PRIVACY INFORMATION – Florence

Privacy Information in accordance with art. 13 d.lgs. 196/03 and Regulation (UE) 679/2016 (in force since May, 25th 2018).  We inform you that all personal data you provide us will be used by Vaise di Martina Pignaffo, legal head office in Trebaseleghe (PD), via Montello II 55, CAP 35010, ph. 0039 3341186460 and by Playnet Italia snc legal head office in Florence, via dell’Albero, 20/n limited to the information necessary for the best management of  relationship with you, through paper and electronic  registration according to conditions reported below.

1. Object

Kinds of data that could be used by Vaise

• Personal, financial and fiscal data;
• Signage photo taken inside the premises;
• Video-recordings collected inside the premises;
• Telephone, fax and email contacts;
• Statistician data and market analysis results accepted by user;
• Advertising data to send advertising messages user accepted to received;
• Location data when user accepted his/her data to be collected and processed or when data collection is structly necessary for the provision of requested service.
• Data on service provided or useful to allow an effective organization of the service provided;
• Data on touristic interests;
• Passport, driving license, identity card and/or other similar documents;
• Data linked to service quality monitoring; tecnical and organizational data and other data useful to monitor the quality of services provided.

2. Use of the information provided by the User.

3. Procedures

Data named above sub 1, could be managed with electronic tools according to reasons and forms strictly connected to obligations and goals reported above. Data will be always stored in order to minimize the risk of loosing or damaging data, of unauthorized access and processing data.

4. Recipients

Data provided could be communicated to third parts if i twill be necessary or suitable (in compliance with obligations and goals reported at point 2). Adequate recipients could belong to one of these categories:

• insurance companies,
• trusted lawyers,
• advertising agencies, market researchers, marketing and communication agencies,
• People in charge of manage data on behalf of Vaise in accordance with their specific tasks and competences and within the allowed treatments.

Data provided may be transferred abroad even outside EU to recipients indicated in point 4 in compliance with obligations and purposes contained in point 2. If requirements for carrying out this operation without first informing you and/or requesting your consent would not exist, we will proceed in that direction beforehand.

5. Owner

The owner of this procedure is:

Ditta individuale Vaise di Martina Pignaffo
Via Montello II n. 55
35010 Trebaseleghe (Padova – Italia)
C.F. : PGNMTN90L48B563N

P.I. :05064130288
iscritta al Registro Imprese di Padova
R.E.A.: PD – 440129

martinapignaffo@pec.it

info@vaise.it

tel. 0039 334.1186460

The co-owner for the Florence SMN point is:

Playnet Italia snc
Via dell’Albero 20/n
50123 Firenze (Italy)
P.IVA. : 05463560481

playnetitalia@pec.it

6. Data sources and potential refuse consequences

Data provision referred to sub 1 is optional. However, any refusal to provide data (with the exception of those for marketing, statistical purposes and approval of the service) would not allow the execution of the agreed contractual services, nor the performance of complementary activities necessary to complete the performance of the individual company Martina Pignaffo in favor of the interested parties. In any case, (in accordance with art. 24 of Privacy regulation, and art. 6 Reg. (UE) 679/2016)user approvali is not required to collect and manage personal data contained in public registers. User approval is not also necessary to respect obligations due to law or to contracts interesting the user (such as the contract on which is based the relationship with Vaise).

7. User rights 

User rights reported in art. 7 of Privacy Code (D.Lgs. 196/2033) and in art.13 Regulation (UE) 679/2016 are always guaranteed.

• User has right to obtain confirm about the existence of personal data on him/her even if data have not been registered yet and to receive their communication (art.15 Regulation (UE) 679/2016);
• User has right to obtain correction, updating, rectification or, when interested, integration of personal data concerning him; (Article 16 of Regulation (EU) 679/2016);
• User has right to obtain the cancellation of personal data in accordance with conditions set in art. 17 of Regulation (EU) 679/2016, the transformation into anonymous form or the block of data processed in violation of the law, including those not necessary for the purposes for which data were collected or subsequently processed;
• User has right to obtain the limitation of treatment in the cases provided by art. 18 of Regulation (EU) 679/2016;
• User has right to receive personal data concerning him provided by Vaise in a structured, commonly used and readable form by automatic device and has the right to transmit such data to another data controller without impediment in accordance with conditions provided by the art. 20 of Regulation (EU) 679/2016;
• User has right to pull back his consent to the processing of data at any time without prejudice to the lawfulness of the treatment based on consent and given until suspension;
• User has right to make complaint to the Guarantor in charge of data protection, or to take legal action;
• User has right to know if data communication is due to a contractual or legal obligation and the possible consequences related to the non-communication of the same.

8. Period of retention for personal data.

Personal data will be processed for the entire duration of the relationship between the User and Vaise and for one year from the termination of the last service provided, unless the law provides otherwise (for example, video surveillance images collected within the premises will be kept, except abnormal events, for no more than 24 hours after registration).

In case of abnormal episodes in relations between the parties (for example: disputes/reports/requests from a public authority) data will be processed for a longer period, until the abnormal situation is concluded.

Vaise undertakes to promptly communicate the possible existence of an abnormal event and an estimate of the period necessary to conclude it.

Once the above storage terms have expired, your personal data will be destroyed, deleted or made anonymous, consistent with the technical cancellation and backup procedures.

9. Consent

I received the data privacy report and I authorize Vaise – owned by Martina Pignaffo, located in via Montello II n.55, 35010 Trebaseleghe (Padova – Italia) – to process my personal data aimed to the goals reported above.

Cookie Policy

This Website uses cookies. To learn more and to read the detailed information, the User can consult the Cookie Policy.

Defense in court

User’s Personal Data may be used by the Owner in court or in the preparatory stages for the defense against abuse of the use of this Website or the related Services by the User. User declares to be aware that the Data Controller may be obliged to disclose Data by order of public authorities.

Specific Information

At the request of the User, in addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.

System logs and maintenance

For needs related to operation and maintenance, this Website and any third party services may collect System Logs, which are files that record the interactions and that may also contain Personal Data, such as the User IP address.

Information not contained in this Privacy Policy

Further information related to Personal Data Processing may be requested at any time to the Data Controller using the contact details.

This Website does not support “Do Not Track” requests.
To find out if any third-party services used support them, the User is invited to consult their respective privacy policies.
Changes to this privacy policy

Changes to this Privacy Policy

Data Owner has right to make changes to this privacy policy at any time by informing Users on this page and, if possible, on this Website as well as, if technically and legally feasible, by sending a notification to Users through one of thecontact details held by the Owner.Please therefore consult this page regularly, referring to the date of the last modification indicated at the bottom.
If changes concern treatments whose legal basis is consent, the Owner will collect the User’s consent again, if necessary.

GLOSSARIO
(estratto da  http://www.garanteprivacy.it/)

A

Authorisation

An instrument adopted by the Italian DPA to authorise the Data Controller (a public body, a company, a self-employed professional) to process certain “sensitive” or judicial data or to transfer personal data abroad.

Regarding sensitive and judicial data, General Authorisations have been issued by the Italian DPA to enable various categories of data controllers to process personal data for the purposes specified therein  without applying for ad-hoc authorisations to the DPA.

C

Communication

Disclosing personal data to one or more specific entities (other than the Data Subject, the Data Processor, or a Person Tasked with Processing) in whatever manner, also by making the data available or accessible.

Consent

The free indication of the Data Subject’s wish to explicitly accept a specific processing operation concerning their personal data, of which the Data Subject was informed beforehand by the entity empowered to decide on that processing (the Data Controller). It is enough for written “proof” of consent to be available, i.e. for the consent to be noted, transcribed, entered by the Data Controller and/or the Data Processor and/or a Person Tasked with Processing in a register, instrument or minutes – unless the processing operation concerns “sensitive” data, in which case the data subject has to give written consent (e.g. by undersigning a form). Some types of processing may be performed without the Data Subject’s consent under the terms of Section 24 of Italy’s Data Protection Code.

D

Data Controller

The data controller is the natural person, company, association or other entity that is factually in control of the processing of personal data and is empowered to take the essential decisions on the purposes and mechanisms of such processing including the applicable security measures. If personal data is processed by a company or a public administrative body, it is the entity as a whole that acts as the data controller rather than the individual or department/unit that manages or represents such entity (e.g. Chairperson, CEO, auditor, Minister, Director General, etc.). The cases where an individual is the data controller mostly concern processing operations performed by self-employed professionals or single-person corporations.

Data Processor

The data processor is the natural person, company, association or organization the Data Controller has entrusted with specific data processing management and control tasks on account of the relevant experience and/or skills.

Data Subject

The natural person a personal data relates to

Data Subject’s Rights

Under Italy’s Personal Data Protection Code, every Data Subject has various rights in connection with the processing of their personal data (see Section 7):

1. The right to obtain general information on processing operations performed in our country by accessing, free of charge, the online Register of Processing Operations kept by the Italian DPA;
2. The right to access their own personal data directly at the entity holding such data (the Data Controller), i.e. the right to obtain confirmation that such data exists and communication of the data as well as to know the source of the data and what criteria and purposes apply to its processing. In the latter case the Data Controller may charge a fee (“handling fee”) if it is found that no data relating to the data subject is held;
3. The right to obtain erasure or blocking of any data that is processed in breach of the law, for instance because no consent was asked for. This right may also be exercised if there is no valid reason any longer for retaining data that had been collected lawfully;
4. The right to have inaccurate and/or incomplete data updated, rectified or supplemented;
5. In the cases mentioned under 3. and 4. above, the right to obtain confirmation from the Data Controller that the above operations have been also made known to the entities the data had been communicated to beforehand, unless this proves impossible or requires a disproportionate effort compared to the right to be protected;
6. The right to object to the processing of one’s own data on legitimate grounds;
7. The right to object, in any and all cases, to the processing of one’s own data for commercial information purposes and/or for sending advertising or direct selling materials and/or for market research purposes.

Dissemination

Making personal data known to the public at large and/or to an indefinite amount of entities – for instance, by publishing personal data in a daily or posting personal data on a web page

G

Garante (Italian DPA)

The Garante, i.e. the Italian Data Protection Authority (DPA), is an administrative independent authority set up by the “Privacy Act” (675/1996, now merged into the consolidated Personal Data Protection Code). Similar authorities have been set up in all EU countries pursuant to Article 8 of the Charter of Fundamental Rights of the European Union. The Garante is tasked with ensuring the protection of fundamental rights and freedoms as regards the processing of personal data along with respect for individuals’ dignity. It is made up of four commissioners elected by Parliament and is headquartered in Rome – Piazza di Monte Citorio, 121. The Garante runs an Office with 125 staff members. The Garante handles citizens’ claims and reports and supervises over compliance with the provisions protecting private life. It decides on complaints lodged by citizens and is empowered to prohibit, also of its own motion, any processing operation that is unlawful or unfair. It can perform inspections, impose administrative penalties, and issue opinions in the cases mentioned by the Data Protection Code. It can also draw Parliament’s and Government’s attention to the desirability of regulatory measures concerning personal data protection.

I

Information Notice

A notice containing the information the Data Controller is required to provide to every Data Subject, either orally or in writing, whenever a data is collected either from the Data Subject or from third parties. The Information Notice must specify, in a concise and user-friendly manner, what purpose(s) and mechanisms apply to the processing; whether the Data Subject is obliged to provide the data or not; what consequences may result from the failure to provide the data; who the data may be communicated or disseminated to; what rights are afforded to the Data Subject; who the Data Controller (and the Data Processor, if any) is and how one can contact them (address, phone, fax, etc.).

J

Judicial Data

A personal data disclosing that certain judicial measures have been taken in respect of a person such as to require their inclusion into that person’s criminal record (e.g. final criminal convictions; paroling; residency and/or movement restrictions; measures other than custodial detention). The fact of being a defendant and/or the subject of criminal investigations falls within the scope of this definition as well.

N

Notification

This is a one-shot communication the Data Controller is to give to the Garante by means of an ad-hoc form to be sent electronically and signed digitally (see the DPA’s website for additional procedural details). The notification describes the main features of the processing (categories of processed data, purposes of the processing, place where the processing is performed, data recipients in Italy or abroad, security measures in place). Notification must be given prior to starting the processing and is not to be re-submitted if no features of the processing change. Thus, if the purposes of the processing or the nature of the Data Controller are modified, a new notification must be given to the DPA. All notifications are kept in a “Register of Processing Operations” that is publicly accessible free of charge via the Internet. Citizens may get information through it and use it for the purpose of applying personal data protection legislation – e.g. to exercise data access rights or any other right set forth in the Data Protection Code. Checks on the notified processing operations will be performed by way of the Register and the information contained in the relevant notification will be verified. If a Data Controller is not required to notify a processing operation, it must nevertheless provide the information contained in the notification form to any person requesting it as part of the exercise of that person’s access rights and/or any other right set forth in Section 7 of the Data Protection Code.

P

Person Tasked with Processing

An employee or a co-worker that processes or factually uses personal data on behalf of the Data Controller’s organization in accordance with the instructions given by the Data Controller and/or the Data Processor (if the latter has been appointed).

Personal Data

Any information concerning natural persons that are or can be identified also by way of other items of information – e.g., via a number or an ID code. For instance, personal data is one’s first or last name, address, Tax ID as well as a picture, the recording of one’s voice or one’s fingerprint, or medical, accounting or financial information relating to that person.

Privacy

Privacy nowadays does not mean only the “right to be left alone” or to protect one’s private sphere, as it is above all the right to be in control of how one’s personal data are used and moved about. Personal information is actually the key commodity in today’s information society. The right to privacy and the right to the protection of personal data are fundamental human rights and relate directly to the protection of human dignity, as also enshrined in the Charter of Fundamental Rights of the EU.

Processing (personal data)

This is an operation or set of operations concerning personal data. The definition set forth by the DP Code is wide-ranging as it includes collection, recording, organization, storage, modification, selection, extraction, use, blocking, communication, dissemination, erasure and destruction of data. Each of these operations is an instance of processing.

S

Security Measures

Technical and organizational arrangements, electronic devices and/or computer software that are used to ensure that no data is lost or destroyed, even accidentally, only authorized entities may access the data, and no processing is performed either in breach of the law or by departing from that for which the data had been collected initially. The Data Protection Code lays down various measures, standards and procedures (e.g. requiring an user ID and password for data access; deployment of anti-virus software; instructions to regularly perform data back-ups) a Data Controller is to adjust to the processing depending on whether this is performed electronically or manually (i.e. as regards paper records and documents). Annex B to the Data Protection Code lists the minimum security measures that are to be implemented mandatorily in order not to be punished under the terms of Section 169 of the Code.

Sensitive Data

A personal data requiring special precautions on account of its nature. A sensitive data is any data that can disclose a person’s racial origin or ethnicity, religious or other beliefs, political opinions, membership of parties, trade unions and/or associations, health, or sex life.

COOKIES

Privacy code concerning cookies operation– Art. 13 e 122 Codice della Privacy

Here below we inform you about this website (“website” starting from here) operation concerning cookies.

“Cookie” definition

Cookies are short parts of text (letters and/or numbers) that allow the web server to store information on the client (the browser, for example: Internet Explorer, Chrome, Firefox, Opera). These information will be reused during the same visit in the website (session cookies) or later, even in the following days (persistent cookies). Cookies are stored, from the single browser to the specific device used (for example: computers, tablets, smartphones) based on user preferences.

Similar technologies, such as web beacons, transparent GIFs, and all forms of local storage introduced by HTML5, can be used to gather information about the user’s behavior and use of services. A cookie can not refer to any other data from the user’s hard disk or transmit computer virus or gather email addresses. Each cookie is unique for the user’s web browser. Some of the cookies functions can be applied by other technologies.

The term “cookies” refers to cookies and all similar technologies.

Depending on the characteristics and the use of cookies, different types of cookies can be distinguished:

Technical Cookies that are strictly necessary: These are essential for the proper functioning of a website. These cookies are used to manage different web-related services (such as login or access to private website sections). The duration of cookies is limited to user’s work session or it can take longer in order to remember the visitor’s choices. Deactivating these necessary cookies may compromise your website use and browsing experience.

Analytics and Performance Cookies: These are used to gather and analyze website traffic and use anonymously. These cookies, though without identifying the User, allow, for example, to detect whether the same user comes back to the website at different times. They also allow to monitor the system and improve its performance and usability. These cookies can be deactivated without any loss of functionalities. This kind of cookies will be addressed in the paragraphs below.

Profiling Cookies (not working on this website). These cookies are permanent and they are used to identify (anonymously and not) user preferences and enhance his/her navigation experience. For more information on these cookies not used by the website, please visit the section on the site www.garanteprivacy.it/cookie

Purpose of treatment and purpose of technical session cookies.

Cookies used on the website are solely for the purpose of performing computer authentications or session tracking and storing specific technical information about Users accessing the servers of the Data Controller that manages the website. For this reason, some transactions on the website could not be done without the use of cookies, which in such cases are therefore technically necessary. For example, access to any reserved areas in the website would be much more complex and less secure without the presence of cookies that allow User identification during the entire session.

In accordance with Article 122 (1) of the Privacy Code (in the formulation after Legislative Decree No.69 / 2012) technical cookies may be used even without the consent of the person concerned. The European Committee consisting of all the Member States’ Competitiveness Authorities (the “Article 29” Group) has clarified in Opinion 4/2012 (WP194) entitled “Exemption from Consent for Use of Cookies “that some cookies do not need to acquire the prior consent by the user. Herein the list of these cookies:

1) cookies with data fulfilled by user (session identifier), of the duration of a session, or persistent cookies limited to a few hours in some cases;

2) Authentication cookies, used for authenticated services, of the duration of a session;

3) user-centered security cookies, used to identify authentication abuses for a persistent limited lifetime;

4) session cookies for media players, such as cookies for “flash” readers, of the duration of a session;

5) session cookies for load balancing, of the duration of one session;

6) persistent cookies for the user interface customization, of the duration of a session (or little more);

7) cookies to share contents via third-party social plug-ins, for members of a social network that logged in.

The owner of personal data use informs you that only technical cookies (such as those listed above) are used within the website as they provide essential functions such as authentication, validation, navigation session management, and fraud prevention. They permit, for example, to: identify if the user regularly had access to areas of the website that require prior authentication or user validation and session management for different services and applications or the retention of data for secure access or the control and prevention functions of fraud.

For transparency reasons, a list of technical cookies and operational cases specific to the website are listed below:

• cookies implanted directly at the user/contractor terminal (which will not be used for further purposes) such as session cookies used to book online of the Box, authentication cookies, customization cookies (for example to choose the navigation language, authomat fulfillment of ID and password with first character typing, etc);

• Cookies used to statistically analyze site visits (so-called “analytics” cookies) which pursue only statistical purposes (and not even profiling or marketing) and collect information in aggregate form without individdual user identification. In these cases, since current legislation requires cookies analytics to be provided to the person concerned with a clear and adequate indication of simple ways to opt-out (including any cookie anonymization mechanisms) , we suggest that you can turn off cookies analytics as follows: Open your browser, select the settings menu, click on Internet Options, open the privacy tab, and choose the desired cookie blocking level. If you want to delete cookies already saved in memory, simply open the security tab and delete the history by checking the “delete cookies” box.