Scope of the application of the European Regulation (EU) 2016/679 (General Data Protection Regulation - “GDPR”) of the European Parliament and of the Council
The Regulation applies "to the processing of personal data carried out in the context of the activities of an establishment by a data controller or a data processor in the Union, regardless of whether the processing is carried out in the Union or not" and, in paragraph 2 below, that the Regulation applies "to the processing of personal data of data subjects located in the Union, carried out by a data controller or a data processor who is not established in the Union, when the activities they concern: (a) the offer of goods or the provision of services to the aforementioned data subjects in the Union, regardless of whether a payment is required by a data subject; or (b) monitoring their behavior to the extent that such behavior takes place within the Union ".
This document describes how to manage the site with reference to the processing of personal data of users who consult it.
This information is provided pursuant to Chapter III of Regulation (EU) 2016/679 (“GDPR”), to those who interact with the web services offered by La Scarpetta di Venere di Alice Vitelli (“La Scarpetta di Venere”) accessible electronically from the Internet addresses www.scarpettadivenere.it corresponding to the home pages of the Internet sites managed by La Scarpetta di Venere.
The information is provided only for this site and not for other websites that may be consulted by the user via links. The information is also based on Recommendation no. 2/2001 that the European authorities for the protection of personal data, gathered in the Group established by art. 29 of directive n. 95/46 / EC, adopted on 17 May 2001 to identify some minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that the data controllers must provide to users when they connect to web pages, regardless of the purpose of the link.
The Recommendation and a brief description of its purposes are reported on the website of the Guarantor for the protection of personal data http://www.garanteprivacy.it.
Following consultation of this site, data relating to identified or identifiable persons may be processed.
The Data Controller is:
La Scarpetta di Venere di Alice Vitelli
Registered office in Civitanova Marche,
Via Omero 14, 62012 (MC), Italy.
VAT number 02025150448.
Contact details: Cell phone 347 316 0500.
Place of data processing
The treatments connected to the web services of this site take place at the La Scarpetta di Venere facility or at third-party hosting companies in charge and are managed only by technical personnel in charge of processing, or by any persons in charge of occasional maintenance operations.
No data deriving from the web service is communicated or disclosed to third parties except for legal obligations or contractual obligations.
The data is stored on systems within the European Community or in countries that have regulations relating to the protection of personal data consistent with the European Regulation and validated by reference standards.
Type and source of Data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified data subjects, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this possibility, the data on web contacts do not persist for more than seven days.
Personal Data provided by the data subject
The optional, explicit and voluntary sending of emails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
Specific information pursuant to Chapter III of Regulation (EU) 2016/679 with any request for consent to the processing will be reported or connected via links on the pages of the site prepared for the acquisition of personal data.
When you visit this website, cookies will be saved on your PC.
Cookies are small text files that the website records on your computer or mobile device, for technical purposes (such as the management of navigation within the site) or for statistical purposes (to know, for example, the number of people who have visited the various sections of the website or the times of greatest influx of visitors).
This information is useful to ensure the efficient functioning and navigation of our website.
Cookies are not used to share information of a personal nature, nor are persistent cookies used, or systems for tracing users, of any kind. The use of session or technical cookies (which are not stored permanently on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary for safe and efficient exploration of the site.
The session or technical cookies used on this site avoid the use of other IT techniques that are potentially prejudicial to the confidentiality of users' browsing and do not allow the acquisition of the user's personal identification data.
Google Analytics (Google Inc.)
The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.
Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Googl
Google may use the Personal Data to contextualize and personalize the advertisements of its own advertising network.
Personal Data collected: Cookies and Usage Data.
Disable Google Analytics tracking
Google itself has released a plugin, compatible with the main browsers (Chrome, Firefox and Internet Explorer), which deactivates the ga.js code, or the Google product web tag system that allows you to monitor sites, measure online activities users so that website owners can have more information on the visibility of their pages and be able to optimally enhance the content. The add-on and further information can be found at the link https://tools.google.com/dlpage/gaoptout?hl=it.
Optional supply of data
Apart from what is specified for navigation data, the user is free to provide personal data contained in the various forms on the site according to the indications in the relevant information pursuant to Chapter III of Regulation (EU) 2016/679.
Failure to provide the data indicated as mandatory will make it impossible for the User to participate in the specific activity.
For the sake of completeness, it should be remembered that in some cases (not subject to the ordinary management of this site), the Authority for the protection of personal data may request news and information pursuant to Art. 157 of Legislative Decree 196/2003, for the purpose of monitoring the processing of personal data. In these cases the reply is mandatory under penalty of an administrative sanction.
Your Personal Data will be processed by suitable electronic or automated means and computerized tools, exclusively for the purposes for which they have been collected and guaranteeing the security and confidentiality of any processed information.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
Rights of the data subject
One of the fundamental rights of the data subject guaranteed by the General Data Protection Regulation (EU) 2016/679 (GDPR) is certainly the right of access which is governed by Art. 15 where it is established that the data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning the data subject are being processed and, if such processing is in progress, access to the data and the following information:
a) The purposes of the processing
b) The categories of personal data in question
c) The recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations
d) When possible, the retention period of personal data provided or, if not possible, the criteria used to determine this period
e) The existence of the data subject's right to ask the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their processing
f) The right to lodge a complaint with a supervisory authority
g) If the data are not collected from the data subject, all available information on their origin
h) The existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
The data controller must provide the data subject with information relating to the action taken regarding an access request, pursuant to Articles 15 to 20 (General Data Protection Regulation (EU) 2016/679 (GDPR), without undue delay and at the latest within one month of receipt of the request. This deadline can be extended for a maximum of two more months, if necessary, taking into account the complexity of the request and the number of requests.
If the extension applies, the interested party is informed of the reasons for the delay within one month of receiving the request. If the interested party submits the request in electronic format, the information is provided, where possible, in electronic format, unless otherwise indicated by the interested party.
Other rights of the data subject are:
The right of rectification for which the interested party has the right to obtain from the data controller the correction of inaccurate personal data concerning the subject data without undue delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.
The interested party, on the other hand, has the right to obtain from the data controller the limitation of processing when one of the following scenarios occurs:
a) The data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data.
b) The processing is unlawful and the interested party opposes the cancellation of personal data and instead requests that its use be limited.
c) Although the data controller no longer needs it for processing purposes, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court.
d) The interested party opposed the processing pursuant to Article 21, paragraph 1, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
If the processing is limited, personal data are processed, except for storage, only with the consent of the interested party or for the assessment, exercise or defense of a right in court or to protect the rights of another physical person or juridical person or for reasons of significant public interest of the Union or of a Member State.
With the recognition of the right to cancellation and permanently erased, the interested party must have the right to request that their personal data that are no longer necessary for the purposes for which they were collected or otherwise processed be deleted and no longer processed. When the data subject has withdrawn his consent or has opposed the processing of personal data concerning him or when the processing of his personal data is not otherwise compliant with the Regulations.
This right is particularly relevant if the data subject gave consent when he was a minor, and therefore not fully aware of the risks arising from the processing, and subsequently wishes to delete this type of personal data, in particular from the Internet.
Finally, Art. 20 of the Regulation introduces a new right compared to the previous legislation, namely the right to data portability for which the interested party has the right to receive the personal data concerning the data subject provided in a structured, commonly used and machine-readable format to a data controller and has the right to transmit such data to another data controller from the data controller to whom he provided them if:
a) The processing is based on consent pursuant to Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), or on a contract pursuant to Article 6, paragraph 1, letter b); and b) the processing is carried out by automated means.
Requests should be sent to the Data Controller at the contact numbers listed above.