Updated to the EU Reg 2016/679
(European regulation on the protection of personal data - GDPR)
1. Introduction
Apco Gestioni S.r.l. takes the privacy of our users seriously and is committed to respecting it. This Privacy Policy describes the processing of personal data carried out by Apco Gestioni S.r.l. through the website www.cerviniadue.it and the related commitments undertaken in this regard by the Company. Apco Gestioni S.r.l. may process your personal data when you visit the Website and use its services and features. In the sections of the Website where the personal data of the user is collected, a specific notice is normally presented pursuant to Article 13/15 of the Reg. EU 2016/679.
Where prescribed by EU Regulation 2016/679, the user's consent will be required before proceeding to the processing of his/her personal data. If the user submits the personal data of third parties, he/she must ensure that the disclosure of data to Apco Gestioni S.r.l. and its subsequent processing for the purposes specified in the applicable privacy notice complies with Reg. EU 2016/679 and applicable legislation.
2 - Identification details of the Data Controller and Data Protection Officer
The party responsible for the collection, processing and use of your personal data under the Federal Data Protection Act is Apco Gestioni S.r.l. You may access the responsible office at Apco Gestioni S.r.l. through the following contact details:
• Address: Apco Gestioni S.r.l., Corso Europa, 62 - 12051 Alba (CN)
• Telephone/Fax: Tel. +39 0173.284.629, +39 0173.282.962
• Email/PEC: gestioni@apco.it
3 - Type of data processed
Visiting and consulting the Website do not generally involve the collection and processing of personal data of the user except for navigation data and cookies as specified below. In addition to the so-called "navigation data" (see below), personal data voluntarily provided by the user may be processed when the latter interacts with the functionality of the Website or requests to use the services offered on the Website. In compliance with the Privacy Code, Apco Gestioni S.r.l. may also collect personal data from third parties in the performance of its activities.
4 - Cookies and navigation data
Our Website uses cookies. By using the Website, you consent to the use of cookies in accordance with this Privacy Policy. Cookies are small files stored on the hard disk of the user's computer. There are two macro-categories of cookies: technical cookies and profiling cookies:
• Technical cookies are necessary for the proper functioning of a website and to allow user navigation; without them the user may not be able to view the pages correctly or use some services.
• Profiling cookies have the task of creating profiles of the users and are used to send advertising messages in line with the preferences expressed by the user during navigation.
Cookies can be further classified as:
• "session" cookies, which are deleted immediately after the browser is closed;
• "persistent" cookies, which remain in the browser for a certain period of time. They are used, for example, to recognize the device that connects to a site, facilitating the authentication operations for the user;
• "first-party" cookies, generated and managed directly by the operator of the website on which the user is browsing;
• "third-party" cookies, generated and managed by parties other than the operator of the website that the user is browsing.
5 - Cookies used on the Website
Our Website uses the following types of cookies:
• first-party, session and persistent cookies, necessary to allow navigation on the Website; they serve purposes of internal security and system administration;
• Third-party, session and persistent cookies, necessary to allow the user to use multimedia elements present on the Webite, such as images and videos;
• persistent third-party cookies used by the Website to send statistical information to the Google Analytics system, through which the Data Controller can perform statistical analyses of Website accesses/visit activity. The cookies are used exclusively for statistical purposes and collect information in aggregate form. Through a pair of cookies, respectively a persistent cookie and a session cookie (with expiration at the closing of the browser), Google Analytics also updates a register with the start and exit times of the visit to the Website. You can prevent Google from detecting data through cookies and the subsequent processing of data by downloading and installing the browser plug-in from the following address: http://tools.google.com/dlpage/gaoptout?hl=it
• persistent third-party cookies, used by the Website to include in its pages the link-buttons of some social-networks (Facebook, Twitter and Google+). By selecting one of these buttons, the user can publish on the personal page of the relative social-network the contents of the web page of the Website he/she is visiting
The Website may contain links to other websites (so-called third party websites). Apco Gestioni S.r.l. does not access or exercise control over cookies, web beacons and other tracking technologies of users that could be used by third party sites that the user can access from the website; Apco Gestioni S.r.l. does not carry out any control on contents and materials published by or obtained through third-party websites, nor on the relative methods of processing of the user's personal data, and expressly disclaims any related liability for such eventualities. The user is required to verify the privacy policy of third-party sites accessed through the Site and to inquire about the conditions applicable to the processing of their personal data. This Privacy Policy applies only to the Website as defined above.
6 - How to disable cookies in browsers
To disable cookies, simply go to the settings of your device's browser
7 - Preservation of personal data
Personal data contents are stored and processed through IT systems owned by Apco Gestioni S.r.l. and managed by Apco Gestioni S.r.l. or by third party technical service providers; for more details, please refer to the "Scope of accessibility of personal data" section below. The data is processed exclusively by specifically authorised personnel, including personnel assigned to carry out extraordinary maintenance operations.
8 - Data processing purposes and methods
Apco Gestioni S.r.l. may process the common and sensitive personal data of the user for the following purposes:
• users' usage of services and features on the Website
• management of user requests and reports
• sending newsletters
• management of applications received through the Website
Furthermore, with the additional and specific optional consent of the user, Apco Gestioni S.r.l. may process personal data for marketing purposes, i.e. to send users promotional material and/or commercial communications relating to the Company's services, at the addresses indicated , both through traditional methods and/or means of contact (such as, paper mail, telephone calls with operator, etc.) and automated (such as, internet communications, fax, e-mail, text messages, applications for mobile devices such as smartphones and tablets, so-called APPS, social network accounts, e.g. via Facebook or Twitter, phone calls with auto attendant, etc.).
Personal data are processed both in paper and electronic form and entered into the company information system in full compliance with EU Reg. 2016/679, including security and confidentiality profiles and based on principles of correctness and lawfulness of processing. In accordance with EU Reg. 2016/679th, data contents are saved and maintained for the entire period necessary for the purposes themselves.
9 - Security and quality of personal data
Apco Gestioni S.r.l. undertakes to protect the security of the user's personal data and complies with the security provisions of the applicable law in order to avoid data loss, illegitimate or illegal use of data and unauthorised access to the same, with particular reference to the Technical Specification concerning minimum security measures. Furthermore, the information systems and computer programs used by Apco Gestioni S.r.l. are configured in such a way as to minimise the use of personal and identifying data; these data elements are processed only for the achievement of the specific purposes pursued from time to time. Apco Gestioni S.r.l. uses multiple advanced security technologies and procedures to promote the protection of personal data of users; for example, personal data is stored on secure servers located in places with secure and controlled access. Users can help Apco Gestioni S.r.l. to update and keep correct their personal data communicating, any changes related to their address, their qualification, contact information, etc.
10 - Scope of communication and access to data
Your personal data may be disclosed to:
• all individuals who are authorised to access such information by virtue of recognised legislative measures in force;
• our collaborators, employees, as part of their duties;
• To all natural and/or legal persons, public/private, Italian or otherwise, when disclosure is necessary or functional to carrying out our business in the manner and for the purposes described above.
11 - Scope of provision of personal data
The provision of some personal data by the user is necessary to allow the Company to manage notifications, users' requests or to enable the Company to re-contact users themselves. This type of data is marked with an asterisk symbol [*] and in this case submission is mandatory to allow the Company to follow up on the request which otherwise cannot be processed. Conversely, the collection of other data not marked with an asterisk is optional: failure to provide data will not entail any consequences for the user.
The provision of personal data by users for marketing purposes, as specified in the section "Purposes and methods of processing" is optional and the refusal to provide it will have no consequence. The consent granted for marketing purposes is intended to be exploited for the sending of notices performed through automated and traditional methods and/or contact means, as above exemplified.
12 - Rights of the Data Subject
12.1 Article 15 (right of access), 16 (right of rectification) of Reg. EU 2016/679.
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) The categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) storage period of personal data provided, or if that is not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) the existence of an automated decision-making procedure, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
12.2 Right pursuant to Article 17 of Reg. EU 2016/679 - right to cancel ("right to be forgotten")
The data subject shall have the right to obtain the erasure of personal data concerning him or her by the controller without undue delay, and the controller must erase such personal data without undue delay where one of the following grounds applies:
a) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
b) The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal purpose for the processing;
c) The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
d) personal data has been unlawfully processed;
e) personal data must be erased in compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) personal data has been collected in relation to the offer of the information services company referenced in Article 8(1) of the GDPR EU 2016/679.
12.3 Right referenced in Article 18 Right to limitation of processing
The data subject shall have the right to obtain the restriction of processing from the controller where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject objects to the deletion of the personal data and requests the restriction of their use instead;
c) although the controller no longer needs the personal data for processing purposes, the data subject requires the personal data for the establishment, exercise or defence of rights in court;
d) the data subject has objected to processing pursuant to Article 21(1) of Reg. EU 2016/679 pending the verification whether the legitimate grounds of the controller override those of the data subject.
12.4 Right pursuant to Article 20 - Right to data portability
The interested party shall have the right to receive the personal data concerning him/her, which he/she has provided to a Data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the Data controller.
13. Revocation of consent to processing
The interested party has the right to withdraw consent to the processing of personal data by sending a registered letter to the following address: Corso Europa, 62 - 12051 Alba (CN) accompanied by a photocopy of his/her identity document, with the following text: "withdrawal of consent to the processing of all my personal data". At the end of this operation, your personal data will be removed from the archives as soon as possible.
If you would like more information on the processing of your personal data, or exercise the rights referred to in paragraph 7 above, you can send a registered letter to the following address: Corso Europa, 62 - 12051 Alba (CN). Before we can divulge or change any information, you may need to verify your identity and answer a few questions. An answer will be provided as soon as possible.