Privacy Policy
Information on the processing of personal data
Pursuant to Article 13 of the EU Regulation 2016/679 (hereinafter also referred to as “GDPR”), users of this web platform www.veraitalia.it are hereby informed of the processing operations of their personal data carried out in full compliance with the regulations in force concerning the processing of personal data.
1. Data controller
The Data Controller is Vera Italia di Chiara Barbera, (hereinafter also referred to as “Vera Italia”), with registered office in Corso Mediterraneo n. 245, Scalea (CS), C.A.P. 87029, P.IVA 03925960787, in the person of its legal representative, Dr. Chiara Barbera, (hereinafter also referred to as “Data Controller”)
A Data Protection Officer (DPO) has not been appointed, as one of the cases referred to in Article 37(1) GDPR does not apply.
2. Type of data processed
Navigation on the web platform may involve the processing of personal data of the User who navigates, in order to be able to access certain functions offered by the website (such as, for example, improving navigation, checking services, requesting a service). In the case of the processing of personal data, the User is the Data Subject (hereinafter also “Data Subject”) and his/her personal data will be processed in compliance with the new European legislation introduced by EU Regulation 2016/679 (hereinafter also “GDPR”) and with the reference Italian legislation (Legislative Decree no. 196/2003, hereinafter also “Privacy Code”).
2.1. Navigation data
Browsing data are data acquired automatically by the systems and services responsible for the operation of the platform and are necessary for the use of web services. This category of data includes, for example: IP addresses, the browser used, the domain names of the systems used by users to connect to the website, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User’s operating system and IT environment.
Browsing data are acquired even in the absence of registration on the Site or a request for information.
As a rule, navigation data are only used in an aggregate manner to draw up anonymous statistics on the consultation of the web platform and to check its correct functioning, and do not allow the Users concerned to be identified.
This data may, however, be used to ascertain liability in the event of computer offences committed against the web platform, since in this case it is treated as personal data.
2.2. Identification and contact details
When filling out the information request form, data directly identifying a natural person are processed, such as, name and surname, date and place of birth, emal and telephone number.
It is up to the user to verify that he/she has permission to enter personal data of third parties or content protected by national and international regulations.
No so-called ‘special’ data will be processed, i.e., in accordance with the GDPR (Art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data, data relating to a person’s health or sexual life or sexual orientation.
3. Data processing methods
Data are provided by the User through navigation on the web portal. Such data, when associated with an identified or identifiable person, are processed by means of computerised or paper-based tools, in accordance with Reg. 2016/679/EU and Legislative Decree no. 196/2003. The processing activities carried out are as follows: collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, deletion or destruction (at the end of the processing, according to the duration).
The Controller undertakes to take all appropriate security measures to prevent the loss and alteration of personal data, as well as any unlawful and unauthorised use thereof.
The security of the collected information cannot be guaranteed by possible violations of the security rules and procedures put in place for data protection (e.g. hacker attacks). In the event of attacks or other breaches, however, these will be communicated to those concerned and to the relevant authorities in accordance with the law.
4. Purpose of processing and legal basis of processing
The personal data collected is used for the following purposes and in accordance with the following legal bases:
|
Purpose of processing |
Legal bases for processing |
|
1. Improve the Users’ browsing experience and check the correct functioning of the web platform, i.e. improve the content offered, including the processing of anonymous statistics on the Users’ browsing. |
The express consent of the data subject (Art. 6(1)(a) GDPR) for the processing of personal data via cookie banners and browser preferences. |
|
2. Carrying out marketing activities (e.g. market analysis, promotion of new commercial products). |
The express consent of the person concerned (Art. 6(1)(a) GDPR) is optional and will be expressly requested for marketing activities after filling in the information request form or when registering in the reserved area of the platform. In any case, failure to grant the consent of the person concerned for marketing purposes will not result in the impossibility of obtaining the other services offered by the website. Such processing will be based on the principles of lawfulness, fairness, transparency, appropriateness, relevance and limitation under Article 5(1) GDPR. Specific summarised information will eventually be reported or displayed on the pages of the sites set up for particular services on request.
|
|
3. Notifications regarding updates to the web platform or changes to the data protection and cookie policy. |
The fulfilment of a legal obligation by the Controller or the Manager (Art. 6(1)(c) GDPR).
|
|
4. The establishment of liability in case of hypothetical crimes (including computer crimes), fraudulent or harmful activities against the platform. |
The legitimate interest of the Data Controller or third parties in carrying out processing necessary for the purposes indicated (Art. 6(1)(f) GDPR). |
|
5. Communication of data at the request of a judicial or other independent authority within the terms of the law. |
The fulfilment of a legal obligation by the Controller or the Manager (Art. 6(1)(c) GDPR).
|
|
6. Compliance with any other legal obligations not included in the preceding purposes. |
The fulfilment of a legal obligation by the Controller or the Manager (Art. 6(1)(c) GDPR). |
Apart from what is specified for the fulfilment of the contract, legal obligations or the legitimate interest of the Data Controller, the Data Subject is free to provide or not to provide his/her personal data. However, in this case, the enjoyment of the website and the use of certain services may be restricted.
5. Duration of the processing
The storage of the processed data referred to the purposes set out above in no. 1, will last for the time necessary for the correct and complete execution of the activities required to improve the Users’ browsing experience and to check the correct functioning of the web platform, i.e. to improve its contents.
The data processed for marketing purposes as set out in No. 2 above may be retained for a period of up to 24 months from the date of the User’s registration, which is necessary in order to obtain measurable, qualifiable and quantifiable responses and to meet the User’s needs.
Furthermore, the data processed for the purposes set out above in points 3, 4, 5 and 6 may be kept for the minimum time necessary to fulfil the legal obligations of the Data Controller or the Data Processor relating to the retention of data or the protection of the legitimate interests of the Data Controller or of third parties.
In any case, the data will be stored within the time limits imposed by law.
6. Recipients of data and place of processing
The data may be processed by subjects authorised by the Data Controller, including possible Data Processors (Art. 28 GDPR) and public subjects for the fulfilment of obligations provided for by law, who carry out their respective processing activities as autonomous Data Controllers.
The data may also be processed by persons acting under the authority of the Data Controller or under the authority of the Data Processor, appropriately instructed in accordance with Article 29 GDPR (so-called authorised data processors).
In other cases, the personal data collected will not be disclosed to third parties, except with the express consent of the data subject or in the case of the fulfilment of obligations imposed by laws, regulations or measures of the supervisory authorities, or if it is essential to protect the rights of other users or the Data Controller.
The data processed will not, however, be disclosed to unspecified recipients.
The processing of personal data is carried out by the Data Controller and by staff identified and expressly authorised by the Data Controller or according to the specific purposes of the services requested and subscribed to.
Personal data will be processed and stored, exclusively for the above-mentioned purposes and for safekeeping and archiving, on remote servers operated by industry-leading providers that ensure compliance with high standards of protection with regard to the processing of personal data.
In particular, the data is transferred to Aruba S.a.S. (www.aruba.it) the company that provides servers on which the data collected and the related services are stored. The Aruba Italia servers are located in Europe. Furthermore, Aruba Italia (https://www.aruba.it/gdpr-regolamento-europeo-privacy.aspx), declares to be compliant with the current regulations regarding the processing of personal data and to comply with the obligations imposed by the GDPR deriving from the possible transfer of the data outside the European Union, as well as to adopt all the necessary technical and organisational measures to preserve the integrity and security of the data entered.
Any transfer by the aforementioned service providers to a non-EU third country may only take place in the case of an adequacy decision issued by the European Commission pursuant to Article 45 of the GDPR, or in the case of a transfer subject to adequate safeguards pursuant to Article 46 of the GDPR, or on the basis of binding corporate rules approved through the specific procedure pursuant to Article 47 of the GDPR.
7. Rights of the persons concerned
During the processing, the data subject may exercise the following rights at any time:
- Right of access: to obtain confirmation of the existence or otherwise of the same data and, if so, to have access to it and to know the information indicated in Article 15(1) GDPR;
- Right of rectification: request the rectification of inaccurate data, the integration of incomplete data or the updating of outdated data (Art. 16 GDPR);
- Right to erasure: request the erasure of data processed in breach of the law, i.e. in the presence of one of the other conditions set out in Article 17(1) GDPR;
- Right of restriction of processing: obtain the restriction of processing where one of the cases provided for in Article 18 GDPR applies;
- Withdrawal of consent: you may withdraw your freely given consent to the processing of personal data for the specified purposes at any time, in cases where the processing is based on that legal basis (Art. 7(3) GDPR);
- Right to data portability: to obtain the release of processed personal data in a format compatible with standard IT applications, in order to allow their transfer to other platforms of the data subject’s choice, without impediments to the direct transmission of the processed data to another Data Controller, where such direct transmission is technically possible (Art. 20 GDPR);
Requests relating to the exercise of the aforementioned rights should be addressed to the Data Controller at the certified e-mail [email protected] or by registered mail with return receipt (A/R) addressed to Corso Mediterraneo n. 245, Scalea (CS), C.A.P. 87029.
In the event of failure or partial response by the Data Controller to the aforesaid requests, the data subject shall have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or take legal action within the terms and according to the procedures provided for pursuant to Article 77 et seq. of the GDPR.
8. Privacy policy updates
This policy notice may be subject to updates as a result of changes in the legal regulations governing the processing of personal data, or in the event of changes in the legal services offered. Any changes will be promptly communicated and an acceptance thereof is required in order to be able to continue using the services whose processing is based on the consent of the person concerned.
