(Google translatad from Italian to English)
INFORMATION ON THE PROCESSING OF PERSONAL DATA
Information provided pursuant to articles 13-14 of the GDPR
(General Data Protection Regulation) 2016/679
in compliance with the 2016/679 European Regulation (in the acronym GDPR)
Azienda Agrituristica Il Muto di Gallura of Serra Giovanni Francesco
wishes to inform you that the personal data you provide or that we acquire in the course of our activity, necessary to execute the services offered to you, will be processed in compliance with privacy regulations and principles of correctness, lawfulness, transparency and protection of your privacy and your rights.
We also wish to transmit the following information:
1. HOLDER OF THE TREATMENT is the writing company Il Muto Farm of Gallura of Serra Giovanni Francesco, Loc.Fraiga – 07020 – Aggius (SS) Telephone + 39- (0) 79-620559 P.I. 01318220900 can be contacted at the following addresses: e-mail firstname.lastname@example.org and PEC
DATA PROTECTION MANAGER is the owner who can be contacted at the registered office or at the addresses: e-mail email@example.com and PEC
2. DATA PROCESSED, PURPOSE AND LEGAL BASIS OF TREATMENT
2.1. The computer systems and software used to operate the sites www.mutodigallura.com and www.mutodigallura.it acquire some personal data that are implicitly a consequence of the use of information protocols on the Internet (for example, domain names and addresses IP). These data are not accompanied by additional personal information and are used to obtain anonymous statistical information on the use of the site, to check how to use it and to ascertain any responsibility in case of computer crimes. The legal basis that legitimizes the processing of such data is the need to make the functionality of the company website usable as a result of User access.
2.2. The data provided voluntarily by the User are instead those necessary to the Owner to provide the services available and are processed lawfully and fairly, are also collected and recorded for the specific, explicit and legitimate purposes indicated below and are used in operations treatment that are not incompatible with these purposes.
Personal data (personal identification data such as, for example: name and surname, company name, tax code and VAT number, address, telephone / fax number, e-mail, bank and payment details) that may be collected and processed:
a) to carry out customer relations activities based on pre-contractual and contractual agreements;
b) for administrative, fiscal or internal accounting purposes related to the customer-supplier relationship and to fulfill the obligations generally provided for by the Owner by laws or regulations, by community legislation, by requests of the Judicial Authority or to exercise the rights of the Holder (for example the right to defense in court); such data may be processed by third parties charged with the execution of administrative, fiscal or accounting obligations.
c) in the presence of specific specific consent of the User, for the following marketing purposes: to send (via e-mail, post, sms or telephone contact) newsletters, updates on the activities of the Owner, advertising material or commercial communications – on products or services offered by the Owner that the User may consider to be of interest and to determine the degree of satisfaction with the quality of the services;
The legal basis that legitimizes the processing of data referred to in points “a” (pre-contractual and contractual agreements) and “b” (administrative, accounting or tax purposes) is the execution of a contract for the provision of services of which the User is part, or the performance of pre-contractual activities upon request of the User.
In the cases expressly indicated in points “c”, if the company were to initiate this type of treatment, the legal basis is the consent freely given by the User.
2.3. Pursuant to articles 9 and 10 of the GDPR the User can confer to the Owner data qualifying as “particular categories of personal data” (ie those data revealing “racial or ethnic origin, political opinions, religious or philosophical beliefs, or belonging union … genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person “). These categories of data may be processed by the Data Controller only with the prior consent of the User, expressed in writing by signing this Notice or after having read it, by other written means (email, pec etc.) for contractual requirements and related fulfillment of legal obligations and tax and for any personnel selection needs.
3. PROCESSING METHODS
The processing of personal data of the User is carried out by means ofoperations of: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The personal data of the User are collected following direct sending to the Data Controller, by completing forms or forms generally prepared for this purpose, also included in contractual documents, or collected by telephone in the context of pre-contractual activities. The data are processed either by manual processing in paper format or with electronic or automated, computerized and telematic tools. The collected data are recorded and stored by the Owner in computer and paper archives, as well as stored and controlled in such a way as to minimize the risks of destruction or loss, even accidental, unauthorized access and treatment not allowed or not consistent with the purposes of the collection. The data are processed by employees or collaborators of the Data Controller, duly instructed in this direction.
4. NATURE OF THE COMMUNICATION OF THE DATA
The provision of personal data relating to processing is optional. However, failure to provide, partially or totally, the data may result in the partial or total inability to establish or continue the relationship with the User, to the extent that such data are necessary for the execution of the same.The provision of data for the marketing purposes is also optional. The User may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case he / she will not be able to receive newsletters, commercial communications and advertising material generally inherent to the services offered by the Data Controller.
5. ADDRESSEES OR EVENTUAL CATEGORIES OF ADDRESS OF PERSONAL DATA
The processing of User data is carried out by internal personnel of the Data Controller (employees, collaborators, System Administrators), identified and authorized to process according to instructions that are issued in compliance with current legislation on privacy and data security. If this is necessary for the purposes listed in Article 2, the personal data of the User may be processed by third parties appointed as Data Processors (under Article 28 of the GDPR) or “independent” Data Controllers “, Namely: 1. From professionals, companies, associations or professional studios that lend to the Owner assistance or advice for administrative, accounting, tax, or legal protection or selection of personnel; From all Public Institutes established by law and more generally by all the Authorities required by current accounting and tax regulations as recipients of mandatory communications; From banking institutions for collections and payments as well as any professionals – in single, associate or company form – for analysis services and market research, for the management of payments by credit cards or electronic payment instruments in general, postal couriers, for any debt recovery or for certification activities of the holder’s financial statements.4. From autonomous holders for the fulfillment of their professional functions involved in the services provided (notaries, appointed technicians, agencies, companies, companies, etc.) The updated list of Managers and Persons in charge of processing is kept at the registered office of the Owner. In any case, the User’s personal data are not subject to diffusion.
6. TRANSFER OF DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANIZATIONS
In the context of the management of the contractual relationship there is no transfer of the User’s data to third countries outside the EU or to international organizations.
7. PERIOD OF CONSERVATION OF PERSONAL DATA OR CRITERIA USED TO DETERMINE SU PERIODO
Per the purposes referred to in letters “a” (pre-contractual and contractual agreements) and “b” (administrative, accounting or fiscal compliance) of article 2.2. the User’s personal data will be processed and stored by the Owner for the entire duration of the contractual relationship between the User and the Owner and, at the end of the same for any reason, will be kept for the expected time – for each category of data – by the current legislation on accounting, tax, civil law and processual.For any purpose referred to in the letters “c” (marketing) the personal data of the User will be processed and stored by the Owner until revocation of consent by the User or until to the exercise, by the User, of the right to object to the processing or of the cancellation of personal data.
8. USER RIGHTS
In your status as Data Subject and in relation to the processing described in this Notice, you have the rights set out in Articles 7, 15 to 21 and 77 of the GDPR and, in particular, the:
• right of access- article 15 GDPR: the right to obtain confirmation that personal data concerning the User is being processed and, in this case, obtain access to such personal data, including a copy thereof;
• right of rectification – article 16 GDPR: right to obtain, without unjustified delay, the correction of inaccurate personal data concerning the User and / or the integration of incomplete personal data;
• right to cancellation (right to be forgotten) – Article 17 GDPR: right to obtain, without undue delay, the deletion of personal data concerning the User;
• right to limitation of treatment – Article 18 GDPR: right to obtain the limitation of treatment, when: the interested party disputes the accuracy of personal data, for the period necessary for the Data Controller to verify the accuracy of such data; the processing is illegal and the interested party opposes the cancellation of personal data and asks instead that its use is limited; personal data are necessary for the interested party to ascertain, exercise or defend a right in court; the interested party opposed the treatment pursuant to art. 21 GDPR, in the period of waiting for the verification on the possible prevalence of legitimate reasons of the Data Controller with respect to those of the interested party;
• right to data portability – article 20 GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, personal data concerning the User provided to the Owner and the right to transmit them to another Owner without impediments, if the treatment is based on consent and is carried out by automated means. Furthermore, the right to obtain that the personal data of the User is transmitted directly to another Data Controller if this is technically feasible;
• right of opposition – article 21 GDPR: right to object, at any time for reasons connected with its particular situation, to the processing of personal data concerning the User based on the lawfulness of legitimate interest or the execution of a task of public interest or the exercise of public powers, including profiling, unless there are legitimate reasons for the holder to continue the treatment that prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court. Furthermore, the right to oppose the processing at any time if personal data are processed for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing;
• right of revocation – article 7 GDPR: the User has the right to withdraw his consent at any time. The withdrawal of consent does not affect the lawfulness of the treatment based on consent before revocation;
• right of complaint – article 77 GDPR: the User has the right to lodge a complaint with the Authority for the protection of personal data, Piazza di Montecitorio 121, 00186, Rome (RM).
9. MODALITIES OF EXERCISE OF RIGHTS
The User may at any time exercise his rights by sending a registered letter to a.r. to:
Azienda Agrituristica Il Muto di Gallura of Serra Giovanni Francesco, Loc.Fraiga – 07020 – Aggius (SS) Telephone + 39- (0) 79-620559 P.I. 01318220900 can be contacted at the following addresses: e-mail firstname.lastname@example.org and PEC
For the exercise of the rights as indicated in this Notice and to receive any information relating to the same, the User may contact the Owner that, even through the designated facilities, will take charge of the request and provide the User without unjustified delay and in any case, at the latest, within one month of receipt of the same, information relating to the action taken regarding the request.
The exercise of rights by the User is free under Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Owner may charge the User a reasonable fee, in light of the administrative costs incurred to manage his request, or deny the satisfaction of his request.
The last modification to this Privacy Statement was made on 23.05.2018 vers.1.0.