Information on the protection of personal data
pursuant to Article 13 of EU Regulation No 2016/679
Thank you for coming to visit us. We believe it is extremely important for you to have confidence in us and we would therefore like to share with you on this page the purposes and methods of processing the personal data we collect when you browse on the website. EU Regulation 679/2016 on the protection of personal data (GDPR) requires to provide interested parties with accurate information regarding the processing of their personal data.
Therefore, as the Data Controller, our Company would like to inform you of what personal data are collected, the reasons for which such data are used and shared, how long they are stored, as well as about Your rights and how to exercise them.
In order to allow safe and pleasant browsing on our website, we remind you that it is our precise commitment to ensure the protection of your personal data and confidentiality through a processing based on principles of fairness, legality and transparency. For this purpose, our Company uses appropriate security tools and all necessary measures in order to protect your personal data.
However, please note that no transmission of information via the Internet can be guaranteed in any way against the access of unauthorized third parties. We can not therefore be held responsible for any breach of security which is not the result of our negligent behaviour.
Identification of the data controller
The Data Controller is Citieffe S.r.l. a socio unico based in via Armaroli, 21 – 40012 Calderara di
Reno (Bologna, Italy) – tel. +39 051 721850 – e-mail: firstname.lastname@example.org
A. Data subject to processing
The personal data collected by the Data Controller through this website are common personal identification data, such as name, surname, e-mail address and telephone contact.
B. The purposes and method of processing your personal data
The personal data you provide are processed by the Data Controller and for the following purposes:
- provide you with the information required by filling out the Contact Form.
The processing of data for the purposes listed will include all the transactions provided for in Article 4 paragraph 2, EU Regulation 679/2016, and necessary for the processing in question, including the communication to the subjects referred to in point D).
The processing of data takes place through the use of tools and procedures suitable to guarantee its security and confidentiality and can be carried out both through paper media and through the use of computer means by personnel specially appointed according to organization and processing logics closely related to the purposes and in any case in order to guarantee the security, integrity and confidentiality of the data themselves.
C. Legal basis of processing – mandatory or optional nature of data provision
The legal basis on which the processing of your common personal data is based includes a processing that is necessary for the execution of pre-contractual measures taken at your express request and therefore to answer any questions or requests for information and the provision of services and products advanced by you through the compilation of the Contact Form, as well as for the legitimate interest of the Data Controller in order to manage relations with the user and to improve the services offered.
We also inform you that, taking into account the purposes of the processing as described above, the provision of data is optional but that their failure, partial or inaccurate conferment has no other consequence than the impossibility of realizing the indicated purpose.
D. Categories of recipients of personal data
Personal data will not be disclosed, by this term meaning to give knowledge to indeterminate subjects in any way, but may be disclosed to specific subjects such as:
- employees and collaborators, consultants or freelancers who work on behalf of the Data Controller. These subjects are authorized to process the data as Data Controllers in accordance with art. 29 of the GDPR or of Data Controllers pursuant to art. 28 of the GDPR;
- Supervisory bodies, judicial authorities as well as all other subjects to whom communication is mandatory by law for the performance of the above-mentioned purposes.
E. Non-eu data transfer
The data will not be transferred to third countries outside the European Union or to international organizations.
F. Data retention period
The personal data provided will be processed and stored for the time strictly necessary to reply to your request for information, after which your data will be deleted, unless a new and different purpose takes over in relation to the processing of your data (such as, for example, the conclusion of a contract).
G. Rights of the person concerned
As an interested party, you may, at any time, exercise the following rights:
- request access to your personal data: art. 15
- request and obtain the correction or updating of the aforementioned data: art. 16
- request, in the cases provided for, the deletion of the personal data processed (right to be forgotten): art. 17
- request the limitation of the processing of data concerning you, where provided for: art. 18
- obtain the portability of the data, where provided for: art. 20
- to oppose the processing: art. 21
- not be subjected to automated decision-making processes: art. 22
- revoke consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the withdrawal;
- lodge a complaint with the Supervisory Authority for the protection of personal data, Piazza Venezia n. 11 – 00187 Rome: art. 77.
To exercise their rights, ask questions, make comments and requests regarding this information note, the data subject can contact the Data Controller, through the address and-email email@example.com indicating in the subject line: “Protection of personal data: interested instance”
This statement was updated on 24/02/2021