PRIVACY POLICY GDPR
Context
This section offers a view of the processing of personal data in question in a prevalent way with respect to the competences and legal obligations relating to the website www.caseificiosangiorgio.it.
Data processing
Privacy Policy – Information
With the entry into force of art. 13 Legislative Decree 30.06.2003 n. 196 (hereinafter, “Privacy Code”) and of the EU Regulation n. 2016/679 (hereinafter, “GDPR”), the Società Agricola Cooperativa Oratorio San Giorgio informs you that the data collected through this website www.caseificiosangiorgio.it (from now on Site), will be treated in compliance with the law furthermore, this treatment will be based on the principles of lawfulness and transparency, in order to protect the privacy, freedom and rights of all visitors and users.
Responsibilities related to processing – Owner
The Società Agricola Cooperativa Oratorio San Giorgio with headquarters in Via delle Nazioni Unite 16/1, 41012 Carpi (MO), Italy, e-mail: info@caseificiosangiorgio.it, is the Data Controller (hereinafter the Data Controller).
Standards applicable to processing
The Owner has adopted various security measures and a code of conduct relating to the legislation, for the protection of personal data acquired through the Site (or from other sources but attributable to the same purposes), against the risk of loss, accidental or intentional dissemination, abuse or alteration, applying where possible all the provisions in Articles 32-34 of the Privacy Code and art. 32 GDPR; using standard data encryption technologies through the HTTPS protocol, as well as strict internal storage procedures, methods and release of access credentials (administrative backend) to the data. The aforementioned requirements and standards have also been applied in cases where the transfer of data outside the EU (third countries) is envisaged, to protect the rights of the data subjects.
Type of data processed
During user visit sessions, with the storage of cookies in the browser used, some data are collected in an automated, aggregated and anonymous way, some for a minimum duration relating to the duration of the session, others for a maximum duration of 26 months. Some data could be:
Browser used
Type of device used
Date, time and duration of the visit
Address of the page (s) visited
IP address (anonymized)
Name of the network of origin
Unencrypted IP address (used only and to a limited extent for security reasons to protect data and user privacy).
The following types of cookies are present on this site:
Technical cookies
Cookies in this category include both persistent cookies and session cookies, they allow to distinguish between connected users avoiding that a service is provided to the wrong User and therefore are the consequence of an express request from the user, and are also used for security. of the site and of the users themselves. In the absence of these cookies, the site or some portions of it may not work properly. Cookies in this category are always sent from our domain, and no consent is required for them.
Analytical cookies
Cookies in this category are used to collect information on the correct use of the site and user behavior for statistical analysis purposes, to improve the site and simplify its use. This type of cookie collects anonymous information about user activity on the site and how they arrived at the site and the pages visited. Cookies in this category are sent from the site itself or from third-party domains.
Third party cookies
This site also acts as an intermediary for third-party cookies, used to provide additional services and features to visitors and to improve the use of the site, such as buttons for social media. Profiling cookies could be used, i.e. used by third parties in order to collect information on the behavior and interests of users in order to provide personalized advertising.
However, this Privacy Policy does not apply to services provided by third parties, and this site has no control over how the data collected through their cookies are used. The data transfer agreement and its regulation, according to the stipulated terms and conditions, takes place directly between the user / visitor and third parties. As a result of this, the information on the use of these cookies and their purposes, as well as on how to disable them, are provided directly by third parties on the pages indicated below.
Facebook: (link informativa cookie)
Twitter: (link informativa cookie)
LinkedIn: (link informativa cookie)
Google+: (link informativa cookie)
Vimeo: (link informativa cookie)
Necessary clarifications
Purpose (IP): the only purpose of this collection (IP addresses hereinafter only IP) is the legitimate defense against attacks, attempts to intrude into the administrative backend of the Site, hacking of any type, and any type of violation, such as to represent a danger also for users’ data that are stored or that can be illegally stolen at the time of voluntary entry.
Place of storage (IP): these data are stored exclusively on the web server where the CMS (Content Management System) resides, within the borders of the EU (Netherlands), at the ISP that carries out hosting activities for the Controller’s Site.
Only in particular situations, which involve a risk for the security of the data and for the Site, or in circumstances which force the Data Controller to have to exhibit for legal disputes or legal obligations, such data may be transferred to the Data Controller’s systems or communicated to the Authorities for the investigation of the case.
Method of collection (IP): data is collected automatically, aggregated and anonymously. They can report, in addition to the IP address, the date and time, the type of browser and device and other minor specifications, which in any case do not alone allow the identification of a natural person.
Right to cancellation: already art. 7 – Legislative Decree 196/2003 and now art. 17 of the GDPR, guarantees the interested party the right to request the existence of his data (Article 15 of the GDPR) and the possible cancellation based on one of the reasons provided.
Declaration:
the Owner declares not to use such data in any way for marketing or statistical purposes, or for any other purpose other than that of legitimate defense for security reasons.
If the visitor / user of the Site is against this practice, it is their free choice to renounce to browse / use the Site www.caseificiosangiorgio.it.
Access to data (in general)
The data may be made accessible to:
1. persons in charge and / or internal managers of the association, who are members.
2. To “third” companies. On the basis of the contractual terms and conditions established with them, the data collected is not disclosed, shared, or used in any other way that does not comply with the legislation in force and the contractual agreements established. The methods of data processing, in addition to the aforementioned contractual agreements, are established by the operating settings provided by the third-party companies themselves, and configured in such a way as to comply with current legislation. In case of violation of the aforementioned provisions, or false declarations, by such “third-party companies”, the Data Controller cannot in any way be held responsible for them towards users / visitors of the Site.
The “third companies” involved are:
– MKW Web Agency via Piacenza 9, 41012 Carpi (MO) Italy, as web master in charge of managing the Site. These are expressly prohibited from accessing the above IP addresses except following a specific letter of appointment.
– the Internet Service Provider (ISP), owner of the infrastructure that physically hosts the Site and the services connected to it for its management, such as the management of e-mails, is Siteground Spain S.L. Calle de Prim 19, 28004 Madrid Spain. The web and mail servers are located in the Netherlands.
– The company that provides tools for statistics and marketing relating to the Site is Google LLC (“Google”), with headquarters at 1600 Amphitheater Parkway, Mountain View, CA 94043, United States.
– The company that provides the cookie management plugin is Complianz B.V. Atoomweg 6B 9743 AK (NL)
Other “third-party companies” or partners of the same, could be:
– Facebook Inc. or Facebook Ireland Limited, for products such as Facebook, Messenger, Instagram, WhatsApp, based in Menlo Park, United States and resp. Ireland.
– YouTube, G + and Google Maps trademarks of Google LLC (“Google”), located at 1600 Amphitheater Parkway, Mountain View, CA 94043, United States.
– Various companies providing “plugins” (program modules), suitable for carrying out specific functions within the site, will be listed accurately and only in the case of data collection.
Other methods of data collection
On a voluntary basis, and / or through the contact form, then by e-mail, to the address info@caseificiosangiorgio.it, users / visitors to the Site can send messages after entering their data, by way of example but not limited to:
1. first name,
2. surname,
3. business name,
4. address,
5. phone,
6. e-mail,
7. consent to the processing of data
this is equivalent to freely providing such data which will be stored and managed in compliance with current regulations. The acquisition of data, as well as any other personal data included on an optional and intentional basis in the message, is necessary to respond to requests. In case of insertion of sensitive data, these will be deleted and will not be kept. The retention of data sent through this method varies according to the relationships that may exist between the Owner and the user, and is therefore not predictable in itself.
The data collected may be communicated and / or disclosed to third parties only if necessary, in the cases provided for by law, in case of need for the signing of contracts and in cases having for instrumental purposes the conduct of the activity itself to:
1. External subjects, professionals or service companies for business administration and management who operate for our bill;
2. Hardware and software companies for maintenance operations performed on our computers;
3. Banking Institutions for the management of collections and payments deriving from normal activities in the context of an existing employment relationship;
4. Any debt collection and credit insurance companies;
5. Private subjects or public bodies, exclusively for compliance with legal obligations;
6. Third-party companies owning the technologies applied through cookies, for the performance of:
– system functions, necessary for the correct navigation of the Site,
– activity of statistics on visits, to improve the “yield” of the pages of the Site,
– marketing activities to optimize their offer on services / products.
7. Web agency for the management and maintenance of the Site.
Data life cycle
Data acquired through cookies and purposes.
When a user reaches a page of the Site, the banner-cookie is presented for the management of consent or the denial of the use of the cookies themselves on the user’s / visitor’s browser. With the exception of the Necessary ones, with a duration limited to the session of the visit and then destroyed, the user can refuse or accept the storage of cookies on his browser, from which the execution or not of software to acquire data in an automatic, aggregate way and anonymous.
Some of these collected in this way are transferred to hardware located in Europe, others in the United States and archived according to regulations, for a maximum period of 26 months. After this period, they are overwritten, which amounts to destroying them.
During the period in which they remain available for consultation, they can be used to measure the level of satisfaction and “yield” of the pages of the Site, allow checks on the popularity, relevance and positioning of the Site based on its contents and the level of ” preference “granted by visitors.
In addition to this, they allow you to check the validity of the contents entered, with respect to the searches carried out by visitors on search engines, and based on the results, optimize some elements in the case.
There may be “widgets” (graphic program interface) or links / functions that refer to third parties, for example, not exhaustive, Facebook, Messenger, Instagram, WhatsApp, Pinterest, G +, YouTube, Vimeo, etc. The collection and management through these falls within the cases of “other third-party companies”.
Data acquired through contact form.
Filling in the text boxes of the form can be used freely by the user / visitor. There are some necessary boxes marked with an asterisk, referring to the data necessary to be able to provide the requested service, in case of failure to complete even one of these, it will not be possible to use the form. The data sent transits on different mail servers and then arrives on the mail server which is located in the Netherlands and from there made available for consultation and archiving also on the Controller’s hardware. In both offices, the data is managed and archived according to regulations. The duration is not predictable and depends on the relationships, even of a commercial nature, that may be established between the user and the Owner.
Data acquired through registration on the site
If there is a reserved area, with access to private / reserved pages of the Site, the user must perform a registration procedure to access it, and will be required to send some data necessary for the identification of the person or subject, subsequently he / she may access it, following a login procedure by entering your username and password. These data will be stored on the web server of the ISP that hosts the Site and is located in the Netherlands, and will be managed by the Data Controller electronically, a copy of these data may be stored on the Data Controller’s hardware in compliance with the law and for security reasons.
Data acquired through opinion polls
In the event that surveys are carried out aimed at knowing the opinions of the users interviewed, on topics of various kinds, the data collected will be stored on the web server of the ISP that hosts the Site and is located in the Netherlands, and will be managed by the Data Controller electronically, a copy of these data may be stored on the Data Controller’s hardware in compliance with the law and for security reasons.
Data acquired through newsletter subscription
If the sending of newsletters or e-mail marketing is envisaged, the data flow will be identical to that relating to the management of e-mails. On the Site there will be an optional subscription banner for the newsletter for which only a Name and E-mail address are required.
For each registration received, the Data Controller uses an e-mail address validation system, a request for explicit consent will be sent in the same as acceptance of the newsletter. Only when this validation and consent are received will the Data Controller be able to send the newsletters. These may have periodic frequency or depend on the presence / organization of events and therefore be used as an invitation to participate in them.
The procedure for unsubscribing / unsubscribing from the service is always indicated on each newsletter and on the Site, which can be done by entering the registered e-mail address, if not already present, and confirming with a click.
There may be a last e-mail sent to the user confirming the cancellation, or a simple message on the screen.
With regard to e-mail marketing, the GDPR provides that a relationship already exists between the Owner and the user, who is therefore a customer or is in the service, consequently consent is not required at least for existing customers. Only if there is a justified reason for direct e-mail marketing, therefore sending without prior consent, this is admissible after entering a clear and functional procedure to object to the processing of user / recipient data for marketing purposes .
Data support resources
The Owner uses an IT infrastructure (hardware and software) that is constantly monitored and always updated: devices, operating systems, antivirus, firewall, antimalware, antispam, etc. Furthermore, in all operational contexts, it uses procedures designed to reduce or if possible totally exclude the IT risk (Cyber risk): interruptions, unwanted access, data loss, infections of various kinds, brute force attacks, hacker attacks, etc.
The Site uses the standard HTTPS data encryption protocol and is protected by firewall software. Monitoring is constant, thanks to alarm reception procedures, with a high level of reactivity.
The CMS used is always updated to the latest version, as are the add-ons – plugins.
The system data and some data collected are hosted within the IT infrastructure of the ISP and use LAMP servers (Linux, Apache, MySQL, Php), as well as proprietary software for online management supported by a proprietary interface as a graphical interface for web hosting.
All data collected through cookies are collected in an automated, anonymous and aggregate form and according to the Terms and conditions set by the Data Controller with third parties, which in any case prohibit the dissemination / sharing with other entities or products thereof.
Purpose of the processing
The data collected is limited to those “Necessary” to allow effective navigation of the Site, “Statistics” to help the owner of the Website understand how visitors interact with it, collecting and transmitting information anonymously, finally, those of “Marketing” that are used to track visitors on websites. The intent is to display relevant and engaging ads for the individual user or visitor and therefore those of greatest value for publishers and third party advertisers in the common sense, but on this site they are not used or shared to profile users, nor show them ads relevant to their interests.
These reasons are reported in the banner-cookie, so they are understood to be clear, explicit and legitimate. The purpose, the explicit form and the legitimacy of the collection relating to the IP addresses in clear, not shared and reserved for purposes of security reasons and for legal obligations, are present in this same Privacy Notice which is available and reachable with a link, present in the banner-cookie. For any doubts in this regard, the owner is always available to clarify any eventuality.
Legal bases that legitimize the processing
The consent to the processing of data by the interested party implies the recognition of legitimate intent by the Data Controller, to communicate its offer for products and / or services relating to the activity exercised, and for the continuity of the same, such treatment is deemed essential.
It is essential for the purpose of acquiring contacts for new customers, consolidating and carrying out existing relationships with existing customers, for the execution of a contract or to provide information that can be evaluated for the services offered by the Data Controller to the interested party.
It is essential to protect the data of the interested party for security reasons, for compliance with the regulations in force, and in cases where they should be required for legal obligations.
The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, where they do not violate the rights and freedoms of the data subject who has the right to protection of these and in particular, in cases where the data subject is a minor.
Minors
The Site and the services present are not aimed at minors under the age of 16. The Owner is not responsible for the collection of data sent intentionally or collected and relating to people of this age. If these are present, the Data Controller will provide for their immediate elimination upon explicit request.
The data collected are adequate, relevant and limited to what is necessary in relation to the purposes for which they were processed.
On this Site it has been chosen to use the minimum number of cookies and related functions, to introduce new ones and to modify the existing ones, relevant to the needs of its management. In addition, those that did not respond or were superfluous with respect to compliance with legislation were limited and eliminated.
The cookies on the Site are of three types and also defined as:
Necessary. Management of cookies for the functions required by the legislation
Statistics. Navigation management for site optimization
Of marketing. Browsing analysis for site optimization
At this link www.aboutcookies.org you can find more information about cookies, including how you can understand what cookies have set on your device, and how you can manage and delete them.
The data is accurate and kept up to date
In accordance with art. 5.1 d) of the GDPR, the personal data managed on this Site are not shared or disclosed to third parties, with the exception of data residing on web and email servers in the Netherlands to which, for terms and conditions established with third party companies, only the Holder has access. In case of violation of these requirements, or in cases where there is a legal obligation that requires access, the Data Controller cannot be found guilty.
As far as possible, the Data Controller will keep the data updated, with procedures, tools and all possible initiatives for this to happen. In consideration of the purposes of the same, these will be made available for cancellation or rectification without delay.
Duration of data retention
Cookie – Site | ||
Cookie Type | Need for processing or legal requirements | Expiry |
Needed | Management of cookies for the functions required by the law | Session |
Statistics | Navigation management for site optimization | 26 months / Session |
Marketing | Navigation analysis to optimize the site | Session |
Data sent by e-mail or for newsletter registration | ||
Type | Need for processing or legal requirements | Expiry |
Needed | Newsletter management and sending | None |
Personal data | ||
Type | Need for processing or legal requirements | Expiry |
Needed | Security reasons only | 1 month |