Disclosure regarding article 13 of EC rule no. 679/2016 (GDPR) and Cookie Policy.

Disclosure regarding article 13 of EC rule no. 679/2016 (GDPR) and Cookie Policy.

“poderecadassa.it” is a website belonging to “Al Vedel srl”, whose registered seat is in via Vedole 68 in Colorno (Pr). This company guarantees the confidentiality of personal data and its own protection against any kind of violation. As per EC rule no. 679/2016 ( “GDPR”), and in particular according to Article 13, here below all necessary information – requested by the law regarding the processing of personal data – is given to the user (“person concerned”).

SECTION I
Who we are and which data we process (Article 13, 1° paragraph, a letter, Art. 15, b letter GDPR).

“poderecadassa.it” in the person of “Al Vedel srl”, whose registered seat is in via Vedole 68 in Colorno (Pr), is the holder of the data processing and is to be contacted through the following e-mail address: privacy@poderecadassa.it . It collects and/or receives all information regarding the person concerned such as:

Biographical data at time of contact or of reservation request: name, surname, address, nationality, province and municipality where the person concerned lives, fix and/or mobile phone number, fax, social security number, e-mail address.

Telematic traffic such as Log, IP adress.

“poderecadassa” does not request the person concerned any “peculiar” data according to Article 9 of GDPR such as race or ethnic group, political ideas, religion or philosophy, trade union membership, genetic data, biometrics in order to identify uniquely a physic person; the company does not request any details relating to health and sexuality. If “poderecadassa” should process the above mentioned data, the person concerned will be given a proper disclosure to be agreed.

There is a Data Protection Officer – DPO appointed by the Holder to be contacted for any further information and request:

“Al Vedel srl”, whose registered seat is via Vedole 68 a Colorno (Pr)
e-mail: privacy@poderecadassa.it

For any information and inquiry the concerned person can contact the following address: privacy@poderecadassa.it

SECTION II
For which purpose we need the data of the person concerned (Art. 13, 1° paragraph of GDPR).

The person concerned data is used by the Holder to proceed with material purchase request, to manage and execute the contact request asked by the user, to provide assistance, to fulfil the law requirements the Holder has to accomplish due to his activity. “poderecadassa” neither gives the user personal data away nor uses it for undeclared aims. The user data is processed for:
a) registration of biographical details and contact request or information inquiry
the user personal data are processed to begin the preliminary works and – regarding the biographical data – to manage the information and contact requests or the delivery of information material and to fulfil further obligations
. Legal basis of such data processing is the fulfilment of the services related to request for inclusion, information and contact and/or the delivery of information material and the respect of law requirements.

b) management of contacts
The user personal data processing is carried out in order to start the preliminary works or to start all those activities developed by a product purchase, the order management, the provision of the service and/or the production and/or the delivery of the purchased product, invoicing, payment and the management of any complaint and/or alerts to assistance service and the fulfilment of the same assistance service, fraud prevention and the fulfilment of any other contract obligation. Legal basis of such data processing is the fulfilment of the services related to the purchase contract and to the respect of law requirements.

c) promotional activities regarding services/products, the same purchased by the user (according to 47 GDPR)
The holder of the data processing can use the contact data of the person concerned without any expressed consent for sales purposes of his own services/products, only if such services/products are the same ones sold to the user. If the user does not agree with that, he must oppose explicitly.

d) promotional sales activities of services/products which differ from those purchased by the user
The user personal data can be processed also for promotional sales aim, for market research regarding services/products the holder offer only if the user has authorized the data processing without opposition.
Such data processing can be carried out automated as follows:
– e-mail;
– sms;

and can be carried out:
1. If the user has not opposed to the data processing use;
2. If the user is not registered in the opposition list no. 178/2010, in case the data processing is carried out by a phone operator;
Legal basis of such data processing is the consent given by the user before the processing. The user can withdraw it when he wishes to (see Section III).

e) computer security
According to no. 49 of GDPR and by means of his suppliers (Third parties and/or recipients), the holder processes the user personal data related to the traffic in a stricly necessary way to guarantee the network and communication safety. It means that information system and network have to prevent from unforseen events and intentional, unlawful acts, which may compromise the availability, authentication, integrity, and confidentiality of the personal data.
The holder informs has to inform the user, if there could be any risk of violation, except obligations declared in Article 33 of GDPR, related to notifications of violation of personal data.
Legal basis of such processing is the respect of the law requirements and the vested interest of the holder to carry our processing, whose purpose is the web protection and the security of “poderecadassa”

f) profiling
The user personal data can be processed for profiling purposes (such as analyses of the data transferred and of the selected services/products, advertisment and/or sales proposals in accordance to the choices of the same user) exclusively when the user has given his explicit consent upon after receiving information. Legal basis of such data processing is the consent of the user, given before, which is revocable by the user when he wishes to (see Section III).

g) fraud prevention (according to 47 and art. 22 of GDPR)
– the personal user data, except those peculiar (Article 9 of GDPR) or judicial (Article 10 of GDPR) are processed in order to allow controls with monitoring purposes and to prevent any fraudulent payment . These operations are carried out by software systems before the negotiation of services/products;
– if such controls have a negative outcome, no transiction is possible; the user can express his opinion, obtain an explication and contest the decision giving the Customer Assistance his reasons through privacy@poderecadassa.it;
– the personal data collected for antifraudolent purposes, unlike the necessary data for the correct executions of the requested service, are immediately deleted at the end of the control phase.

h) protection of minors
Services/products offered by the holder are reserved to people who are able to conclude contract obligations, according to the current National law.
In order to prevent any illegitimate access to his services, the holder includes preventive measures towards himself rightfully, such as controlling the social security number and/or other checks, if necessary for specified services/products, the correctness of the identifying data of the identity documents issued by the competent authorities.
Communication to third parties and categories of recipients (Article 13, 1° paragraph of GDPR)

The holder does not transferred the personal data to countries where GDPR is not applicable (Extra EC countries), except specified contrary indications to be informed in advance and if necessary the user’s consent will be asked for.
Legal basis of such processing is the fulfilment of the services regarding the developed relationship, the respect of law obligations and the rightful interest of “poderecadassa” to carry out processing which are useful for such purposes.

SECTION III
What happens if the user does not give the data which is necessary for the executions of the requested service? (Article 13, 2° paragraph, lett. GDPR)
Collection and processing of personal data is necessary to fulfil the requested service and/or the requested product supply. If the concerned person does not give his data through the order form and through the application, the holder is not able to proceed with the legal processing useful for the requested service, for the contract and for the services/products related to it and for all requirements.
What happens if the user does not give the holder the consent to the data processing for the sales activities and for the services/products different from those purchased?
Such processing is not carried out for such purposes without effects on the requested services and on those services for which he already gave his consent, if requested.
If the user gives the consent and later he withdraws it or if he opposes the processing for sales activities, his data cannot be processed for such purposes, without this leading to consequences or injurious effects for the user or for the requested service.
How we process the user’s data (Article 32 of GDPR)
The holder has proper safety measures to preserve the confidentiality, the integrity and the availability of the personal data of the user and expect third parties and responsible people to have similar safety measures.
Where we process the user’s data
The user personal data is stored in paper archives or in computers and telematic systems located in EC countries, where the GDPR is valid.
How long does the data remain stored? (Article 13, 2° paragraph, letter a of GDPR)
Unless the user does not express his wish to remove it, the personal data is stored till the rightful purposes for its use are necessary.
In particular, it is stored troughout the duration of the user’s registration and, in any case, not over 12 months from its inactivity, whenever – within this period – there are no services and/or products purchased by means of the same ID registration.
In case of data given to the holder for sales activities which differ from those acquired by the user (he gave his consent first for), these are kept for 24 months, except the user withdraws the consent. In case of data given to the holder for profiling purposes, these are preserved 12 months, except the user withdraws the consent.
If the user gives “poderecadassa” personal data which is not requested or necessary for the service purposes, “poderecadassa” cannot be considered as holder of this data and must delete it as soon as possible.
No matter what the user wishes to, the personal data is preserved according to the limits of the current law and of the National rules for the solely purpose to guarantee the specific requirements of some services.
Moreover, the personal data is preserved to accomplish certain obligations (for instance, tax and accounting obligations), which remains after the contract termination (Art. 2220 c.c.); for these purposes, the holder has to keep the necessary data for their pursuit. Exceptions: if contract rights and/or biographical data rights are enforceable by court, such data is processed for the necessary period to be processed.

Which are the user’s rights? (Articles 15 – 20 GDPR)
a) the holder must confirm to the user if his data is processed or not and, if it is, he is allowed to enter his data and the following information:
1. processing purposes;
2. personal data categories;
3. who personal data will be communicated to, in particular, if data is to be communicated to extra EC countries or to International organizations;
4. if possible, he must be informed about personal data storage and how long data is stored or, if it is not possible, how the storage period of time is determined;
5. the user has the right to ask the holder about the correction or deletion of the personal data or about a restriction of his data processing or he can oppose the data processing;
6. the user can ask for a supervisory body;
7.
where the personal data are not collected from the data subject, any available information as to their source;
8. the existence of an automated decision making process, including profiling, and, at least in these cases, significant information about the used logic and the importance and the consequences of such processing;
9. Appropriate guarantees given by an extra EC countries or an international organization, if data is stored here;
b) the user can ask for a copy of his personal data, if this right does not touch someone’s rights and freedom; if the user asks for more copies of his data, the holder of the processing can charge a reasonable fee based on administration costs;
c) The user has the right to achieve any data correction without unjustified delay from the holder;
d) the user has the right to achieve the deletion of the personal data without any unjustified delay, in case of reasons described by the GDPR, in Art. 17. For instance, if data is not necessary for the processing purposes or if the purposes is illegal and if there are no more conditions supported by the law. And if the processing is not justified by another legal reason;
e) the user has the right to achieve the processing restriction from the holder according to all cases of Article 18 of GDPR, for instance when the user disputes the correctness for the necessary period for the holder to verify the data. The user must be informed about the withdrawal period on time or why the processing limitation did not happen and about the withdrawal of the limitation;
f) the user has the right to be communicated by the holder about all who receive the inquiries of corrections or deletion destinatari cui sono stati trasmesse le richieste di eventuale rettifiche o cancellazioni o limitazioni del trattamento effettuate, salvo che ciò si riveli impossibile o implichi uno sforzo sproporzionato.
g) the user has the right to obtain his personal data by means of a structured, easy to understand, common and readable format and he is allowed to send it to another processing holder without restrictions from the holder he gave it to (according to Article 20 of GDPR) and he has the right to obtain the direct transmission of his data from one holder to another, if possible.
for any further information and for any requests the user has to write to the holder through the e-mail address privacy@poderecadassa.it. In order to be sure that the above mentioned rights are authorized by the user and not by third parties, the holder can ask the user to give him further information which are necessary to verify the authorization.

How and when can the user oppose his personal data processing? (Article 21 of GDPR).
For reasons due to a peculiar user’s situation, the concerned person can oppose the data processing at any time, if it is based on legitimate concern or if it is due to promotional sales activities. He has to send the holder his request through the address privacy@poderecadassa.it.

The user has the right to delete his personal data, if there is no legitimate reason for the holder to oppose it and if the user is not interested in the data processing for sales promotional activities.

Who can the user file a complaint to? (Article 15 of GDPR)
Without prejudice to legal and administrative actions, the user can lodge a complaint to the proper Authorities on the territory (for the protection of personal data).
The territory must be located in a European country.

Each update of such disclosure will be communicated as fast as possible and through proper means. Moreover, the user will know if the holder processes his data for further purposes than those mentioned and he will get to know it before the processing. The user must give the holder his consent for these further purposes, if necessary.

————————————————————————————————————————-

Cookie policy of website www.poderecadassa.it in accordance with the data protection supervisor law
The data protection supervisor knows that there is a European law expecting the web administrators to show the visitors a page explaining them the cookie policy of the website they are visiting and to submit them to the acceptance before proceeding.

For this purpose, if you need further information or if you have questions about the privacy policy of this website, we ask you to contact us through info@poderecadassa.it
In this page you can find how personal data is received and collected and how it is used by
www.poderecadassa.it. For this purpose cookies are used. Cookies are text files to make the web surfing easy.

1) what are cookies?
they are text files sent by the visited websites to the user’s browser. They are memorized in order to be transmitted to the website for a following visit.

2) what do cookies are for?
Through cookies sessions are controlled; a user can enter a website without dialing name and password each time he tries to and a cookie memorizes his preferences.

3) what are technical cookies?
These are important for surfing and for making the access and the use easy for the user. Technical cookies are essential to enter Google or Facebook without logging oneself each time. They are also important for other operations such as home banking, credit card payments or for other systems.

4) are cookies Analytics technical cookies?
are cookies inside browsers and transmitted through Google Analytics or blogger statistics service or similar to be considered technical cookies? Supervisor says that such cookies can be considered technical only if “used for web optimization directly by the holder of the same website; in this way he can collect information about the quantity of the visitors and how they visit the website. In this circumstances the rules of the analytics cookies are the same of technical cookies.”

5) what are profling cookies?
these are cookies used to trace the user’s surfing in order to create profiles according his preferences, interests and his researches. Consider the advertising banners regarding a peculiar product you searched on internet before: that’s an example of profiling of the user’s interest and cookies show you the products considered suitable for you.

6) Is the user’s consent necessary for the cookies installing?
for the installing of technical cookies there is no need of a consent, while for the profiling ones the user has to give his consent after getting simple information.

7) how can webmasters ask for consent?
according to the privacy supervisor, when a user enters a website, an information banner appears explaining some instructions briefly, the consent request and a link where the user can get more detailed information about profiling cookies and their use and purposes.

8) how must banner be realized?
Banner hides a part of the page content and specifies that the website uses profiling cookies also of third parties. Banner disappears only by means of a user’s action, normally a click.

9) which indications does the banner give?
the banner explains the disclosure briefly; it mentions the link to connect to for a more detailed disclosure and it shows the button for the profiling cookies consent.

10) how to keep trace of the consent.
there is a technical cookie memorizing the user’s consent in order to avoid him to give it twice during the following visits.

11) can the consent be expressed by means of the banner only?
No, there are other systems, but these ones must have the same requirements. Banner is not necessary for websites using technical cookies only.

12) what must be declared in the more detailed disclosure?
here it can be declared as follows: cookies features, also those installed by third parties; how the user can surf undercover, without leaving his preferences and deleting each single cookie.

13) who must inform the supervisor that profiling cookies are used?
the website’s holder has to. If his website uses profiling cookies of third parties only, he doesn’t need to inform the supervisor about that, but he must indicate these cookies and the links of their discloures.

14) when does this discloure come into force?
on 2 June 2015

COOKIE USES IN THIS WEBSITE
Log files: this website registers the operations chronology, when they are carried out. All information contained inside log files include IP adresses, type of browser, Internet Service Provider (ISP), date, hour, log in and log out pages, clic number. This is used to analyse trends, to administer the webiste, to control the user’s actions inside the web and to collect demographics details, IP addresses and other information. The user’s identity is not traceable.

Cookie: www.poderecadassa.it uses cookies to register information regarding his visitors’ preferences and regarding the visited pages. It also personalizes the page content according to the browser used and according to other information sent by the browser.

Cookie DoubleClick DART: this was introduced by Google five yeasr ago and is useful to advertise anounces on poderecadassa.it in order to show the user targeted advertisement according to their chronology. Users can accept such cookie or can disable it from their browser, visiting the page dedicated to Privacy. Further information about kind and use of cookies for advertisement made by Google can be found in the page dedicated to the cookies used. Also some advertising partners of Google Adsense can use cookies and Web Beacons to trace users.

Facebook cookies: this website has some Facebook plugin that can trace the readers’ behaviors. For further information the page dedicated to Facebook privacy policy can be visited.

Third parties servers or advertisement networks servers may enter this blog. They use this technology to send announces to your browser through www.poderecadassa.it. Through your IP address they show you their best advertisement in accordance with your interests. Similar technologies such as cookies, web bacons and javascript can be used by advertisment networks of third parties to measure the efficacies of their advertising messages and to personalize the content of such messages.

The website www.poderecadassa.it and his administrator have no control on cookies used by third parties; for a better comprehension we suggest you should have a look at the privacy policies of these third parties and at the options to disable the collecting of such information. The administrator of this website cannot control the activities of the advertisers of this blog. However, it is possible to disable the cookies from the user’s own browser. www.poderecadassa.it does not use its own profiling cookies; those present are checked by third parties such as Google, Facebook or Twitter.

USE OF GOOGLE ANALYTICS AND STATCOUNTER OF THIS WEBSITE
As said, the Analytics Cookies are considered as technical cookies only for optimization purposes and if user’s IP are anonymous. We inform our user that this website uses the free service of Google Analytics and Statcounter. We remind you that data is used only to get details of the most visited pages, number of visitors, aggregate data of the visits according to the operating system, browsers, etc.
These parameters are stored in Google servers and statcounter, which regulates the Privacy. A user can disable Google Analytics or statcounter during the surfing by using the extra component for Chrome, Firefox, Internet Explorer, Opera and Safari.