Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data (General Data Protection Regulation – GDPR) entered into force on 25 May 2018.
The GDPR declares that “the protection of individuals with regard to the processing of personal data is a fundamental right” and that it “protects the fundamental rights and freedoms of natural persons, in particular the right to the protection of personal data”.
The main novelty introduced by the GDPR is the principle of “accountability” (so-called accountability) which, with an approach based mainly on the assessment of risks on the rights and freedoms of the interested parties, gives the Data Controllers the task of ensuring and being able to demonstrate compliance with the principles applicable to the processing of personal data and to adopt the measures they deem most suitable and appropriate for this.
This has also forced this company to adopt a new approach in the processing of personal data, both for users who access company structures and for operators who work there.
In particular, new requirements and an intense activity of adaptation to community legislation are envisaged for the Company.
To supervise compliance with all regulations, is the Data Protection Officer (also called Data Protection Officer, DPO), a person who reports directly to the Data Controller, in a position of independence and autonomy, involved in all matters concerning protection of personal data, to guarantee the quality of the result of the adjustment process underway, a highly specialized figure and contact point for the Guarantor Authority.
In this section, the provisions and acts adopted on the matter will be published in order to implement the legal provisions in practice.
- Data Protection Officier – firstname.lastname@example.org
- Responsabili/Delegati dal Titolare al Trattamento dei dati personali
Policy sito internet
Personal data protection – EU Regulation 2016/679 (GDPR)
General Information on the Treatment of Personal Data
In accordance with art. 13 of the EU Regulation n. 2016/679 on the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data, we inform visitors of our website wwww.golealcantara.it that, personal data may be processed following your consultation or the use of services offered on-line or at the Company’s premises.
This information, of a general nature, must be understood as expressly supplemented by the information provided with reference to specific Services (for example, the newsletter) provided through the Portal.
Who processes my data?
The processing of data provided directly and voluntarily, through the website www.golealcantara.it in order to use the Services offered, is carried out by the member. Agricultural heirs of C. srl, as Owner, for the payment of the purchased tickets or in any case to recognize discounts to the customer, including the purpose of archiving, historical research and analysis for statistical purposes.
In addition, personal data will be processed whenever necessary in order to ascertain, exercise or defend a right of the Data Controller.
The processing of personal data will therefore be carried out with the use of automated procedures in the ways and to the extent necessary to pursue the aforementioned purposes ensuring the security and confidentiality of the data.
The processing will be carried out by the natural persons responsible for the relevant procedure and duly authorised. The latter will be given special instructions on the modalities and purpose of the processing.
What is personal data and what are my data processed?
“Personal data” means any information likely to identify, directly or indirectly, a natural person, in this case, the User using the Service.
The Data Controller manages numerous services, with various modalities and for each of them vary the type of data requested and the purposes of collection. The description of the categories of personal data processed will be contained in the informative pages related to
each Service offered.
In any case, through the website www.golealcantara.it, the Data Controller does not acquire and process data of a sensitive nature or belonging to the particular categories of art. 9 of the GDPR or data relating to criminal convictions or offences.
Do I have an obligation to provide the data?
The provision of data in the fields marked with an asterisk (*) or other distinctive element of the various services is mandatory and their failure to enter does not allow to proceed with the purchase of the service of interest. On the other hand, the release of data in the fields not marked with an asterisk, although it may be useful to facilitate the management of the procedure and the provision of the service, is optional and their failure to indicate does not affect the completion of the procedure.
How long is my data processed?
The data will be processed for as long as necessary for the payment of the purchase ticket and, after the conclusion of the service provided, the data will be kept in accordance with the rules on the retention of administrative documentation.
To whom are my data sent?
The communication of personal data to third parties for commercial or profiling purposes is not envisaged.
What are my rights?
According to art. 15 and following of the EU Regulation, data subjects (natural persons to whom the data relate) may exercise their rights at any time and in particular:
- To request more information in relation to the contents of this policy;
- Access to personal data;
- To obtain rectification or cancellation or limitation of treatment concerning him (in the cases provided for in the legislation);
- To object to processing (in the cases provided for by the legislation);
- To obtain data portability (where required by law);
- To revoke consent, where appropriate; withdrawal of consent shall not affect the
lawfulness of processing based on consent granted before revocation;
- To lodge a complaint with the supervisory authority (Guarantor of Privacy);
- dTo give a mandate to a body, organisation or association without profit for the exercise of its rights;
- To claim compensation for damages resulting from the breach of the rules.
Who can I turn to?
Data subjects who believe that the processing of personal data related to them, carried out through this site, is in violation of the provisions of the Regulation, have the right to complain to the Guarantor, as provided by art. Article 77 of the Regulation itself, or to bring an action before the appropriate courts (Art. 79 of the Regulation).
IThe Data Controller makes it known that he has appointed the Data Protection Officer (DPO or DPO) in accordance with art. 37, par. 1, lett. a) of the GDPR, identifying the Company’s Administrator and that the Company can be reached at the following addresses:
The Responsible Person shall be bound by the obligation of secrecy or confidentiality with regard to the performance of his or her duties, in accordance with Union or Member State law; the reports received by the Responsible Person shall therefore be considered confidential.