Premise
Lo Russo Alessandro, with registered office in Grinzane Cavour (CN) – Via Parea no. 2/A (hereinafter the “Data Controller”), is constantly committed to protecting the privacy of its users.
This document has been prepared pursuant to Article 13 of EU Regulation 2016/679 (hereinafter the “Regulation”) as per the implementing decree no. 101/2018, in order to inform you about our privacy policy and, if applicable, to obtain your explicit and informed consent to the processing of personal data.
According to the rules of the Regulation, the processing carried out by the Data Controller will comply with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality.
Contents
-
Data Controller and Data Protection Officer
-
Data subject to processing
a. Browsing data
b. Data voluntarily provided by the data subject
c. Data processed through interaction with social networks
d. Cookies -
Purpose of the processing
-
Legal basis and mandatory or optional nature of the processing
-
Recipients of personal data
-
Transfers of personal data
-
Retention of personal data
-
Rights of the data subject
-
Automated decision-making and profiling
1. Data Controller and Data Protection Officer
The Data Controller for the processing carried out through this website is Lo Russo Alessandro, sole proprietorship, as defined above. For any information regarding the processing of personal data, you may write to the following address: al.lorusso@libero.it.
The Data Controller does not have a Data Protection Officer (DPO) as the conditions required by EU Regulation 2016/679 for mandatory appointment are not met.
2. Data subject to processing
By browsing the site, please be informed that the Data Controller will process personal data, which may include identifiers such as your name, identification number, online identifier (hereinafter referred to as “personal data” only). Examples of processed data include name, address, username, email address, phone number, or the IP address of the device used, browsing preferences, i.e. information on how you use the site, including your similarity in consumption behavior with other users, as well as your online service preferences.
a. Browsing data
The IT systems and software procedures responsible for the operation of the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. These data are not associated with identified individuals but, by their nature, could, through processing and association with data held by third parties, allow user identification.
b. Data processed through interaction with social networks
Your personal data may be processed – also when this feature is enabled – through your Facebook profile.
c. Cookies
For details on cookies, please refer to the Cookie Policy available.
3. Purpose of the processing
This site will use your personal data for the following purposes:
a. To enable browsing of the site and provision of the services you request. Generally, all activities connected to the execution of a relationship with the Data Controller; responding to and fulfilling information requests, activities connected to sending communications about the availability of a service provided by the Data Controller;
b. To comply with any obligations provided by applicable laws, regulations, or EU legislation, or to meet requests from authorities;
c. For the purpose of preventing fraud committed through the use of the site and services offered and to allow the Data Controller to defend itself in court.
4. Legal basis and mandatory or optional nature of the processing
The legal bases used by the Data Controller to process your personal data according to the purposes indicated above are as follows:
a. Provision of service: processing your personal data for this purpose is necessary to provide you with services and to respond to your requests. The legal basis for processing is Article 6(1)(b) of the Regulation. Providing your data for this purpose is optional but if not provided it will not be possible to deliver the services offered through the site or respond to your requests if you do not fill in the mandatory fields;
b. Compliance: processing your data for this purpose is necessary so that the Data Controller can fulfill any legal obligations or meet requests from authorities. This processing is based on Article 6(1)(c) of the Regulation. This may involve the retention and communication of your personal data to authorities for accounting, tax, or other obligations;
c. Communication to third parties: processing your personal data for this purpose is based on your consent pursuant to Article 6(1)(a). Providing your personal data is therefore entirely optional and does not affect the use of services;
d. Abuse/Fraud: processing for this purpose is based on Article 6(1)(f) of the Regulation, personal data will be used to prevent and/or identify possible fraudulent activities or abuses in the use of the site and services and allow the Data Controller to defend itself in court.
5. Recipients of personal data
In relation to the above purposes, data may be communicated to the following persons and/or categories of persons indicated below, or may be communicated to companies and/or individuals providing services, including external services, on behalf of the Data Controller. These include, for clarity but not limited to: persons – internal or external to the company – providing IT and telecommunication services for managing the IT system used by the Data Controller and telecom networks, persons who the Data Controller may appoint as data processors; competent authorities and/or supervisory bodies to fulfill legal obligations; affiliated companies, subsidiaries, or companies contractually linked to the Data Controller.
6. Transfers of personal data
Some of your personal data may be shared with recipients located outside the European Economic Area. Nevertheless, it is assured that the processing of your personal data by these recipients complies with the Regulation. Transfers may be based on an adequacy decision, Standard Contractual Clauses approved by the European Commission, or other appropriate legal basis.
7. Retention of personal data
We inform you that, pursuant to Article 5 of the GDPR, respecting the principles of lawfulness, purpose limitation, storage limitation, and data minimization, your data will be retained as required by law and for the time necessary to carry out the activities related to the above purposes within legal terms.
8. Rights of the data subject
Pursuant to Articles 15 and following of the Regulation, you have the right to request from the Data Controller, at any time, access to your personal data, rectification or erasure of the same or to object to their processing, you have the right to request the restriction of processing as provided in Article 18 of the Regulation, as well as to obtain your data in a structured, commonly used, and machine-readable format in the cases provided in Article 20 of the Regulation.
You may exercise the rights listed above by sending a request to the email address above;
We will confirm receipt of your request and provide you with information regarding the communication received within 1 (one) month of receiving the request. If necessary, and considering the complexity and number of requests, this period may be extended by 2 (two) months, with a motivated communication sent within 1 (one) month from receipt of the request.
Any correction, deletion, restriction, or opposition will be communicated to all recipients as identified under Article 4(1)(9) of the GDPR, unless this proves impossible or involves a disproportionate effort.
Following your request for rectification, deletion, restriction, or opposition, if the Data Controller has reasonable doubts about your identity, further information will be requested to confirm it. Such communications will be sent by email.
If the Data Controller does not comply with your request within 1 (one) month of receipt, you will be informed of the reasons for non-compliance and informed of your right to lodge a complaint with the supervisory authority (Data Protection Authority), as specified under Article 13(2)(d) and governed by Articles 77 et seq. of the GDPR.
9. Automated decision-making and profiling
The Data Controller informs you that, for the purposes of processing your personal data, it does not use automated decision-making processes, i.e., those aimed at making decisions based solely on technological means according to predetermined criteria (i.e., without human involvement). The Data Controller does not carry out profiling activities, meaning those aimed at using your personal data to analyze or predict aspects concerning professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements, etc. For more information, please refer to the specific Cookie Policy.
.