Pursuant to Art. 13 of Legislative Decree 30 June 2003 No. 196, “Personal Data Protection Code” (hereinafter referred to as “Privacy Code”) and Art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter referred to as “Regulation”), we hereby inform you on the processing of your personal data.
- Type of data and purposes of the processing
The type of personal details requested or acquired by Georgiana Ionescu (hereinafter, referred to as “GIO” in order to perform, or ask the fulfillment of, the obligations relating to its business relationships, or that relate to the provision of booking / purchase services, as well as to marketing and promotional purposes of the activities of GIO, include, but is not limited to: identification data, such as name and surname, place of residence / domicile, fiscal code and / or VAT number, as well as telephone numbers, e-mail addresses or social platform accounts.
The aforesaid data are acquired when any request of information, availability or booking is made and will be treated as confidential, and exclusively for purposes related and instrumental to the fulfillment of obligations arising from the business relationship with GIO, or related to the provision of booking services / purchases, as well as marketing and promotional purposes relating to the activities of GIO, such as for example:
– the processing of customer data sheets and their inclusion in the company archives;
– keeping accounts;
– management of payments;
– fulfillment of the Company’s legal and regulatory obligations.
The user also expressly consents to the processing of data for statistic purposes aimed at improving the services, for the transmission of service information and for promotional and / or commercial communications, even if not related to the service-
- Processing method
Your personal data will be processed manually, by electronic and non-electronic devices.
Your personal data will in any case be processed in a correct, legal and transparent manner, in order to guarantee their security and confidentiality.
Personal data shall be processed so as to ensure their appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
In any case, the processing of personal data will be based on the principles of correctness, lawfulness and transparency guaranteed, in particular, by the adoption by GIO of the minimal security measures referred to in Articles 33 and the following, Annex B of the Privacy Code and Art. 32 of the Regulation.
Users of the site who send requests and / or register on the Company’s website may receive newsletters providing information and promotions, aimed at improving the services offered. Users have the right to revoke their subscription to these newsletters at any time and the Company undertakes to acknowledge any such revocation in the strictly necessary technical time.
In addition to online data collection and correspondence, communications (via sms or WhatsApp messages) may be made. These communications are subject to the provisions on the protection of personal data and the information contained therein is treated in the same way as other personal data collected.
- Data retention time and other information
The personal data processed will be kept in compliance with the principle of proportionality and until the purposes of the processing are reached or until withdrawal of the specific consent provided by the interested party, and in any case:
– for the time necessary for the fulfillment of legal obligations (eg: document preservation);
– for the time strictly necessary for the provision of any service requested by the user;
– for the time strictly necessary for the achievement of the purposes for which the data are processed, as per Section 1 above.
- Data Controller
The data controller is:
in the person of its legal representative. GIO may also make use of external subjects for the performance of all or part of the activities, related and/or consequent to the processing of the personal data for the performance of the activities indicated in Section 1 above, including registered professionals providing legal and/or contractual obligations – such as, by mere way of example, accounting, administrative and tax obligations – in line with the object and purposes of the processing.
- Data Processors
Pursuant to Art. 29 of the Privacy Code and Art. 28 of the Regulation, the Data Controller may designate one or more Data Processors. The Data Processor is selected among subjects who, by experience, ability and reliability, are able to guarantee the correct performance of the assignment.
The Data Processor assists the Data Controller in the fulfillment of the applicable laws, developing strategies relating to the purposes and methods of processing and securing of the data.
The indication of the Data Processor or the updated list of Data Processors is available at the registered office of the Data Controller.
The e-mail address for the exercise of the rights indicated in Art. 7 of the Privacy Code and Articles 13, paragraph 2, letters (b) and (d), 15, 18, 19 and 21 of the Regulation (also in reference to requests made to third parties whose data have been communicated with the specific consent of the interested person) is: firstname.lastname@example.org
6. Place and processing of data
The processing of personal data related to commercial relationships with GIO, or relating to the provision of booking / purchasing services, as well as marketing and promotional purposes, relating to the activities of GIO will be made at the Company’s headquarters, or in the places where the designated Data Processors operate and are only handled by technical staff in charge for the data processing or for carrying out specific operations. The personal data provided by users who ask to receive information (through brochures, leaflets, submission of estimates, etc.) shall be used only for the performance of the requested service. More information in relation to the processing of personal data may be requested at any time to the Data Controller using the contact information.
7. Nature of the provision of data
The provision of data is optional, unless required by law or by contractual rules. Any refusal to provide personal data may however prevent the performance of the Company’s services and activities.
During normal operation, the computer systems and software procedures used to operate the website may acquire some personal data whose transmission is implicit in the use of Internet communication protocols (such as Internet domain and IP protocol, type of browser and operating system of the computer used, date, time and permanence on the site, pages viewed, any search engine from which the site was accessed).
This information, per se, may allow users to be identified through the processing and association with data held by third parties. This category of data includes IP addresses or computer domain names used by users connecting to the site, the Uniform Resource Identifier (URI) notation addresses, the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the response status given by the server (success, error, etc.) and other parameters related to the user’s operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its operation and are deleted immediately after processing.
8. Secondary purposes of the processing of personal data for a promotional, advertising and marketing nature.
Personal data collected as indicated in Section 1 will be processed also for commercial promotion, advertising, statistical processing and other marketing research sample (in short, “Treatment for Marketing purposes”).
For transparency reasons, for the purpose of obtaining an informed consent to the Treatment for Marketing Purposes, the user specifically ackowledges the said purposes and expressly authorizes GIO to proceed with the processing pursuant to Art. 23 (when the processing is made by telephone, with or without operator) and Art. 130 of the Privacy Code (when the processing is made by e-mail, fax, text messages), as well as pursuant to Art. 6, paragraph 1, letter (a) of the Regulation.
9. Processing of personal data for commercial profiling.
For marketing purposes and in order to improve its services, GIO may proceed to the processing of “profiling” data.
Profiling activities may concern “individual” personal data or “aggregated” personal data resulting from detailed individual personal data.
Through profiling, it is possible to obtain certain information that goe far beyond the information considered individually and that relate to each interested party; in addition, profiling, per se, provides an added value due to the multiple correlations that can be established between the individual data collected, in order to obtain additional useful information.
10. Communication and dissemination of data.
In order to perform the services referred to in point 1, personal data may be disclosed to third parties, such as:
– Public Administrations that request information from GIO in compliance with legal obligations;
– service companies (administrative, accounting, information technology or archiving) and insurance companies which GIO uses;
– collaborators and employees of GIO specifically appointed and within the scope of their duties.
Apart from the above cases, personal data will not be disclosed.
11. Transfer of data abroad.
The data may be transferred, always for the purposes referred to in Section 1 above, to European Union Countries and to other Countries outside the European Union, mainly in the context of relations with the Company’s commercial partners.
The free movement of personal data between the Member States will take place in accordance with the provisions of the Privacy Code and the Regulation, or in free circulation, without prejudice, however, to the adoption of further measures in case of transfers of data aimed at eluding the provisions.
Any transfer to other Countries will be protected after the acquisition, in written form, of express consent or prior authorization of the Authority for the protection of personal data on the basis of adequate guarantees to protect the rights of the interested subject, also provided in contractual form.
The Data Controller reserves at any time the right to make changes to this information, which will be automatically effective, unless otherwise specified.
13. Management of third-party cookies.
The site uses the following technical cookies:
14. Cookie information
Cookies are small text strings that the sites visited by the user send to his terminal (usually the browser), where they are stored before being re-transmitted to the same sites at the next visit of the same.
Cookies are used for different purposes: execution of computer authentication, monitoring of sessions, storage of information on specific configurations concerning users who access the server.
Given that there are no technical characteristics that differentiate them from each other, in order to achieve proper regulation of such devices, it is necessary to distinguish them on the basis of the aims pursued by those who use them.
Therefore, in implementation of the provisions contained in Directive 2009/136 / EC, pursuant to art. 1, paragraph 5, lett. a) of Legislative Decree 28 May 2012, n. 69, which amended the art. 122 of the Privacy Code, the legislator has established the obligation to obtain the prior and informed consent of users to the installation of cookies used for purposes other than purely technical.
a) Technical cookies.
Technical cookies are those used only for navigation and to facilitate access and use of the site by the user. Technical cookies are essential for example to access Google or Facebook without having to log in to all sessions.
They are not used for other purposes and are normally installed directly by the owner or operator of the website. They can be divided into navigation or session cookies that guarantee the normal navigation and use of the website. They can in turn be divided into:
– navigation or session cookies, which guarantee the normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas);
– analytics cookies, similar to technical cookies when used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site;
– functionality cookies that allow the user to navigate according to a series of selected criteria (for example the language, the products selected for purchase) in order to improve the service provided.
b) Profiling cookies.
Profiling cookies are designed to create profiles related to the user and are used in order to send advertising messages in line with the preferences expressed by the user in the context of surfing the net. Because of the particular invasiveness that such devices can have in the private sphere of users, European and Italian legislation requires the user to be adequately informed about their use and express their valid consent.
14.3 How cookies are approved.
For the installation of technical cookies no consent is required while profiling cookies can be installed on the user’s terminal only after the latter has given consent following simplified disclosure.
By connecting for the first time to the website, the user must immediately display a banner containing brief information, the request for consent and a link to the more extensive information on what are profiling cookies and on the use that is done on the site.
14.4 Cookies used on the site.
For maximum transparency, we list below a series of technical cookies and cases of specific operations on the site:
• cookies directly implanted in the user’s / contractor’s terminal (which will not be used for further purposes) such as session cookies used for online reservations on the site, authentication cookies, personalization cookies (for example for the choice of browsing language); these cookies remain active only for the duration of the session.
• cookies used to statistically analyze accesses / visits to the site (so-called “analitycs” cookies) that only pursue statistical purposes (and not even profiling or marketing) and collect information in aggregate form without the possibility of identifying the individual user. In these cases, since the current legislation requires that for analytics cookies the person concerned is provided with a clear and adequate indication of the simple ways to oppose their system (including any anonymous display of the cookies themselves). The duration of analytics session cookies is * minutes.
14.5 How to deactivate cookies.
Most browsers allow you to delete cookies from your computer’s hard drive, block acceptance of cookies or receive a warning before a cookie is stored.
Therefore, for the removal of cookies, we invite the user to follow the instructions on the dedicated pages of the various browsers:
Interenet explorer: https://windows.microsoft.com/it-it/windows7how-to-manage-cookies-in-internet-explorer-9
Safari: https://support.apple.com/kb/HT1677?viewlocale=it_IT (verification by the site operator)
14.6 Disabling cookies.
If the user blocks or deletes a cookie, it may be impossible to restore preferences or custom settings previously specified and the ability of the site to personalize the user experience will be limited.
15. Rights of the interested party.
Please be informed that Article 7 of the Privacy Law (text printed at the bottom of this document) and Articles 13, Paragraph 2, letters (b) and (d), 15, 18, 19 and 21 of the Rules, available from the link http//eur-lexeuropa.eu/legalcontent/IT/TXT/HTML/?uri=CELEX:32016R0679&from=IT, grant specific rights to the interested party, as regards processing of its personal details, such as:
– the right to obtain confirmation of whether or not its of personal details are held and disclosure thereof;
– the right to know the source of the data, the processing purposes and methods used, the logic applied in case of processing by means of electronic devices,, the identification details of the data controller and data supervisor, as well as the details of anyone to whom the data may be disclosed;
– the right to have your personal details, deleted, trasformed to anonymous form or blocked if the same processed in breach of the law, including the right to update, correct, or if you so require, add further details;
– the right to oppose, for legitimate reasons, processing of your personal details;
– the right to withdraw consent to the processing of data, at any time, without prejudice to the lawfulness of the processing based on consent given before the revocation and to oppose at any time the processing for marketing and / or marketing related profiling purposes (opposition right pursuant to Article 21 of the Regulation).
The exercice of the above rights is not subject to any formalities.
The address to use for the exercise of the above rights is: email@example.com
The user has the right to file a complaint with the Data Protection Authority without prejudice to any other administrative or judicial remedy.
Rome, 15 Jan 2021
Article 7 of Personal Data Protection Code
7. Right of access to personal data and other rights.
1. The interested party has the right to obtain confirmation of the existence or otherwise of its personal data,, even if the same have not yet been recorded,including the right to request that they be communicated to the same in a comprehesible form
2. The interested party has the right to obtain information concerning:
a) the source of its personal data;
b) the scope and methods of the processing;
c) the logic applied in case of processing with electronic instruments;
d) the identification details of the controller, data supervisor and representative designed pursuant to section 5, paragraph 2;
e) the persons or categories of subjects to whom its personal data may be communicated or who may be informed of the same in their capacty of designed representative in the State, data supervisors or personsin charge of pprocessing.
3. The interested party has the right to :
a) update, correct or, if necessary, add further information to its personal data;
b) delete, transform to anonymous form or block data that is processed in breach of the law,, including data which it is not necessary to store for the purposes for which the data were collected or subsequently processed;
c) a statement attesting that the operations set forth by points a) and b) have been disclosed, together with the content thereof, to anyone to to whom the data has been disclosed or disseminated, unless this is impossible or involves disproportionate mean with respect to the protected right.
4. The interested party has the right to oppose, in whole or in part:
a) processing of its personal data, for legitimate reasons, even for the scope for which the same were collected;
b) processing of its personal data in order to send advertising materials or make direct sales or carry out market research or forward commercial messages.