we inform you that your personal data will be processed in compliance with current privacy legislation and will be based on principles of correctness, lawfulness, transparency and data protection. To this end, in compliance with the provisions of article 13 of the European Regulation 2016/679 (GDPR), we indicate below the general information regarding the processing of personal data carried out through this website, further specific information will be presented where necessary directly in the web pages where data will be collected to be able to provide any type of service.
This information refers exclusively to the data of those who interact with the services accessible starting from the home page www.quarantalocatelli.it (the site), without extending to the other websites eventually reached by the user through the links on the site.
Contact details of the Data Controller and the DPO
The data controller is A. Quaranta Locatelli with registered office in via Domenico Morelli, 55, 80121 Napoli.
The owner, in accordance with the GDPR, has designated the Data Protection Officer (DPO), which you can contact to request explanations about this Statement or exercise the rights provided by the legislation on personal data protection described in the following text. To contact the DPO you can use one of the following means:
- by email: firstname.lastname@example.org
- by ordinary mail: Via Domenico Morelli, 55 80121 Naples
- +39 081 0320329
For any communication with respect to the DPO, you must include your contact details in the request, which are essential to be able to identify and contact you.
Type of data processed
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or the domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
This information is not collected to be associated to identified parties, as the data is used only to obtain anonymous statistical information on the use d el site and to check its correct functioning, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.
It should be noted that the data could be used by the competent authorities to ascertain responsibility in case of hypothetical computer crimes.
Data provided voluntarily by the user
To access some services reserved for users, it is necessary to register and enter some personal data. some identifying data is necessary in order to authenticate and verify the legitimacy of access, at the different levels of the reserved areas, to the subjects accessing it. Under no circumstances will sensitive or judicial data be processed.
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, and any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.
- The data you provide may be processed to:
- carry out the operations strictly necessary to proceed with the provision of any services requested by you, between these included browsing the site’s pages,
- the provision of technological services (mailing lists, newsletters, remote and local assistance and maintenance, etc.), also by specifically authorized third parties,
- activities imposed by laws, regulations or provisions for the execution of commercial orders;
- statistical processing of aggregated data in relation to site performance;
- send advertising and / or commercial proposals based on the profiling of your data, implemented to highlight information and commercial proposals tuned to the interests you have expressed by accessing the pages and using the services available on this site.
In the pages of the site where your personal data are explicitly collected, you will find reported the additional privacy information as necessary, as well as the methods for acquiring your consent in cases where the owner uses this legal basis of treatment.
Your personal data will be processed on the basis of one or more of the following conditions. In particular, the treatments carried out for the purposes described above, which concern:
- point 1 and point 2, have as their legal basis the need to execute their express requests to receive a service directly available through the site: it is therefore a question of providing data strictly necessary and connected to a pre-contractual and / or contractual phase or functional to respond to a specific request, as such, the data collected from time to time are mandatory and, if it does not intend to provide them, it will not be possible to provide the service or provide a response to what you requested;
- point 3, will have as their legal basis the need to comply with a legal obligation such as the obligation to implement security measures required by specific laws of the banking / financial sector applicable to certain services provided through the site and how these data and related treatments are mandatory;
- point 4, in the case of anonymized data, ie data from which it is not possible to re-identify, even indirectly, a natural person, such data are no longer personal data, therefore the relative treatments are subtracted from the application of the privacy legislation and it is not necessary a particular legal basis.
Furthermore, if you are under the age of 16, for the processing of your data for these purposes it will be necessary to collect the authorization from the holder of the parental responsibility towards you.
Where the owner can make use of another legal basis (legitimate interest, public interest), he will be provided with a specific and specific Information Note.
Treatment modalities, safety measures and storage times
All data will be processed mainly in electronic form. Personal data and any other information that can be associated, directly or indirectly, to a specific user, are collected and processed by applying technical and organizational security measures such as to guarantee an adequate level of security for the risk, taking into account the state of the art and of implementation costs, or, where applicable, security measures prescribed by specific legislation such as by way of non-exhaustive example: measures provided for by applicable provisions issued by the Authority for the protection of personal data or by regulations and specific regulations for the banking sector / financial and will be accessible only to specifically authorized personnel.
With reference to the aspects of protection of personal data, you are invited, pursuant to art. 33 of the GDPR to inform the owner of any circumstances or events from which a potential “breach of personal data (data breach)” may arise, in order to allow an immediate assessment and the adoption of any actions aimed at countering this event, by sending a communication to email@example.com. Please note that for violation of personal data we mean “the security breach that accidentally or illegally involves the destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed”.
The measures adopted by the owner do not exempt the user / customer from paying the necessary attention to the use, where required, of a password / PIN of adequate complexity, which he will have to update periodically as well as carefully guard and make inaccessible to others, in order to avoid improper and unauthorized uses.
The personal data processed will be stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which they are processed, except for the need to keep them for a longer period following requests by the Authorities competent in matters of prevention and prosecution of crimes or, in any case, to assert or defend a right in court.
Categories of Recipients of personal data
Personal data will be processed by specifically authorized personnel on the part of the owner as well as by third parties, possibly even established in foreign countries with respect to the European Union, only if this is necessary for operational and maintenance needs of the site and the services made available through the site itself, without prejudice to any obligations envisaged by legal provisions (eg: inspections of the tax authority). In no case will they instead be disclosed to the public.
As envisaged by the GDPR, the holder shall appoint the third-party companies that carry out all or part of the activities in question exclusively on behalf of the owner as personal data processing managers. In the case of involvement of third parties established in foreign countries with respect to the European Union, for the relative transfer of data abroad appropriate guarantees are adopted corresponding to the adequacy decisions issued by the European Commission and / or by the National Guarantor Authority for the protection of personal data from time to time appropriate to the case.
Further information regarding the cases of possible transfers of data to foreign countries with respect to the European Union and the relative guarantees adopted, as well as information regarding the companies appointed as managers of personal data processing, can be requested from the DPO.
The personal data provided by users who request dispatch of informative material (various documentation, reports, answers to questions, publications, etc.) are used for the sole purpose of performing the service or provision requested and are communicated to third parties only in the case in which this is necessary for this purpose (example: delivery service of the publications).
Rights of interested parties
In relation to the processing of your personal data carried out through this site, at any time, as an interested party you can exercise the rights provided by the GDPR. In particular, it may:
- access your personal data, obtaining evidence of the purposes pursued by the owner, the categories of data involved, the recipients to whom they may be communicated, the applicable retention period, the existence of automated decision-making processes, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and possible consequences for the data subject, where not already indicated in the text of this Information;
- obtain the correction of inaccurate personal data concerning you without delay;
- obtain, in the cases provided for by law, the cancellation of your data;
to obtain the limitation of the processing or to oppose the same, when admitted based on the provisions of the law applicable to the specific case;
- in the cases provided for by law, request the portability of the data you have provided to the owner, ie to receive them in a structured format, commonly used and readable by an automatic device, and also request to transmit such data to another holder, if technically doable;
- if deemed appropriate, lodge a complaint with the supervisory authority.
For the processing of personal data for which the legal basis is consent, you can always revoke it and in particular exercise the right to object to direct marketing.
To exercise these rights, simply contact the DPO by referring to the contact details given at the beginning of this Statement.