General Data Protection Regulation (GDPR) Regulation EU 2016/679 and other applicable laws
The Controller is La Bottega dei Sogni Srl, based in Rio Terrà, 54, 30021 Caorle (VE), Italy, contactable at: firstname.lastname@example.org . The processing operations will be carried out by Data Handler appointed by the Controller, who will operate under his direct authority in accordance with the instructions received.
2. Personal Data Collected and Treated
Navigation data The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. The collected data includes information on accesses, such as IP addresses and domain names of the computers used by users connecting to the site, as well as other parameters concerning the IT environment used by users (such as: the Internet browser used , the operating system, the domain name of the website visited last before accessing our website, the number of visits, the time spent on our website and the accessed pages). These data are used only for obtaining anonymous statistical information on the use of the site and to check its correct functioning. This data, automatically collected, are not associated with any data from other sourcesconsequently preventing the identification of the Data Subjects. However, we reserve the right to verify and associate these data retrospectively if specific information on illegal use is brought to our attention.
Data provided voluntarily by the User Some personal data (for example: name, surname, email address,etc.) are requested from the User for registration or for the use of online services on our site. In this case, personal data are collected, as far as possible, on a voluntary and optional basis. In any case, for each of the services on our website there is a dedicated Policy that allows the User to understand precisely what is the related treatment. In fact, we believe that it is the best way to guarantee correctness, transparency and intelligibility of the information that must be given to the User.
However, if the User decides to send spontaneously and freely e-mail or mail to the addresses indicated on this web site, this will result in the subsequent acquisition of the sender's e-mail or mail address and any other personal data inserted in the message necessary to reply to the requests. The personal data collected in this case are exclusively related to: - Identification data (for example: name, surname, address, telephone, fax, e-mail, etc.). - Tax information (if required by law - for example, tax code, VAT number, etc.). Personal data sent to us of different nature or not related to those specified above (such as sensitive or judicial personal data) will be processed in compliance with Regulation EU 2016/679 and related legislation only with express consent of the Data Subject and only if necessary to achieve the required purposes, otherwise they will be ignored and not treated or destroyed, with the exception of those necessary for the fulfillment of contractual or legal obligations.
3. Lawfulness, Purposes and Methods of Processing
The personal data provided by the Data Subject interacting with this website will be processed in compliance with the conditions of lawfulness pursuant to art. 6 Reg. EU 2016/679 (consent given to the processing, execution of a contract or pre-contractual measures, fulfillment of legal obligations, pursuit of the legitimate interest of the Controller) and are processed and used, in the minimum necessary content, exclusively for the following purposes:
In any case, personal data will be processed in computerized, electronic and paper form and included in the databases to which only the Controller and its Data Handler may access. With regard to the data processed in all their forms, all appropriate security measures have been adopted to protect the rights, freedoms and legitimate interests of the Data Subject. In addition, specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access to the data. This website is provided on HTTPS encrypted connection (SSL certificate).
4. Obligation to provide data
Some personal data transmitted in the implicit use of internet communication protocols, as previously specified, are automatically conferred and necessary to proceed with browsing the website.
For what concerns the online services offered on this website, the provision of the data indicated as mandatory in the fields of the form is necessary to obtain what is required, to provide service and / or any professional or business relationships.
Except as specified above, the user is free to provide other personal data when reading this site and completing the online services forms.
5. Place of Data Processing
Processing related to the web services of this site takes place at the Controller’s office and is handled only by authorized Data Handler, or by subject in charge of occasional maintenance operations. The acquired data are saved on web servers in housing in dedicated server farms located in Italy and in the EU.
6. Possible Recipients of the Data
The data are never transmitted to third parties except in cases where they are necessary and/or involved in achieving the purposes and/or provision of the service and/or execution of orders or contracts. We may also be required to transmit personal data to third parties in order to comply with legal obligations or requirements and / or to enforce rights and agreements.
In relation to the purposes indicated in points 1, 2 and 3 of the previous paragraph, the data may also be disclosed to the following subjects or to the categories of subjects indicated below, in any case regularly appointed to processing in full compliance with the existing regulations:
7. Data Retention Period
At the end of the service or provision of the service, or when it is not otherwise provided in the dedicated Policies accepted by the Data Subject, personal data will be stored only for historical or statistical purposes or for any obligations, in accordance with the law, regulations, Community legislation and the codes of deontology and good conduct signed in accordance with art. 40 of Reg. EU 2016/679, for the period prescribed by current legislation (usually 10 years) or, in case they are not subject to any law, for a period not exceeding 5 years. After this period, personal data will be stored anonymously or destroyed.
8. Absence of an Automated Decision Making Process
There is no automated decision-making process on this website and no profiling system.
9. Data Subject rights
Data subject has the right to:
For further information regarding laws and privacy rights, the Data Subject can visit the website of the respective competent Privacy Authority.
Privacy Authority in Italy: www.garanteprivacy.it .
The Data subject who wants to exercise his right must use the contacts of the Controller.