WHY THIS POLICY?
With this document, as provided by current legislation (art. 13 General Regulation on Data Protection, hereinafter also referred to as RGPD), we provide users who access the site www.adrianoresidence.it with information regarding the processing of their data.
WHO IS THE OWNER
The Real Estate Company Enea Srl, with registered offices at Via Goito 7, 40126, Bologna, P. IVA 02062650375, (hereinafter also referred to as “ENEA”) and the Company Broccoindosso Srl, with registered offices at Via Goito 7, 40126, Bologna, P. IVA 02569281203, (hereinafter also referred to as “BROCCAINDOSSO”), also indicated on the website as “Adriano Group”, operate as joint holders, as they jointly determine the purposes for which the data is acquired and the means of its processing. ENEA is responsible for the management of technical aspects, also through the activities carried out on its behalf by consultants and companies with specific skills that in some cases operate as data controllers.
WHICH DATA IS PROCESSED
The data processed is the navigation data and the data provided spontaneously by the user.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the communication protocols of the Internet.
This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, enable users to be identified.
This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and the user’s IT environment.
Data provided directly by the user
This category includes all personal data provided voluntarily by the user (for example, when requesting for information by calling the numbers provided on the website or writing to the e-mail addresses indicated on the site).
WHAT ARE THE PURPOSES AND LEGAL BASES OF THE PROCESSING?
Navigation data: purposes and legal bases
Navigation data is used only to obtain anonymous statistical information on the use of the website, for site security purposes and to verify its proper functioning and could be used to determine responsibility in the event of possible cyber crimes against the website.
The legal basis for the processing of such data is the legitimate interest and the legal obligation in case of requests by the authorities.
Data provided directly by the user: purposes and legal bases
The personal data provided by the user on an optional basis are used only to process any requests made and to implement legal obligations and/or pre-contractual obligations and/or contractual obligations arising from the relationship about the case in question.
The legal bases for the processing of such data are therefore: a legal obligation and the execution of pre-contractual and contractual obligations.
In the areas of the site dedicated to specific services, specific information is provided, which the user must read before providing the data, in which all the information on the processing of data is indicated in detail.
HOW IS THE DATA MANAGED?
The collected data is processed with IT tools and only in a residual way with paper methods. Adequate security measures are adopted to prevent the loss of data, illegal or incorrect use and unauthorized access.
As indicated in the General Conditions of Use of the website, for the processing of data connected to the services of the website, certain services are used which determine the transfer of data abroad. This is the hosting (//www.nexcess.net/policies/) and the service used to manage the newsletter (//mailchimp.com/legal/privacy/). In both cases, however, the providers of the aforementioned services are American companies that adhere to the European Commission’s adequacy decision known as ” Privacy Shield “, thereby ensuring compliance with the personal data being processed.
The data provided directly by the person concerned is kept for the time strictly necessary to process the requests of the person concerned and then deleted, except in cases of booking confirmation (against which the data can be maintained for the duration of the relationship and according to legal obligations) and defensive requirements (which may require further retention).
The navigation data does not last for more than seven days and is deleted immediately after aggregation unless it is necessary for the judicial authorities to investigate crimes.
WHAT HAPPENS IF THE DATA IS NOT PROVIDED?
With the exception of the navigation data necessary to implement computer and telematic protocols, the provision of data by users through the various methods made available is free and optional.
However, failure to provide the same data will make it impossible to proceed with requests submitted or which the user intends to submit.
WHO CAN ACCESS THE DATA?
The data will be processed by the Company’s employees and by collaborators authorized by the latter to process the data. The data may also be accessed by consultants or companies providing IT supply and assistance services for purposes related to the activities carried out on behalf of the owner and by consultants for the management of litigation and legal assistance in the event of any disputes that may require their involvement.
The person concerned may request the list of external subjects who carry out their activities as data controllers.
WHAT ARE THE RIGHTS OF THE PERSON CONCERNED?
The law accords the person concerned the right to ask the data controller for access to personal data and their rectification or deletion or to limit the processing of personal data concerning him or her or to object to their processing, in addition to the right to data portability.
The interested party may assert his/her rights at any time, without formality, by contacting ENEA or BROCCAINDOSSO, via the email address firstname.lastname@example.org
The rights recognized by current legislation on the protection of personal data are described in details below.
- The right of access, e the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her is being processed and, if so, to obtain access to the personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly if they are recipients in third world countries or international organizations; (d) where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period; (e) if there is the right of the interested party to request the data controller to rectify or delete his or her personal data or to limit the processing of his or her personal data or to object to the processing of his or her personal data; f) the right to lodge a complaint with a supervisory authority; g) if the data is not collected from the person concerned, any available information as to their source; (h) the existence of an automated decision-making process, including profiling and, at least in such cases, meaningful information on the logic used, as well as the envisaged importance and consequences of such processing for the person concerned. Where personal data is transferred to a third world country or an international organization, the person concerned shall then have the right to be informed of the existence of appropriate safeguards relating to the transfer.
- The right of rectification, i.e the right of rectification: the right to obtain from the data controller for the rectification of personal data relating to him or her which are inaccurate without unjustified delay. Taking into account the purposes of the processing, the person concerned has the right to obtain the integration of incomplete personal data, including providing a supplementary statement.
- The right to erasure i.e the right to obtain from the data controller the erasure of personal data concerning him or her without unjustified delay if: a) the personal data is no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the person concerned revokes the consent on which the processing is based and if there is no other legal basis for the processing; c) the person concerned opposes the processing carried out because it is necessary for the execution of a task in the public interest or in the exercise of official authority vested in the owner or for the pursuit of legitimate interest and there is no overriding legitimate reason for carrying out the processing or opposes the processing for purposes of direct marketing; d) the personal data has been processed unlawfully; (e) the personal data must be deleted in order to fulfil a legal obligation under Union law or the law of the Member State to which the data controller is subject; (f) the personal data has been collected in connection with the provision of information society services to minors. However, a request for erasure cannot be accepted if the processing is necessary: a) for the exercise of the right to freedom of expression and information; (b) for the fulfilment of a legal obligation requiring the processing provided for by Union law or the law of the Member State to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; (c) for reasons of public interest in the field of public health; (d) for purposes of filing in the public interest, scientific or historical research or for statistical purposes, in so far as erasure would seriously jeopardise or render impossible the achievement of the objectives of such processing; or (e) for the establishment, exercise or defence of legal claims.
- The right of limitation, i.e the right to obtain that the data be processed, except for storage, only with the consent of the person concerned or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State if such processing is carried out on the basis of the consent of the person concerned: a) the person concerned disputes the accuracy of the personal data within the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is unlawful and the person concerned opposes the erasure of the personal data and requests instead that its use be limited; c) although the data controller no longer needs the data for the purposes of processing, the personal data are necessary for the person concerned to ascertain, exercise or defend a legal claim; d) the person concerned opposes the processing because it is necessary for the execution of a task carried out in the public interest or in the exercise of public authority vested in the data controller or for the pursuit of the legitimate interest of the data controller or third parties, pending verification of whether the legitimate reasons of the data controller prevail over those of the person concerned.
- The right to portability, i.e the right to receive in a structured format, commonly used and machine-readable, personal data concerning him/her provided to the data controller and has the right to transmit such data to another data controller without hindrance by the data controller to whom he/her has provided them, as well as the right to obtain direct transmission of personal data from one data controller to another, where technically feasible, where the processing is based on consent or on a contract and the processing is carried out by automated means. This right shall be without prejudice to the right to erasure.
- The right to object, i.e the right of the person concerned to object at any time, for reasons connected with his/her particular situation, to the processing of his/her personal data carried out because it is necessary for the execution of a task carried out in the public interest or in the exercise of official authority vested in the data controller or in the pursuit of the legitimate interests of the data controller or of third parties. Where personal data are processed for the purposes of direct marketing, the person concerned shall have the right to object at any time to the processing of personal data relating to him/her carried out for such purposes, including profiling insofar as it is related to such direct marketing.
The person concerned is then informed that the law gives him or her the possibility to assert their rights by appealing to the Privacy Guarantor or before the judicial authority.