FULL DISCLOSURE
Marco Santoro, Via Sant’Agostino n. 40 • 90013 Castelbuono (PA) VAT n. 06281030822, as the data controller, hereby informs you pursuant to Legislative Decree 101/2018 and Article 13 of EU Regulation no. 2016/679 (hereinafter, "GDPR") that your data will be processed according to the following methods and purposes:
SUBJECT OF PROCESSING
The Controller processes personal data, both identifiable and non-sensitive (surname, name, email address - hereinafter only "personal data" or also "data") communicated or provided by you in the contact form of the Controller present on the website in the "Contacts" section.
PURPOSE OF PROCESSING
Your personal data is processed:
Only with your specific and separate consent (Art. 6 lett. a and 7 GDPR), for the following additional purposes:
- Accessing sections of the website containing the contact forms described above and filling out the form by providing your contact details (name, surname, email address) through which you can send us messages to request information about our activities;
- Accessing sections of the Controller's website called "Newsletter" above, filling out the relevant form with your contact details (name, surname, email address), and receiving newsletters and/or event invitations via email or subscribing to events that the Controller is part of or organizes.
Therefore, the legal basis for the processing of personal data is your express and specific consent for the purposes mentioned above.
The Controller does not use personal data for profiling.
SECURITY MEASURES
The Controller, directly or through the Provider that provides the Hosting service, has adopted a wide variety of security measures to protect your data against the risk of loss, misuse, or alteration. In particular:
- The provider ensures that the servers hosting the Controller's Website are protected with the following measures:
- Constant updating of their operating systems with the latest security fixes;
- Servers are protected by a firewall whose security rules are updated weekly;
- Servers are equipped with IDS/IPS systems (against automatic hacker attacks and viruses);
- Regarding the Website, the following security measures have been implemented:
- Plugins for performing a backup of the entire site;
- Plugin for the general protection of the site, which runs a firewall, a tool against spam, malware, and intrusions in real-time;
- All requests related to the processing of personal data are handled with a double confirmation request via email;
- Secure connection via the https protocol;
- Backend administration access password that complies with GDPR requirements;
- The PC used by the Data Controller through which access to the site is made is equipped with the following security tools:
- Antivirus;
- Firewall;
- Microsoft Account with double login control via Microsoft Authenticator;
DATA ACCESS
In addition to the Controller, in some cases, other subjects involved in the organization of this Application (administrative, commercial, marketing, legal, system administrators personnel) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, also appointed, if necessary, Data Processors by the Controller. All these subjects will have access only to the personal data necessary to perform their functions (and may not use them for other purposes), will be required to process the data in compliance with Legislative Decree 101/2018 and the European GDPR Regulation, and will be included in an updated list, available from the Controller. Except as provided above, your personal data will not be disclosed to other third parties or otherwise disseminated.
DATA DISCLOSURE
Without your express consent (Art. 6 lett. b) and c) GDPR, the Controller may use your data to disclose them to Supervisory Authorities, Judicial Authorities, as well as to all other subjects to whom communication is mandatory by law for the performance of the aforementioned purposes. In other cases, your data will not be disclosed.
DATA TRANSFER
This site may share some of the collected data with services located outside the European Union area. In particular with Google, Facebook, and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized based on specific decisions of the European Union and the Italian Data Protection Authority, in particular decision 1250/2016 (Privacy Shield– here the informative page of the Italian Data Protection Authority), so no further consent is required. The aforementioned companies guarantee their adherence to the Privacy Shield.
NATURE OF FATA PROVISION AND REFUSAL CONSEQUENCES
The provision of data for the purposes mentioned above is optional. The possible refusal to provide the data related to the purposes of the contact forms on the website or to subsequently deny the possibility of processing data already provided will not have any consequence: in this case, you will not be able to receive information, newsletters, and/or event invitations via email or subscribe to events that the Controller is part of or organizes.
DATA SUBJECT RIGHT
You may, at any time, exercise the following rights:
- Access to personal data; obtain confirmation of whether or not a data processing concerning you is underway and, in this case, access to the following information: purposes, categories of data, recipients, storage period, the right to lodge a complaint with a supervisory authority, the right to request rectification or erasure or limitation of processing or to object to processing, as well as the existence of automated decision-making;
- Request rectification or erasure of the data or restriction of processing concerning him/her; c. Object to processing: object for reasons related to his/her particular situation to the processing of data for the performance of a task carried out in the public interest or for the pursuit of a legitimate interest of the Controller;
- Data portability: in the case of automated processing based on consent or in execution of a contract, to receive the data concerning him/her in a structured, commonly used, and machine-readable format; in particular, the data will be provided by the Controller in .xml format, or similar;
- Withdraw consent to the processing for marketing purposes, both direct and indirect, market research, and profiling; exercising this right does not in any way affect the lawfulness of the processing carried out before the withdrawal;
- Lodge a complaint pursuant to art. 77 GDPR with the competent supervisory authority based on your habitual residence, place of work, or place of violation of your rights; in Italy, the competent authority is the Italian Data Protection Authority, contactable via the contact details on the website http://www.garanteprivacy.it.
The aforementioned rights can be exercised by sending a specific request to the Data Controller through the contact channels indicated in the subsequent article of this disclosure.
Requests regarding the exercise of user rights will be processed without undue delay and, in any case, within one month from the request; only in cases of particular complexity and number of requests, this period may be extended by an additional 2 (two) months.
EXERCISE OF RIGH
You can exercise your rights at any time by sending an email to the address: cefaluexcursions@gmail.com