Privacy Information in accordance with art. 13 d.lgs. 196/03 In accordance with art. 13 d.lgs. 196/03 (c.d. privacy code) we inform you that all personal data you provide us will be used by Vaise di Martina Pignaffo, legal head office in Trebaseleghe (PD), via Montello II 55, CAP 35010, ph. 0039 3341186460 limited to the information necessary for the best management of relationship with you, through paper and electronic registration according to the conditions reported below.
Kinds of data that could be used by Vaise
- Personal, financial and fiscal data;
- Telephone, fax and email contacts;
- Statistician data and market analysis results;
- Advertising data to send advertising messages;
- Data on service provided or useful to allow an effective organization of the service provided;
- Data on touristic interests;
- Data linked to service quality monitoring; tecnical and organizational data and other data useful to monitor the quality of services provided.
Vaise will use personal data provided by you in order to:
- Comply with all obligations due to laws, rules, european and international regulations (particulrly concerning accounting, tax system, health and public safeguard);
- Comply with all contractual and pre-contractual obligations among the parts;
- Comply with all obligations, other than those linked tto sub a) and b), linked to accounting issues and financial protection;
- Guarantee rights, even from third parts, at administrative and judicial level;
- Comply with obligations linked to warranty and insurance contracts to cover civil responsibility risks;
- Check service quality and customer satisfaction without any precise identifications;
- Promote the service provided through marketing campaigns and commercial initiatives, direct advertising comunications;
- Perform statistical researches with no user profilation.
Data named above sub 1, could be managed with electronic tools according to reasons and forms strictly connected to obligations and goals reported above. Data could be obtained from different channels both linked to the user and not. Data will be always stored in order to minimize the risk of loosing or damaging data, of unauthorized access and processing data. Data will be stored for a period of time necessary to comply with obligations and goals reported in the previous paragraph.
Data provided could be comunicated to third parts – adequate public or private recipients – if i twill be necessary or suitable (in compliance with obligations and goals reported at point 2). Adequate recipients could be: insurance companies, trusted lawyers, advertising agencies, market researchers, marketing and communication agencies. Data could be also comunicated to employees and partners of Vaise of Martina Pignaffo, in accordance with their roles and tasks and limits linked to each employee/partner. Data could also be comunicated to agents, salesperson, advisors and outsourcers engaged by Vaise (ex. Art. 29 privacy code).
- International Data Transfer
Data provided could be transfered abroad even in not european countries with limitations and goals stated in paragraph 2.
The owner of this procedure is:
Ditta individuale Vaise di Martina Pignaffo
Via Montello II n. 55
35010 Trebaseleghe (Padova – Italia)
C.F. : PGNMTN90L48B563N
iscritta al Registro Imprese di Padova
R.E.A.: PD – 440129
tel. 0039 334.1186460
- Person in charge
The person in charge of data management for Vaise is Martina Pignaffo whose address is reported in sub. Par.6.
- Data sources and potential refuse consequences
Data provision stated on sub.1 is optional. Nevertheless the user refuse would not allow to provide contractual services agreed and complementary activies necessary to develop and conclude performances by Vaise. In any case, user approvali s not required to collect and manage personal data contained in public registers in accordance with art. 24 of Privacy Code. User approval is not also necessary to respect obligations due to law or to contracts interesting the user (such as the contract on which is based the relationship with Vaise).
- User rights
User rights reported in detail in art. 7 of Privacy Code are always guaranteed. Text has been translated and reported below:
“User has the right to obtain confirm about the existence of personal data on him/her even if data have not been registered yet and their comunication.
- User has the right to obtain information about:
- a) personal data source;
- b) processing data goals and procedures;
- c) logical methods used in case of data processed through electronic tools;
- d) data necessary to identify the owner, people in charge and other people allowed according to art. 5, comma2;
- e) people or categories who can receive personal data as people in charge of.
- User has the right to obtain:
- a) Data update, change or integration if he/she is interested in it;
- b) Data cancellation, transformation into anonymous or interruption in case of violation;
- c) Demonstration that operations addressed in the previous points a) and b) have been comunicated to everyone who had received or known those data. Exception in case of the fulfillment is impossible or particularly difficult or expensive to be guaranteed.
- The user has the right to take position against, completely or in part:
- a) for legal reasons concerning data processing which refer to him or the collection goals;
- b) to his/her personal data processing aimed to advertisement promotions and comunications or market analysis.”
I received the data privacy report and I authorize Vaise – owned by Martina Pignaffo, located in via Montello II n.55, 35010 Trebaseleghe (Padova – Italia) – to process my personal data aimed to the goals reported above.
(estratto da http://www.garanteprivacy.it/)
An instrument adopted by the Italian DPA to authorise the Data Controller (a public body, a company, a self-employed professional) to process certain «sensitive» or judicial data or to transfer personal data abroad.
Regarding sensitive and judicial data, General Authorisations have been issued by the Italian DPA to enable various categories of data controllers to process personal data for the purposes specified therein without applying for ad-hoc authorisations to the DPA.
Disclosing personal data to one or more specific entities (other than the Data Subject, the Data Processor, or a Person Tasked with Processing) in whatever manner, also by making the data available or accessible.
The free indication of the Data Subject’s wish to explicitly accept a specific processing operation concerning their personal data, of which the Data Subject was informed beforehand by the entity empowered to decide on that processing (the Data Controller). It is enough for written «proof» of consent to be available, i.e. for the consent to be noted, transcribed, entered by the Data Controller and/or the Data Processor and/or a Person Tasked with Processing in a register, instrument or minutes – unless the processing operation concerns «sensitive» data, in which case the data subject has to give written consent (e.g. by undersigning a form). Some types of processing may be performed without the Data Subject’s consent under the terms of Section 24 of Italy’s Data Protection Code.
The data controller is the natural person, company, association or other entity that is factually in control of the processing of personal data and is empowered to take the essential decisions on the purposes and mechanisms of such processing including the applicable security measures. If personal data is processed by a company or a public administrative body, it is the entity as a whole that acts as the data controller rather than the individual or department/unit that manages or represents such entity (e.g. Chairperson, CEO, auditor, Minister, Director General, etc.). The cases where an individual is the data controller mostly concern processing operations performed by self-employed professionals or single-person corporations.
The data processor is the natural person, company, association or organization the Data Controller has entrusted with specific data processing management and control tasks on account of the relevant experience and/or skills.
The natural person a personal data relates to
Data Subject’s Rights
Under Italy’s Personal Data Protection Code, every Data Subject has various rights in connection with the processing of their personal data (see Section 7):
- The right to obtain general information on processing operations performed in our country by accessing, free of charge, the online Register of Processing Operations kept by the Italian DPA;
- The right to access their own personal data directly at the entity holding such data (the Data Controller), i.e. the right to obtain confirmation that such data exists and communication of the data as well as to know the source of the data and what criteria and purposes apply to its processing. In the latter case the Data Controller may charge a fee («handling fee») if it is found that no data relating to the data subject is held;
- The right to obtain erasure or blocking of any data that is processed in breach of the law, for instance because no consent was asked for. This right may also be exercised if there is no valid reason any longer for retaining data that had been collected lawfully;
- The right to have inaccurate and/or incomplete data updated, rectified or supplemented;
- In the cases mentioned under 3. and 4. above, the right to obtain confirmation from the Data Controller that the above operations have been also made known to the entities the data had been communicated to beforehand, unless this proves impossible or requires a disproportionate effort compared to the right to be protected;
- The right to object to the processing of one’s own data on legitimate grounds;
- The right to object, in any and all cases, to the processing of one’s own data for commercial information purposes and/or for sending advertising or direct selling materials and/or for market research purposes.
Making personal data known to the public at large and/or to an indefinite amount of entities – for instance, by publishing personal data in a daily or posting personal data on a web page
Garante (Italian DPA)
The Garante, i.e. the Italian Data Protection Authority (DPA), is an administrative independent authority set up by the «Privacy Act» (675/1996, now merged into the consolidated Personal Data Protection Code). Similar authorities have been set up in all EU countries pursuant to Article 8 of the Charter of Fundamental Rights of the European Union. The Garante is tasked with ensuring the protection of fundamental rights and freedoms as regards the processing of personal data along with respect for individuals’ dignity. It is made up of four commissioners elected by Parliament and is headquartered in Rome – Piazza di Monte Citorio, 121. The Garante runs an Office with 125 staff members. The Garante handles citizens’ claims and reports and supervises over compliance with the provisions protecting private life. It decides on complaints lodged by citizens and is empowered to prohibit, also of its own motion, any processing operation that is unlawful or unfair. It can perform inspections, impose administrative penalties, and issue opinions in the cases mentioned by the Data Protection Code. It can also draw Parliament’s and Government’s attention to the desirability of regulatory measures concerning personal data protection.
A notice containing the information the Data Controller is required to provide to every Data Subject, either orally or in writing, whenever a data is collected either from the Data Subject or from third parties. The Information Notice must specify, in a concise and user-friendly manner, what purpose(s) and mechanisms apply to the processing; whether the Data Subject is obliged to provide the data or not; what consequences may result from the failure to provide the data; who the data may be communicated or disseminated to; what rights are afforded to the Data Subject; who the Data Controller (and the Data Processor, if any) is and how one can contact them (address, phone, fax, etc.).
A personal data disclosing that certain judicial measures have been taken in respect of a person such as to require their inclusion into that person’s criminal record (e.g. final criminal convictions; paroling; residency and/or movement restrictions; measures other than custodial detention). The fact of being a defendant and/or the subject of criminal investigations falls within the scope of this definition as well.
This is a one-shot communication the Data Controller is to give to the Garante by means of an ad-hoc form to be sent electronically and signed digitally (see the DPA’s website for additional procedural details). The notification describes the main features of the processing (categories of processed data, purposes of the processing, place where the processing is performed, data recipients in Italy or abroad, security measures in place). Notification must be given prior to starting the processing and is not to be re-submitted if no features of the processing change. Thus, if the purposes of the processing or the nature of the Data Controller are modified, a new notification must be given to the DPA. All notifications are kept in a «Register of Processing Operations» that is publicly accessible free of charge via the Internet. Citizens may get information through it and use it for the purpose of applying personal data protection legislation – e.g. to exercise data access rights or any other right set forth in the Data Protection Code. Checks on the notified processing operations will be performed by way of the Register and the information contained in the relevant notification will be verified. If a Data Controller is not required to notify a processing operation, it must nevertheless provide the information contained in the notification form to any person requesting it as part of the exercise of that person’s access rights and/or any other right set forth in Section 7 of the Data Protection Code.
Person Tasked with Processing
An employee or a co-worker that processes or factually uses personal data on behalf of the Data Controller’s organization in accordance with the instructions given by the Data Controller and/or the Data Processor (if the latter has been appointed).
Any information concerning natural persons that are or can be identified also by way of other items of information – e.g., via a number or an ID code. For instance, personal data is one’s first or last name, address, Tax ID as well as a picture, the recording of one’s voice or one’s fingerprint, or medical, accounting or financial information relating to that person.
Privacy nowadays does not mean only the «right to be left alone» or to protect one’s private sphere, as it is above all the right to be in control of how one’s personal data are used and moved about. Personal information is actually the key commodity in today’s information society. The right to privacy and the right to the protection of personal data are fundamental human rights and relate directly to the protection of human dignity, as also enshrined in the Charter of Fundamental Rights of the EU.
Processing (personal data)
This is an operation or set of operations concerning personal data. The definition set forth by the DP Code is wide-ranging as it includes collection, recording, organization, storage, modification, selection, extraction, use, blocking, communication, dissemination, erasure and destruction of data. Each of these operations is an instance of processing.
Technical and organizational arrangements, electronic devices and/or computer software that are used to ensure that no data is lost or destroyed, even accidentally, only authorized entities may access the data, and no processing is performed either in breach of the law or by departing from that for which the data had been collected initially. The Data Protection Code lays down various measures, standards and procedures (e.g. requiring an user ID and password for data access; deployment of anti-virus software; instructions to regularly perform data back-ups) a Data Controller is to adjust to the processing depending on whether this is performed electronically or manually (i.e. as regards paper records and documents). Annex B to the Data Protection Code lists the minimum security measures that are to be implemented mandatorily in order not to be punished under the terms of Section 169 of the Code.
A personal data requiring special precautions on account of its nature. A sensitive data is any data that can disclose a person’s racial origin or ethnicity, religious or other beliefs, political opinions, membership of parties, trade unions and/or associations, health, or sex life.
Privacy code concerning cookies operation– Art. 13 e 122 Codice della Privacy
Here below we inform you about this website (“website” starting from here) operation concerning cookies.
Cookies are short parts of text (letters and/or numbers) that allow the web server to store information on the client (the browser, for example: Internet Explorer, Chrome, Firefox, Opera). These information will be reused during the same visit in the website (session cookies) or later, even in the following days (persistent cookies). Cookies are stored, from the single browser to the specific device used (for example: computers, tablets, smartphones) based on user preferences.
Similar technologies, such as web beacons, transparent GIFs, and all forms of local storage introduced by HTML5, can be used to gather information about the user’s behavior and use of services. A cookie can not refer to any other data from the user’s hard disk or transmit computer virus or gather email addresses. Each cookie is unique for the user’s web browser. Some of the cookies functions can be applied by other technologies.
The term «cookies» refers to cookies and all similar technologies.
Technical Cookies that are strictly necessary: These are essential for the proper functioning of a website. These cookies are used to manage different web-related services (such as login or access to private website sections). The duration of cookies is limited to user’s work session or it can take longer in order to remember the visitor’s choices. Deactivating these necessary cookies may compromise your website use and browsing experience.
Analytics and Performance Cookies: These are used to gather and analyze website traffic and use anonymously. These cookies, though without identifying the User, allow, for example, to detect whether the same user comes back to the website at different times. They also allow to monitor the system and improve its performance and usability. These cookies can be deactivated without any loss of functionalities. This kind of cookies will be addressed in the paragraphs below.
Profiling Cookies (not working on this website). These cookies are permanent and they are used to identify (anonymously and not) user preferences and enhance his/her navigation experience. For more information on these cookies not used by the website, please visit the section on the site www.garanteprivacy.it/cookie
Purpose of treatment and purpose of technical session cookies.
1) cookies with data fulfilled by user (session identifier), of the duration of a session, or persistent cookies limited to a few hours in some cases;
2) Authentication cookies, used for authenticated services, of the duration of a session;
3) user-centered security cookies, used to identify authentication abuses for a persistent limited lifetime;
4) session cookies for media players, such as cookies for «flash» readers, of the duration of a session;
5) session cookies for load balancing, of the duration of one session;
6) persistent cookies for the user interface customization, of the duration of a session (or little more);
7) cookies to share contents via third-party social plug-ins, for members of a social network that logged in.
The owner of personal data use informs you that only technical cookies (such as those listed above) are used within the website as they provide essential functions such as authentication, validation, navigation session management, and fraud prevention. They permit, for example, to: identify if the user regularly had access to areas of the website that require prior authentication or user validation and session management for different services and applications or the retention of data for secure access or the control and prevention functions of fraud.
For transparency reasons, a list of technical cookies and operational cases specific to the website are listed below:
- cookies implanted directly at the user/contractor terminal (which will not be used for further purposes) such as session cookies used to book online of the Box, authentication cookies, customization cookies (for example to choose the navigation language, authomat fulfillment of ID and password with first character typing, etc);
- Cookies used to statistically analyze site visits (so-called «analytics» cookies) which pursue only statistical purposes (and not even profiling or marketing) and collect information in aggregate form without individdual user identification. In these cases, since current legislation requires cookies analytics to be provided to the person concerned with a clear and adequate indication of simple ways to opt-out (including any cookie anonymization mechanisms) , we suggest that you can turn off cookies analytics as follows: Open your browser, select the settings menu, click on Internet Options, open the privacy tab, and choose the desired cookie blocking level. If you want to delete cookies already saved in memory, simply open the security tab and delete the history by checking the «delete cookies» box.