Information for the processing of personal data of users
pursuant to art. 13 EU Regulation 2016/679 (“GDPR”)
According to the provisions of European Regulation 2016/679 (Ref. Leg. 1), hereinafter referred to as the Regulation, and Legislative Decree 196/2003 amended by Legislative Decree 101/2018 (Ref. Leg. 2), hereinafter referred to as the Code, the processing of personal data concerning users who access the website will be based on the principles of correctness and transparency and carried out through the adoption of appropriately identified technical and organizational measures in order to guarantee the confidentiality, correctness and integrity of your data and the full exercise of your rights.
1. Data of the Data Controller and the Data Protection Officer (DPO)
The data controller, hereinafter referred to as the Controller, is:
GS Management LTD
G. Preca Street PBK1460
Pembroke, Malta
VAT MT26470901
2. Object, purpose and legal basis of the processing
The Data Controller, depending on the activities it is called upon to carry out, processes some personal data, including those belonging to particular categories (hereinafter referred to for brevity as “sensitive data”).
Processing always takes place in compliance with the principles of the Regulation: fairness and transparency, limitation to business purposes, data minimization, accuracy, limitation of storage, integrity and confidentiality. Depending on the processing activities and the nature of the data processed, the Data Controller acts with or without your explicit consent as described below.
A) Consent not required – Explicit consent is not required for the processing of personal and sensitive data necessary for the performance of tasks of non-private interest for which the Data Controller is invested.
B) Consent required The processing for which explicit consent is required includes those related to services offered by the Data Controller and/or explicitly requested by the interested party not directly related to the performance of tasks of corporate interest for which the Data Controller is invested.
The different cases are reported below:
Comments
When visitors leave comments on the site, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, your login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie does not include personal data, but simply indicates the ID of the article you just edited. It expires after 1 day.
This Website uses cookies, small text files placed by the site on your computer or mobile device, which automatically collect some information that the user does not provide directly.
merceriavaccarella.it.it uses cookies in order to make its Website work more efficiently and easily. Further information on the use of cookies by merceriavaccarella.it is provided below.
What are cookies?
Cookies are small text files that are saved on your computer when you visit certain websites.
While browsing, you may also receive cookies on your terminal that are sent from different sites or web servers (hereinafter referred to as “Third Parties”), on which some elements present on the site may reside.
We inform you that if you decide to
disable or refuse cookies some parts of the site may be inaccessible or not function correctly.
Cookies are not harmful to your devices.
Technical cookies
Navigation cookies: These cookies are essential to allow you to navigate the site and use its features; they are used to manage the login and access to the reserved functions of the site. Without cookies it is possible that some features are not accessible or do not function correctly. They are also related to activities of saving preferences (e.g. products added to the cart, navigation language settings, currency, purchase method, etc.);
Performance cookies: These cookies are used directly by the site manager to monitor performance and aimed at improving the site. These cookies do not collect information that can identify the user. All information collected by these cookies is aggregated anonymously and is used only to improve the functionality of the site.
Profiling cookies
Analysis cookies These cookies are used for analysis purposes, such as counting the unique number of visitors to the site; cookies are used by third parties (e.g. Google Analytics).
Third-party cookies for marketing/retargeting
List of third-party cookies
GOOGLE MAPS
Used to provide geolocation services. For more information go to https://www.google.it/intl/it/policies/privacy/
GOOGLE ANALYTICS
Used to statistically analyze accesses or visits to the site. For more information go to http://www.google.it/intl/it/analytics/privacyoverview.html.
LINKEDIN
Used to provide services for sharing activities sponsored by the company. For more information go to http://it.linkedin.com/legal/cookie-policy
FACEBOOK
Used to provide services for sharing activities sponsored by the company and the “Like” features. For more information go to https://it- it.facebook.com/about/privacy
INSTAGRAM
Used to provide company-sponsored activity sharing services and “Like” features. For more information go to https://help.instagram.com/519522125107875?helpref=page_content
How to disable cookies
You can deny consent to the use of cookies by selecting the setting on your browser. To do so, follow the instructions from the links below for the different browsers:
Internet Explorer: http://windows.microsoft.com/it-IT/windows-vista/Block-or-allow-cookies
Safari: http://www.apple.com/it/support/
Chrome: https://support.google.com/chrome/answer/95647?hl=it&hlrm=en
Firefox: http://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
Opera: http://help.opera.com/Windows/10.20/it/cookies.html
Remember that by deleting cookies or disabling future cookies, you may not be able to access some sections or features of the site.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with them, including tracking your interaction with the embedded content if you have an account and are logged in to those websites.
Any refusal to provide consent for the processing of such data (or withdrawal of consent already provided) will result in the termination of the services provided.
3. Origin, methods of processing and access to data
The processing of your personal and sensitive data is carried out by means of the following operations:
“the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, erasure or destruction.”
A) Origin of data
Users’ personal data are acquired through access and interaction with the website, including automatically. In any case, they may be processed only and exclusively for business purposes.
B) Tools for storage, compilation and updating
The processing is carried out with electronic tools, in compliance with privacy measures; the data will be stored according to the indications of the European regulation GDPR 2016 on digital data storage. The electronic systems owned by the Data Controller with which the data are processed are in line with the requirements regarding minimum ICT security measures, with a view to maximum protection of the
confidentiality and integrity of the data not only in the storage phase but also during the processing phases.
C) Subjects entitled to process data on behalf of the Data Controller
The processing of data on behalf of the Data Controller is carried out by any collaborators and/or employees for the management of the website. In all cases, the principles underlying the correct processing of your data are and will be respected: the persons in charge will be trained and the data controllers appointed and made aware of compliance with the provisions of the Regulation, in compliance with the principle of strict indispensability of the processing.
D) Other information regarding the processing methods
In the event of publication of images and/or videos on the institutional website and for everything concerning the use of the website, the processing will be temporary in nature as they will remain on the website or the recording will be kept only for the time necessary for the purpose for which they are intended. The personal data collected and stored for this purpose are only those strictly indispensable for the fulfillment of the purposes set out in the legislation in force. The compilation and updating of such data are carried out by internal personnel authorised by the Data Controller for the purposes indicated above.
E) Retention times
The Data Controller will process personal data for the time necessary to fulfil the purposes indicated above and in any case for no longer than 10 years from the termination of the relationship for service purposes. The retention times are established by the relevant legislation.
4. Communication and dissemination of data: categories of recipients and methods
Personal and sensitive data may be communicated to public entities (such as, for example, judicial police bodies, tax police bodies, financial police, judiciary, ministries) within the limits of what is provided for by the current provisions of law and regulation and the consequent obligations. In particular, with regard to sensitive data, they will not normally be subject to dissemination, except for the need to communicate some of them to other public entities to the extent strictly necessary for any legal disputes of which the Data Controller is expressly extraneous to the facts.
The data provided by you may be communicated to third parties that provide services such as anti-spam, payment gateways and all related services in the presence of any e-commerce. In all cases of continuous processing, the companies in question are appointed as Data Processors, limited to the services provided.
Communications will take place through electronic transmission with IT means and platforms that protect the confidentiality and integrity of the data. If such IT platforms are set up by the recipient, the recipient will guarantee compliance with the principles set out in current legislation. These parties will process the data in their capacity as independent data controllers.
5. Transfer of data to a third country and/or an international organization
Personal data is stored on servers located within the European Union. The Data Controller excludes the transfer of data to servers located in areas outside the EU
6. Nature of the provision and consequences of refusal to respond
The provision of data for the purposes referred to in section 2 letter A of this document is mandatory. Any refusal to provide such data may result in the failure to provide the services.
The provision of data for the purposes referred to in section 2 letter B is instead subject to your specific and separate consent. Any refusal to provide consent for the processing of such data (or withdrawal of the same) will result in the cessation of the related services. This, in some cases, may result in the impossibility of providing the user with all the services necessary for the use of the website and related services.
7. Rights of the interested party and methods of exercise
In your capacity as interested party, you have the rights referred to in art. 15 of the Regulation and specifically the rights to:
obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
obtain the indication:
of the origin of the personal data;
of the purposes and methods of the processing;
of the logic applied in the case of processing carried out with the aid of electronic instruments;
of the identification details of the owner, the managers and the designated representative pursuant to art. 3, paragraph 1, GDPR;
of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or persons in charge;
obtain:
the updating, rectification or, when interested, the integration of the data;
the cancellation, the transfer
anonymous transformation or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the obligations of the Data Controller;
certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which such fulfillment proves impossible or involves the use of means manifestly disproportionate to the right protected;
object, in whole or in part, for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection, with the consequences described in section 6 of this document;
withdraw a consent previously granted for the processing of a specific purpose.
To assert your rights, you may contact both the Data Controller and the Data Protection Officer without any particular formalities, at the addresses indicated above. You also have the right to complain to the Guarantor Authority.
8. Regulatory references
Leg. Ref. 1
EU Regulation 2016/679 “General Data Protection Regulation”
Leg. Ref. 2
Leg. Decree 101/2018 “Provisions for the adaptation of national legislation to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Leg. Ref. 3
Presidential Decree 445/2000 “Legislative provisions on administrative documentation”
Leg. Ref. 4
Leg. Decree 42/2004 “Code of cultural heritage and landscape, pursuant to Article 10 of Law 6 July 2002, n. 137”
Ref. Leg. 5
Ministerial Decree 305/2006 “Regulation containing identification of sensitive and judicial data processed and related operations carried out by the Ministry of Education, in implementation of Articles 20 and 21 of Legislative Decree no. 196/2003, containing “Code regarding the protection of personal data”
Ref. Leg. 6
Legislative Decree 59/2004 “Definition of general rules relating to nursery school and the first cycle of education, pursuant to Article 1 of Law 28 March 2003, no. 53”
Information for the processing of personal data Website
ex art. 13 EU Regulation 2016/679 (“GDPR”)
According to the provisions of European Regulation 2016/679 (Ref. Leg. 1), hereinafter referred to as the Regulation, and Legislative Decree 196/2003 amended by Legislative Decree 101/2018 (Ref. Leg. 2), hereinafter referred to as the Code, the processing of personal data concerning you will be based on the principles of correctness and transparency and carried out through the adoption of appropriately identified technical and organizational measures in order to guarantee confidentiality, correctness and integrity of your data and the full exercise of your rights.
1. Object, purpose and legal basis of the processing
The processing operations of personal data indicated in this information are necessary for the performance of the tasks of corporate interest, as established by art. 6, par. 1, letter e) of the Regulation.
Below are the details regarding the types of data collected.
Browsing data
The computer systems and software procedures used to operate the Institute’s website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of the terminals used by users, the URI/URL addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and the IT environment used by the user.
These data are processed only for the purpose of obtaining anonymous statistical information relating to the use of the services or to verify their correct functioning.
Data communicated by the user
The optional, voluntary and explicit sending of messages to the Institute involves the acquisition of the sender’s contact details (email address), as well as all personal data included in the communications. The messages are stored in the Institute’s e-mail archive and the information contained therein is used only for feedback and is excluded from their use for marketing purposes.
Users
The personal data of users registered on the Institute’s website (name, surname, e-mail address and username) are subject to processing.
Each user can view, modify (with the exception of the username which cannot be
be modified) or delete their personal data at any time. The administrators of the site can view, modify and delete such data.
Mailing list or newsletter
By registering for the mailing list or newsletter, if implemented, the User’s email address is automatically added to a list of contacts to which email messages containing information, including commercial and promotional information, relating to this Website may be transmitted.
The User’s email address may also be added to this list as a result of registering on this Website.
Interaction with social networks and external platforms
This type of service, if implemented, allows interaction with social networks, or with other external platforms, directly from the pages of this Website.
The interactions and information acquired from this Website are, in any case, subject to the User’s privacy settings relating to each social network.
In the event that a service for interaction with social networks is installed, it is possible that, even if the Users do not use the service, it collects traffic data relating to the pages in which it is installed.
Cookies and other tracking systems
The Institute’s website uses session cookies (not persistent) strictly limited to what is necessary for safe and efficient navigation on the web. The storage of such cookies in terminals or browsers is under the control of the user, while on the servers, at the end of the HTTP sessions, information on cookies is recorded in the service logs.
2. Origin, processing methods and access to data
The processing operations of the personal data of the users of the website are carried out on the basis of the principles set out in art. 5 of the Regulation. The processing is carried out using IT and telematic tools, according to methods suitable for guaranteeing the security, integrity and confidentiality of personal data at all times. In particular, security measures have been adopted to prevent unauthorized access, disclosure, modification and destruction of data.
In order to prevent the risk of accidental loss of personal data, the hosting service provider performs a daily backup of the data. In addition, a periodic manual backup is performed.
The personal data processing operations are carried out at the premises of the owner and data processors wherever they are located, but in any case within the European Union.
Personal data are processed for the time necessary to carry out the purposes described in this information notice or in any case within the terms prescribed by the regulations relating to the aforementioned activities.
3. Communication and dissemination of data: recipients and categories of recipients
The personal data collected may be processed by the company’s staff or collaborators, who act, in the exercise of their functional role, on the basis of specific instructions regarding the purposes and methods of processing, contained in the documents identifying the persons in charge or persons authorized to process, pursuant to art. 4, n. 10 of the Regulation.
The main recipient of the data processed following access and consultation of the website is the hosting service provider designated, pursuant to art. 28 of the Regulation, as external data controller. The information on the processing of personal data of the provider is published on the website of the same.
4. Transfer of data to a third country and/or an international organization
Personal data is stored on servers located within the European Union. The Data Controller excludes the transfer of data to servers located in areas outside the EU.
5. Nature of the provision and consequences of refusal to respond
Unless otherwise specified, all data requested by this Website are mandatory. If the User refuses to communicate them, it may be impossible for this Website to provide the Service. In cases where this Website indicates some data as optional, Users are free to refrain from communicating them, without this having any consequence on the availability of the Service or on its operation.
6. Rights of the interested party and methods of exercising them
In your capacity as interested party, you have the rights set out in art. 15 of the Regulation and specifically the rights to:
obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
obtain the indication:
of the origin of the personal data;
of the purposes and methods of processing;
of the logic applied in the case of processing carried out with the aid of electronic instruments;
of the identification details of
the owner, managers and the designated representative pursuant to art. 3, paragraph 1, GDPR;
the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or agents;
obtain:
the updating, rectification or, when interested, integration of the data;
the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the obligations of the Owner;
certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which such fulfillment proves impossible or involves the use of means manifestly disproportionate to the right protected;
object, in whole or in part, for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection, with the consequences described in section 6 of this document;
withdraw a consent previously granted for the processing of a specific purpose.
To assert your rights, you may contact both the Data Controller and the Data Protection Officer without any particular formalities, at the contact details indicated above. You also have the right to lodge a complaint with the Guarantor Authority.
7. Regulatory references
Leg. Ref. 1
EU Regulation 2016/679 “General Data Protection Regulation”
Leg. Ref. 2
Legislative Decree 101/2018 “Provisions for the adaptation of national legislation to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and which repeals Directive 95/46/EC (General Data Protection Regulation)
Ref. Leg. 3
Presidential Decree 445/2000 “Legislative provisions on administrative documentation”
Ref. Leg. 4
Legislative Decree 42/2004 “Code of cultural heritage and landscape, pursuant to Article 10 of Law 6 July 2002, n. 137”
UPDATING OF THESE PRIVACY AND COOKIE POLICY
The data controller reserves the right to make changes to the Site and to this Web privacy and Cookie Policy at any time.
The user must always refer to the text published online as the current version.
The changes will become effective when they are published on the Site.
The continued use of the Site by the user, following a change, will be considered as acceptance of such changes.
All users can check the latest updated version of the Web privacy and Cookie Policy at any time by connecting to the Site.