Who we are and what do we do with your personal data?
MARGHERITA NAPPO based in VITERBO (VT) 01100, piazza DELLA TRINITA' 6, Tax ID: NPPMGH83S60M082J, hereinafter the Data Controller, protects the confidentiality of your personal data and guarantees them the necessary protection from any event that might put them at risk of violation.
To this end, the Data Controller implements policies and practices regarding the collection and use of personal data and the exercise of the rights granted to you by applicable law. The Data Controller takes care to update the policies and practices adopted for the protection of personal data whenever necessary and in any case in the event of regulatory and organizational changes that may affect the processing of your personal data.
What data and for what purpose does the Data Controller collect it?
The Data Controller collects and/or receives information concerning you of various types:
• Browsing data;
• Data communicated by the user;
• Cookies and other tracking systems;
Browsing data, such as IP address and visited pages, are collected automatically during navigation of this site; they are used by the Data Controller for the management of the site itself and for its security. The Data Controller processes, also through its suppliers, your personal, IT or traffic data collected or obtained in the case of services exposed on the website to the extent strictly necessary and proportionate to ensure the security and capacity of a network or servers connected to it to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data.
For these purposes, the Data Controller provides procedures for the management of personal data breach.
Data communicated by the user through the completion of forms on the site involves the acquisition of the sender's contact data, necessary to reply, as well as all personal data included in the communication. Specific information will be published on the pages of the Data Controller's sites prepared for data collection (Forms).
The methods of using Cookies are described in the Cookies Policy.
Social buttons
On the Data Controller's sites there are special "buttons" (called "social buttons/widgets") that depict the icons of social networks (e.g. Facebook, Instagram, Linkedin). These buttons allow users browsing the sites to interact with a "click" directly with the social networks and other websites depicted there. In this case, the social network and the other websites acquire data relating to the user's visit, while the Data Controller will not share any browsing information or user data acquired through its site with the social networks and other websites accessible through the Social buttons/widgets.
What happens if you do not provide your data?
Navigation data is automatically acquired when accessing the site. Visiting the site without releasing browsing data is not possible. Regarding cookies, we invite you to read the consequences of deselecting individual cookies, as reported in the cookie policy. Finally, regarding data communicated directly by the user through contact forms, reference is made to the information provided within the forms themselves.
How and Where
Your personal data will be processed within the European Union by electronic/manual means for which we have applied appropriate security measures and with the help of our collaborators duly authorized and trained for this purpose. In any case, it is understood that the Data Controller, if necessary, shall have the right to move servers even outside the EU. In such case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with applicable legal provisions, for example through the adoption of the standard contractual clauses provided by the European Commission which ensure an adequate level of protection of personal data even outside the EU.
How long
The Data Controller processes data relating to site access logs for a maximum of 7 days. Regarding data relating to cookies, reference is made to the Cookies Policy. Regarding data communicated directly by the user through contact forms, it is possible to learn the retention periods by consulting the information provided within the forms themselves.
What are your rights?
In essence, you, at any time and free of charge and without particular costs or formalities for your request, can:
• obtain confirmation of the processing carried out by the Data Controller;
• access your personal data and know its origin (when the data is not obtained directly from you), the purposes and aims of the processing, the data of the subjects to whom they are communicated, the retention period of your data or the criteria useful for determining it;
• update or rectify your personal data so that it is always exact and accurate;
• delete your personal data from the databases and/or archives, including backups, of the Data Controller in the case, among others, where it is no longer necessary for the purposes of the processing or if it is assumed to be unlawful, and always if the conditions provided for by law exist; and in any case if the processing is not justified by another equally legitimate reason;
• restrict the processing of your personal data in certain circumstances, for example where you have contested its accuracy, for the period necessary for the Data Controller to verify its accuracy. You must be informed, within a reasonable time, also of when the suspension period has ended or the cause of the restriction of processing has ceased, and therefore the restriction itself revoked;
• obtain your personal data, if received or processed by the Data Controller with your consent and/or if their processing is based on a contract and with automated tools, in electronic format also for the purpose of transmitting them to another data controller.
• The Data Controller must proceed in this sense without delay and, in any case, no later than one month from receipt of your request. The deadline may be extended by two months, if necessary, taking into account the complexity and number of requests received by the Data Controller. In such cases, the Data Controller, within one month of receiving your request, will inform you and inform you of the reasons for the extension.
For any further information and in any case to send your request, you must contact the Data Controller, at the address info@petitrelaisviterbo.it.
How and when can you object to the processing of your personal data?
For reasons related to your particular situation, you may object at any time to the processing of your personal data if it is based on legitimate interest, by sending your request to the Data Controller, at the address info@petitrelaisviterbo.it.
You have the right to erasure of your personal data if there is no overriding legitimate reason compared to the one that gave rise to your request.
Who can you lodge a complaint with?
Without prejudice to any other administrative or judicial action, you may lodge a complaint with the supervisory authority for the protection of personal data, unless you reside or carry out your work in another Member State. In the latter case, or in the case where the violation of the legislation on the protection of personal data occurs in another EU country, the competence to receive and hear the complaint will be with the supervisory authorities established there.
Any update of this information will be communicated to you promptly and by appropriate means, and you will also be informed if the Company processes your data for purposes additional to those set out in this information.