Last updated on 17/03/2022
- WHO PROCESSES YOUR DATA
- WHICH DATA DO WE PROCESS
- WHAT ARE THE PURPOSES OF DATA PROCESSING?
- HOW DO WE PROCESS YOUR DATA?
- HOW LONG DO WE PROCESS YOUR DATA?
- TO WHOM DO WE COMMUNICATE OR TRANSFER YOUR DATA?
- WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
In this document, we describe how we manage the website https://www.vitrumarte.it (hereinafter "Website") with reference to users personal data processing. The Website is managed by VITRUM ARTE, with headquarter at via Borgo ai Fossi 2 - 50018 Scandicci, Florence, Italy (hereinafter "Studio").
On this Website, two subjects, acting as independent data controllers, can carry out personal data processing.
As detailed in the respective sections, indeed, for certain processing purposes, the data controller is VITRUM ARTE, with headquarter at via Borgo ai Fossi 2 - 50018 Scandicci, Florence, Italy, email address: firstname.lastname@example.org.
- Navigation data: The information systems and software procedures relied upon to operate this Website collect personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. This information is not gathered to be associated with identified subjects but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used to connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the purpose of obtaining statistical information on the use of the Website and to check its correct functioning and they are deleted in line with the requirements of applicable law. The data could be used to ascertain responsibility in case of possible criminal actions or damages against the Website only to the extent permitted by applicable law.
- Identification data, contact data and other personal information: Optional sending of e-mail messages to the addresses indicated on this Website entails the subsequent acquisition of the sender's address, necessary to respond to the requests, and of any other personal data included in the message. If you collect, process and communicate to us information of third parties, you will need to do so in accordance with the provisions of the GDPR and, therefore, you will need to give the third parties prior information on the purposes and methods of processing and, if necessary, you will need to collect their free and express consent before carrying out the processing activity.
Through our Website you can also send a message to request for information; to do so, you can fill in a form with your name and surname, the email address to be contacted with the reply to your request, and, if necessary, a short text message.
Specific summary information notices will be progressively reported or displayed on the Website pages set up for particular services on request.
We process your personal data for the following purposes and we indicate the respective legal bases:
- To manage and operate our Website, providing you access to it, to improve it and to solve potential problems in accordance with the GDPR, Article 6 (1) (f). Processing is based on the Studio legitimate interest in presenting its activities to the public, ensuring the functioning of the Website, improving its appearance and user experience. For these purposes the Studio acts as data controller.
The provision of you data is neither a statutory nor a contractual requirement. You are not obliged to provide us with your data, however, failure to do so may prevent you from using all features of the Website or our the full range of our Services.
Your personal data can be processed with automated and/or paper-based tools.
The security of your personal data is important to us. We adopt - and we require our service providers to adopt - adequate technical and organizational security measures to prevent data loss or destruction, even accidental, unlawful or incorrect uses and unauthorized access to data, in compliance with applicable laws. Furthermore, IT systems are set in a manner that allows to use personal and identification data only if necessary to achieve specific processing purposes.
We implement multiple technologies and security procedures to protect personal data from the risks described above.
However, we would like to remind you that electronic transmission and information storage are not 100% safe. Therefore, we are not able to guarantee that loss, misuse or alteration of the data will never occur, despite the security measures we implement to protect your personal data.
We do not use automated individual decision-making that would produce legal effects for you or would similarly significantly affect you.
Our authorized staff, according to respective needs, will process your personal data. Furthermore, your data will be processed by our suppliers for technical and organizational services functional to the processing purposes stated above, such as for example suppliers of technical assistance services for the Website; suppliers of hosting services; suppliers of services for the multiple sending of marketing communications; suppliers of documents and data archiving services. These parties act as our data processors based on our instructions and on the agreements signed with us.
We might disclose your personal data to authorities or public bodies and to any other legitimate recipient pursuant to the law. In this case, the recipients will act as autonomous data controllers according to their respective institutional purposes.
To receive the updated list of your personal data recipients you can contact us at the contacts indicated above.
Pursuant to - and subject to certain restrictions under - applicable personal data protection law, you can request to access your personal data, to verify its accuracy or to ask its rectification or update at any time.
You can also request to erase your personal data, as well as to limit your data processing in the cases provided by the law and you can object to the processing of your data on grounds relating to your particular situation, at any time, unless for the existence of compelling legitimate grounds of processing by the data controller or as otherwise restricted under applicable personal data protection law.
The right to object to the processing of personal data can be exercised at any time in cases of processing for direct marketing purposes.
You can also request portability of your data, and receive such data in a structured format, commonly used and machine-readable, and you can request that your data be transferred to another data controller without any obstruction from our part.
You can lastly withdraw your consent to the processing of personal data at any time.
Lastly, you can lodge a complaint with the competent supervisory authority or contact the authority if the exercise of your rights is subject to delay, limitation or exclusion by the data controller.
The contact details of the national supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en.
The contact details of the German state data protection authorities can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. You can also exercise all other rights provided to you under national data protection laws.