1) Data controllers
The Data Controller, in accordance with Articles 4 and 24 of EU Reg. 2016/679, is:
- Winner Italia s.r.l - Via Bruno Pontecorvo, 4 – 00012 Rome, Italy
- Email address: firstname.lastname@example.org
2) Type of data processed
Personal data is any information concerning an interested party, with particular reference to an identifier such as first name, last name, email address - see Art. 4, para. 1, no. 1 GDPR. Processing of personal data means: "any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or set of personal data, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction". Data subject means: “identified or identifiable natural person”.
The Owner will process some personal data of users who interact with the computer systems and software procedures used to operate the site. In particular, the navigation data that the computer systems automatically acquire during the use of the site will be processed, such as IP address, domain names and browser types that are not accompanied by any additional personal information and are used to obtain anonymous statistical information on the use of the site, needs to control the methods of use of the same; as well as to ascertain responsibility in case of hypothetical computer crimes.
Data provided voluntarily by the user
If users/visitors, by connecting to this site, send their personal data to access certain services, or to make requests by e-mail, they are aware that this entails the acquisition by the Owner of the sender's address and/or any other personal data that will be processed exclusively to respond to the request, or to provide the service. The personal data provided by users/visitors will be communicated to third parties only if the communication is necessary to comply with the requests of the users/visitors or for legal obligations (as in the case of invoicing).
3) Purpose and legal basis of the processing
The personal data provided, will be processed in compliance with the conditions of lawfulness ex art. 6 EU Reg. 2016/679 for the following purposes: navigation in this website; booking any appointments, services and related activities (internal organizational activities and functional activities to the fulfillment of contractual and pre-contractual obligations) - art. 6 letter f) EU Reg. 2016/679 as the legal basis of the treatment.
The processing of data is based on Article 6(1)(f) (recital 47), taking into account the reasonable expectations of the data subject at the time and in the context of the collection of personal data, where the data subject can reasonably expect processing to take place for that purpose.
Your data is also stored in order to send you general information, communications of updates, news and promotions of our services and products only.
4) Methods of treatment
The personal data subject to processing are:
- processed lawfully and fairly;
- collected and recorded for specific, explicit and legitimate purposes, and used in other processing operations compatible with such exact purposes and, if necessary, updated;
- relevant, complete and not excessive in relation to the purposes for which they are collected or subsequently processed;
- the adoption of all appropriate measures to ensure the confidentiality and security of your personal data is provided for, which, together with the request made, will arrive in the form of an email to our address email@example.com. Your data may be kept in our archives for future communications;
- kept in a form that allows the "identification of the person concerned" for a period of time not longer than necessary, for the purposes for which they were collected or subsequently processed.
5) Recipients of the data
The personal data provided will be communicated to recipients, who will process the data as data controllers (art. 28 of EU Reg. 2016/679) or as natural persons acting under the authority of the Owner and the Manager (art. 29 of EU Reg. 2016/679), for the purposes listed in point 3 above. Specifically, the data will be communicated to:
- subjects involved in the website business organization (administrative, commercial, marketing, legal, system administrators);
- external subjects (such as third party technical service providers, carriers, hosting providers, cloud services, IT companies, communication agencies) who may be appointed as external managers;
- authorities competent to comply with legal obligations and/or provisions of public bodies, upon request.
The subjects belonging to the above categories play the role of Data Protection Officer, or operate in total autonomy as separate Data Controllers. The list of Data Protection Officers is constantly updated and available at the registered office in Via Bruno Pontecorvo, 4 – 00012 Rome, Italy and may always be requested from the Data Controller, by contacting the email address indicated above.
6) Conservation period or criteria
Data processing will be carried out automatically and/or manually, with methods and tools aimed at ensuring maximum security and confidentiality, by subjects specifically appointed for this purpose. In compliance with the provisions of art. 5 paragraph 1 letter e) of EU Reg. 2016/679, the personal data collected will be stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed. The storage of personal data provided depends on the purpose of processing and the user may view the purpose by consulting the Data Retention Policy of the Data Controller.
7) Scope of data communication
The data provided will be processed exclusively by subjects explicitly appointed with automated tools and may be communicated to third parties only if this is necessary for the provision of the service and/or product requested.
8) Security measures
The personal data subject to processing are stored and controlled, also in relation to the knowledge acquired as a result of technical progress, the nature of the data and the specific characteristics of the processing, so as to minimize, through the adoption of appropriate and preventive security measures, the risks of destruction or loss, even accidental, of the data, unauthorized access or treatment not allowed or not in accordance with the purposes of collection.
9) Nature of provision and refusal
The provision of data is optional. Specifically, the provision of data for the purposes of navigation and booking services is necessary in order to pursue your legitimate interest or your legitimate expectation to receive feedback from the owner and book a service. Failure to provide the data will make it impossible to offer you the requested service and to process your request.
10) Rights of data subjects
You may exercise your rights as expressed in Articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, by contacting the Data Controller, or the Data Processor, pursuant to Article 38 paragraph 4, at firstname.lastname@example.org. The user has the right to:
- obtain the updating, rectification and integration of personal data;
- obtain the cancellation, transformation into anonymous form or blocking of data processed in violation of the law;
- oppose in whole or in part the processing of personal data concerning him/her for legitimate reasons, even if relevant to the purpose of collection;
- oppose the processing of personal data concerning him/her for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication;
- obtain confirmation or not of data concerning him, even if not yet recorded, and their communication in an intelligible form;
- obtain an indication of the origin of the personal data, purposes and processing methods, the logic applied in case of processing carried out with the aid of electronic instruments, the identity of the owner and manager and the subjects or categories of subjects to whom the data may be communicated or who can learn about them as managers or appointee
Without prejudice to any other administrative and judicial remedy, if you consider that the processing of data concerning you violates the provisions of EU Reg. 2016/679, pursuant to art. 15 letter f) of the aforementioned EU Reg. 2016/679, you have the right to lodge a complaint with Data Protection Authority and, with reference to art. 6 paragraph 1, letter a) and art. 9, paragraph 2, letter a), you have the right to revoke your consent at any time. In the case of a request for data portability, the Data Controller will provide you with your personal data in a structured, commonly used and readable format, by automatic device, without prejudice to paragraphs 3 and 4 of Article 20 of EU Reg. 2016/679.