The Company is the Data Controller (hereinafter the Data Controller) of the processing of personal data collected through its website www.bbsanfrancescocortona.it (hereinafter the Site) as defined by art. 28 of Legislative Decree 30 June 2003, n.196 (Code regarding the processing of personal data) as well as in compliance with Community legislation (European Regulation for the protection of personal data No. 679/2016, GDPR) and subsequent amendments. The Data Controller will process any data collected through this Site for purposes, in a manner and as specifically explained below.
Legal basis of the processing
This site processes data based on consent. With the use or consultation of this site visitors and users explicitly approve this privacy statement and consent to the processing of their personal data in relation to the methods and purposes described below, including any disclosure to third parties if necessary for the provision of a service.
The provision of data and therefore the consent to the collection and processing of data is optional, the User can refuse consent and may revoke at any time a consent already provided by contacting the Owner. However, denying consent may make it impossible to provide certain services and the browsing experience on the site may be compromised.
Starting from 25 May 2018 (date of entry into force of the GDPR), this site will process some of the data based on the legitimate interests of the data controller.
Data collected and purposes
Like all websites, this site also makes use of log files in which information collected in an automated way is stored during user visits. The information collected could be the following:
- internet protocol (IP) address;
- type of browser and device parameters used to connect to the site;
- name of the Internet service provider (ISP);
- visit date and time;
- web page of origin of the visitor (referral) and exit;
- possibly the number of clicks.
The aforementioned information is processed in an automated form and collected in an exclusively aggregated form in order to verify the correct functioning of the site as well as for security reasons (from 25 May 2018 such information will be treated according to the legitimate interests of the Owner).
For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as IP address, which could be used, in accordance with applicable laws, in order to block attempts at damage to the site itself or to cause damage to other users, or in any case harmful activities or constituting a crime. Such data are never used for the identification or profiling of the user, but only for the purposes of protection of the site and its users (from 25 May 2018 such information will be treated according to the legitimate interests of the owner).
Visitors to the site can provide their data voluntarily to access some services provided by the Site (eg comments, contact forms, newsletters, ..)
The data received will be used exclusively for the provision of the requested service and only for the time needed to provide the service.
The information that users of the site deem to make public through the services and tools made available to them, are provided by the user knowingly and voluntarily, exempting this site from any liability regarding any violation of laws. It is up to the user to verify that they have permission to enter personal data of third parties or contents protected by national and international standards.
The data collected by the site during its operation are used exclusively for the purposes indicated above and kept for the time strictly necessary to carry out the activities specified. In any case, the data collected from the site will never be provided to third parties, for any reason, unless it is a legitimate request by the judicial authority and only in the cases provided by law.
The data used for security purposes (block attempts to damage the site) are kept for 7 days.
If the site allows the inclusion of comments, or in the case of specific services requested by the user, the site automatically detects and records some identification data of the user, including the email address. These data are voluntarily provided by the user at the time of requesting service delivery. When visitors leave comments on the site, we collect the data shown in the comments form and also the visitor’s IP address and the browser’s user agent string to help detect spam.
Should the visitor upload images to the website, it is advisable to avoid uploading images including embedded location data (EXIF GPS). Website visitors can download and extract any position data from images on the website.
By filling out the contact form for requesting information, the Visitor agrees to communicate his data to the Data Controller. The requested data could be:
- general information (name and surname);
- email address;
- telephone number;
- city of residence.
These data will be processed according to the methods expressed in this policy and used for the sole purpose expressed.
Communication to third parties
Personal data may be the subject of communication to the Institutions and Institutes for the fulfillment of legal obligations or judicial authorities to respond to their explicit requests. The Data Controller does not knowingly collect sensitive or judicial personal data through the Website.
Sensitive Data, pursuant to art. 4 of the Code regarding the processing of personal data, include personal data suitable to reveal the racial and ethnic origin, religious beliefs, philosophical or otherwise, political opinions, membership of parties, trade unions, associations or organizations religious, philosophical, political or trade union, as well as personal data suitable to reveal the state of health and sexual life.
Judicial data, again pursuant to art. 4 of the Code, include personal data suitable for revealing the measures referred to in Article 3, paragraph 1, letters a) to o) and r) to u), of the D.P.R. November 14, 2002, n. 313, on the subject of criminal records, the register of administrative sanctions depending on the offense and the related pending charges, or the status of defendant or suspect under articles 60 and 61 of the criminal procedure code. We recommend that you do not provide such information through the Site. In the event that this is necessary (for example in the case of belonging to protected categories in case of sending a resume for recruitment purposes, in response to a job announcement or in in case of expression of interest to work in the Company) we invite you to send us a registered letter with the expression of your consent in writing to the processing of this information.
Links to third-party sites
The data collected by the site are processed at the Seeweb web hosting data center. Web hosting, which is responsible for the processing of data, keeping data on behalf of the Owner, is located in the European Economic Area and acts in accordance with European standards.
The information and personal data of the Visitors collected from the Site, including the data freely provided in order to obtain the sending of informative material or other communications by writing in the form of the Site, will be kept for the sole purpose of providing the requested service and for the duration necessary for the same purpose. Once the service is complete, all personal data will be destroyed in compliance with the data retention policy, unless otherwise requested by the authority and unless required by law, or when indicated in this policy for particular sections of the portal.
Exercise of the rights of the interested party
Pursuant to European Regulation 679/2016 (GDPR) and national regulations, the User can, in accordance with the procedures and within the limits established by current legislation, exercise the following rights:
- request confirmation of the existence of personal data concerning him / her (right of access);
- to know its origin;
- receive intelligible communication;
- to have information about the logic, the methods and the purposes of the processing;
- request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
- in cases of consent-based processing, receive only the cost of any support, its data provided to the holder, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
- the right to lodge a complaint with the Control Authority (Privacy Guarantor – link to the Guarantor page);
- as well as, more generally, exercise all the rights that are recognized by the current provisions of the law.
Requests should be sent to the Data Controller at firstname.lastname@example.org.
In the event that the data are processed on the basis of legitimate interests, the rights of data subjects are guaranteed (with the exception of the right to portability that is not provided for by the regulations), in particular the right to oppose the treatment that can be exercised by sending a request to the data controller.
This site processes the data of users in a lawful and correct manner, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. Processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the owner, in some cases, may have access to the data categories of employees involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (as suppliers of third-party technical services, postal couriers, hosting providers, IT companies, communication agencies).
Session cookies are essential in order to distinguish between connected users and are useful to avoid that a required feature can be provided to the wrong user, as well as for security purposes to prevent cyber attacks on the site. Session cookies do not contain personal data and last only for the current session, ie until the browser is closed. No consent is required for them.
The functionality cookies used by the site are strictly necessary for the use of the site, in particular they are linked to an express request for functionality by the user (such as login), for which no consent is required.
A.1 THE COOKIES
The Website uses both its own cookies and third-party cookies. The proprietary cookies are used to navigate the site by the user and allow access to any protected areas. The duration of these cookies is usually linked to the user’s session and are deleted once the browser closes. Proprietary cookies are essential and can not be disabled as they would preclude the correct use of the Website itself.
The third-party cookies can have different purposes: statistical analysis, social interactions, video viewing, memorization of interests for the provision of targeted advertising services. These cookies are not controlled directly by the owner and to disable them you must follow the procedures indicated by the individual suppliers.
In general all cookies can be deactivated completely in your browser at any time by following the procedures indicated in point A.4.
A.2 OWNER COOKIES
If you leave a comment on our site, you can choose to save your name, email address and website in cookies. They are for your convenience so you do not have to fill in your details again when you leave another comment. These cookies will remain for one year.
If you have an account and access this site, a temporary cookie will be set to determine if the browser accepts cookies. This cookie does not contain personal data and is deleted when you close the browser.
When you log in, several cookies will be set to save login information and screen display options. The access cookies remain for two days and the cookies of the options on the screen remain for one year. If you select “Remember me”, your login will persist for two weeks. If you exit your account, access cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie does not include personal data and simply indicates the post ID of the article just edited. Expires after 1 day.
A.3 THIRD-PARTY COOKIES
On this site the following third-party cookies may be activated.
– Google Analytics (anonymized)
On the basis of a specific agreement with Google, which is designated as the data controller, the latter undertakes to process the data according to the requests of the Data Controller (see at the end of the information), given through the software settings. Based on these settings, the advertising and data sharing options are disabled.
Further information on Google Analytics cookies can be found on the Google Analytics Cookie Usage on Websites page.
The user can selectively disable the collection of data by Google Analytics by installing the appropriate component provided by Google on their browser (opt out).
– Tracking AdWords conversions
– Google Fonts
– Embedded contents
For more information on the use of data and their processing by Google, it is recommended to view the information on the page provided by Google, and on the page on how to use the data by Google when using sites or apps of partners.
Content embedded by other websites
A.4 HOW TO DISABLE THE COOKIES IN THE BROWSER
Instructions for disabling cookies can be found on the following web pages:
Mozilla Firefox – Microsoft Internet Explorer – Microsoft Edge – Google Chrome – Opera – Apple Safari
Transfer of data to non-EU countries
This site may share some of the data collected with services located outside the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized on the basis of specific decisions of the European Union and the Guarantor for the protection of personal data, in particular Decision 1250/2016 (Privacy Shield – here the information page of the Italian Data Protection Authority), for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
Responsible for processing
The web hosting Seeweb is appointed as data controller, keeping the data on behalf of the owner. Web hosting is located in the European Economic Area and acts in accordance with European standards. Google is appointed data controller, processing data on behalf of the Data Controller (Google Analytics).