Art. 13 EU Reg 2016/679
2) Data controller’s identification
ASCOM BERGAMO CONFCOMMERCIO Via Borgo Palazzo, 137 -24125- Bergamo, tel 035 4120111, e-mail: firstname.lastname@example.org
- a) Joint data controller’s identification
BREMBO VIAGGI SRL Via Pontesecco, 7-24010- Ponteranica (BG), Tel. 035.575431, e-mail: email@example.com
3)Type of data processed
In addition to browsing data, common personal data voluntarily provided by the user when interacting with the Site’s functions or services or contact channels may be processed. In compliance with the Privacy Code, ASCOM BERGAMO CONFCOMMERCIO may also collect your personal data from third parties in the course of its business. The data controller will process the data in order to organise and manage the experience you have requested.
4) Browsing data
Computer systems and software procedures used to operate the website acquire, during their normal operation, some data, whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category includes the IP addresses or domain names of the computers used to connect to the site, the URI notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.). This data could be used to ascertain liability in the event of hypothetical computer crimes to the detriment of the site and is retained by the TLC providers (in this case, the hosting company) for 72 months in accordance with European legislation.
5) Personal data retention
Personal data is stored and processed through IT systems owned by ASCOM BERGAMO CONFCOMMERCIO, managed by ASCOM BERGAMO CONFCOMMERCIO or owned by third party suppliers of technical and electronic services;
6) Purposes and methods of data processing
ASCOM BERGAMO CONFCOMMERCIO may process the user’s common personal data for the following purposes: site service and function users, management of requests and reports from its users.
Personal data is processed electronically and entered into the company’s information system in full compliance with EU Reg 2016/679, including security and confidentiality profiles, and inspired by the principles of fair and lawful processing. In accordance with EU Reg 2016/679, data is kept and stored for the time required by industry regulations (for browsing data) and by the Civil Code (Art. 2214 10 years) for data contained in correspondence.
7) Security and quality of personal data
ASCOM BERGAMO CONFCOMMERCIO undertakes to protect the security of the user’s personal data and complies with the security provisions laid down by the applicable legislation in order to prevent loss of data, illegitimate or unlawful use of data and unauthorised access to the same
Furthermore, the information systems and computer programmes used by ASCOM BERGAMO CONFCOMMERCIO are configured in such a way as to minimise the use of personal and identification data; such data is only processed to achieve the specific purposes pursued from time to time.
. The user can help ASCOM BERGAMO CONFCOMMERCIO to update and keep their personal data correct by communicating any changes to their address, job title, contact information, etc.
8) Scope of communication and access to data
Your personal data may be communicated to:
- all persons to whom the right of access to such data is recognised by virtue of regulatory provisions;
- to our collaborators, employees, within the scope of their duties;
- to all those natural and/or legal, public and/or private persons when such communication is necessary or functional for the performance of our business and in the manner and for the purposes set out above;
9) Nature of the provision of personal data
The provision of certain personal data by the user is optional but serves to enable the Company to manage communications, requests received from the user or to re-contact the user in order to follow up on his or her request. failure to provide such data will not entail any consequences for the user.
10) Rights of the data subject
According to the Regulation (Art. 15-22), the data subject may exercise the following rights vis-à-vis the data controller/controllers:
- Access Rights: The data subject has the right to access personal data concerning him or her that is being processed in order to verify whether his or her personal data is being processed in accordance with the law.
- Right to Rectification: The data subject has the right to have any inaccurate or incomplete information about him/herself corrected, in order to ensure the accuracy of that information in accordance with the purposes of the processing.
- Right to Cancellation: You have the right to request that the data controller delete your information and no longer process such data
- Right to Restrict Processing: The data subject has the right to request that the data controller limits the processing of his/her data.
- Right to Data Portability: The data subject has the right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another data controller.
- Right to object to processing: The data subject has the right to object to the processing of data in the cases provided for by the GDPR, at any time and without having to justify his or her decision.
- Right not to be subject to automated decision-making processes: The data subject shall have the right not to be subject to a decision based solely on automated processing of his or her data, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way.
The data subject also has the right to lodge a complaint with the supervisory authority.
11)Withdrawal of consent to processing
If the processing is based on consent, pursuant to Art. 7 of EU Regulation 2016/679, the data subject has the right to withdraw consent to the processing of personal data, without prejudice to the lawfulness of the processing carried out prior to the revocation, by sending an email stating ‘REVOCATION OF CONSENT’ in the subject line to the following email address firstname.lastname@example.org.
If you wish to obtain further information on the processing of your personal data, or if you wish to exercise your rights under point 12 above, you can send an e-mail to the following address email@example.com. Before we can provide you with or change any information, we may need to verify your identity and have you answer a few questions. A reply will be provided as soon as possible.