Information on personal data protection
Art. 13 Reg. EU 679 of 27 April 2016
In accordance with Article 13 of “Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereafter “GDPR”), SOTTOLESTELLE S.R.L. based in Contrada Costarelle S.p. 45 bis km 12 71013 San Giovanni Rotondo (FG), in the capacity of Data Controller, must provide to users connecting to the domain www.sottolestelle.com (irrespective of the purposes of the connection) some information on the processing of personal data carried out therein.
Sottolestelle.com domain: the domain, which can be reached via the world wide web internet service, at the address https://www.sottolestelle.com, constituted by the data, applications, technological resources, human resources, organisational rules and procedures that acquire, memorise, process, exchange, locate and transmit information.
Collection points: areas present within the Sottolestelle.com domain which collect personal data.
I. - Warnings and Protection of Minors
The personal data processing will apply the principles of lawfulness, fairness and transparency. The personal data will be collected for specified, explicit and legitimate purposes (purpose limitation) and will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation). They will always be adequate and kept up to date and stored for a period of time no longer than is necessary for the purpose of implementing the Contract, subject to the fulfilment of legal and tax obligations that establish longer storage timescales (storage limitation). The personal data will be processed adopting all security measures adequate to guarantee their integrity, confidentiality and lack of availability to unauthorised third parties (integrity and confidentiality). If not expressly indicated, the provision of personal data through the collection points present on the website www.sottolestelle.com is reserved to adults.
II. - Rules of reference and legal basis for processing.
The processing operations, illustrated below in detail, have their legal basis in the rules that regulate your right to personal data protection, your right to confidentiality and your right to express and withdraw, at any time, your informed consent to the processing operations, thereby meaning:
- General Regulation EU 679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
- your informed consent, manifested in conformity with existing legal provisions on personal data protection (Art. 6 of the GDPR).
- the fulfilment of contractual obligations accepted by SOTTOLESTELLE in your favour when you accept the Service (Art. 6 of the GDPR);
- the fulfilment of obligations or orders to which the Data Controller is subject by virtue of the law or orders of the Authority (Art. 6 of the GDPR).
III. - Nature of processed data.
III.1. - The optional, explicit and voluntary transmission of email to the addresses indicated on this website involves the subsequent acquisition of the sender's address, required to respond to requests, along with any other personal data included in the communication. Specific summary information will be reported or displayed on the website pages used for particular requested services. In any case - if required by law - you will be asked each time for consent to the processing of your data.
III.2. - Exclusively after your consent has been provided, where necessary, the following categories of your data may be processed, for the indicated purposes.
(a). - Common personal data, identification data
Such as your name and surname, year of birth, gender, address, city, province, email address, telephone number, postcode, links to profiles on the following social networks: Facebook, Instagram and Twitter.
(b). - Technical processing.
The IP number and browser type used by you to connect to the domain sottolestelle.com will also be processed (non-identification data) and registered automatically by the logical devices for protecting and controlling domain accesses (LOG FILES). Those personal data will be used exclusively for the purposes of controlling network traffic to the domain sottolestelle.com.
This is information that is not collected to be associated with identified data subjects but that, by its very nature, may, through processing and association with data held by third parties, allow for you to be identified. These data are used only for the purposes of obtaining anonymous statistical information on use of the website and for controlling its correct functioning and they are erased immediately after processing. The data may be used to ascertain liability in the case of hypothetical computer crimes in detriment to the website: except in that case, data on web contacts currently do not persist for more than seven days.
(c). - Cookies.
(d). - Special categories of personal data.
If special categories of personal data pursuant to Art. 9 Reg. EU 679/2016 are collected via the SOTTOLESTELLE domain, you will be informed in advance and placed in the condition to express - by the legal methods - your consent.
IV. - Nature of provision, data sources.
The provision of your personal data is not usually mandatory but, in some cases, it is necessary, and therefore mandatory, to allow you to benefit from the services and features of the website.
IV.1. - Data whose provision is necessary.
IV.1.1. - The provision of some personal data is necessary and therefore mandatory to follow up on your specific requests; you are always free not to provide your personal data, but in that case it may be impossible for the Data Controller to satisfy your requests, to fulfil your requirements or to allow you to use, in their entirety, all available features on the website Sottolestelle.com.
IV.1.2. - The provision of identification personal data is necessary .
(a). to be able to register to the website and to receive, together with other benefits, the desired information on the products, services and initiatives of SOTTOLESTELLE.
IV.1.3. - Those identification data will be processed using both paper and electronic media, and will be stored by SOTTOLESTELLE exclusively for as long as the data subjects remain registered to the Website, or for a maximum period of three years from the last action performed on the Website. Once those storage periods have elapsed, the identification personal data will be erased automatically.
IV.2. - Data used for authentication.
Having completed the registration, during which you may choose your access credentials, therein including your password - which only you will know - you can access the SOTTOLESTELLE website from mobile devices or desktop computers, by entering in the specific fields the chosen personal authentication credentials, which you must store with great care.
We recommend that you choose a password that has at least the following characteristics: length no less than eight characters, including at least one special character. If you forget your password, the recovery procedure involves sending a link for you to reset it autonomously. The authentication data will be encrypted from their first use and SOTTOLESTELLE will not know them in any way.
IV.3. - Data Sources.
We will collect your data from you directly, through interactions with the website www.sottolestelle.com.
V. - Processing Purposes.
SOTTOLESTELLE, in addition to the necessary processing for legal and regulatory obligations or obligations deriving from orders of the Authority, will perform, exclusively with your consent, if necessary, the operations required to allow you to benefit from the services and features of the website www.sottolestelle.com; more specifically:
- The management of your relationship with SOTTOLESTELLE;
- purposes strictly connected and instrumental to the management of the aforementioned relationship (e.g. to acquire pre-contractual information and to execute services and operations, as contractually agreed);
- purposes of analysis of information obtained in order to offer, the transmission by SOTTOLESTELLE of newsletters and/or promotional or advertising information, the services and/or products of SOTTOLESTELLE, or of third parties, known by SOTTOLESTELLE to be of interest to you, as well as for SOTTOLESTELLE to carry out opinion polls, research and market analyses and after-sales supervision;
- purposes relating to monitoring the progress of customer relationships and for credit and fraud risk controls connected to the services provided by SOTTOLESTELLE;
- to fulfil specific requests of the data subjects.
VI. - Methods of processing your personal data.
In relation to all purposes indicated in the above paragraphs, your personal data will be processed by computer and on paper and will be processed with pseudonymisation and anonymisation techniques in order to personalise the services that SOTTOLESTELLE is able to offer you. The data will be processed in a manner that guarantees its logical and physical security and confidentiality, and the processing may be carried out using manual, IT and electronic tools aimed at memorising, transmitting and sharing those data. The processing logics will be strictly related to the pursued purposes.
VI.1. - Data Retention Policy.
In relation to the purposes indicated in letter (V.3), namely the provision of commercial or promotional information, the respective processing which, in conformity with the provisions of the Measure of the Data Protection Supervisor, will not concern sensitive data, will be carried out, by the controller, subject to your consent, for no more than 24 months from the collection, exclusively in aggregate form.
VI.2. - Data security and storage.
VI.2.1. - Your personal data will be stored within the European Union; the respective security policies are reviewed in conformity with Best Practices in that regard.
VI.2.2. - Traceability of accesses and operations. Audit Log.
Each data access will be memorised in specific Log tables. The respective information will contain the access timestamps, the identification of the user who accessed the data; the type of data accessed, the data owner, the operation performed, and the application from which the access was made.
(E.6). - Profiling, automated decision-making process;
VII. - Data recipients and transfers abroad.
VII.1. - Processors and officers.
- within SOTTOLESTELLE, qualified personnel, each limited to their assigned responsibilities and duties and in line with the instructions given.
- externally to SOTTOLESTELLE, third parties, also specifically designated as Processors or Officers - used by SOTTOLESTELLE for various services and exclusively to fulfil those services - each limited to their responsibilities and duties and in line with the instructions given.
VII.2. - Communication (to certain external entities) of data.
SOTTOLESTELLE, for its ordinary management, accounting and administrative activities, may communicate your personal data, subject to acquiring your consent by the legal methods, if required, in respect of security measures, to third party service providers for the sole purpose of carrying out the performance requested by you, such as: - postal services companies, - law firms and notaries, - consultants, also in associated form, - other service companies, as well as other entities in compliance with any legal obligations (such as insurance institutions, police forces, judicial authorities, etc.). The list of those entities to which the data may be communicated is available from the data controller's registered office.
VII.3. - Transfer of personal data abroad.
SOTTOLESTELLE does not transfer, by its own initiative, personal data abroad. However, some third party service providers may have their servers physically positioned abroad (as in the case of the email provider). In those cases, data will be transferred abroad exclusively in compliance with EU Reg. 679/2016 Art. 44 et seq.
VII.4. - Dissemination (to indeterminate external entities) of data.
In no case will the personal data be disseminated.
VIII. - Rights of the data subject.
Articles from 15 to 22 of the GDPR grant to the data subjects the right to exercise specific rights. Art. 15 of the GDPR grants to the data subjects the right to access their personal data and to obtain a copy of the same. The right to obtain a copy of the data must not harm the rights and freedoms of others.
With the access request, the data subject has the right to obtain from SOTTOLESTELLE confirmation of whether or not personal data concerning him or her are being processed and to know of the purposes and categories of data processed, the third parties to which the data are communicated and if the data are transferred to a non-EU country with adequate safeguards. The data subject also has the right to know the storage period of his or her personal data and the right to request the rectification of inaccurate data and the supplementation of incomplete data, the erasure (right to be forgotten) under the conditions indicated in Art. 17 of the GDPR, the restriction of processing, the withdrawal of consent, the portability of data and the right to object, at any time and without having to provide justification, to processing for direct marketing purposes.
The rights may be exercised by email sent to the address of the Data Protection Officer of SOTTOLESTELLE, or by ordinary mail to the address indicated below. The Data Protection Officer may need to identify the data subject by asking for a copy of an identity document.
If the data subject believes that the processing of his or her personal data violates the provisions of the GDPR or domestic regulations on personal data protection, he or she may lodge a complaint with the Data Processing Supervisor based in Rome, in accordance with Art. 77 of the GDPR and/or contact the Judicial Authority.
To exercise those rights, or to obtain any other information in relation to them, and, more generally, on the processing of your personal data, requests may be sent by e-mail to the following address: firstname.lastname@example.org; - by ordinary mail to Sottolestelle S.r.l., with registered office in Contrada Costarelle S.p. 45 bis km 12, 71013 San Giovanni Rotondo (FG), Italy.
IX. - Withdrawal of content, privacy requests, access and response
You have the right to withdraw your consent to the processing of your personal data at any time by communicating that intention to us. If you have any questions or require further information on the processing of your data or to exercise the rights indicated in no. VI above, send an email to the SOTTOLESTELLE website administrator, by writing to email@example.com. You can contact us at the same address also to obtain responses on the management of information by SOTTOLESTELLE. Before SOTTOLESTELLE can provide you with the information or modify any data, it may need to check your identity and ask you to answer some questions. Our response will be provided as soon as possible.
X. - Controller.
The data controller is SOTTOLESTELLE based in Contrada Costarelle S.p. 45 bis km 12, 71013 San Giovanni Rotondo (FG), Italy.
XI. - Data Protection Officer.
To contact the DPO write to: firstname.lastname@example.org
XI.1. - Processors.
The full list of processors is available at the Registered Office.
This mandatory information may be updated, subject to any changes of the applicable legal rules.