This page describes the management of the site in reference to the processing of personal data of users who consult it. This information is provided pursuant to Art. 13 of the EU Regulation 2016/679, European Regulation on the Protection of Personal Data (hereinafter “Regulation” or “GDPR”) to those who interact with the web services of the website

This information does not concern other websites, pages, or online services that can be reached through hyperlinks possibly published on the sites but referring to resources external to the domain

DATA CONTROLLER The Data Controller, according to Articles 4 and 24 of the EU Reg. 2016/679, is Annalisa Astolfi – Via Campadio, 876B – Valsamoggia (BO)

PERSONAL DATA SUBJECT TO PROCESSING “personal data”: any information concerning an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Browsing Data The computer systems and software procedures used for the functioning of the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet. This information is not collected to be associated with identified data subjects; however, by their very nature, through processing and association with data held by third parties, they could allow users to be identified. This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the computer environment of the user.

Data Provided Voluntarily by the User The optional, explicit, and voluntary sending of emails to the addresses indicated on this site entails the acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the correspondence (contact or information request). Specific summarized information will be posted on the site pages set up for the provision of certain services.

Cookies For more information about the cookies used by this website, see the cookies policy at the following link “Cookie Policy.”

PURPOSES AND LEGAL BASIS OF THE PROCESSING. DATA RETENTION PERIOD The data collected will be processed for the following purposes:

  • Site navigation: to allow you to navigate our website and other digital platforms.

The legal basis for processing is Art. 6 par. 1 letter f) of the GDPR: legitimate interest.

Data retention period: until the end of the browsing session. For navigation, see the “Cookie Policy.”

  • Data collection via contact forms: to allow you to obtain information about our services through the “Contacts” page request.

The legal basis for processing is Art. 6 par. 1 letter b) of the GDPR: performance of pre-contractual measures also taken at the request of the data subject.

Data retention period: 1 year for contacts

Nature of Provision Providing data is optional or necessary depending on the specific purpose for which the data is processed. Failure to provide data marked with an asterisk* or the phrase (required) will result in the inability to obtain what is requested or to use the services of the data controller.

MODES OF PROCESSING The data processing will be carried out both automatically and manually, with logic strictly related to the purposes indicated and in a manner that ensures the security and confidentiality of the data, by persons for this purpose duly authorized. These data will be stored, as specified above, for the time strictly necessary to provide you with the requested services and will in any case be deleted following your request, except for further storage obligations provided by law.

POTENTIAL RECIPIENTS AND CATEGORIES OF RECIPIENTS OF PERSONAL DATA Personal data may be communicated to third parties that perform activities necessary for the provision of the services offered by the Site, who will process the data as data processors (Art. 28 of the GDPR) and/or as natural persons acting under the authority of the Controller and the Manager (Art. 29 of the GDPR). Precisely, the data will be processed by: Companies and consultants, our partners, in the field of assistance and consultancy, on the use of the system; Competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request. The list of Data Processors is available at the company’s office.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES The Data may be freely transferred outside the national territory to countries located in the European Union, but they may also be transferred outside the European Union and in particular to the United States. With reference to transfers outside the European Union to countries not considered adequate by the European Commission, the Company adopts appropriate and adequate security measures to protect the Data. Consequently, any transfer of Data to countries outside the European Union will take place, in any case, in compliance with appropriate and suitable guarantees for the transfer itself, such as standard contractual clauses for data protection, pursuant to applicable legislation and in particular Articles 45 and 46 of the GDPR.

RIGHTS OF THE DATA SUBJECT You may exercise your rights as expressed by Articles 15, 16, 17, 18, 19, 20, 21 of the EU Regulation 2016/679 by addressing the Data Controller. In particular, you have the right, at any time, to request: access to your personal data; the correction or deletion of the same or the limitation of the processing concerning you; to oppose the processing; the portability of the data in the terms set out in Art. 20 cited. Moreover, you have the right to oppose, at any time, the processing of your data based on consent and/or legitimate interest. Without prejudice to any other administrative or judicial remedy, the data subject who believes that the processing concerning him or her violates the GDPR has the right to lodge a complaint with the Data Protection Authority according to the methods described on the website (Art. 77 cit.). To exercise the rights above, the data subject may contact the Controller at the addresses of this information.

UPDATES This privacy policy may undergo changes and/or additions following any subsequent changes and/or regulatory additions, to the update or provision of new services or due to technological innovations.

Valsamoggia, 20/04/2024