Privacy Policy

2. DATA PROCESSOR

Concerning the activities of administration and management of the Website, the data controller, pursuant to art. 28 of the GDPR, is Marcantonio Sofia’s CP8, with registered address in via dei Marinai, 92, 98049 Villafranca Tirrena (ME), who can be contacted at the email address admin@ciclods.it.

3. PURPOSE AND LAWFULNESS OF PROCESSING

Users' personal data are exclusively processed for the purposes indicated below and only in the presence of the conditions of lawfulness referred to in art. 6 of the GDPR.

The processing of data entered by the user at the time of registration, the provision of which is essential for the use of the Website, is necessary to conclude and execute a contract to which the same is a party, pursuant to art. 6, par. 1, lett. b) of the GDPR.

The processing aimed at sending communications, including commercial ones, by the owner and his partners, carrying out marketing activities, opinion polls and market researches, and those related to the use of third-party analytical cookies takes place on the basis of consent, freely expressed and withdrawable at any time, by the user, pursuant to art. 6, par. 1, lett. a) of the GDPR.

The personal data not necessary for registration and any personal data contained in the messages spontaneously sent through the contact forms or the contact details on the Website are also based on user's consent.

The processing necessary for the correct functioning of the Website, such as the use of technical cookies and the transmission of data inherent in Internet communication protocols, is carried out according to the legitimate interest of the data controller, pursuant to art. 6, par. 1, lett. f) of the GDPR.

4. CATEGORIES OF PERSONAL DATA

The categories of personal data processed due to the conditions of lawfulness set out above are the following:

• personal data (name and surname, date of birth) and contact data (email address) necessary for subscription and sending communications to the user;

• personal data (city, province, region and country of residence) possibly communicated;

• any personal data contained in the communications between the user and the owner;

• information contained in technical and third-party analytical cookies used on the Website;

• telematic data inherent in Internet communication protocols.

5. PROCESSING METHODS

The processing operations described above are carried out, within the European Union, in compliance with the principles set out in art. 5 of the GDPR.

The processing is carried out using IT and telematic resources, in ways suitable to guarantee security, integrity and confidentiality of personal data at any time. In particular, technical and organisational measures have been taken to prevent unauthorized access, modification, disclosure and destruction of data.

Data transmissions between the user and the Website take place within an encrypted connection using the HTTPS protocol. In order to prevent the risk of accidental loss of personal data, an automatic backup is carried out, while the data processor performs a periodic manual backup.

Users’ personal data will be processed for the entire duration of the contract, i.e. until the request of erasure.

6. DATA TRANSMISSION

Collected personal data can be processed by data controller and data processor’s collaborators, who have been authorized and act on the basis of specific instructions regarding purposes and methods of processing, pursuant to art. 29 of the GDPR.

On the basis of consent, the personal data collected for commercial purposes are communicated to data controller’s partner, appropriately appointed as data processors, pursuant to art. 28 of the GDPR.

7. DATA SUBJECTS’ RIGHTS

The GDPR gives data subjects the opportunity to exercise the following rights by contacting the data controller and the data processor at any time at the email addresses indicated above:

• receive confirmation of whether or not personal data is being processed, know the categories of data processed, the subjects to whom they have been or will be communicated, the period or criteria for determining their retention period, as well as a copy of the personal data being processed, pursuant to art. 15 of the GDPR;

• obtain, without undue delay, the rectification of inaccurate personal data, pursuant to art. 16 of the GDPR;

• obtain, without undue delay, the erasure of personal data according to one of the reasons referred to in art. 17 of the GDPR;

• obtain, if one of the provisions in art. 18 of the GDPR apply, the restriction of the processing of personal data;

• receive in a structured, commonly used and machine-readable format, the data processed on the basis of art. 6, par. 1, lett. a) and c) of the GDPR;

• object at any time to the processing of personal data, if it is based on art. 6, par. 1, lett. f) of the GDPR, pursuant to art. 21 of the same;

• file a complaint to the Data Protection Authority.

8. FURTHER INFORMATION

Users' personal data may be used by the data controller in order to defend himself in court. Users are aware that the data controller may be required to communicate their personal data at the request of public authorities.

The data controller has the right to modify this document. Please check this page, taking as reference the date of the last update reported at the end of the text. Unless otherwise specified, the previous policy will continue to apply to personal data collected up to that moment.

Last updated: 20/07/2020