This page describes the methods used to manage the website in connection with the processing of personal data of the users who visit it.
Pursuant to Italian Legislative Decree no. 196 of 30 June 2003 of the "Code on the protection of personal data".
The data controller and supervisor is IL PALAZZO S.R.L. with head office in Via Gracco del Secco 14, 53034 Colle di Val d'Elsa (SI) - P.I. 01343600522 - C.F. 01343600522 - Email: firstname.lastname@example.org , which ensures compliance with regulations on the subject of personal data protection.
The personal data voluntarily provided by the users who visit the website shall be processed for the following purposes:
The IT systems and software procedures that control the functioning of this website acquire, during the course of their standard operation, some personal data the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected for the purpose of being associated with identified subjects, but due to its own nature, it may make it possible to identify users through processing and associations with data held by third parties.
This category of data includes IP addresses or domain names of the computers used by the users who connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the answer given by the server (success, failure, etc.) and other parameters pertaining to the user's operating system and IT environment.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to verify its proper functioning. The data could be used to ascertain responsibility in case of alleged IT crimes to the detriment of the website.
The optional, explicit and voluntary sending of e-mail messages to the addresses specified on this website entails the subsequent acquisition of the sender's address, which is necessary to reply to the inquiries, as well as any other personal information that may be included in the message.
Data shall be processed either manually or with the use of IT and telematic means, by way of regular or electronic mail. The data shall be stored in paper files or on electronic media for the time that is strictly necessary for the purpose of achieving the aims for which it was collected.
Specific safety measures are adopted to prevent data loss, illegal or incorrect data use or unauthorised access.
Aside from what specified for navigation data, the data subject is free to provide the personal data requested by the various services available on the website. Failure to provide said data may make it impossible for the data subject to obtain that which was requested.
The data subject is entitled, at any time, to object to the processing or to request the cancellation, modification or update of all personal information in our possession, by sending an e-mail to the following address: email@example.com
1. The data subject is entitled to obtain confirmation as to whether or not personal data relating to them is held, even if it has yet to be recorded, and notification of the same data in an intelligible form.
2. The data subject is entitled to obtain information about:
3. The data subject is entitled to obtain:
4. The data subject is entitled to object, in full or in part:
1. The rights referred to in Article 7 can be exercised by submitting an informal request to the Data Controller or Supervisor, including through an appointed person, which is given an adequate response without delay.
2. The rights referred to in Article 7 may not be exercised through a request to the Data Controller or Supervisor or through an appeal under Article 145, if the processing of personal data is carried out:
3. The Italian Data Protection Authority, including as a result of a report by the data subject, in the cases referred to in paragraph 2, letters a), b), d), e) and f), shall take action according to the methods provided for in Articles 157, 158 and 159 and, in the cases referred to in c), g) and h) of the same paragraph, shall take action according to the manner provided for in Article 160.
4. The exercise of rights under Article 7, when not pertaining to objective data, can take place unless it concerns rectifications of or additions to personal evaluation data, relating to judgments, opinions or other assessments of a subjective type, as well as the indication of the type of conduct to be held or of decision-making activities by the Data Controller.
1. The request may be sent to the Data Controller or Supervisor by way of registered letter, fax or e-mail. The Italian Data Protection Authority may specify other suitable methods with regard to new technological solutions. When it concerns the exercise of rights referred to in Article 7, paragraphs 1 and 2, the request may also be made verbally and, in that case, briefly noted down by the person in charge or data supervisor.
2. When exercising the rights referred to in Article 7, the data subject may grant, in writing, power of attorney or proxy to individuals, institutions, associations or organizations. The data subject may also be assisted by a person of trust.
3. The rights referred to in Article 7 relating to personal data of deceased persons may be exercised by those who have an interest, or act to protect the data subject or for family reasons deserving protection.
4. The data subject's identity shall be verified on the basis of suitable evaluation elements, including by means of available records or documents or by producing or attaching a copy of an identification card. The person who acts on behalf of the data subject exhibits or attaches a copy of the power of attorney or of the proxy, signed in the presence of an appointed person or signed and submitted with a photocopy of an identity document of the data subject. If the latter is a legal person, entity or association, the request is filed by a natural person authorised by their respective statutes or regulations.
5. The request referred to in Article 7, paragraphs 1 and 2, is made freely and without obligation, and may be renewed, unless there are justifiable reasons, at least every ninety days.
1. To ensure the effective exercise of the rights referred to in Article 7, the Data Controller is required to take appropriate measures aimed, in particular, at:
2. The data is extracted by the Data Supervisor or persons in charge, and can be verbally communicated to the data subject, or displayed by electronic means, provided that in such cases the data is easily understandable, also considering the quality and quantity of information. If so requested, the data is transferred on paper or entered in a computer system, or else transmitted via telematic means.
3. Unless the request is related to a particular processing or to specific personal data or categories of personal data, the reply sent to the data subject shall include all the personal data concerning the latter in any event processed by the Data Controller. If the request is made to an operator of the health profession or a medical body, the provision set forth in Article 84, paragraph 1 is complied with.
4. Should the data extraction be particularly difficult, the reply to the request of the data subject may also consist in producing or delivering copies of records and documents containing the requested personal data.
5. The right to obtain data communication in intelligible form does not apply to personal data pertaining to third parties, unless the breaking down of the processed data or the failure to obtain certain elements make the personal data relating to the data subject incomprehensible.
6. Data shall be communicated in intelligible form also by using legible handwriting. In case of communication of codes or abbreviations, the criteria needed for understanding their meaning are also made available, including through the persons in charge.
7. Where, following a request under Article 7, paragraphs 1 and 2, letters a), b) and c), the existence of data regarding the data subject cannot be confirmed, a fee may be charged which shall not exceed the cost actually incurred for the research done in the specific case.
8. In any event, the fee referred to in paragraph 7 may not exceed the amount determined by the Italian Data Protection Authority through a measure of a general nature, which may determine it to be a lump sum in connection with the case where the data is processed using electronic means and the reply is provided verbally. Through the same measure, the Italian Data Protection Authority may provide for the fee to be charged if the personal information is contained on special media the reproduction of which is specifically requested, or when, at one or more Data Controllers, considerable effort would be required in relation to the complexity or size of the requests and the existence of data that concerns the data subject is confirmed.
9. The fee referred to in paragraphs 7 and 8 may also be paid by postal or bank transfer, or by debit or credit card, if possible upon receiving the relevant reply and, in any event, within fifteen days of said reply.