General Data Protection Regulation (GDPR) Regulation EU 2016/679 and other applicable laws
The Controller is Comune di Cittadella, based in Via Indipendenza n. 41, 35013 Cittadella (PD), Italy. The processing operations will be carried out by Data Handler appointed by the Controller, who will operate under his direct authority in accordance with the instructions received.
“D.P.O.” (Data Protection Officer – Responsabile della protezione dei dati)
D.P.O.: Boxxapps s.r.l., Tel. 800893984, email: firstname.lastname@example.org
2. Personal Data Collected and Treated
Navigation data The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. The collected data includes information on accesses, such as IP addresses and domain names of the computers used by users connecting to the site, as well as other parameters concerning the IT environment used by users (such as: the Internet browser used , the operating system, the domain name of the website visited last before accessing our website, the number of visits, the time spent on our website and the accessed pages). These data are used only for obtaining anonymous statistical information on the use of the site and to check its correct functioning. This data, automatically collected, are not associated with any data from other sourcesconsequently preventing the identification of the Data Subjects. However, we reserve the right to verify and associate these data retrospectively if specific information on illegal use is brought to our attention.
Data provided voluntarily by the User Some personal data (for example: name, surname, email address,etc.) are requested from the User for registration or for the use of online services on our site. In this case, personal data are collected, as far as possible, on a voluntary and optional basis. In any case, for each of the services on our website there is a dedicated Policy that allows the User to understand precisely what is the related treatment. In fact, we believe that it is the best way to guarantee correctness, transparency and intelligibility of the information that must be given to the User.
However, if the User decides to send spontaneously and freely e-mail or mail to the addresses indicated on this web site, this will result in the subsequent acquisition of the sender’s e-mail or mail address and any other personal data inserted in the message necessary to reply to the requests. The personal data collected in this case are exclusively related to: – Identification data (for example: name, surname, address, telephone, fax, e-mail, etc.). – Tax information (if required by law – for example, tax code, VAT number, etc.). Personal data sent to us of different nature or not related to those specified above (such as sensitive or judicial personal data) will be processed in compliance with Regulation EU 2016/679 and related legislation only with express consent of the Data Subject and only if necessary to achieve the required purposes, otherwise they will be ignored and not treated or destroyed, with the exception of those necessary for the fulfillment of contractual or legal obligations.
3. Lawfulness, Purposes and Methods of Processing
The personal data provided by the Data Subject interacting with this website will be processed in compliance with the conditions of lawfulness pursuant to art. 6 Reg. EU 2016/679 (consent given to the processing, execution of a contract or pre-contractual measures, fulfillment of legal obligations, pursuit of the legitimate interest of the Controller) and are processed and used, in the minimum necessary content, exclusively for the following purposes:
- Operation and improvement of navigation on this website.
- Supply, improvement and support of our online services.
- Legitimate interests pursued by the Controller.
- Legislative and regulations obligations.
In any case, personal data will be processed in computerized, electronic and paper form and included in the databases to which only the Controller and its Data Handler may access. With regard to the data processed in all their forms, all appropriate security measures have been adopted to protect the rights, freedoms and legitimate interests of the Data Subject. In addition, specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access to the data. This website is provided on HTTPS encrypted connection (SSL certificate).
4. Obligation to provide data
Some personal data transmitted in the implicit use of internet communication protocols, as previously specified, are automatically conferred and necessary to proceed with browsing the website.
For what concerns the online services offered on this website, the provision of the data indicated as mandatory in the fields of the form is necessary to obtain what is required, to provide service and / or any professional or business relationships.
Except as specified above, the user is free to provide other personal data when reading this site and completing the online services forms.
5. Place of Data Processing
Processing related to the web services of this site takes place at the Controller’s office and is handled only by authorized Data Handler, or by subject in charge of occasional maintenance operations. The acquired data are saved on web servers in housing in dedicated server farms located in Italy and in the EU.
6. Possible Recipients of the Data
The data are never transmitted to third parties except in cases where they are necessary and/or involved in achieving the purposes and/or provision of the service and/or execution of orders or contracts. We may also be required to transmit personal data to third parties in order to comply with legal obligations or requirements and / or to enforce rights and agreements.
- Data transmission to third parties: We don’t transmit data to third parties except in the case of execution of explicit request of the Data Subject or the execution of a contract or service.
- Abroad data transmission: we do not transmit the data to foreign subjects.
- Compliance with laws and similar obligations:we will transmit your personal data in order to:
- apply or comply with law, regulation, order issued by a public authority or mandatory measures;
- detect and prevent security threats, fraud or other harmful activities;
- protect and / or enforce the rights and property of Comune di Cittadella or third parties;
- protect the rights and security of our employees and third parties.
In relation to the purposes indicated in points 1, 2 and 3 of the previous paragraph, the data may also be disclosed to the following subjects or to the categories of subjects indicated below, in any case regularly appointed to processing in full compliance with the existing regulations:
- Accountants and tax/business consultant in assistance to companies when the communication is due by law, or is in the interest of the subject (natural or legal person);
- Lawyers in assistance to companies when the communication is due by law, or when the communication is in the interest of the subject (natural or legal person);
- Technical and / or Commercial Consultants to fulfill requests or services.
7. Data Retention Period
At the end of the service or provision of the service, or when it is not otherwise provided in the dedicated Policies accepted by the Data Subject, personal data will be stored only for historical or statistical purposes or for any obligations, in accordance with the law, regulations, Community legislation and the codes of deontology and good conduct signed in accordance with art. 40 of Reg. EU 2016/679, for the period prescribed by current legislation (usually 10 years) or, in case they are not subject to any law, for a period not exceeding 5 years. After this period, personal data will be stored anonymously or destroyed.
8. Absence of an Automated Decision Making Process
There is no automated decision-making process on this website and no profiling system.
9. Data Subject rights
Data subject has the right to:
- obtain confirmation of the existence of personal data concerning him, even if not yet registered, and their communication without delay in an intelligible form;
- require information on your personal data stored by us (ex: origin, purposes, methods, categories, applied logic, retention period, rights, identification data of the Data Controller, subjects or categories to which data can be communicated) by writing us;
- withdraw consent to the processing of data;
- demand erasing of data;
- require the transformation and / or the limitation or the block of processed data in violation of the law;
- require updating, rectification or integration of data;
- obtain his personal data, provided to the Controller, in order to transmit it to another Controller;
- Ask for confirmation that the aforementioned operations have been brought to the attention of which data have been communicated, except in the case where this fulfillment is impossible or involves disproportionate duty respect to the protected right;
- oppose, in whole or in part, for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection;
- propose a complaint to the Privacy Authority (in Italy: www.garanteprivacy.it ).
For further information regarding laws and privacy rights, the Data Subject can visit the website of the respective competent Privacy Authority.
Privacy Authority in Italy: www.garanteprivacy.it .
The Data subject who wants to exercise his right must use the contacts of the Controller.