The Data Controller is CO.VI.COL srl, based in Paina di Giussano, via Verdi n. 70, CF 07117040159 VAT number 00847140969, who can be contacted at the email address firstname.lastname@example.org
The Data Controller processes the data according to the principles established by the GDPR (General Data Protection Regulation EU 2016/679), of lawfulness, correctness, transparency, purpose limitation and storage, data minimization, accuracy, integrity and confidentiality.
The data processed
The data being processed are:
- Browsing data;
- Personal, identification and contact data (it is expressly forbidden to transmit particular data or data relating to criminal convictions and crimes – own or third parties – referred to in articles 9 and 10 GDPR), provided voluntarily by the user in any requests advanced via the request form, or to the addresses indicated on this site.
The purposes of the processing
The purposes of the processing are as follows:
- allow the user to browse the site; statistical research / analysis on aggregate or anonymous data, without the possibility of identifying the Visitor, aimed at measuring the functioning of the site, measuring traffic and evaluating usability and interest of the Site (in this case the Data Controller does not process data), fulfillment of legal obligations to which the Owner is subject.
- respond to user requests and update them – also via email or newsletter service – on the activities of the Data Controller.
The legal bases of the processing
The legal bases of the processing are as follows:
- a) legitimate interest of the owner and user consent;
- b) need to respond to user requests and her consent.
Navigation data and cookies
The IT and telematic systems as well as the software used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.
It should be noted that the aforementioned data could be used to ascertain responsibility in the event of computer crimes against the site or other sites connected or linked to it: except for this possibility, the data on web contacts do not currently persist except for some days.
Cookies are not used to transmit information of a personal nature, nor are so-called c.d. persistent cookies of any kind, or systems for tracking users. The use of so-called session or navigation cookies (which are not stored permanently on the user’s device and are deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. The so-called Session cookies that may be used on this site avoid the use of other IT techniques that are potentially prejudicial to the confidentiality of users’ browsing and do not allow the acquisition of the user’s personal identification data.
However, the user can selectively disable the action of Google Analytics by installing the opt-out component provided by Google on their browser.
- Duration – some cookies (so-called session cookies) remain active only until the browser is closed. Other cookies (so-called persistent cookies) “survive” when the browser is closed and are also available on subsequent visits by the user, and their duration is set by the server at the time of their creation, usually no more than 6 months.
- The usability of the contents is also possible by completely disabling cookies, and disabling “third party” cookies does not in any way affect the navigability of the Site.
- The setting can be defined specifically for the different websites and web applications. Furthermore, the best browsers allow you to define different settings for various types of cookies.
-Safari for Mac
-Safari for Ios
- We also point out the possibility of using specific tools for the management of privacy regarding cookies for advertising purposes such as Your Online Choices, limited to the advertising networks that adhere to the initiative. For more information, http://www.edaa.eu.
- The user can always decide whether or not to accept cookies using the settings on their browser.
- ATTENTION! If the user uses particular services provided by other parties (for example by clicking the buttons of the various social networks, or by clicking on links to external sites), personal data may be processed by third parties. In this case, it will be necessary to check the rules and conditions of the processing of such third parties. The user therefore grants, on this point, the widest indemnity to the Owner for this type of Processing.
- ATTENTION! It is expressly forbidden to upload, publish or otherwise process personal data of third parties using the site or its services: if he does so anyway, against this prohibition of the Data Controller, the user acts as independent data controller of the processing of such data, assuming any connected responsibility and releasing the Owner.
The Data will be:
- collected electronically;
- registered in digital format on a server in the exclusive availability of the Owner;
- protected from the risks of destruction, modification, cancellation and unauthorized access by means of adequate physical, logical and organizational security measures;
- further processed, also in paper form, to the extent and within the time strictly necessary to implement the purposes indicated above;
- all subjects authorized to process by the Data Controller are adequately instructed on the law and other processing rules, committing themselves to confidentiality.
Communication to recipients and dissemination
The data acquired through the site will not be disclosed.
The data is communicated to the recipients to the extent strictly necessary in relation to the aforementioned purposes.
The categories of recipients are as follows:
- subjects necessary for the operation and provision of the services offered by the Site, who act as Data Processors, by virtue of contracts stipulated pursuant to art. 28 GDPR;
- Appointees and other subjects authorized by the Owner.
As already mentioned, the Data Controller may also have to communicate data to fulfill legal obligations or to comply with orders from Authorities.
Data retention period
The Data Controller keeps the data for the time necessary to achieve the aforementioned purposes, or to carry out what is requested by the user, or required by the purposes described in this document, and the user can always request its cancellation, rectification and portability, or oppose the processing or obtain its limitation.
In particular, the Data Controller will keep the Personal Data with the following timing:
- Browsing data: maximum 7 days;
- Identification and contact data provided by the user via the request form: no later than 24 months from the user’s request (while the data necessary for the update service on the activities of the Data Controller, up to the functioning of the service itself: the Data Controller will however periodically verify, at least every three years, the persistence of the consent of the interested party).
Without prejudice to the above, the Data Controller will keep the Personal Data up to the maximum time allowed by Italian law to protect their rights and / or interests.
Mandatory and optional nature of the communication of Personal Data
- navigation data: their communication is mandatory and essential to allow the owner to use the site to the user: the latter cannot refuse to communicate the navigation data, insofar as they consist of personal data.
- personal data provided by the user via the request form or the addresses indicated on the site: their communication is optional. If the user refuses to disclose such data, the owner may not be able to process such requests, in whole or in part.
- newsletter service: consent to the relative processing is optional. If the user does not give consent, the Data Controller will not be able to provide him with the service.
Rights of the interested party
The interested party has the right to:
- access their Personal Data held by the Owners;
- request its rectification and / or cancellation (“oblivion”);
- ask for the Limitation or oppose the Processing;
- request data portability;
- propose a complaint to a Supervisory Authority.
The interested party also has the rights referred to in art. 7 of Legislative Decree 196/2003 (and subsequent amendments / additions) not expressly mentioned (i.e. to obtain confirmation of the existence of Personal Data concerning you and their communication in an intelligible form, an indication of their origin, the identification details of the data processors, the transformation into anonymous form of Personal Data or their blocking if processed in violation of the Privacy Law).
Changes to this information
This information is effective from 24.05.2018.
The Owner reserves the right to modify the content, in part or completely, also due to changes in the Privacy Law.
The Data Controller will publish on the Site the updated version of this deed, and from that moment it will be binding: the interested party is therefore invited to visit this section regularly.