(art. 13 EU Regulation 2016/679 – GDPR)
This information is valid for the website where it is hosted pursuant to art. 13 of EU Regulation 2016/679 (General Data Protection Regulation; hereinafter “GDPR”) and concerns the processing of personal data of the interested party carried out by the Professional in the exercise of his professional activity.
1. Data owner
The owner of the treatment of personal data is
IL RUSTICO SRL
Via Circonvallazione, 286
95041 Caltagirone (CT)
Personal data is collected and processed, both manually and through electronic systems, by the Data Controller and by personnel appointed for the following purposes: execution of the contract, pre-contractual measures and/or requests from the interested party; All in full compliance with the safety and confidentiality rules established by current regulations.
3. Legal basis
The legal basis of the processing, depending on the case, is at least one of the following: execution of the contract with the interested party and/or pre-contractual measures; pursuit of a legitimate interest of the owner or of third parties, provided that the interests and rights do not prevail; fulfillment of legal and regulatory obligations or any orders from the Authorities; exercise and/or defense of a right in the competent offices.
4. Provision of data.
The interested party can also contact the Data Controller by using the appropriate online form and/or by sending an email directly. In this case, the interested party voluntarily provides their data to the Data Controller, including their email address, in order to submit questions and/or be contacted.
The provision of personal data in relation to the execution of the contractual relationship and/or to the requests of the interested party is mandatory; any refusal will make it impossible to fulfill the requested services.
5. Methods of treatment
Personal data is processed with automated and non-automated tools, for the time strictly necessary to achieve the purposes for which it was collected. Personal data is not transferred to third parties. No data is disclosed.
Data processing takes place at the data controller’s office. The emails received from the User are also saved in hosting on the ARUBA Server, in Italy. The Professional can use cloud services of well-known providers (e.g. Google, Dropbox, Onedrive) which involve a transfer of data to the USA, authorized by the adequacy assessment of the European Commission and by the guarantees provided by the c.d. Privacy Shield.
The data stored on paper is stored in special registers and/or forms, the conservation of which is implemented by archiving in special containers, kept at the headquarters of the Data Controller. Adequate security measures are adopted against the risk of intrusion and unauthorized access, suitable for guaranteeing the integrity, availability and confidentiality of data, as well as the protection of relevant areas and premises for the purposes of their custody and accessibility.
6. Communication of data and categories of recipients
Personal data may be communicated to subjects (so-called “recipients”) for the purposes determined by the legal basis applicable from time to time.
In particular, personal data may be communicated to the following categories of subjects, all based within the European Union:
- subjects who provide services and assistance activities to the Data Controller in the management of relations with the interested parties (management of orders, payments, invoicing, shipping, site maintenance): necessary for the execution of the contract (contractual obligation; legitimate interest);
- people, companies, associations, professional firms that provide assistance and consultancy services in favor of the Data Controller (legal obligations and exercise or defense of a right);
- suppliers of the Data Controller: necessary for the execution of the contract (contractual obligation; legitimate interest);
- colleagues, domiciliaries, consultants and other professionals, in relation to the execution of the professional assignments received (contractual obligation; legitimate interest);
7. Processing logic and storage times
The data are processed with logic related to the aforementioned purpose, in order to guarantee the security and confidentiality of the data.
The data are stored at the headquarters of the Data Controller for a period of time not exceeding that necessary for the purposes for which they were collected and subsequently processed. In particular:
- in relation to the purpose of managing contractual relationships with the interested party: for the entire duration of the contract;
- in relation to the fulfillment of legal obligations: for the entire duration envisaged by the related obligations;
- in relation to the exercise and/or defense of a right: up to the statute of limitations of legal rights and actions.
The data will subsequently be deleted and/or made anonymous.
8. Rights of the interested party. Opposition to processing. Complaint.
The interested party can exercise the rights provided for by articles 15-22 of the GDPR towards the Data Controller, as applicable. In particular, he has the right to request access to data concerning him, updating, integration, rectification, cancellation, limitation, portability of data in open format (e.g. CSV), to revoke the consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation.
For legitimate reasons, the interested party may object, in whole or in part, to the processing of personal data (Article 21 of the GDPR), by sending the relevant request to the Data Controller by ordinary mail, by e-mail or by fax. In particular, the interested party has the right to object to the sending of commercial communications at any time.
Pursuant to art. 77 of the GDPR, the interested party also has the right to lodge a complaint with the Supervisory Authority of the Member State in which he habitually resides, in which he works or of the place where the alleged violation occurred. In Italy, the Guarantor for the protection of personal data, based in Rome (www.garanteprivacy.it), is competent.
9. Data collected automatically through the website. Cookies.
The Data Controller undertakes to protect the privacy of visitors and users.
The computer systems and procedures used to operate the Site acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and IT environment of the interested party.
These data are used for the sole purpose of obtaining anonymous information on the use of the Site, as well as to check its correct functioning. The data could be used to ascertain responsibility in the event of crimes being committed.