This section contains information on the website management in relation to the processing of the data of users who consult it.
Our policy is also compliant with art. 13 of Legislative Decree n. 196/2003, Code on the protection of personal data, and with art. 13 of EU Regulation n. 2016/679 on the protection of individuals in relation to the processing of personal data as well as to the free circulation of such data, for those who interact with CITTERIO SPA web services and is available on the homepage of www.citteriospa.com.
This policy is valid only for CITTERIO SPA website and not for any other website that the user might visit through links contained therein.
The purpose of this document is to provide information on the methods, timing and nature of the information that data controllers must provide to users upon their connection to citteriospa.com regardless of the purpose of the connection itself, in full compliance with Italian and European laws.
This policy may be subject to changes due to the introduction of new rules on this matter, and the user is therefore invited to consult the rules on this page.
If the user is under the age of sixteen, pursuant to art. 8(1) of EU regulation 2016/679, he/she will have to provide his/her consent through the authorisation of his/her parents or guardian.
II- DATA PROCESSING
1. Data controller
Data controller: the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. He/She is also in charge of safety profiles.
With reference to this website, the data controller is CITTERIO SPA and for any clarification or exercise of the user’s rights, the data controller can be reached at the following email address: firstname.lastname@example.org
2. Data Processor
The data processor is a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller.
Based on Article 28 of EU Regulation no. 2016/679, upon the appointment of the data controller, the data processing manager of the website citteriospa.com is: CITTERIO SPA
Place of data processing
The processing of data generated by the use ofcitteriospa.com takes place at CITTERIO SPA at the address via Don G. Brambilla 16/18 – 23844 Sirone – Italy
If necessary, the data connected to the newsletter service can be processed by the data processor or subjects appointed for this purpose at the relevant office.
III – COOKIES
1. Types of cookies
A cookie consists of a reduced set of data transferred from a web server to the user’s browser and can only be read by the server that transferred it. It does not contain executable code and does not transmit viruses.
Cookies do not record any personal information and no identifiable data will be stored. The user can prevent the saving of some or all cookies. However, this choice may affect the use of the site and the services offered. To proceed without changing the cookie options, simply continue browsing.
The types of cookies used by the website are listed in the following:
Many different technologies are used to store information on the user’s computer, information that are then collected by other sites. Among these technologies, the best known and most used is HTML. Technical cookies are used for navigation and to facilitate access to and use of the site by the user. They are necessary to transmit communications on the electronic network or for the supplier to provide the service requested by the customer.
Settings that manage or disable COOKIES may vary, depending on the internet browser used. In any case, the user can manage or request the general disabling or deletion of cookies by changing the settings of his/her internet browser. Disabling the cookies, yet, may slow down or prevent access to some sections of the website.
The use of technical cookies allows safe and efficient use of the website.
The COOKIES that are inserted in the browser and retransmitted through Google Analytics or through the blogger statistics or similar service, are technical cookies only if they are used for the purpose of optimizing the website directly by the website owner, who can collect information in aggregate form on the number of users and their navigation behaviour. Under these conditions the same rules required for technical cookies apply to analytics COOKIES, as regards disclosure and consent.
Duration-wise, we can distinguish between temporary session cookies, which are automatically deleted at the end of the browsing session and are used to identify the user and therefore avoid logging in to each page visited, and permanent ones, that remain active on the PC until they expire or are removed by the user.
Session cookies may be installed in order to allow the user to access and remain in the portal reserved area as an authenticated user.
They are not permanently stored, but only for the duration of the navigation session, until the browser is closed, and they disappear as soon as the browser is closed. Their use is limited to the transmission of session identifiers composed of random numbers generated by the server, necessary to allow safe and efficient exploration of the website.
Cookies of third parties
Depending on their origin, we can distinguish between cookies sent to the browser directly from the website being visited and those of third parties, sent to the computer from other websites, and not from the website being visited.
Permanent cookies are often cookies of third parties.
Most third-party cookies consist of tracking cookies used to identify the user’s online behaviour, understand their interests and then customise targeted advertising proposals.
Analytical third-party cookies may be installed. They are sent from the said third parties’ domains, external to the website.
Third-party analytical cookies are used to detect information on the user’s behaviour on citteriospa.com. This detection occurs anonymously, in order to monitor the website performance and improve its usability. Third-party profiling cookies are used to create user-related profiles on www.citteriospa.com, in order to propose advertising messages that are aligned with the choices made by the users themselves.
The use of these cookies is governed by the rules established specifically by the third parties involved. Therefore, users are invited to read the privacy policies and indications in order make their choice on managing or disabling the cookies published on the related web pages.
These are permanent cookies designed to create user-related profiles in order to send advertising messages in line with the preferences expressed by the User during his/her Internet navigation.
When these types of COOKIES are used, the user must provide explicit consent.
Article 22 of EU Regulation 2016/679 and Article 122 of the Data Protection Code will apply.
IV- DATA PROCESSED
1. Data processing methods
Like all websites, this site also makes use of log files where automatically collected information is stored during the user’s visits. The information collected could be as follows:
Internet Protocol address (IP);
Type of browser and parameters of the device used to connect to the website;
Name of internet service provider (ISP);
Date and time of the visit;
Web page of origin of the visitor (referral) and exit page;
Possibly, the number of clicks.
The above-mentioned information is treated in an automated form and is only collected in aggregated form to verify the correct functioning of the website and for security reasons. This information will be treated based on the legitimate interests of the subject.
For security purposes (anti-spam filters, firewalls, virus detection), automatically recorded data might also include personal data such as the IP address, that could be used, in compliance with the relevant laws in force, in order to block attempts to damage the website itself or to cause damage to other users or activities that are harmful or represent a crime. Such data are never used for the identification or profiling of the user, but only with the aim of protecting the website and its users: this information will be used based on the legitimate interests of the subject.
The information that website users choose to make public through the services and tools made available to them, are provided by the user knowingly and voluntarily, relieving this website from any liability that may arise from any breach of the law. It is the user’s responsibility to make sure he/she has permission to enter third parties’ personal data or any content protected by national and international rules.
2. Purposes of Data Processing
The data collected by the website through its operation are used exclusively for the purposes indicated above and retained for the time strictly necessary to carry out the specified activities and, in any case, for no more than 2 years.
The data used for security purposes (to block attempts to damage the site) shall be retained for the time needed to carry out the purpose indicated above.
3. Data provided by the user
As indicated above, upon the sending of optional, explicit and voluntary e-mails to the addresses indicated on this website, the sender’s address, necessary to respond to requests, will be acquired, as well as any other personal data included in the message.
Specific summarised information will be progressively reported or displayed on the website pages intended for specific services on request.
4. Support in configuring the user’s browser
Users can also manage cookies through the settings of their browser. However, deleting the cookies from the browser could also remove the preferences set for the website. For further information and support, please visit the specific help page of the web browser you are using:
The collection and use of information obtained through the plug-ins are governed by the respective privacy policies of the social networks. Please refer to the following pages:
Article 13 par. 2 of UE regulation 2016/679, lists the rights of the data subject.
Therefore, this website, citteriospa.com, intends to inform the user about the existence of:
the right of the data subject to obtain from the controller access to his/her personal data (Article 15 of EU regulation) and their update (Article 7, par. 3, letter a of Legislative Decree no. 196/2003), rectification (Article 16 of EU regulation) and integration (Article 7, par. 3 letter a of Legislative Decree no. 196/2003), limitation of the processing that concerns him/her (Article 18 EU Regulation) or to oppose, for legitimate reasons, to such processing (Article 21 EU Regulation), besides the right to data portability (Article 20 EU Regulation);
the right to erasure (Article 17 EU Regulation), anonymisation or blocking unlawfully processed data, including data whose retention is not necessary for the purposes for which the data were collected or subsequently processed (Article 7 par. 3, letter b of Legislative Decree 196/2003);
the right to obtain certification that the updating, rectification, integration, cancellation, blocking, transformation operations on data have been brought to the attention, also as regards their content, of those to whom such data have been communicated or disclosed, except where this fulfilment proves to be impossible or involves the use of means that are manifestly disproportionate to the protected right (Article 7 par. 3, letter c of Legislative Decree 196/2003).
Requests can be sent to the data controller at the above-mentioned email address (without formalities) or through the template provided by the Data Protection Commissioner.
If the processing is based on Article 6, paragraph 1 letter a – express consent to use – or on Article 9 paragraph 2 letter a – express consent to the use of genetic, biometric, health-related data, revealing religious, philosophical beliefs or trade union membership, racial or ethnic origin, political opinions – the user has the right to withdraw his/her consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.
Likewise, in the event of a violation of the law, the user has the right to file a complaint with the Data Protection Commissioner, as the authority responsible for monitoring the processing in the Italian State.
For a more detailed examination of the user’s rights, please refer to Article 5 et seq. of EU Regulation 2016/679 and Article 7 of Legislative Decree 196/2003.
VI – OBLIGATIONS
The data controller shall notify the Data Protection Commissioner about the data that he/she intends to process, only if the processing involves:
genetic or biometric data, or data that communicate the geographical location of people or objects via an electronic communication network;
data that disclose information on the subject’s state of health and sexual life, processed for the purposes of assisted procreation, provision of health services electronically relating to databases or the supply of goods, epidemiological investigations, detection of mental, infectious and diffusive diseases, seropositivity, organ and tissue transplantation and monitoring of healthcare expenses.
data that disclose information on the subject’s sexual life or his/her psychic sphere, processed by associations, non-profit entities and organizations, even if not recognized, or of political, philosophical, religious or trade union nature;
data processed with the aid of electronic tools aimed at outlining the profile or personality of the data subject or at analysing consumption habits and choices or at monitoring his/her use of electronic communication services with the exclusion of processing that is technically essential to provide such services to users;
sensitive data stored in databases for recruiting purposes on behalf of third parties as well as sensitive data used for opinion polls, market research and other sample research;
data stored in specific databases managed by means of electronic tools and related to risks on economic solvency, the financial situation, the fulfilment of obligations or to unlawful or fraudulent behaviour.
VI – SAFETY OF THE DATA PROVIDED
This website processes users’ data in lawful and correct manner, adopting appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of data. Processing is carried out using IT and/or telematic tools, applying organisation methods and logics that are strictly related to the indicated purposes.
In addition to the data controller, in some cases, categories of employees involved in the website management (administration, marketing, sales department, legal office, system administrators) or external subjects (such as suppliers of third-party technical services, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data.