Privacy Policy concerning the processing of personal data pursuant to articles 13-14 of (EU)
Regulation 2016/679
Privacy Policy
Data subject: Web site surfers.
Consorzio Turistico Madesimo in its capacity of Data Controller with regard to the processing of your personal data pursuant to (EU) Reg. 2016/679 (hereinafter the 'GDPR'), hereby informs you that the said regulation protects data subjects with regard to the processing of their personal data and that the said processing will take place in a fair, lawful, transparent manner which protects your privacy and your rights.
Your personal data will be processed in accordance with the terms of the above legal provisions and the confidentiality obligations contained therein.
Purposes and legal base of the processing: your data will be processed for the following purposes necessary to comply with contractual or pre-contractual obligations:
- For statistic purposes and analysis of browsing and users.
Processing procedures. Your personal data may be processed by the following ways:
- using electronic calculators running softwares managed by third parties;
- Using electronic calculators running self-managed softwares or directly engineered;
- temporary data processing according to anonymous procedures.
All data are processed in compliance with the procedures specified in articles 6 and 32 of the GDPR and with the adoption of the appropriate security measures required.
Your data will only be processed by persons specifically authorised by the Data Controller, and specifically by the following categories of authorized persons:
- Admnistration office.
Disclosure. Your data may be disclosed to external entities for the correct management of the relationship and specifically for the following categories of Recipients, including all the duly designated Data Processors:
- Google Analytics.
Distribution: Your personal data will not be distributed in any way.
Your personal data may also be transferred, only for the aforesaid purposes, to the following countries:
- EUcountries;
- United States.
Data Storage Period. In accordance with the principles of lawfulness, limitation of purpose and minimisation of data, pursuant to art. 5 of the GDPR, the data storage period for your personal data is:
- established in a period of time not exceeding the fulfillment of legal obligations and for the protection in litigation;
- set for a timing not larger than the one which implies its purpose achievement, given the aim to collect data, and collected and processed for the execution and fulfillment of contract purposes;
- set for a timing not larger than the supplied services fulfillment;
- established as a period of time not exceeding the purposes for which the data were collected and processed and complying with the compulsory times required by law.
Data Controller: the Data Controller, as defined by the Law, is Consorzio Turistico Madesimo (VIA ALLE SCUOLE,12 , 23024 MADESIMO(SO), VAT no. 00941650145, contactable as follows: e-mail INFO@MADESIMO.EU, telephone 034353015).
You are entitled, by application to the Data Controller, to obtain the erasure (right to be forgotten), restriction, updating, rectification and portability of your personal data, to object to their processing, and in general to exercise all your rights under articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR.
Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 - Rights of the Data Subject
1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her exist, regardless of their being already recorded, and disclosure ofsuch data in intelligible form, and the right to lodge a complaint with the supervisory authority.
2. The data subject has the right to be informed of:
a. the source of the personal data;
b. the purposes andmethods of processing;
c. the logic applied if the data are processed by electronic devices;
d. the identification data concerning the Data Controller, the Data Processors and the representative designated as per article 5, comma 2;
e. the entities orcategories of entity to whom or which the personal data may be disclosed and who or whichmay get to know said data as designated representative in the State's territory, as data processors or as persons in charge of the processing.
3. The data subject is entitled to obtain:
a. the updating, rectification or, where interested therein, integration of the data;
b. the erasure, anonymisation or blocking of data that have been unlawfully processed, including data whose retention is not necessary for the purposes for which they were collected orsubsequently processed;
c. certification to the effect that the operations as per letters a) and b) have been notified, as also related to theircontents, to the entities to whom or which the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected;
d. the portability of the data.
4. The data subject has the right to object, in whole or in part:
a. on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b. to the processing of personal data concerning him/her, where it is carried out for the purpose ofsending advertising materials or direct selling or else for the performance ofmarket orcommercialcommunication surveys.
Last Edit on 10/04/2024
INFORMATION NOTICE Doc. Cod. 15991.51.396204.2797167