EXTENDED POLICY
PRIVACY POLICY STATEMENT
Az. Agr. La Tosa with registered office in Via Chiesuola, 29020 Vigolzone PC; contactable by e-mail at: info@latosa.it, VAT N° IT00832180335, in its capacity as Data controller (hereinafter, “Controller”), informs that, pursuant to art. 13, Leg. Dec. 30.06.2003, 196 (hereinafter, “Privacy Code”) and art. 13, EU regulation n° 2016/679 (hereinafter, “GDPR”) your data will be processed with the methods and for the purposes set out below:
OBJECT OF DATA PROCESSING
Az. Agr. La Tosa protects your personal data and complies with the applicable legislation on the protection of personal data (Privacy Code and GDPR 12016/679). Your personal data are processed with confidentiality and are transferred to third parties solely based on what is provided for in this Policy, or with your Consent. We process the personal data you provide us with during the use of the website and/or after the registration to our website. We process: I. the personal, identification and non-sensitive data (in particular, name, surname, fiscal code, Vat code, email, telephone number – hereinafter “personal data” or also “data”) provided directly by you, with the registration to the website. II. Data not provided directly by you – and in any case acquired within the limits of what is provided for by art. 14 paragraph 5 GDPR – whose transmission is connected to the use of Internet communication protocols (by way of example, access to the page, quantity of data transferred, status message after successful login, session ID number, IP addresses, URL addresses, etc.). These data allow to reconstruct the route of your visits to the site.
PURPOSE OF DATA PROCESSING
Your personal data are processed: A) Without your express consent (art. 24, letters a), b), c) of Privacy Code and art. 6, letter b), e), GDPR), for the following Purposes of Service: I. process a contract request; II. implement pre-contractual measures adopted on your request; III. process internal statistics; IV. fulfil the precontractual, contractual and fiscal obligations arising from the existing relationships; V. fulfil the obligations required by law, by a regulation, by community legislation or by an order of the Authority; VI. protect the vital interests of the data subject or of another physical person; VII. conduct tasks of public interest or connected to the exercise of official authority of which the controller is invested; VIII. prevent or discover fraudulent activities or malicious activities harmful to the website; IX. pursue a legitimate interest of the Controller or of third parties, within the limits and at the conditions set out at art. 6, letter f), GDPR; X. exercise the rights of Controller (by way of example, the right of defence in court).
B) Only upon your specific and unequivocal consent (art. 23 and 130, Privacy Code and art. 7, GDPR), for the following Marketing Purposes: I. send, via e-mail, newsletters, commercial and/or advertising communications on products and/or services, different and/or unlike those already purchased, offered by the Controller.
NATURE OF THE PROVISION OF PERSONAL DATA
The provision of your data for the purposes described at point 2, letter A) n° i and ii.) is necessary. In absence of this, we cannot guarantee your registration to the Site, or the possibility of processing your requests. Data provision for the purposes described at point 2, letter b) is optional. You can therefore decide not to provide your data or withdraw the possibility for us to process data provided in precedence. In this case, you will no longer receive our newsletters, while you will continue to receive our services and the right to the registration to our site.
METHODS OF DATA PROCESSING
Your personal data are processed by means of the operations indicated in art. 4, Privacy Code and art. 4 n° 2), GDPR and precisely: collection, registration, organisation, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. Your data will be processed according to principles of fairness, lawfulness and transparency and may also be carried out through automated methods to store, manage and transmit them and it will occur using suitable instruments, as to the reason and the state of the art, to guarantee safety and confidentiality through the use of suitable procedures to avoid risk of loss, unauthorised access, illegal use and dissemination.
DATA STORAGE PERIOD
The Controller will process the personal data for the time necessary to fulfil the purposes above and in any case for not more than 10 years from the termination of the relationship for Purposes of Service and for no longer than 2 years from the collection of data for Marketing Purposes. After that storage period, the data will be destroyed or rendered anonymous.
DATA ACCESS
The personal data processed by the Controller will not be disseminated, namely they will not be disclosed to unidentified subjects, in any form, including that of their availability or simple consultation. They can, instead, be communicated to staff employed by the Controller and to several external subjects who collaborate with them. Your data can be made accessible to: I. employees and co-workers of the Controller, consultants authorised to manage the website and provide related services (by way of example: customer services, IT department, etc.) in their capacity as in-house data supervisors and/or people in charge of processing personal data and/or System administrators; II. third parties or other subjects (by way of example: credit institutes, professional firms, consultants, insurance companies, etc.) which conduct activities in outsourcing on behalf of the Controller, in their capacity as external data supervisors and/or people in charge of processing personal data. Your data can also be communicated to the extent, strictly necessary, to persons authorised to access them by law, regulations, community legislation.
DATA COMMUNICATION
Without your express consent (as per art. 24 letter a), b), d), Privacy Code and art. 6 letter b), c) GDPR), the Controller may communicate your data for the purposes indicated to Supervisory bodies, Judicial authorities as well as to all the other subjects to which the communication is obligatory by law for the fulfilment of said purposes.
DATA TRANSFER
The management and storage of personal data shall occur on the servers of the Controller and/or third-party companies appointed and duly designated as Data Supervisors located within the European Union, namely in conformity with articles 45 and following of the GDPR. The servers are currently located in Florence (FI). The data will not be transferred outside the European Union. It is understood, in any case, that should it be necessary to transfer the location of the servers, within Italy and/or European Union and/or to non-EU countries, this movement will always occur in compliance with articles 45 and following of the GDPR. In that case, the Controller hereby ensures that the transfer of data to non-EU countries will occur in compliance with the applicable law, entering into, if necessary, agreements that guarantee a suitable level of protection and/or adopting the standard contract clauses provided for by the European Commission.
TRANSFER OF DATA TO NON-EU COUNTRIES
This site could share some of the data gathered with servers located outside the European Union. In particular, with Google, Facebook and Microsoft (LinkedIn) through the social plugins and the Google Analytics service. The transfer is authorised according to specific decisions of the European Union and the Data protection authority, in particular decision 1250/2016 (Privacy Shield – here the information page of the Italian data protection authority), so there is no further consent required. The companies mentioned above guarantee their participation in the Privacy Shield.
NAVIGATION DATA
During their normal activity, the I.T. systems and the software procedures responsible for the operation of the site may acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not gathered to be associated to identified parties, but it could be processed and associated to data held by third parties, allowing them to identify the users (i.e., parameters related to the operating system and to the I.T. environment of the user). The Controller uses these data to obtain anonymous statistical information on the use of the Site and to check its correct operation and they are erased immediately after processing. These data can also be used to ascertain the responsibility in case of hypothetical I.T. crimes against the Site.
COOKIES
When you use our website, the cookies are stored in your computer. The cookies are small files of text which are saved on your computer and provide us with specific information. They are widely used to make the websites function or to function more efficiently to improve the user experience, as well as to provide specific information to the owners of the site. Our site uses Cookies which remain on your computer for different lengths of time. Some expire at the end of each session, and some remain for longer so that when you return to our website you can benefit from a better user experience. The web browsers allow you to exercise a certain control over the Cookies through the browser settings. Most browsers allow to block Cookies or block the Cookies of specific sites. The browsers can also help to delete the Cookies when you close the browser. Nevertheless, you should keep in mind that this could mean that any opt-out or preferences you have set on the site will be lost. We invite you to consult the technical information related to your browser for the instructions. If you choose to disable the Cookies setting or if you refuse to accept a cookie, some parts of the service may not function correctly or could be considerably slower.
RIGHTS OF THE DATA SUBJECT
As Data subject, you are entitled to the rights set out in art. 7 of the Privacy Code and art. 15, GDPR and precisely the rights to: I. obtain the confirmation of the existence or not of personal data related to you, even if not registered yet, and their communication, in intelligible form; II. obtain indication: a) of the origin of the personal data; b) of the purposes and methods of processing; c) of the logic applied in case of processing carried out with the aid of electronic tools; d) of the identification details of the controller, supervisors and representative appointed according to art. 5 paragraph 2, Privacy Code and art. 3, paragraph 1, GDPR; e) of the subjects or of the categories of subjects to whom the personal data may be communicated or who may be informed about them as representative appointed in the territory of the State, supervisors or people in charge of the processing; III. obtain: a) updating, rectification, or, when interested, integration of the data; b) erasure, transformation into anonymous form or block of data processed in violation of the law, including those which are not necessary to store in relation to the purposes for which the data have been collected or subsequently processed; c) declaration stating that the operations referred to in points a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this is made impossible or requires a use of means manifestly disproportionate to the protected right; IV. object in full or in part: a) for legitimate reasons, to the processing of personal data which relate to you, even if pertinent to the purpose of the collection; b) to the processing of the personal data which relate to you for sending advertising materials or direct selling or to conduct market research or commercial communication, through the use of automated calling systems without an operator by e-mail and/or by traditional marketing methods using telephone and / or paper mail. It should be noted that the right of the data subject to object, as set out at the preceding point b), for direct marketing purposes using automated means extends to traditional ones and that, in any case, the possibility remains for the data subject to exercise his right to object even if only partially. Therefore, the data subject can decide to receive communications only by traditional methods or only automated communications or none of the two kinds of communication. Where applicable, he/she also has the rights set out at articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object) as well as the right to submit a complaint with the Data Protection Authority.
METHODS OF EXERCISING RIGHTS
You have the right to request the Controller for access to the Data concerning you, their rectification or erasure, integration of incomplete Data, restriction of processing; to receive the Data in a structured format, commonly used and readable using an automatic device; to withdraw the consent that may have been given relating to the processing of your sensitive data at any time and object fully or partially to the use of the Data; to submit a complaint to the Authority, as well as exercise the other rights recognised to you by the applicable law. You may, at any time, exercise your rights by sending a registered letter with advice of receipt to: Az. Agr. La Tosa with registered office in Via Chiesuola, 29020 Vigolzone PC.
MINORS
If the subject who provides the data is younger than 16, this processing is lawful only if and in the measure in which this consent is given or authorised by the holder of parental responsibility for which the identification data and copy of the identity documents have been acquired.
CONTROLLER, PROCESSORS AND PERSONS RESPONSIBLE FOR PROCESSING
The controller is Az. Agr. La Tosa with registered office in Via Chiesuola, 29020 Vigolzone PC, VAT N° IT00832180335. The updated list of data processors and persons responsible for processing is held at the headquarters of the Controller.
CHANGES TO THIS POLICY
This policy may be subject to variations. It is recommended to regularly check this Policy and refer to the most updated version. General model of clauses for “cookies” policy (With prediction of the several types and purposes of Cookies) [N.B.: text prepared in view of the general provision of the Data protection authority 8-5-2014 and opinion of the Working Party 194 of 4/2012].
WHAT ARE COOKIES
The website of the company Az. Agr. La Tosa (www.museodellatosa.it) uses cookies to make its services simple and efficient for users who view the pages. The users who access the site will see the insertion of minimum quantities of information in the devices in use, whether computers or mobile devices, in small text files called “cookies” saved in the directories used by the user’s web browser. There are several types of cookies, some to make the use of the Site more effective, others to enable specific functions.
Cookies of the Site manager
– Necessary cookies
Necessary cookies help to make a website accessible by enabling the basic functions such as page browsing and access to the protected areas of the site. The website cannot function correctly without these cookies, including Cloudflare which identifies reliable web traffic.
– Statistical cookies
Statistical cookies help the owners of the website to understand how the visitors interact with the websites gathering and transmitting information anonymously:
Google analytics: used to send data to Google Analytics regarding the device and user behaviour. It keeps track of the user on devices and marketing channels.
– Cookies to analyse third-party services
I Cookie statistici aiutano i proprietari del sito web a capire come i visitatori interagiscono con i siti raccogliendo e trasmettendo informazioni in forma anonima:
Google analytics: utilizzato per inviare dati a Google Analytics in merito al dispositivo e al comportamento dell’utente. Tiene traccia dell’utente su dispositivi e canali di marketing.
These cookies are used to gather information on the use of the Website by users in anonymous form: pages visited, dwell time, sources of traffic origins, geographical origin, age, gender and interests for marketing campaigns. These cookies are sent by third-party dominions external to the Site:
Webmaster tool to receive data and diagnostic information and tools necessary to create and manage websites and apps for mobile devices in accordance with Google instructions.
For third-party cookies: Facebook, Google+, etc. the user can check the information and the request for consent at the following links:
Facebook policy: https://www.facebook.com/help/cookies/
Facebook (configuration): access your own account. Privacy section.
Google+ policy: http://www.google.it/intl/it/policies/technologies/cookies/
Google+(configuration): http://www.google.it/intl/it/policies/technologies/managing/
INSTALLATION/DELETION OF COOKIES. BROWSER OPTIONS
The user can object to the registration of cookies on their device by configuring the browser used for navigation: if he/she uses the Website without changing the browser settings, it is assumed that he/she intends to receive all the cookies used by the Site and enjoy all the features. Below are the ways offered by major browsers to block the acceptance of cookies:
Internet Explorer: http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-11
Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
Chrome: https://support.google.com/chrome/answer/95647?hl=it