Home / Privacy Policy

Privacy Policy

Ultimo aggiornamento: May 6, 2024

Legal notices

The textual contents of the site, unless otherwise explicitly stated on the individual web page, are intended to be provided under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Protection of personal data EU Regulation 2016/679 (GDPR) general information on the processing of personal data

 

Privacy Policy

Pursuant to art. 13 of EU Regulation no. 2016/679 relating to the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data, we inform visitors and users of our Portal that, following its consultation or the use of services offered online line, personal information concerning them will be processed.

This information, of a general nature, concerns all the Owner's websites, accessible electronically at the following addresses (hereinafter, for brevity, these sites will be collectively referred to with the term "Portal"): www.parchialpicozie.it.

Furthermore, it must be understood as expressly integrated by the information provided with reference to specific Services (for example, the newsletter, reserved access, etc...) provided through the web addresses mentioned above.

Unless otherwise specified and regulated by a specific information provided pursuant to article 13 of the GDPR, this Privacy Policy must also be understood as a document aimed at providing specific information referred to in articles 13 and 14 of the Regulation to those who find themselves browsing on the Portal and interact with the Data Controller through the services offered by the Portal itself.

This information does not concern other sites, pages or online services that can be reached via hypertext links that may be published on the sites but refer to resources external to the Owner's domains.

Who is the Data Controller?

The data controller is the Management Body of the Protected Areas of the Cottian Alps (C.F.: 94506780017) with headquarters in Via Fransuà Fontan, 1 - 10050 Salbertrand (TO), PEC alpicozie@cert.ruparpiemonte.it

The Data Controller announces that it has appointed the Personal Data Protection Officer (RPD or DPO) in accordance with the provision contained in the art. 37, par. 1, letter a) of the RGPD, identifying the lawyer as the suitable person. Massimo Ramello and that he can be reached at the following numbers:

Said name was also communicated to the Guarantor Authority for the Protection of Personal Data via electronic procedure.
The duties and functions of the Manager thus designated, as provided for in article 39, par. 1, of the GDPR, are detailed in the Appointment Decree available in the "Transparent Administration" section of the Portal.
The Manager is bound to secrecy or confidentiality regarding the performance of his duties, in accordance with Union or Member State law; the reports received by the Manager are therefore considered confidential.

What is meant by personal data and which of my data are processed?

"Personal data" means any information capable of identifying, directly or indirectly, a natural person, in this case, the User who browses the Owner's sites and uses the Services. The Data Controller manages numerous services, with different methods and for each of them the type of data requested and the purposes of collection vary. In any case, through the Portal, the Owner does not acquire or process data of a sensitive nature or in any case belonging to the particular categories referred to in the art. 9 of the GDPR or data relating to criminal convictions or crimes pursuant to art. 10 of the GDPR.

Browsing data
The computer systems and software procedures used to operate each website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and addresses of websites from which access or exit was made, information on the pages visited by users users within the site, access time, time spent on a single page, internal path analysis and other parameters relating to the user's operating system and IT environment. Such technical/IT data is collected and used exclusively in an aggregate and non-identifying manner and could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.

Data provided voluntarily by the User
This is all personal data freely released by the visitor on the Portal, for example, to register and/or access a reserved area, request information on a specific service via a form, write to an email address or telephone (in VoIP mode) to have direct contact. The processing of such personal data will be carried out on the basis of all the information contained in the specific information provided pursuant to articles 13 and 14 of the Regulation by the Data Controller at the time of providing personal data during registration as requested in the appropriate forms.

Among the Personal Data collected by this Portal there are: name, email, telephone, password, cookies, usage data, data communicated while using the contact service. The description of the categories of personal data being processed will be contained in the information pages relating to each Service offered. The User assumes responsibility for the personal data of third parties obtained, published or shared through this Portal and guarantees that he or she has the right to communicate or disseminate them, freeing the Owner from any liability towards third parties.

Cookies and other tracking systems
For a complete description of the processing of personal data through this type of system, please refer to the specific information.

Who processes my data? Method and place of processing

The processing connected to the web services of this Portal takes place at the offices of the Owner or at those of third parties who carry out processing operations on behalf of the Owner and have been duly registered as Data Processors pursuant to art. 28 of the GDPR.
The Data Controller adopts appropriate security measures aimed at preventing unauthorized access, disclosure, modification or destruction of the personal data being processed.
The processing is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.
The processing operations are carried out only by technical personnel in charge of the processing or maintenance operations. These subjects, duly identified and authorized, have received specific instructions on the methods and purposes of the processing.

Purpose of the processing of collected data

The User's data is collected to allow the Owner to pursue the following purposes:

  • provide promotion and information services regarding activities or events promoted or participated by the organisation, traffic conditions, alarms, warnings, deadlines, emergencies, etc. and, in general, various contact services within the scope of institutional functions also rendered through the use of telephone and electronic contact details, the internet or social networks;
  • provide services to citizens, businesses, institutions and other subjects via the web or social networks through "e-government" processes, including the dissemination of data, documents and news; the issuing of certifications; booking appointments; sending questionnaires, newsletters; communications of data, deeds, documents; public WI-FI connections, etc...

The visitor's personal data may be used by the Owner in court or in the preparatory stages of its possible establishment, for the defense against abuse in the use of this Portal or related Services by the User.

Likewise, personal information may be processed in the context of any needs to ascertain crimes by the judicial authority.

Legal basis of the processing

The Data Controller processes the personal data acquired during navigation on the Portal in the execution of its tasks of public interest or in any case connected to the exercise of its public powers, including that of illustrating the activities of the Entity and their functioning, promoting the access to the services offered by the organisation, promoting knowledge of them, promoting broadened and in-depth knowledge on topics of significant public and social interest, promoting the image of the organisation, as well as that of Italy, in Europe and in the world, providing knowledge and visibility at events of local, regional, national and international importance.

In some cases, duly highlighted, the processing will take place based on the express and explicit consent of the visitor, expressed on the basis of this Information (possibly integrated by detailed information).

However, it is always possible to request the Data Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on the law, is provided for by a contract or is necessary to conclude a contract.

Am I obliged to provide the data?

The use of the contents and services made available on this Portal presupposes that the navigator or user provides the requested data in the fillable fields. This insertion is always left to the discretion of the compiler.

Where it is necessary to express consent to the processing of personal data, it is always optional; consequently, the visitor can deny consent, and can revoke a consent already given at any time. However, denying consent, as well as revoking it, may make it impossible for the Owner to provide the Services based on it and the browsing experience on the Portal could be compromised.

How long are my data processed?

The data are processed and stored for the time necessary to achieve the purpose for which they were collected or subsequently processed.
Therefore, without prejudice to any different regulations contained in the pages dedicated to specific services:

  • the navigation data does not persist for more than seven days (except for any need for the investigation of crimes by the judicial authority);
  • the data provided to register and/or access a reserved area, for the entire duration of the access authorization (except for any need for judicial protection of the Data Controller or detection of crimes by the judicial authority);
  • the data provided as part of a registration procedure for web services, for the entire duration of the registration itself (except for any need for judicial protection of the Data Controller or verification of crimes by the judicial authority);
  • the data provided as part of an administrative procedure initiated through the Portal, for the entire duration of the same and, subsequently, for the time imposed by the rules regarding the conservation of administrative documentation.

When the processing is based on the consent of the interested party, even after the aforementioned term of use, the Data Controller may retain the personal data until such consent is revoked. Furthermore, the Data Controller may be obliged to retain personal data for a longer period, in compliance with a legal obligation or by order of an Authority.

At the end of the retention period, the personal data will be deleted. Therefore, upon expiry of this deadline, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

Who is my data sent to?

In addition to the Data Controller, in some cases, other external parties may also have access to the data (such as suppliers of technical, legal and consultancy services, third parties, postal couriers, hosting providers, IT companies, communication agencies) who operate on behalf of the Data Controller. and are duly classified as Data Processors. The updated list of Managers can always be requested from the Data Controller.

The Data Controller may be obliged to reveal the data by order of public or judicial authorities.

The communication of personal data to third parties for commercial or profiling purposes is not foreseen.

The dissemination of personal data is not foreseen.

What are my rights?

As provided for in Article 15 of the Regulation, the interested party may access their personal data, request rectification and updating if incomplete or incorrect, request cancellation if the collection occurred in violation of a law or regulation, as well as oppose to the Processing for legitimate and specific reasons.

In particular, we report below all the rights that can be exercised, at any time, towards the Data Controller and/or Joint Controllers:

  • Right of access: the right, pursuant to Article 15, paragraph 1 of the Regulation, to obtain confirmation from the Data Controller as to whether or not personal data is being processed and, in this case, to obtain access to such personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organisations; d) when possible, the expected retention period of personal data or, if this is not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to rectify or delete personal data or to limit the processing of personal data concerning him or to oppose their processing; f) the right to lodge a complaint with a supervisory authority; g) if the personal data are not collected from the interested party, all available information on their origin; h) the existence of an automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4, of the regulation and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party. All this information can be found in the information which will always be available in the Privacy section of each of the websites.
  • Right to revoke consent: in the event that consent is required for the processing of personal data, each interested party may revoke, at any time, the consent already given, without this affecting the lawfulness of the processing carried out prior to the revocation of consent.
  • Right of rectification: right to obtain, pursuant to Article 16 of the Regulation, the rectification of personal data that are inaccurate, taking into account the purposes of the processing; Furthermore, it is possible to obtain the integration of personal data that is incomplete, also by providing a supplementary declaration.
  • Right to cancellation: right to obtain, pursuant to Article 17, paragraph 1 of the Regulation, the cancellation of personal data without unjustified delay and the Data Controller will have the obligation to delete your personal data, if even just one of the following reasons: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) you have revoked the consent on which the processing of your personal data is based and there is no other legal basis for their processing; c) the interested party has objected to the processing pursuant to article 21, paragraph 1 or 2 of the Regulation and there is no longer any overriding legitimate reason to proceed with the processing of personal data; d) the personal data have been processed unlawfully; e) it is necessary to delete personal data to fulfill a legal obligation established by a community law or internal law. In some cases, as provided for in Article 17, paragraph 3 of the Regulation, the Data Controller is entitled not to proceed with the deletion of your personal data if their processing is necessary, for example, for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, for the assessment, exercise or defense of a right in court.
  • Right to limit processing: right to obtain the limitation of processing, pursuant to Article 18 of the Regulation, in the event that one of the following hypotheses occurs: the interested party: a) has contested the accuracy of his/her personal data (the limitation will continue for the period necessary for the data controller to verify the accuracy of such personal data); b) the processing is unlawful but you have opposed the deletion of your personal data, asking instead that their use be limited; c) although the Data Controller no longer needs them for the purposes of the processing, the personal data are used for the assessment, exercise or defense of a right in court; d) has objected to the processing pursuant to Article 21, paragraph 1, of the Regulation and is awaiting verification regarding the possible prevalence of the legitimate reasons of the Data Controller with respect to his own. In case of limitation of processing, personal data will be processed, except for storage, only with consent or for the establishment, exercise or defense of legal claims or to protect the rights of another. natural or legal person or for reasons of significant public interest.
  • Right to data portability: right to request at any time and receive, in accordance with Article 20, paragraph 1 of the Regulation, all personal data processed by the Data Controller and/or joint data controllers in a structured, user-friendly format common and legible or request transmission to another data controller without impediments. In this case, the interested party will be responsible for providing us with all the exact details of the new data controller to whom he intends to transfer his personal data by providing us with written authorization.
  • Right to object: pursuant to Article 21, paragraph 2 of the Regulation and as also reiterated by Recital 70, it is possible to object, at any time, to the Processing of your personal data if these are processed for direct marketing purposes, including profiling to the extent it is connected to such direct marketing. When personal data is processed in the public interest, in the exercise of public powers vested in the Owner or to pursue a legitimate interest of the Owner, Users have the right to object to the processing for reasons related to their particular situation.


Right to lodge a complaint with the supervisory authority

Without prejudice to the right to appeal to any other administrative or jurisdictional forum, if it is believed that the processing of personal data carried out by the Data Controller and/or joint data controllers occurs in violation of the Regulation and/or the applicable legislation, it is possible to lodge a complaint. to the Guarantor Authority for the Protection of Personal Data, as required by art. 77 of the Regulation itself, or to take action in the appropriate judicial offices (art. 79 of the Regulation).

Who can I contact?

Further information in relation to the processing of personal data may be requested at any time from the Data Controller or the Personal Data Protection Officer (DPO) using the contact details provided.

Changes to the Privacy Policy

This Privacy Policy is applicable to this Portal from the date of its publication. The possible entry into force of new sector regulations, as well as the constant examination and updating of the general conditions of use of the Portal, could lead to the need to change these methods.
The Data Controller therefore reserves the right to make changes to this privacy policy at any time by informing Users on this Portal and, if technically and legally feasible, by sending a notification to Users via one of the contact details in its possession. the Owner.
If the changes affect processing whose legal basis is consent, the Owner will collect the User's consent again, if necessary.

Link to/from third party sites

Through the Portal it is also possible to connect via specific links to other third-party websites.
In this regard, the Data Controller cannot be held responsible for any management of personal data by third-party websites and for the management of authentication credentials provided by third parties.

DPO update of 07/05/2019

You might also be interested in...