5. THE LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
The Controller processes the Data referred to paragraph 4 point (iii), under the following legal basis:
compliance with a legal obligation pursuant to Art. 6, par. 1, let. c) of Regulation.
The Controller processes the Data referred to paragraph 4 point (iv) under the following legal basis:
purposes of the legitimate interest pursued by the Controller pursuant to Art. 6, par.1., let. f) of Regulation.
The Controller processes the Data referred to paragraph 4 point (v), under the following legal basis:
free, informed, specific, unambiguous and always revocable consent pursuing Art. 6, par.1, let. a) of Regulation.
6.NATURE OF DATA PROVISION AND POSSIBLE CONSEQUENCES OF REFUSE
The provision of personal Data can be:
a) obligatory according to law, regulation, Community legislation or a contract;
b) strictly necessary for the conclusion of a contract;
In this case, for the purposes indicated in previous points (i), (ii), (iii) and (iv) of the previous paragraph 4, the provision of Data is strictly necessary for the conclusion of the agreement and/or obligatory to comply with legal and contractual obligations. Refusal to provide the Data will not allow to establish and /or to continue the contract with the Controller. For the purposes referred to in point (v) previous paragraph 4, the provision of the Data is facultative, however the partial or total refusal to provide the Data for such purposes will not allow to the Controller to send the aforementioned communications.
7.MODALITIES, PLACES AND TIMES OF THE PROCESSING
The processing of data is carried out under the principles of lawfulness, necessity and relevance with the help of electronic means. The Controller doesn’t adopt any automated decision-making, including profiling.
Processing is carried out directly at Controller by authorised personnel. In some cases, external parties may also process your Data (for example, professionals as such obliged to secrecy, like consultants, Accountants, Lawyers etc; suppliers; agents; services companies, professionals and consultants responsible for agreements’ managing, operations of storage, sorting and postal and/or freight transport; computer companies and system’s safety; managers of the infrastructures software used by the Controller). The list of all the subjects involved in the Processing can be requested to the Data Controller at any time.
Your Personal Data will be processed by the Data Controller for the time necessary to achieve the purpose referred to in paragraph 4 of this notice, as indicated in Recital 39 of the Regulation, without prejudice to a further period of retention that may be imposed or permitted by law as also provided for in Recital 65 of the Regulation.
The processing carried out to achieve the purposes referred to in point (v) of § 4 will take place until you communicate your intention to withdraw your consent. If consent is revoked, the Foundation will cease processing your personal data for such purposes.
Even without your express consent, Controller can disseminate your Data, for the purposes referred to paragraph 4, to the subjects to whom dissemination is mandatory by law. These subjects will process the Data in their capacity of independents controllers.
Data will not be disclosed.
9.RIGHTS OF THE DATA SUBJECT
The Regulation grants you the right to:
- obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and obtain information (right of access - Art. 15 Regulation);
- obtain the rectification of inaccurate personal data and to have incomplete personal data completed (right to rectification - Art. 16 Regulation);
- obtain the erasure of data processed in Regulation’s cases referred, including if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Right to erasure - ‘right to be forgotten’ - Art. 17 regulation). The request for removal may not be granted for Regulation’s cases referred, even when the processing is necessary to fulfil a legal obligation or exercise a legal right;
- obtain the restriction of the processing of data if the accuracy of the personal data is contested, and only for the period necessary for the controller to verify the accuracy of these personal data, or in the case of unlawful processing, or when even if the personal data are no more necessary to the purposes of processing, they are anyway necessary for the interested part in the assessment, exercise and right’s defence in judicial, or in the event that the interested part had exercise the opposition right to personal data process only for the period necessary to the verify concerning the Controller’s prevalence good cause over those of the interested part. (right to restriction of processing - Art. 18 Regulation);
- receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (right to data portability - Art. 20 Regulation);
- object to the processing for reasons related to the particular situation of the data subject, to personal data processing necessary for the execution of a public interest job or for the pursuing of controller or third parties’ legitimate interest. However, controller may continue to process the data if demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing (right to object - Art. 21 Regulation).
- request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject except in cases where profiling is necessary for the conclusion of an agreement, is authorized by the Union’s right or member State which the Controller is subject, is based on the explicit consent granted by the data subject (Art. 22 Regulation);
- withdraw the consent at any time without effecting the lawfulness of processing based on consent before its withdrawal, where the processing is based on let. a) of Art. 6 paragraph or let. a) of Art. 9 paragraph 2 of Regulation;
- lodge a complaint to supervisory authority (Art. 77 Regulation).
All the data subject’s requests can be addressed to the Controller, in writing and with a copy of the valid identification document, to the contact’s details gave in this notice paragraph 1. The Controller facilitates the Data subject’s requests and is committed to provide a match within a month of receiving the communication.
Furthermore, the Controller, pursuant to Art.19 Regulation, shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Art. 16, Art. 17 paragraph 1 and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
This notice is intended to explain the procedures followed to collect, through cookies and/or other tracking technologies, the information provided by users when they visit http://www.villaarconati-far.it
Introduction to cookies and other tracking tools
Generally speaking, cookies are files that store information about your navigation on the website. Cookies will store some details that may help you enjoy your browsing experience (for example, it allows us to ensure that the information on the website in your future visits responds to your preferences).
At the same time, cookies help us to understand some relevant details about the use of our website - for example, to identify most visited pages and contents, and for how long. Through these tools, we can make the site more responsive to your requests and more comfortable to navigate.
Consent to the installation of cookies
There are mainly three types of cookies.
The website operator usually installs technical cookies
to guarantee the usual browsing and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas).
, similar to technical cookies when used directly by the website operator, are used to collect information in an aggregate form on the number of users and how they visit the website.
are used to create user profiles and to send advertising messages in line with the preferences expressed by the user when surfing the web.
Cookies can also be distinguished between first-party and third-party cookies (it depends on the subject who manage the cookie and receive the information). We have a first-party cookie if the tool is controlled by the owner of the site, who is then responsible for providing information and indicating how to block the tracking. We talk about third-party cookie when they are managed by a third party other than the website owner. For these cookies, the obligation to inform and indicate the methods for any blockage lies with the third party, while the owner of the website is obliged to insert on the website the link to the website of the third party where these elements are available.
In our case, the Foundation's website uses certain tools that allow the installation of third-party analytics cookies. In particular, the following services are concerned:
: Google Analytics (Google Inc.).
: Google Analytics is a web analysis service provided by Google Inc. "('Google'). Google uses the Personal Data to track and examine the use of the website, compile reports and share them with other services developed by Google. These cookie collect aggregate information that does not trace back to the individual user’s identity. Anonymisation works by shortening the IP address of the Users within the borders of the member states of the European Union or in other countries participating in the agreement on the European Economic Area. Only in exceptional cases, the IP address will be sent to Google’s servers and shortened within the United States.
Place of processing
: United States
: Some cookies remain active only until you close the browser or when logging out. Other cookies “survive” when you close the browser and are also available on later visits made by the user.
These cookies are called persistent and the server sets their duration when they are created. In some cases, an expiry date is set; in other cases duration is unlimited. However, these are cookies that do not trace the user's profile and do not collect data on the user's behavior:
Cookie name: ga - Duration: 2 years
Cookie name: gid – Duration: session
Cookie name: gat - Duration: session
The user can disable Google Analytics in selective mode by installing the Opt-out Add-on provided by Google on their browser. To disable Google Analytics, please refer to the link shown below: https://tools.google.com/dlpage/gaoptout?hl=it
“Social plugin” are present in this website. These refer to parts of the visited page generated directly from the abovementioned websites and integrated into the page of the host website. The most common use of social plugins is to share the contents on social networking websites. The appearance of these plugins involves transmitting cookies to and from all the websites operated by third parties. The handling of information collected by “third parties” is governed by relevant rules, to which we kindly ask you to refer. To ensure greater transparency and ease, web addresses on all types of information and how to manage cookies of the main social networking websites are shown below:
Google plus https://policies.google.com/technologies/cookies?hl=it
The website does not use profiling cookies.
Nature of data provision
The user authorizes use of the cookies by continuing to navigate the website, after reading the banner. The provision of Data is optional.
The user can manage cookie settings from his browser: You can then modify the settings so that cookies are deleted or not saved on your computer or mobile device without your explicit consent. Since each browserhas different settings, you will have to check the “Help” menu of your browser to understand how to correctly change cookies-related settings.
Check the following link for more information on setting up your browser:
Safari per OSX:support.apple.com/kb/PH17191?locale=it_IT
Safari per iPhone, iPad o iPod:support.apple.com/kb/HT1677?viewlocale=it_IT
Some final indications