Privacy policy

PRIVACY POLICY                   

In compliance with obligations under national law (Italian Legislative Decree No.196 dated 30/06/2003, Personal Data Protection Code, updated by Italian Legislative Decree 101/2018) and community law (Regulation (EU) 2016/679, GDPR) and subsequent amendments, this website respects and protects the confidentiality of visitors and users, doing everything within its reasonable power to not infringe upon the rights of users.

This privacy policy applies only to online activity on this website and is valid for website visitors/users.

The purpose of the privacy notice is to provide maximum transparency about information collected by the website and how it is used.

 

DATA COLLECTED

This website collects and processes Personal Data, as defined by the GDPR, autonomously or via third parties, or voluntarily provided by the User, including:

  • Internet protocol address (IP); Browser type and device parameters used to connect to website; Name of internet service provider (ISP); Date and time of visit; Visitor referring page (referral) and leaving page; Number of clicks. Cookies and Use Data, collected in automatic processes;

This data is processed automatically and is collected in aggregate pseudonymized form only in order to verify correct website function and for security purposes; this data will be processed according to the legitimate interests of the Data Controller.

For security purposes (spam filters, firewalls, virus detection), automatically recorded data may also include personal data like IP address, which may, in accordance with applicable laws,  be used to block attempts to damage the website or harm other users, or any damaging or criminal activity. This data is never used to identify or profile the User, but only for the purposes of the website and its users; this data is processed according to the legitimate interests of the Data Controller.

  • Personal data, personal details (contacts section) - provided voluntarily by the User and not affecting website function.

Use of any cookies - or other tracking devices - by this website or third party service providers used by this Application, where not specified, is for the purpose of providing the service requested by the User, besides any other purpose described in this document and in the Cookie Policy to which this refers.

The User assumes responsibility for third party personal data obtained, published or shared via this Application and guarantees having the right to communicate or share that data, relieving the Data Controller of all and any responsibility towards third parties.

 

PROCESSING METHODS

The Data Controller adopts appropriate security measures designed to prevent unauthorized access, disclosure or destruction of personal data. Data is processed using digital and/or remote technologies, with organizational methods and logic strictly relating to the indicated purposes. In addition to the Data Controller, in certain cases, data may be accessed by other internal or external stakeholders (such as third party technical service providers, hosting providers, IT companies, communications agencies) appointed as Data Processors by the Data Controller.

 

PLACE OF PROCESSING

The data collected by the website is processed by the Data Controller and is managed only by authorized data processors or externally appointed data processors in compliance with Art. 28 Reg. (EU) 2016/679. The website hosting server is located in Italy.

This website may share some collected data with services located outside of the European Union, always in respect of the rights and guarantees provided for by current legislation, in accordance with Art. 44 et seq of Reg. (EU) 2016/679.

 

STORAGE PERIOD

The data is processed and stored for as long as is required to achieve the purposes for which it has been collected.
The personal data collected for the purposes connected to execution of the service requested by the User will be stored until the service is fully executed. The Data Controller may store any personal data collected for purposes based on User consent for a longer period until consent is withdrawn.

Furthermore the Data Controller may be obliged to store personal data for a longer period for compliance with obligations imposed by the law or by order of an authority. Personal data will be erased at the end of the storage period. Therefore at the end of this period the User can no longer exercise the right to access, cancellation, rectification of personal data and the right to data portability.

 

PURPOSE OF PROCESSING

User data is collected for the following purposes:

  • to monitor infrastructure;
  • to contact the User if they have requested it;

 

SECURITY MEASURES

This website processes user data lawfully and correctly, adopting appropriate security measures designed to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. Data is processed using digital and/or remote technologies, with organizational methods and logic strictly relating to the indicated purposes. In addition to the Data Controller, in certain cases, data may be accessed by other categories of internal or external stakeholders (such as third party technical service providers, hosting providers, IT companies, communications agencies).

 

USER RIGHTS

The data subject may exercise their rights concerning their personal data as specified in Art 15 et seq GDPR and specifically:

Right of access (Art. 15) – Consists in obtaining from the Data Controller confirmation of personal data processing and in such case, obtaining access to that data and certain information (specified in the Article cited) regarding the data concerned. Right to rectification (Art. 16) - Consists in giving the data subject the possibility of modifying inaccurate data. Right to erasure (Art. 17) - the data subject may have data held by the Data Controller erased when, for example, consent to processing is withdrawn or the purpose pursued is achieved or when it is found to be unlawful. It is obviously not always possible to fulfill the request for erasure. For example, this is the case when data is required to fulfill a legal obligation or is  necessary for the defence of rights in court of law. Right to object (Art. 21) - The right to oppose processing must be guaranteed when the legal basis is the legitimate interest or execution of an act of public interest. This right also has limits because there may be cases in which the legitimate interests of the Data Controller may prevail over those of the data subject, rendering it essential to achieve the correct balance, or processing is necessary for an act of public interest or verification, defence or exercising of a right in a court of law. Right to data portability (Art. 20) – States that, where processing is based on contract or consent, if requested, personal data must be provided to the data subject in a structured and machine-readable format (json, xml, csv), this right applies only to data provided voluntarily and not to inferred or derived data.

Right to withdraw consent (Art. 7) - The data subject may withdraw consent for processing requested by the Data Controller at any time, subject to mandatory obligations under current legislation in force at the time of the withdrawal request, by contacting the Data Controller at the addresses indicated above, or by email, specifying their request, the right they wish to exercise and attaching a photocopy of an identity document attesting the legitimacy of the request.

The data subject has the right to register a complaint with a Data Protection Authority in their country of residence or of work or in the country in which the presumed breach took place.

All of the above rights may be exercised by sending a request to the Data Controller via the contact methods indicated in this policy.

 

DATA CONTROLLER

The Data Controller is R.G.M. DI ROSA GASTALDO EDOARDO, registered office in Via La Mola 12 – 33085 Maniago (PN) who can be contacted by writing to the following email address: info@rgm-art.com, or telephoning 0427 701416.