In order to offer personalized and non-personalized services, provided by its website, Ci.Ti.Elle, as Data Controller, must process some identification data necessary for the provision of the same.
Pursuant to art. 13 GDPR 679/2016 – “European regulation on the protection of personal data” and in relation to the personal data concerning you and which will be the object of the processing, Ci.Ti.Elle guarantees, within the scope of the regulatory provisions, that the processing of data personal data is carried out in compliance with fundamental rights and freedoms, as well as the dignity of the interested party with particular reference to confidentiality, personal identity, the right and protection of personal data.
This document describes the management methods of the citielle.com site with reference to the processing of personal data of those who interact with the services provided: the information is provided pursuant to the European Regulation on the protection of personal data “679/2016 (of hereafter GDPR) only for the site in question and not for other sites that may be consulted by the user via links, of which Ci.Ti.Elle is in no way responsible. This information is therefore prepared and customized for visitors to the citielle.com site and this document cancels and completely replaces any other document that had been previously published on the subject of web privacy and cookies.
Specific additional and contextual information is reported on the pages of the site, prepared for particular services on request that provide forms for data collection.
TYPES OF DATA PROCESSED
Personal data can be collected automatically during navigation and use of the site and the services provided therein or be entered voluntarily by the user. Among the personal data collected by the Data Controller independently or through third parties, there could be, by way of example and not limited to: cookies, usage data, password, name, surname and email.
Browsing data and other data
Failure by the user to provide some personal data may prevent the site from providing its services.
Personal data provided voluntarily by the user
At various points on this site, the user has the ability to transmit their personal data (e.g. e-mail address, name, postcode, other personal and non-personal data) also by filling in forms or sending e-mail messages. The provision of these data takes place on an optional, explicit and voluntary basis, and involves the subsequent acquisition of the sender’s email address, necessary to respond to requests, as well as any other personal data entered for the purposes of the service and those further granted by the user. Specific summary information is found on the pages that provide for the forms, with any indication of the obligation to provide the data necessary to use the specific service.
The user assumes responsibility for the personal data of third parties that may be published or shared through this site and guarantees to have the right to communicate or disseminate them, freeing the owner from any liability to third parties.
LEGAL BASIS OF THE PROCESSING
Personal data are processed, as better highlighted in the next paragraph, exclusively for purposes relating to the activity of Ci.Ti.Elle and the related obligations; the legal bases can be found in the consent (eg for the processing of “special categories of personal data” or for marketing / profiling) and / or in the execution of a contract or a service we manage to which the user is a party o in the execution of pre-contractual measures adopted at the request of the user and / or in fulfilling legal obligations to which the undersigned owner is subject and / or in the legitimate interest of the same.
PURPOSE OF THE TREATMENT
User data is collected and processed for the following purposes:
- carrying out operations strictly connected and instrumental to the management of relationships with users or visitors to the site, such as:
- registration and authentication;
- collection, storage and processing of user data for:
- statistical analysis also in anonymous and / or aggregate form;
Further processing purposes could be implemented, subject to the release of explicit consent, when necessary, in relation to the services that can be activated within the site and these include, by way of example and not exhaustive: interaction with social networks and external platforms, applications social media, payment management, interaction with support and feedback platforms, infrastructure monitoring, traffic optimization and distribution, interaction with live chat platforms, remarketing and behavioral targeting, address management and sending of email messages, display of content from external platforms, commercial affiliation, heat mapping, user database management and management of support and contact requests.
RIGHT TO PROVIDE DATA, CONSEQUENCES OF ANY REFUSAL AND MANAGEMENT OF CONSENT, WHERE PROVIDED
The provision of data is optional, except for those indicated as mandatory to allow the user to access the services offered.
The processing of data for the accomplishment of the purpose, referred to in point 1 of the previous paragraph, is mandatory and any non-communication, or incorrect communication, of one of the information may limit and / or prevent the full use of the functions. and the services on the site.
With regard to the optional provision, more information is provided regarding the cookies on the site in the “Cookies Policy” document accessible both from this complete information note and from the brief information contained in the banner published on the site.
In accordance with current legislation, the user may be required to give consent, for the processing of data for which such consent is mandatory, by ticking the appropriate box in the specific registration form. It is understood that consent refers to the processing of data with the exception of those strictly necessary for the operations and services requested by the user, at the time of his / her accession, as the consent itself is not necessary for these activities.
Furthermore, only with the express consent of the user can the data be used to make communications for market surveys or commercial information on the products and promotional initiatives of the Data Controller by postal mailing, e-mail, telemarketing, sms, mms.
At any time it will be possible to re-read the information and possibly modify the consents previously provided, verify and / or modify the status of active services and possibly request additional services.
METHOD OF TREATMENT
The processing of personal data may be carried out with or without the aid of electronic and in any case automated means, also by associating and integrating them with other databases, and also by means of cookies. In any case, the processing will be carried out in compliance with every precautionary measure, which guarantees its security and confidentiality, for the time necessary to perform the service requested by the user, or required by the purposes described in this document, and the user you can always ask for the interruption of the treatment or the cancellation of the data.
Ci.Ti.Elle has also prepared all the IT security measures, in compliance with the methods indicated in the GDPR with the adoption of the security measures deemed adequate in order to minimize the risk of violation of users’ privacy by third parties, constantly updated and whenever it proves indispensable.
The data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For more information, you can contact the Data Controller at the addresses specified below.
Personal data will be processed for the time strictly necessary to achieve the purposes described above, to fulfill contractual, legal and regulatory obligations without prejudice to the statutory and statutory limitations, in compliance with the rights and in compliance with the consequent obligations.
In particular, the criteria used to determine the retention period are established by specific laws (which regulate the sector in which Ci.Ti.Elle operates), and by tax legislation regarding the processing of administrative-accounting data. With reference to the data collected for commercial purposes (referred to in point 2), the details are limited – for the profiling activity – to 1 year from the acquisition date and 2 years for the direct marketing activity.
Finally, the personal data of the site user may also be kept up to the time allowed by Italian law to protect the legitimate interests of the Data Controller (Article 2947, co. 1 and 3 of the Italian Civil Code) “.
INFORMATION ABOUT THE DATA
The processing of personal data will be carried out, within the limits of the general authorizations issued by the Guarantor for the protection of personal data, by means of subjects expressly and specifically authorized by Ci.Ti.Elle. The data may also be processed by third parties (outsourcers), which are used for the provision of services related to the purpose pursued, which our organization binds with specific contractual clauses or acts of formal appointment to External Managers for the processing by these places in place. In all cases, these subjects will process the data in accordance with the instructions received from the Data Controller, according to operational profiles attributed to them in relation to the functions performed, limited to what is necessary and instrumental for the execution of specific operations in the context of the services requested and exclusively for the achievement of the purposes indicated in this information. The list of data processors, constantly updated, can be requested by sending a communication in the manner indicated in the following point concerning the rights of the data subject.
COMMUNICATION AND DIFFUSION
The data may be communicated, with this term meaning the disclosure of it to one or more specific subjects, in the following terms:
- to subjects, public and private, who can access the data by virtue of the provision of law, regulation or community legislation, within the limits set by these rules (for example, social security and welfare institutions and bodies, associations of local authorities, public administrations and bodies, associations, foundations, associations and / or insurance bodies or bodies)
- to subjects who need to access data for purposes auxiliary to the relationship between the parties, within the limits strictly necessary to carry out the auxiliary tasks (by way of example, banks and credit institutions, service supply companies, carriers and companies are mentioned of shipments)
- to our consultants, within the limits necessary to carry out their assignment at our organization, subject to our letter of appointment which imposes the duty of confidentiality and security
- to companies (which provide auxiliary services, including IT), subject to the signing of appropriate contractual clauses that impose the duty of confidentiality and security.
The data will not be disclosed, with this term meaning the disclosure to indeterminate subjects in any way, including by making them available or consulting, unless specific, free and informed consent is granted for each type of treatment.
Defense in cour
The user’s personal data may be used for defense by the Owner in court or in the stages leading to its eventual establishment, against abuses in the use of the same or related services by the user. The user declares to be aware that the Data Controller may be required to disclose the data at the request of the public authorities.
The owner of the processing of personal data is Ci.Ti.Elle with registered office in C.so Agnelli, 42 – Turin. The Data Controller keeps an updated list of the appointed managers, and guarantees that they have been read by the interested party at the aforementioned office.
RIGHTS OF THE INTERESTED PARTY
The interested parties, to whom the personal data refer, have the right to exercise their rights at any time (Right of access to personal data and other rights), in particular: right to obtain confirmation of the existence or otherwise of their personal data, to access it and to know its content and origin, to verify its accuracy, to request its integration or updating, limitation of treatment or portability. Rectification and blocking may be requested if the data are incomplete, erroneous or collected in violation of current legislation and in this sense it is also possible to oppose their processing for legitimate reasons or to any automated decision-making process (including profiling), as is For the same reasons, it is also possible to request cancellation as long as it is in compliance with current regulations and if there are no other storage and processing obligations for Ci.Ti.Elle. The interested parties also have the right to object to the processing of their personal data for the marketing purposes (indicated in point 2), even if carried out with automated contact methods; this right also extends to traditional ones and the interested parties may exercise these rights in whole or in part (eg only to communications via sms, e-mail or telephone or by opposing only the sending of promotional communications made through automated tools, etc.) .
With regard to the exercise of their rights listed above, as well as to know the updated list of those responsible for the processing of personal data, the interested party may address their requests through specific communication by post addressed to the same Company, or through the box by e-mail: email@example.com, also by sending a communication to the e-mail address indicated, in order to obtain a prompt reply.
If the interested party has given consent to the processing for a specific purpose, the same always has the right to revoke it at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation.
We also remind you that the interested party always has the right to lodge a complaint with the Guarantor Authority for the protection of personal data for the exercise of his rights or for any other matter relating to the processing of his personal data.
APPLICATION AND CHANGES TO THIS INFORMATION NOTICE
Publication date 25 May 2018