on the processing of personal data for browsing the website and cookies
pursuant to arts. 13 et seg. of Regulation (EU) 2016/679 (GDPR)
Foreword - Regulation (EU) 2016/679 («General Data Protection Regulation»), hereinafter GDPR is about the processing of natural persons’ personal data. In compliance with the above Regulation, the Data controller strives to ensure that the processing of a natural person’s (the “data subject”) data is based on the principles of correctness, lawfulness and transparency, as well as the protection of confidentiality and the rights of the data subject. Pursuant to arts. 13 et seg. of GDPR, the Data Controller will process with the utmost care user’s data in compliance with the Regulation, implementing effective operational procedures and processes in order to guarantee the related processing safeguards.
According to this introduction, the following information is provided:
Contacts details of the Data Controller The Data Controller is Notaio Vincenzo Papi, with its registered office in Roma Via Francesco Cancellieri n. 2; tel. 06681902 fax 0668806906; email email@example.com pec firstname.lastname@example.org.
Data Protection Officer - Data Protection Officer has not been designated because the conditions of the art. 37 Regulation (EU) 2016/679 are not satisfied.
Personal data collected - The personal data requested are solely those necessary for the fulfillment of the user’s request, in full compliance with the principles of adequacy of processing sanctioned by the European Regulation. Personal data of a common type referred to in art. 4 GDPR may be processed.
Processing purposes – Personal data you provide can be processed with the aim of getting in touch with the Data Controller. Personal data will be processed by the owner of this website for purpose related to providing the service you requested, especially for:
- asking for information on the Data Controller’s services;
- contracting with the Data Controller.
Legal basis for processing data and mandatory nature of data provision - The legal basis for processing common types of personal data pursuant to art. 4 GDPR, strictly necessary or relevant to the indicated purposes, is the fulfillment of a pre-contractual and/or contractual obligation in which the Data Controller is the subject and the related legal obligations (ex art. 6 p. 1 lett. b, c of the GDPR).
The data required for the above purposes must be necessarily given and in the absence of any process will not be performed.
Modalities of the processing Pursuant and consequent to arts. 12 et seq of the GDPR, the personal data that you provide to the Data controller will be recorded, processed and retained in our hard-copy and electronic files, in accordance with article 32 GDPR related to adequate technical and organizational measures. The processing of your personal data may consist in any operation or series of operations described in art. 4, para. 1, point 2 GDPR.
Personal data will be processed using suitable tools and procedures that guarantee security and confidentiality. Such processing may be carried out directly and/or via delegated third parties, both manually using hard-copy support and electronically using IT equipment and other instruments.
Extent of knowledge of your data Without prejudice to communications that are made in compliance with legal obligations, your personal data may be known by some subject categories such as employee of the Data Controller and external entities formally appointed by the Data Controller itself (art. 28 GDPR).
Retention period - Personal data collected for the purposes stated above will be stored only for the entire duration of the service and, in any case, for no longer than 5 years starting from the date when they have been changed or confirmed by data subjects.
Data transfer abroad - The data provided by you will only be processed in Italy. If during the contractual relationship your data is transferred to another country not included in EU, the Data Controller will take all security measures to protect your personal data and your right, given by EU legislation.
Rights of the data subjects – Pursuant to Articles 15 et seq of the GDPR, the data subjects may exercise the following rights:
- access: to obtain confirmation of whether or not the personal data of the data subjects are processed and the right to access them; requests that are manifestly unfounded, excessive or repetitive cannot be answered;
- rectification: to correct/obtain the correction of personal data if incorrect or not updated and to complete data if incomplete;
- erasure/to be forgotten: in some cases, to obtain the erasure of the personal data provided; this is not an absolute right, as the Data controller may have legitim interest or legal reasons to store them;
- limitation: the data will be stored, but cannot be processed further, in the cases foreseen by the regulation;
- portability: to move, copy or transfer data from the Data controller’s databases to third parties. This applies only to data provided by the data subjects for the performance of a contract or for which express consent has been given and the processing is carried out by automated mode;
- objection to direct marketing;
- l’esistenza di un processo decisionale automatizzato, compresa la profilazione di cui all’articolo 22, paragrafi 1 e 4, e, almeno in tali casi, informazioni significative sulla logica utilizzata, nonché l’importanza e le conseguenze previste di tale trattamento per l’interessato;
- withdraw of the consent at any time if processing is based on consent.
Pursuant - to Art. 2-undicies of Legislative Decree 196/2003, the exercise of data subjects rights may be delayed, restricted or excluded, following justification provided without delay, unless this might compromise the purpose of the restriction, for as long as and to the extent that this constitutes a necessary and proportionate measure, taking into account the fundamental rights and legitimate interests of the data subjects, in order to safeguard the interests referred to in paragraph 1, letters a) (protected interests with regard to money laundering), e) (for the conduct of defensive investigations or the exercise of a right in court) and f) (for the confidentiality of the identity of the employee who reports offenses he becomes aware of on his duties).
In such cases, data subjects’ rights may also be exercised through the Personal Data Protection Authority in the manner referred to in Article 160 of said Decree. In such case, the Personal Data Protection Authority will inform the data subject that it has carried out all the necessary checks or that it has carried out a review, as well as of the data subject right to take legal action.
In order to exercise those rights, the data subject can contact the Data Controller to the e-mail address email@example.com or by calling the telephone number 06681902 or by sending a letter to the following address via Francesco Cancellieri, 2 Roma 00193 RM.
The Company will respond within 30 days of receiving the data subject formal request.
If the abovementioned rights concerning data subject personal data are infringed, the latest may complain to the competent authority.