Privacy Policy
INFORMATION NOTICE
WEBSITE “villaggio88welcome.com”
Information notice – Articles 13 and 14 of the EU Regulation 2016/679 (“GDR Regulation”)
PRELIMINARY REMARKS
- What is this document? This document is the information notice on the processing of personal data relating to the villaggio88welcome.com portal.
- Who is this document intended for? This information notice is intended for all those who interact with the portal.
- Why this document? In Articles 13 and 14, the GDPR (EU Regulation 2016/679) requires that you (the data subject) be informed about the personal data that are processed and who will process them, in order to ensure that the processing is correct and transparent. Below you will find:
- Who will process your data (Data Controller and Data Processors)
- which personal data will be processed
- the purposes with which personal data will be processed
- for how long your data will be processed
- what your rights are
What laws does this document refer to? The information notice is provided considering the combined provisions of the:
- EU General Data Protection Regulation (GDPR) 2016/679
- Legislative Decree 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018, and subsequent amendments and additions
- Measure of 8th May 2014 of the Data Protection Authority, and subsequent amendments and additions
INFORMATION NOTICE
1) DATA CONTROLLER
The company Societa’ Cooperativa Il Villagio 88, with head office in Viale Nora – 09010 Pula (CA), VAT number and Tax Code 01847960927, tel.: 070 270129 / 393 8830042
email address to provide responses to data subjects: ilvillaggio88@gmail.com, certified email (PEC): XXXXXXXXX@XXXXXXX
2) PURPOSES, LEGAL BASIS, NATURE OF THE PROCESSING AND RETETION PERIOD
Your personal data is collected for the following purposes:
- Management and delivery of services and marketing of products through e-commerce:
- the legal basis for this processing is the need to perform a contract to which the Data Subject is a party or to perform pre-contractual measures taken at the request of the Data Subject;
- the legal basis for this processing is the need to perform a contract to which the Data Subject is a party as a result of the provision of services and/or marketing of products through e-commerce;
- the retention period of the data processed for this purpose is the contractual duration;
- the retention period of the data processed for this purpose is the duration required by fiscal and/or administrative obligations;
- the provision of personal data is mandatory, as there is a contractual obligation and refusal to do so will make it impossible to carry out any contractual relationship;
- the provision of personal data is mandatory, as there is a contractual obligation and any refusal will result in the impossibility to provide services and marketing.
- Sending information and promotional material about the Data Controller’s activities (newsletters, offers), similar to services previously provided (soft spam), anonymous market research (surveys and analysis of customer satisfaction…):
- the legal basis for this processing is the pursuit of the legitimate interest of the Data Controller, whereas the Data Subject is a party to a contract;
- the retention period of the data processed for this purpose is until the Data Subject asks to unsubscribe from the promotional communication/sending newsletters.
- Sending information and promotional material about the Data Controller’s activities (newsletters, offers), market research and analysis (surveys and analysis of customer satisfaction with or without profiling):
- the legal basis for this processing is the consent given by the Data Subject;
- the retention period of the data processed for this purpose is until the Data Subject asks to unsubscribe from the promotional communication/sending newsletters.
- To prevent or control unlawful conduct or to protect and enforce rights:
- the legal basis of this processing is the pursuit of the legitimate interest of the Data Controller to prevent or prosecute offences or violations of intellectual/industrial property rights (including those of third parties) or computer crimes or crimes committed through computer networks;
- the retention period of the data processed for this purpose is equal to the time reasonably necessary to enforce the Data Controller’s rights from the time when the unlawful act or its potential commission has become known and, in the case of legal disputes, for the entire duration of the same, until all appeal action terms have been exhausted;
3) PERSONAL DATA PROCESSED
Processing of personal data means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
Data that can be qualified, according to Article 9 of the GDPR, as “special categories of personal data”, i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning the health or sexual life or sexual orientation of the person, may also be requested. These categories of data may be processed by the Data Controller only with explicit consent.
The personal data processed are as follows:
- Data required for the use of the platform as use
- Issue of the Welcome & Safe Card
- Use of the Welcome & Safe Card, credits and points earned
- Use of the Welcome & Safe Card as Prepaid Card
By registering in the reserved area of the website, the Data Controller processes the following personal data:
- personal information [Name, Surname, Email]
- Navigation data
By registering in the reserved area related to the Welcome & Safe Card, the Data Controller processes the following personal data:
- Name and Surname,
- Gender,
- Email address,
- Provided Telephone number,
- Country, City
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and computer environment.
These data, necessary for the use of web services, are also processed for the purpose of:
- obtaining statistical information on the use of the services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.);
- checking the correct functioning of the services offered.
Navigation data do not persist for more than 365 days and are deleted immediately after their aggregation (except for any need to investigate crimes by the judicial authorities).
- Data provided by the user
The optional, explicit and voluntary sending of messages to the contact addresses of the site involves the acquisition of the sender’s contact data, necessary to reply, as well as all personal data included in the communications.
The user has the right to register with the portal to use the services offered by the Data Controller in the reserved area.
- Cookies and other tracking systems
Please refer to the detailed information available in the next document on the Cookies Policy.
4) DATA RELATING TO UNDER-18-YEAR-OLDS
Children under 18 years of age may not provide personal data. The Data Controller will not be in any way responsible for any collection of personal data, as well as for false statements, provided by the minor, and in any case, should the use of the data be identified, the Data Controller will facilitate the right of access and deletion forwarded by the legal guardian or by those who exercise parental responsibility.
5) RECIPIENTS OF PERSONAL DATA
Your personal data may be shared, for the above purposes, with:
- persons who typically act as data processors, i.e. persons, companies or professionals who provide assistance and advice to the Data Controller in accounting, administrative, legal, tax, financial and credit recovery matters regarding the provision of services;
- persons with whom it is necessary to interact for the provision of services;
- persons, bodies or authorities to which it is mandatory to communicate personal data pursuant to legal provisions or orders of the authorities;
- personnel expressly authorized by the Data Controller, necessary to carry out activities strictly related to the provision of services, who are committed to confidentiality or have an adequate legal obligation of confidentiality and who have received adequate operating instructions;
The complete list of Data Processors is available by sending a written request to the Data Controller.
6) TRANSFER OF PERSONAL DATA
Some of your personal information is shared with recipients outside the European Union. The Data Controller ensures that the processing of your personal data by these recipients takes place in compliance with the GDPR. As a matter of fact, transfers may be based on an adequacy decision or on Standard Terms and Conditions approved by the European Commission. Further information is available from the Data Controller.
7) EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS, INCLUDING PROFILING
The Data Controller, for the purpose of the conclusion or performance of the contract, shall not adopt an automated decision-making process on the processing of personal data, including profiling, referred to in Article 22 of the GDPR.
8) RIGHTS OF DATA SUBJECTS
Data subjects have the right to obtain from the Data Controller, in the cases provided for, access to personal data and the rectification or cancellation of the same or the limitation of the processing that concerns them or to object to the processing (Articles 15 et seq. of the GDPR). The appropriate request to the Data Controller is made by contacting the dedicated email address to provide responses to data subjects.
- RIGHT TO COMPLAIN
Data subjects who believe that the processing of personal data referred to them is in violation of the provisions of the GDPR, have the right to lodge a complaint with the Data Protection Authority (www.gpdp.it), as provided for in Article 77 of the GDPR itself, or to take appropriate legal action (Article 79 of the GDPR).
- AMENDMENTS
The Data Controller reserves the right to make changes to this information at any time.