PROCESSING OF PERSONAL DATA
PRIVACY POLICY
Information sheet on the processing of personal data collected from the data subject
pursuant to art. 13 Regulation EU 2016/679 G.D.P.R.
Version 1-02012020
In compliance with the provisions of Reg. EU 2016/679 (European Regulation on the protection of personal data) "ELISA PRATI" (hereinafter, "") provides the following information, pursuant to art. 13 of the aforementioned Regulation, regarding the processing of personal data (this information regulates only relationships with ). The owner reserves the right to modify, update, add, or remove parts of this privacy policy at any time. The data subject is required to periodically check for any changes to this page and should consider the version number of the information sheet.
Furthermore, specific information may be provided on the website pages regarding particular services or data processing.
The Data Controller is not responsible for third-party sites that may be accessed through links on its domain.
1. Information about the Privacy Policy of the website
a) This section contains all information related to the management of www.ladolcevitaeventsitaly.com concerning the processing of user data on the same site.
b) This information is also valid for art. 13 of Regulation (EU) no. 2016/679, relating to the protection of individuals concerning the processing of personal data and the free movement of such data, for subjects interacting with www.ladolcevitaeventsitaly.com, and can be reached at the corresponding address on the home page:
www.ladolcevitaeventsitaly.com
c) This information sheet is provided only for www.ladolcevitaeventsitaly.com and not for other websites that may be consulted by the user via links contained in it.
d) The purpose of this document is to provide information about the methods, times, and nature of the information that data controllers must provide to users when connecting to the pages of www.ladolcevitaeventsitaly.com, regardless of the purpose of the connection, according to current Italian and European legislation.
e) This information sheet may undergo changes due to the introduction of new rules that may concern it, and therefore users are invited to periodically check this page.
f) In the event that the user has not yet reached the age of fourteen, under art. 8, c. 1 of Regulation (EU) 2016/679, and art. 2 - Quinquies of Legislative Decree 196/2003, as amended by Legislative Decree 181/18, they will be required to legitimize their consent through the authorization of the person exercising parental responsibility (parents or guardian).
2. Data Controller and Data Protection Officer
The Data Controller is ELISA PRATI, VAT N. 03511600136, Fiscal Code PRTLSE83E53F133P with its legal headquarters in VIA SANDRO PERTINI 1 - 23807 MERATE (LC), Tel. 3396351420.
The Data Protection Officer, appointed pursuant to articles 37-39 G.D.P.R., is "Elisa Prati" and can be contacted at ELISA PRATI, VIA SANDRO PERTINI 1 - 23807 - MERATE (LC), mail: amministrazione@ladolcevitaeventsitaly.com ,
3. Data Processing Location
a) The processing of data generated by the use of the website www.ladolcevitaeventsitaly.com takes place at the legal and administrative headquarters located in VIA SANDRO PERTINI 1 – MERATE 23807 (LC);
b) If necessary, data related to the newsletter service may be processed by the data controller or persons appointed by them (if applicable) for this purpose at the relevant location.
4. Purpose and Legal Basis of Processing
This processes the personal data (any information concerning an identified or identifiable natural person) of individuals, legal entities, sole proprietorships, and/or freelancers ("Data Subjects") for the following purposes:
a) Necessity to perform a contract of which the Data Subject is a party or to carry out pre-contractual activities at their request. This necessity constitutes the legal basis legitimizing the subsequent processing. The provision of necessary data represents, in some cases, a contractual obligation or a requirement necessary for the conclusion of the contract. Without them, cannot establish or execute the relationship.
b) Necessity to fulfill legal obligations (e.g. anti-money laundering regulations, provisions of the Supervisory Authority, the Judiciary, etc.). This necessity constitutes the legal basis legitimizing the subsequent processing. The provision of this data represents a legal obligation; without it, cannot establish the relationship and may be obliged to make reports.
c) Administrative and accounting purposes for payments. The provision of this data represents a legal obligation; without it, the relationship cannot be established.
d) Promotion and sale of products and services of other Partner companies or third-party companies, including conducting market research (direct marketing). The legal basis legitimizing the subsequent processing is the consent of the Data Subject, free to give or refuse it and to revoke it at any time. The provision of data necessary for these purposes is not mandatory; refusal only results in the impossibility of receiving commercial communications.
e) Promotion and sale of "dedicated" products and services of other Partner companies or third-party companies, specifically identified through the processing and analysis, also using automated techniques or systems, of information regarding preferences, habits, consumption choices, aimed at grouping data subjects into homogeneous groups based on specific behaviors or characteristics (customer profiling) also carried out through data enrichment with information acquired from third parties (enrichment). The legal basis legitimizing the subsequent processing is the consent of the Data Subject, who is free to give or refuse it and to revoke it at any time. The provision of data necessary for these purposes is not mandatory; refusal only results in the impossibility of receiving dedicated commercial communications.
f) Promotion and sale of products and services of other Partner companies or third-party companies, through browsing the corporate website; any form completion for registration to use services and/or receive requested information; any data collection for personnel selection; any data collection for receiving newsletters or promotional communications (e.g., via email); any communications from Partner companies when the execution of the service is carried out in collaboration with the Partner. For this purpose, the legal basis is consent.
5. User-Provided Data
a) The optional, explicit, and voluntary sending of emails to the addresses indicated on this site involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered in the message.
b) Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services upon request.
6. Data Categories
It processes personal data collected directly from the Data Subject or from third parties, including, for example, personal data (e.g., name, surname, address, date and place of birth), information about the financial situation (e.g., financial status, credit information related to credit requests/relationships), image-related data (e.g., photo on an identity card), and voice recordings (e.g., voice passwords, phone order recordings, recordings of phone conversations with the Data Subject, also for the protection of rights in case of disputes), and other data attributable to the categories mentioned above.
This does not request or process, on its own initiative, special data of its clientele (e.g., data revealing racial or ethnic origin, political opinions, and religious or philosophical beliefs, union membership, genetic data, biometric data - intended to uniquely identify a natural person, data related to health or the sexual life or sexual orientation of the person). It may happen that, to carry out specific service requests and operations in the relationship (e.g., payment of membership fees to political parties or unions, transfers to associations, etc.), it has to process such data, and being unable to intercept or refuse these requests, the contract proposal cannot be accepted unless the Data Subject has declared their written consent to the aforementioned processing. The data in question will be processed exclusively to fulfill the customer's request.
7. Recipients or Categories of Data Recipients
Individuals and legal entities appointed as Data Processing Controllers, Sub-Controllers, data processors, and individuals authorized to process data necessary for the performance of assigned tasks may become aware of the Data Subject's data: detached employees, temporary workers, financial consultants, interns, consultants of another nature.
Without the need for the Data Subject's consent, they may communicate the personal data in its possession to:
- Those subjects to whom such communication must be made to fulfill an obligation required by law, regulation, or community legislation;
- In other cases provided for by current data protection legislation, including, in particular, companies on behalf of which they carry out activities related to the sale of their products/services.
Furthermore, the data, which will not be disclosed, may be communicated to companies contractually linked to and to third parties belonging to the following categories:
- Subjects providing services for the management of the information system used and telecommunications networks (including email);
- External subjects for the management of the storage of paper and/or computerized documentation;
- Subjects providing customer support services;
- Public bodies and administrations for checks and controls in compliance with tax and civil obligations;
- In case of administrative and accounting purposes, data may eventually be transmitted to commercial information companies for the evaluation of solvency and payment habits and/or to subjects for debt recovery purposes;
- Financial companies in case of financing;
- Companies or professional studies or entities, for activities related to the commercial purpose and the achievement of business goals, the protection of rights, and compliance with legal obligations.
These subjects perform the function of data processing controllers, or they operate independently as distinct Data Processing Controllers. The list of Data Processing Controllers, Sub-Controllers, and data processors is constantly updated and available by writing to the Data Controller at the legal headquarters.
8. User Rights
Every Data Subject, to exercise their rights, can directly and at any time contact the Data Controller; and, when deemed necessary, has the right to lodge a complaint with a supervisory authority. The rights exercisable by the Data Subject, as described below, are:
- Right of access;
- Right of rectification;
- Right of cancellation;
- Right of restriction;
- Right to data portability;
- Right of objection.
Data Subjects and legal entities, organizations, and associations can change optional consents at any time as they wish.
8.1 Right of Access
The Data Subject has the right to know which personal data concerning them are being processed and to receive a free copy (in case of additional copies requested, or of documentation whose production is costly - a contribution based on the costs incurred may be charged-). The provided information includes the purposes of the processing, the categories of data processed, the expected retention period, or, if not possible, the criteria used to define that period, as well as the safeguards applied in the event of data transfer to third countries and the rights exercisable by the Data Subject.
8.2 Right of Rectification
The right of rectification allows the Data Subject to obtain the update or correction of inaccurate or incomplete data concerning them.
8.3 Right of Cancellation (a.k.a. "Right to be Forgotten")
The right of erasure, or the right to be forgotten, allows the Data Subject to obtain the deletion of their personal data in the following cases:
- The personal data are no longer necessary for the purposes for which they were collected and processed;
- The Data Subject withdraws the consent on which the processing is based, and there is no other legal basis that could otherwise legitimize it;
- The Data Subject opposes the processing, and there is no other legitimate reason for the processing carried out by the Controller for the pursuit of their own or third-party legitimate interests, and there is no prevailing legitimate reason for the Controller to proceed with the processing;
- Direct marketing purposes, including related profiling;
- The personal data of the Data Subject have been processed unlawfully.
This right can be exercised even after the withdrawal of consent.
8.4 Right of Restriction
The right to restriction can be exercised by the Data Subject in the event of:
- Violation of the prerequisites for the lawfulness of the processing, as an alternative to the deletion of data;
- A request for rectification of data (pending rectification) or objection to their processing (pending the decision of the Controller).
Subject to retention, any other processing of the data for which restriction is requested is prohibited.
8.5 Right to Data Portability
The right to data portability allows the Data Subject to use their own data held by for other purposes. Each Data Subject can request to receive the personal data concerning them or request their transfer to another controller, in a structured, commonly used, and machine-readable format (the so-called Right to Data Portability). Data that can be subject to portability includes personal data (e.g., name, surname, address, date and place of birth, residence), as well as data generated from the activity defined for each category of products/services. This right does not apply to non-automated processing (e.g., paper archives or records).
8.6 Right of Objection
The right of objection allows the Data Subject to object at any time, for reasons related exclusively to their situation, to the processing of personal data concerning them.
8.7 Exceptions to the Exercise of Rights
Even if the Data Subject retains their rights, may continue to process the personal data of the Data Subject in the event of the following conditions:
- Execution of a legal obligation;
- Settlement of pre-litigation and/or litigation (own or third party);
- Internal and/or external investigations/inspections;
- Requests from the Italian and/or foreign public authorities;
- Reasons of relevant public interest;
- Execution of an ongoing contract between and a third party;
- Blocking conditions/status of a technical nature identified by .
Each Data Subject to exercise their rights can contact at the email address of the Data Controller or submit the request in writing to the Data Controller's headquarters. The response time is one month, extendable to two months in complex cases; in these cases, provides at least an interim communication within one month.
The exercise of rights is usually free, which always has the right to request additional information necessary to identify the requester, considering the complexity of processing the request and/or in case of manifestly unfounded or excessive (also repetitive) requests, reserves the right to request a contribution.
9. Data Storage Methods and Period
The processing is carried out both in an automated and manual manner, using methods and tools aimed at ensuring the maximum security and confidentiality, performed by specifically appointed individuals. The personal data collected will be stored in a form that allows the identification of the data subjects for a period not exceeding the achievement of the purposes for which the personal data are processed.
The Data Controller treats and retains the personal data of the Data Subject for the entire duration of the contractual relationship, for the performance of related and consequential obligations, for compliance with applicable legal and regulatory obligations, as well as for defensive purposes, either for itself or third parties, until the expiration of the data retention period. In particular, the period of retention of the personal data of the Data Subject starts from the exercise of consent by the Data Subject.
Where consent has been given for the purposes specified in point 2 letters d, e, and f of this information, the data will be processed for the entire execution of promotional, sales, research, statistical, and profiling activities for which consent has been explicitly given.
There is an obligation for to inform other data controllers who process the personal data requested for deletion by the Data Subject.
At the end of the applicable storage period, personal data related to the Data Subjects will be deleted or stored in a form that does not allow the identification of the Data Subject unless their further processing is necessary for one or more of the following purposes:
- Resolution of pre-litigation and/or litigation initiated before the expiration of the storage period;
- Follow-up to investigations/inspections by internal control functions and/or external authorities initiated before the expiration of the storage period;
- Fulfilment of other legal obligations or obligations required by the Public Security Authority, the Judiciary, Supervisory Authorities, Law Enforcement, etc.
10. Transfer of Data to Third Countries
Personal data may be transferred to countries not belonging to the European Union or the European Economic Area (so-called "Third Countries") recognized by the European Commission as having an adequate level of personal data protection or, otherwise, only if contractually guaranteed by all suppliers located in the Third Country to provide an adequate level of protection of personal data compared to that of the European Union (e.g., through the signing of standard contractual clauses provided by the European Commission), and the exercise of the rights of the Data Subjects is always ensured.
11. Registration and Automated Processing through Cookies and Switchboards
Personal data, as well as the identification of the habits and consumption tendencies of the Data Subjects, will also be analyzed through the use of cookies, in compliance with the guarantees and measures prescribed by current regulations.
In addition, the systems and procedures responsible for the operation of automated switchboards acquire certain data related to calls with customers (e.g., caller's remote number, call duration, as well as, with prior notice to the Data Subject, audio recording of the call).
Furthermore, for specific orders and instructions from customers, as well as in relation to specific concrete needs (e.g., security checks), may record the content of telephone conversations, including for any trial profiles and for the protection of rights in the event of disputes. In all these cases, the Data Subject will be informed about such recordings at the beginning of the telephone conversation.
12. Cookies: What They Are and Their Function
a) The website www.ladolcevitaeventsitaly.com uses cookies to make the user's browsing experience easier and more intuitive. Cookies are small text strings used to store certain information that may concern the user, their preferences, or the internet access device (computer, mobile, or tablet) and are mainly used to adapt the site's operation to the user's expectations, offering a more personalized browsing experience and remembering choices made previously.
b) A cookie consists of a small set of data transferred to the user's web browser by a web server and can only be read by the server that made the transfer. It is not executable code and does not transmit viruses.
c) Cookies do not record any personal information, and any identifiable data will not be stored. If desired, it is possible to prevent the storage of some or all cookies. However, in this case, the use of the site and the services offered may be compromised. To proceed without changing the cookie-related options, simply continue browsing.
13. Various Types of Cookies
13.1) Technical Cookies:
a) There are numerous technologies used to store information on the user's computer, which is then collected by websites. Among these, the best-known and most used is HTML cookies. They serve for navigation and to facilitate user access and use of the site. They are necessary for the transmission of electronic communications or to the provider to provide the service requested by the user.
b) Settings to manage or disable cookies may vary depending on the internet browser used. However, the user can manage or request the general deactivation or deletion of cookies by changing the settings of their internet browser. Such deactivation may slow down or prevent access to some parts of the site.
c) The use of technical cookies allows for the secure and efficient use of the site.
d) Cookies that are placed in the browser and transmitted through Google Analytics or through the blogger statistics service or similar are technical only if used for the optimization of the site directly by the site owner, who may collect information in aggregate form about the number of users and how they visit the site. In these conditions, the same rules apply to analytics cookies as for technical cookies in terms of information and consent.
e) In terms of duration, temporary session cookies can be distinguished, which are automatically deleted at the end of the browsing session and serve to identify the user and avoid login on each visited page, and permanent ones that remain active on the user's computer until expiration or deletion by the user.
f) Session cookies may be installed to allow access and stay in the reserved area of the portal as an authenticated user.
g) They are not stored persistently but exclusively for the duration of the navigation until the browser is closed and disappear with its closure. Their use is strictly limited to the transmission of session identifiers consisting of random numbers generated by the server necessary to allow secure and efficient exploration of the site.
13.2) Third-Party Cookies:
a) Regarding their origin, cookies sent to the browser directly from the site being visited are distinguished from those of third parties sent to the computer by other sites and not by the one being visited.
b) Permanent cookies are often third-party cookies.
c) The majority of third-party cookies consist of tracking cookies used to identify online behavior, understand interests, and personalize advertising proposals for users.
d) Analytical third-party cookies may be installed. They are sent from domains of said third parties external to the site being visited.
e) Third-party analytical cookies are used to detect information about user behavior on www.ladolcevitaeventsitaly.com. Detection occurs anonymously, in order to monitor performance and improve site usage. Third-party profiling cookies are used to create user profiles to propose advertising messages in line with the choices made by the users themselves.
f) The use of these cookies is governed by the rules set by the third parties themselves, so users are encouraged to view the privacy policies and instructions for managing or disabling cookies published on their respective web pages.
13.3) Profiling Cookies:
a) Profiling cookies are those that create user profiles and are used to send advertising messages in line with the preferences expressed by the user during web browsing.
b) When using these types of cookies, the user must give explicit consent.
c) Article 22 of Regulation (EU) 2016/679 and Article 122 of the Data Protection Code will apply.
14. Social Network Plugins
This site also incorporates plugins and/or buttons that allow access and linking to social networks, in order to facilitate easy content sharing on your favourite social networks. These plugins are programmed not to set any cookies when accessing the page, to safeguard user privacy. Cookies are only set, if provided by social networks, when the user actively and voluntarily uses the plugins. Please note that if the user browses while logged into the social network, they have already consented to the use of cookies transmitted through this site at the time of joining the social network.
The collection and use of information obtained through the plugins are governed by the respective privacy policies of the respective social networks, to which reference is made:
Facebook: https://www.facebook.com/help/cookies
