This document describes how to manage the website www.agriturismoalmablanca.it (“ Site “), with reference to the processing of personal data of users (“ User / Users “) Who consult it.
This is an information notice pursuant to the art. 13 of Legislative Decree no. 196/2003, so called Personal Data Protection Code (“ Privacy Code “) and Article 13 of EU Regulation 679/2016 (“ GDPR “), to all those who visit the Website and / or interact with the web services of Almablanca accessible through the Website.
The information is provided only for the Site and not for other web sites that may be consulted by the User through link on the Website.
1. Data controller
The holder of the processing of your personal data is Azienda Agricola Almablanca di Lucia Righi, with registered office in Via pian della vigna 1 Castelli di Garlenda, mail firstname.lastname@example.org , (hereinafter “ Almablanca ” or “ Owner “).
2. Types of processed data
2.1 Browsing data
The computer systems and the software procedures responsible for operating the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols.
This is information that is not collected to be associated with identified individuals, but that by their very nature could allow users to be identified.
This category of data includes (i) the IP addresses or the domain names of the computers used by the users connecting to the Website, (ii) the URI notation addresses ( Uniform Resource Identifier ) of the requested resources , (iii) the time of the request, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numerical code indicating the status of the response given by the server (good end, error) and (vii) other parameters related to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing.
This site uses the following types of cookies:
2.2.1 Technical Cookies
This type of cookie allows the correct operation of some sections of the site.
This website uses only technical cookies, ie those used for the sole purpose of “transmitting a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by subscriber or by the User to provide this service “(see Article 122, paragraph 1, of the Privacy Code).
They can be divided into navigation or session cookies, which guarantee the normal navigation and use of the website:
- analytics cookies, similar to technical cookies when used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site;
- functionality cookies, which allow the user to navigate according to a set of selected criteria (eg, language, etc.) in order to improve the service provided to the user.
For the installation of these cookies, the prior consent of users is not required, while the obligation to provide information pursuant to art. 13 of the Code.
The acquisition and processing of data deriving from the use of technical cookies is mandatory for consulting the site. In the event of opposition by the user, the complete and correct view of the site will not be possible.
At the moment this site does not install first-party profiling cookies and Google Analytics cookies have been anonymized.
2.2.3 Profiling cookies of Third Parties
This type of cookies allows a website operator to show targeted advertising to users who have visited their site based on their interests through the Google advertising network or other advertising sites. The advertising shown is based on the web pages previously visited by the user and is shown later on other websites that allow the display of Remarketing campaigns. Remarketing campaigns can be realized through services offered by third parties (such as the Google Adwords Remarketing tool). Remarketing campaigns generate so-called profiling cookies.
We use this type of coockie only after user consent.
It is possible to change the choice and / or deactivate targeted advertising via Google at the following link:
2.2.3 Other third-party cookies
By browsing the site the user can receive third-party cookies.
Third-party cookies are set by a website other than the one the user is visiting. This is because on each site there may be elements (images, maps, sounds, specific links to web pages of other domains, etc.) that reside on servers other than the site visited.
List of third-party cookies used by this site:
It is possible to directly act on your browser to manage cookies according to your preferences.
Below are the pages of the browser vendors that explain in detail how to act on privacy preferences and tracking based on the type of browser used by the user:
– Mozilla Firefox
– Google Chrome
– Safari 6/7
– Safari 8
– Internet Explorer
– Safari iOS (mobile)
2.3 Data provided voluntarily by the user
The Data Controller processes personal, identifying and non-sensitive data (as an example, but not limited to, name, surname, address, telephone, email, etc. – later, “personal data” or data) communicated by the User on the occasion registration to the web pages of the Site or to the registration form of the Data Controller, the compilation and sending of a contact form to the Data Controller or, in any case, of any other request.
The User assumes responsibility for the data of third parties published or shared via the Website and warrants that he has the right to communicate or disseminate them, freeing the Data Controller from any liability to third parties.
3. Purpose and legal basis of processing
The processing of personal data of the User by the Owner is aimed at:
- pursuing, in compliance with art. 6.1, lett. f) of the GDPR, its own legitimate interest, consisting in ensuring the safety of the Site and the information exchanged therein, ie the ability of such Site to resist, at a given level of security, unforeseen events or illicit or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted and the security of the related services offered or made accessible;
- to allow the User to send requests for information and to the Owner to provide the User with any feedback to the requests formulated;
- make User registration and authentication possible;
- for marketing purposes only with your specific and distinct consent pursuant to art. 23 and 130 of the Privacy Code and art. 7 of the GDPR: sending by e-mail newsletter, commercial communications and / or advertising material on products and services of the owner;
- allow the Owner, to receive the User’s personal data through Facebook, and other and other social networks of which the user may provide contact details, if any;
- to exercise the rights of the owner, for example the right of defense;
- to fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority.
The purposes referred to in letters c), d) and e) will be prosecuted only after the User has expressed their specific consent and free consent to such processing, remaining understood the possibility for the latter to always request the exclusion of some modes of automated or traditional communications.
4. Consequences of a possible refusal to answer
5. Method of treatment
Personal data are processed with computerized and automated systems, such as e-mails, databases, spreadsheets, web services for the time necessary to achieve the purposes for which they are collected.
It should be noted, in particular, that the User’s personal data are processed by persons duly appointed to perform these tasks, constantly identified and / or appointed, appropriately instructed and made aware of the constraints imposed by law, as well as by the use of security measures to guarantee the protection of your privacy and to avoid risks of loss or destruction, unauthorized access, or processing that is not permitted or does not comply with the aforementioned purposes.
6. Communication and dissemination of data
In any case, the communication of data to companies expressly appointed to perform certain services within the activity carried out by the Owner and / or, in general, in his favor, which will operate as autonomous holders and / / o controllers, as well as the communication and / or dissemination of data required, in compliance with the law, by police forces, judicial authorities, information and security bodies or other public entities for defense or security purposes State or prevention, ascertainment or repression of crimes.
Data is not subject to disclosure.
The updated list of Managers can always be requested from the Data Controller.
8. Data transfer
The management and storage takes place on servers located within the European Union at the company Aruba SpA. In any case, it is understood that the Data Controller, if necessary, will have the right to move the server location to Italy and / or the European Union and / or non-EU countries. In this case, the Holder ensures from now on that the transfer of non-EU data will take place in accordance with the applicable legal provisions stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided by the Commission European.
7. Rights of the interested party
Pursuant to art. 7 of the Privacy Code and articles 15 and ss. of the GDPR, the User has the right to obtain:
- the confirmation of the existence or not of personal data concerning you, even if not yet registered, their communication in an intelligible form and access to them;
- a copy of your personal data;
- the correction of any inaccurate personal data;
- cancellation of your personal data;
- the limitation of the processing of your personal data;
- in a structured format, in common use and readable by an automatic device, the personal data you have provided or which you yourself have created – excluding the judgments created by the Data Controller and / or by the persons appointed pursuant to art. 4 of the Privacy Code / by the persons authorized to process the data in the name and on behalf of the Data Controller pursuant to art. 4 of the GDPR – and to transmit them, directly or through the Data Controller, to another data controller (so-called data portability);
- information about:
- of the origin of personal data;
- of the categories of personal data processed;
- of the purposes and methods of processing;
- of the logic applied in case of treatment carried out with the aid of electronic instruments;
- of the identifying details of the Data Controller and of any responsible parties;
- of the retention period of your personal data or of the criteria useful for determining this period;
- of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or persons in charge pursuant to art. 4 of the Privacy Code / persons authorized to process data in the name and on behalf of the Data Controller pursuant to art. 4 of the GDPR;
- updating, rectification or, when interested, integration of data;
- the transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
- the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where this fulfillment it proves impossible or involves a use of means manifestly disproportionate to the protected right.
- The User also has the right to object, in whole or in part:
- for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of collection;
- to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication.
To exercise the aforementioned rights, Users can send a communication to the e-mail address of the Owner, as per the previous art. 1, indicating the subject “Privacy exercise of rights”.
Finally, we inform you that if you believe that your rights have been violated by the Owner and / or a third party, you have the right to lodge a complaint with the Data Protection Authority and / or other competent supervisory authority in strength of the GDPR.
8. Duration of processing and storage of personal data
The User’s personal data will be processed by the Data Controller for the only period of time necessary to achieve the purposes of the processing referred to in Article 3 above, after which they will be kept only in compliance with current legal requirements, for administrative purposes and / or to assert or defend a right in the event of litigation and pre-litigation.
The user can always request the interruption of the treatment or the cancellation of data.
Finally, we inform you that if you believe that your rights have been violated by the Owner and / or a third party, you have the right to lodge a complaint with the Data Protection Authority and / or other competent supervisory authority in force of the Rules. To this page http://www.garanteprivacy.it/home/urp
*** *** ***