. In particular, the interested party has the right, at any time, to obtain from the Data Controller access to personal data and request information relating to the processing (Article 15), as well as to rectify (Article 16), cancel the Your personal data (Article 17) or limit their processing (Article 18). Furthermore, in the cases provided for, the interested party has the right to revoke the consent given without prejudice to the lawfulness of the treatment based on consent before revocation. Furthermore, the interested party has the right to oppose the processing based on legitimate interest by writing to email@example.com. In the cases provided for, the interested party has the right to the portability of his personal data and in this case the Data Controller will provide the personal data concerning the interested party in a structured format, commonly used and readable, from an automatic device. In the event that he believes that the processing of personal data carried out by the owner is in violation of the provisions of Regulation (EU) 2016/679, the interested party has the right to lodge a complaint with the Italian Guarantor for the protection of personal data (https: //www.garanteprivacy.it/), or to take appropriate judicial offices (the latter also for legal persons and not just physical ones).
Update date: 12/14/2021
The Data Controller
CIM ITALY S.R.L.