PRIVACY NOTICE PURSUANT TO GDPR
This privacy notice shall illustrate how this Website is managed with regard to any processing activities of the personal data of its users, as well as the processing procedures of any data sent by the data subject to the Data Controller through this Website.
In compliance with the provisions of sections 13 (with regard to any data collected at the data subject) and 14 (with regard to any data not collected at the data subject), of EU Regulation 2016/679 (GDPR), we hereby provide to the Users of this Website the following information, exclusively concerning the processing activities performed through this Website and not through other websites visited through any links shown thereon (if any); with regard to these websites, our users are invited to read the relevant privacy policies provided by the relevant data controllers.
This Website, as well as any services offered (if any) therein, shall be used solely by persons at least 18 years old. The Data Controller shall not, therefore, collect any data of any persons who are less than 18 years old. At request of the users, the Data Controller shall promptly delete any and all personal data unintentionally collected.
1. Data Controller
WMR srl with registered office in P.zza Maria Borgato Soti 2 Saonara 35020 PD, VAT no. 03874330289 (hereinafter, also, WMR or the “Data Controller”), in its capacity as data controller of any personal data of the users of the https://www.studiocappello.it website (hereinafter, the “Users”), hereinafter sets forth the privacy notice pursuant to the provisions of section 13 of Legislative Decree No. 196/2003 (hereinafter, the “Italian Privacy Code”) and of section 13 of EU Regulation 2016/679 of April 27th, 2016 (hereinafter, “GDPR”; the Italian Privacy Code and GDPR shall be jointly defined as the “Applicable Laws”).
The Data Controller reserves the right to appoint, as Data Processor for any personal data managed for any technical assistance, maintenance, technical management and similar purposes, with regard to this Website, a web agency or a consultant, whose details may be subsequently requested to the above mentioned addresses. The Data Controller and Data Processor shall process the Users’ data also through the persons in charge thereof, specifically entrusted within their organizations and acting based on written or oral instructions on how to properly process any personal data.
You may contact the Data Protection Officer (DPO) by sending an email to: email@example.com
2. Source and Categories of the Processed Data
- Browsing Data
- Any data willingly provided by the users, including:
- Common data (identification data, personal details, invoicing and similar data)
- Only exceptionally, special data (section 9, GDPR)
- Only exceptionally, criminal data (section 10, GDPR)
Sources: browsing, other websites and similar sources; the user; public sources.
Firstly, we may process browsing data as well as cookies.
We are entitled to process also any data willingly provided by the user, e.g. through contact forms or communications sent via e-mail; such data may include common personal data (identification data, personal details, invoicing and similar data), and, exceptionally, special data, pursuant to the provisions of section 9, GDPR, or criminal data, pursuant to the provisions of section 10, GDPR, only to the extent such processing activities are required in light of the request of information received by us.
The data may derive from automatic or public sources, or be willingly provided by the relevant data subjects. For instance, such data may derive from the user’s browsing activities, providing certain information concerning previous browsing activities of other websites, including, but not limited to, cookies and similar technologies. Such data may also be willingly provided by the user or by certain entities connected to him/her. Other data may be obtained from public sources, including, but not limited to, those processed within the scope of researches and arising from analysis, public databases and similar sources.
3. Data Processing Purposes
The personal data of this Website Users, as described above, shall be processed in the modalities and forms set forth by GDPR to perform the functionalities of the Website, including, but not limited to, any procedures described herein to collect any data, contact forms, reserved area access/registration procedure (if any), subscription to newsletters, etc. In particular, any personal data provided to the Data Controller shall be processed for the following purposes:
- To fulfil any requests specifically submitted by the User to the Data Controller through this Website and its communication tools (contact forms, information request forms, etc)
- To subscribe to our newsletters and, consequently, receive commercial communication and various information concerning the Data Controller industry, provided that the user grants his/her consent thereto
- To communicate certain information concerning the services rendered by the Data Controller, replying to a request of information made by email or completing the relevant contact forms, or through any other communication tools
- For any purposes accessory or connected to those listed above and anyhow included in the activities of the Website
- To process any email address data, provided by the data subject within the scope of the sale of any products, or the provision of any services, also for the purpose of sending, without further consent, any communications on any subsequent direct sale of products or provisions of services similar to those subject matter of the above mentioned sale of products or provision of services; the data subject shall be entitled, in any event, to express his/her denial and object to such processing activities, either initially or subsequently, easily and free of charge, by following the instruction written in each subsequent communication
- To enter into and manage an agreement concerning any consultancy, services or professional training activities, including any legal, tax and contractual fulfilments however connected thereto
Any data provided shall be generically processed also following their being automatically collected during the user’s browsing activities, only for Website access control and assessment purpose. This shall apply also to any technical cookies, i.e. any session, function or analytics cookies having the requirements specified by the Data Protection Authority. In particular, the analytics cookies are created and used directly by the Website. In any event, with regard to such analytics cookies, the Website has complied with the clarification of the Data Protection Authority and provided the anonymization of any IP addresses and the amendment to data processing; the collection and use of such browsing data (without prejudice of the anonymization of the IP addresses) shall allow the monitoring of the Website operations and the enhancement of its services, in order to offer a better browsing experience to the User. For further information, please see the relevant cookies policy.
Data Collected through the Email Platform
In order to ensure a complete information, please be informed that Hotel WMR shall send its email communications by a complying platform which, using statistic tracking systems, allows us to know if a message is read, how many times the hyperlinks contained in the emails are clicked on, from which IP address and through which kind of browser the emails are opened, and similar details. Such data are collected to enhance the use of this platform, and are an integral part of the functionalities of the email sending system.
The User may also easily object to our further sending any newsletters, also by clicking the relevant consent withdrawal link in the emails to which the newsletters are attached. Once the User has withdrawn his/her consent, the Data Controller shall send to the User a message confirming that his/her withdrawal has been successfully made.
4. Legal Base of Data Processing
Any personal data processing is based on the information rights, on the fulfilment of contractual obligations or on mere social contacts between the parties, or, should the consent of the data subject be required, on the free and deliberate completion of any information fields in the relevant forms.
5. Legitimate Interest of the Data Controller
The personal data shall be processed also based on a legitimate interest of the Data Controller, including its exercising its rights within the scope of the information society, the performance of its contractual obligations and any direct marketing operations.
6. Obligation to Provide any Data
The browsing data to be provided by the Users, for the above listed purposes, shall depend on the privacy level setting abled or disabled by the User through his/her browser. In certain cases, the data disablement may affect the possibility to browse this Website. The provision of certain browsing data and/or the use of technical cookies may be required, with regard to certain areas of this Website, to ensure the proper functioning thereof.
Your providing certain of your data shall anyway be required in light of the same structure of this Website and of its procedures. The request of any other data, the provision of which is not mandatory, shall occur provided that the User checks an approval box. The User shall be free to provide, at his/her discretion, any other data, based on the kind of information he/she intends to provide to the Website.
7. Personal Data Recipients (if any)
The User’s data may be communicated to any controlling, controlled or affiliated companies of the Data Controller, as well as to any consultants or third parties, operating also in the name and on behalf of the Data Controller, to perform any activities connected to the purposes listed in this privacy notice, either inside and outside the European Union (provided, in case of entities outside the UE, that they are located in a country which is a party of the Privacy Shield protocol).
Any browsing or similar data (for which we hereby refer to the provisions above), as well as any profiling cookies, also of any third parties (please see the Cookies Policy in this Website), shall be communicated to the respective third parties interested thereto, unless such third parties process such data as Data Controllers.
8. Storage Period
Any data provided by the data subject shall be stored until express withdrawal of his/her consent, made also by operating on his/her browser, cookies removal, request expressly or otherwise made. Any browsing data shall be stored for the period of time technically required to perform the functions for which they have been collected.
9. Data Subject Rights
Each data subject shall have the right to access, rectify, delete (erase), limit, be informed in case of rectification, deletion (erasure) or limitation, portability, object and not be subject to any automated, individual decision, including any profiling activity, pursuant to the provisions of sections 15 to 22, GDPR. Such rights may be exercised in the modalities and according to the terms set forth by section 12, GDPR, by written communication to be sent to the Data Controller via e-mail to: firstname.lastname@example.org
The Data Controller shall properly reply to such request as soon as possible, and, anyway, within one month of its receipt. Pursuant to the provisions of section 15 seq., GDPR, the user shall be entitled to ask in any time access to his/her data.
10. Right of the User to Withdraw his/her Consent
The User shall be entitled to withdraw his/her consent in any time by sending an express communication to the Data Controller’s registered office or via email to: email@example.com
Each data subject shall be entitled to file a complaint pursuant to the provisions of section 77 seq., GDPR, to the competent data protection authority; the competent data protection authority in the Italian Republic is the Garante per la protezione dei dati personali.
The forms, modalities and terms to file a complaint are set forth and regulated by the applicable national laws. Such complaint shall be without prejudice of any legal actions and administrative procedures, which, in the Italian Republic, shall be commenced either before the Court having jurisdiction thereon or the Garante per la protezione dei dati personali.
Any personal data provided through the forms herein may be subject to profiling activities.
Such profiling activities shall allow the Data Controller to evaluate certain personal aspects of the data subjects, with specific regard to their preferences, interests, choices, in light of any products sold and activities performed by the Data Controller, so that the Data Controller may offer to the data subjects more specific and targeted services.
Studio Cappello / Internet Marketing Agency