Information regarding the EU Regulation 2016/679 called “Global Data Protection Regulation” (GDPR).
Premise
Following the regulation dictated by the EU Regulation 2016/679 called “Global Data Protection Regulation” (GDPR), laying down provisions for the protection of persons and other subjects regarding the processing of personal data, we provide here all the information about the use of personal data acquired in relation to the use of this site.
Source of personal data
The data in our possession are electronically collected.
The data are provided by the user through direct communications via email, using the provided address: info@nicolaberloffa.it.
Details on the collection of personal data
Communications via email
By sending an email with personal data to the contact address published on the site, the user consents to their use for responding to requests for information or for any other purpose.
Data collected: email address.
Any further data that the user voluntarily inserts will be kept stored only if necessary to provide the service requested by the user.
All collected data will be processed in compliance with current legislation, and in any case, with due confidentiality.
Purpose of personal data collection
The data collected here are intended exclusively for the provision of the service requested by the user and for the performance of our information, commercial, advertising, promotional and marketing activities.
The data can be processed to contact the user.
The data may be processed to perform statistical, commercial and marketing studies.
The user is responsible for his own personal data and the ones of third parties published or shared through this site.
The user also guarantees to have the right to communicate his own personal data and the ones of third parties, freeing the owner of this site from any liability to third parties.
Collection method
Personal data are subject to processing methods based on principles of correctness, lawfulness and transparency.
In relation to the aforementioned purposes, the processing of personal data takes place using manual, computerized and telematic tools with logics strictly related to the specified purposes and, in any case, in order to guarantee the security and confidentiality of the concerned person, through the use of appropriate procedures that avoid the risk of loss, unauthorized access, illicit use, in compliance with the limits and conditions defined in the EU Regulation 2016/679.
Personal data may be processed either on paper or electronically and / or through automated processes.
Data may be processed by the Owner and Data Controller as well as by the subjects directly involved in the organization and management of this site (administrative, commercial, marketing, legal, system administrators), where engaged in the execution of the mandate given to us.
Access to personal data
Subjects who may access personal data of the user as managers or persons in charge (according to Article 13 Paragraph 1 of the GDPR) are:
- The Data Controller
- The staff of the Data Controller (for fullfilling user requests, for example a response to an information request).
Personal data will not be disclosed to third parties.
Data communication
Data may be communicated to the subsidiaries or affiliated companies and to the persons responsible for managing services connected to our activities, and treated exclusively within the scope of the required service.
The user is aware that the owner of this site may be required to communicate data upon supervisory requests, by judicial authorities and other third parties to whom the communication is mandatory by law, including the prevention / repression of any illegal activity pertaing the access to this site and / or sending any kind of request.
Data transfer
Data received through this site are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the treatment are located.
For further information it is possible to contact the Data Controller as described in the “How to exercise rights” paragraph.
The management and storage of personal data will be carried out on Data Controller’s and / or third-party companies’ (appointed as Data Processors) servers located in Italy and in Europe.
All data will not be transferred outside the European Union.
Data retention time
Personal data received from users that send information request via email from this site will be kept for a time strictly necessary for the fulfillment of the request and for the purposes described in the point “Purpose of personal data collection”.
The user can obtain further information regarding the legitimate interests pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller as described in the “Ways to exercise rights” paragraph.
In the event that the processing is based on the user’s consent, the Data Controller may keep the personal data longer, until the aforementioned consent is revoked.
The Data Controller may be obliged to keep personal data for a longer period in compliance with legal obligations or an authority order.
Personal Data will be deleted at the end of the retention period.
Therefore, at the end of this term, the right related to actions such as access, cancellation, rectification and the right to data portability can no longer be exercised.
If the user take action towards the revocation of consent for the specific treatment, the data will be deleted or made anonymous within 72 hours from the receipt of the revocation.
Pursuant to Art. 13, paragraph 2, letter (f) of the GDPR Regulations, we inform that all the collected data will not be subject to any automated decision making process, including profiling.
User rights
Users can always exercise the rights specified in articles 13 (C. 2), 15, 18, 19 and 21 of the GDPR, summarized here in the following list:
- The interested party has the right to obtain confirmation of the existence of data concerning him, even if not yet communicated, and to have their delivered in an intelligible form;
- At any time the concerned persons can access their data to update them, modify them, integrate them, receive them, transfer them, limit their use (in this case the owner will not process the data for any different purpose other than their conservation) or revoke their use, in accordance with the provisions of EU Regulation 2016/679;
- The interested party has the right to lodge a complaint with the Guarantor for the protection of personal data, following the procedures and indications published on the official website of the Authority: www.garanteprivacy.it
The exercise of user’s rights is not subject to any form of constraint and it’s free.
The receiving of this information notice will be considered a consent to the processing of personal data as referred in this policy.
Further information regarding the processing of personal data may be requested to the Data Controller as described in the “Ways to exercise rights” paragraph.
Ways to exercise rights
At any time the interested parties can access their data to update them, modify them, integrate them, or simply oppose their use.
Users may exercise their rights or request more information regarding the processing of personal data at any time by sending an email to the address: info@nicolaberloffa.it.
Changes to the Privacy Policy
The owner of the data processing reserves the right to make changes to this privacy policy at any time, making it available to users on this page.
Please visit this page regularly, taking the last modification date published at the end of the text as a reference.
In case of non-acceptance of the changes made to this privacy policy the user is required to cease using this site and may require the data controller to remove the related personal data.
Owner and Data Controller
Owner and Data Controller is Nicola Berloffa, who will use them for the purposes indicated in this policy.
Further information can be requested at the following email address: info@nicolaberloffa.it.
Legal references
This privacy policy has been compiled on the basis of multiple legislative orders, including articles 13 and 14 of GDPR Regulation (EU) 2016/679.
Definitions
Personal data (or data)
Any information which, directly or indirectly, or in connection with other information, identifies a natural person.
User
The individual who uses this site and who, unless otherwise specified, coincides with the interested party.
Interested party
The natural person to whom the personal data refers.
Data processor (or Data supervisor)
The natural or legal person, public authority or any other entity that processes personal data on behalf of the Data owner, as stated in this privacy policy.
Data controller (or Data owner)
The natural or legal person, public authority, service or or any other entity which, individually or together with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures related to the operation and use of this site. The Data controller, unless otherwise specified, is the owner of this site.
This site
The tool through which the personal data of users are collected and processed.
European Union (or EU)
Each reference to the European Union contained in this policy is intended to be extended to all current member states of the European Union and the European Economic Area.
Processing of personal data
By processing of personal data under the law we mean any operation carried out with or without the use of electronic or automated instruments, concerning the collection, registration, organization, storage, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, removal and distribution of data.
Last modified: 2018/08/01