The controller is the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.

Pursuant to Article 28 of Regulation (EU) No 2016/679, upon the appointment of the data controller, the data processor of the website ilrifugiodelcuore.it is Il Rifugio del Cuore di Avitabile Antonietta – P.IVA 08785051213, who can be contacted through the email: info@ilrifugiodelcuore.it

Identification data

In accordance with the new European legislation introduced by the EU Regulation 679/2016 and with the Italian legislation (D.lgs. n. 196/2003), the consultation of the website ilrifugiodelcuore.it, may involve the processing of data that can directly or indirectly identify a natural person such as: name, surname, e-mail address, telephone number, IP address.

This site does not require the Interested Party to provide so-called “special” data, i.e., in accordance with the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data, data relating to the health or sexual life or sexual orientation of the person. In the event that the requested service requires the processing of such data, the Interested Party will receive in advance a special notice in which he/she will be asked for his/her consent.

Navigation data

Navigation data are data acquired automatically by the systems and programs responsible for the operation of the site ilrifugiodelcuore.it and are necessary for the use of web services [e.g. IP addresses, browsers used, domain names of the systems used by users to connect to the web portal, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment].

These data are acquired even in the absence of registration to this site or request for information.

Browsing data are used only in an aggregate manner to process anonymous statistics on the consultation of the site and to check its correct operation and do not allow the identification of the users concerned, being, moreover, deleted immediately after processing in an anonymous form.

They may, however, be used for the establishment of liability in case of computer crimes committed against the website.

Data voluntarily provided by the user

Personal data voluntarily provided by the user (such as first name, last name, e-mail address) for the purpose of being contacted for free consultations or to learn about offers made available on the site, are used for the sole purpose of responding to requests made by the interested party and to comply with legal obligations.

The legal basis for such processing is the fulfillment of the services inherent in the request for information and contact and/or sending of informational material and compliance with legal obligations.

The information that the users of the site will consider to make public through the services and tools made available to them, is provided by the individual user knowingly and voluntarily, exempting the site from any responsibility regarding possible violations of laws. It is up to the user to verify that he or she has permissions to enter personal data of third parties or content protected by national and international regulations.

Data collected by analytical cookies

The website also acquires data about the user through the use of cookies.

For more information about the data processed through cookies, please read the cookie policy.

Purpose of processing

Personal data collected are used for:

– To derive anonymous statistical information on the use of the web portal;

– To check its proper functioning of the web portal;

– The establishment of liability in case of hypothetical computer crimes against the website;

– Compliance with any other legal obligations not included in the preceding purposes.

Data may be disclosed only following a request by the Judicial Authority within the terms of the law.

Response to User Needs

Legal basis for the processing of personal data is to give response to the needs of the User who visits the Site, compliance with legal obligations and the legitimate interest of the Site to carry out processing necessary for these purposes.

Consent of the person concerned

The optional, explicit and voluntary sending of electronic mail, messages or any type of communication addressed to the addresses indicated on this Site entails the subsequent acquisition of the sender’s address or any other personal data that will be used to respond to requests. Such processing takes place on the basis of the consent of the interested party.

It is ensured that such processing will be based on the principles of lawfulness, fairness, transparency, appropriateness, relevance and necessity referred to in Article 5 (1) of the GDPR. Specific summary disclosures will be progressively reported or displayed on the pages of the sites set up for particular on-demand services.

Fulfilling legal obligations

The processing of personal data may take place without the consent of the data subject in the event that the Controller needs to fulfill a legal obligation.

Optional provision of data

Apart from what is specified for the fulfillment of contract or legal obligations, for cookies and navigation data, the User is free to provide or not to provide your personal data. However, failure to provide data may result in the inability to obtain the performance of the requested service.

Personal data are processed through IT tools and in accordance with EU Regulation No. 679/2016 and Legislative Decree No. 196/2003.

The storage of processed data will last as long as necessary for the purposes described in this policy and, therefore, for the minimum time necessary or until explicitly requested by the data subject and in any case within the time limits imposed by law.

The Owner undertakes to take all appropriate security measures to prevent the loss and alteration of personal data, as well as any illicit and unauthorized use of the same.

Data will be processed exclusively by individuals authorized by the Data Controller, including any data processors, representatives and public entities for the fulfillment of obligations under the law, who carry out their respective processing activities as independent data controllers.

The subjects authorized by the Data Controller (so-called data processors) who may process the data include, by way of example: commercial and legal department collaborators, as well as third party technical service providers, hosting providers and IT companies, including the company WordPress(https://automattic.com/privacy/) on which the Site is hosted (this list is not to be considered exhaustive). The processed data will not, however, be disseminated to unspecified recipients.

The security of the collected information cannot be guaranteed from hacking and, in general, from violations of the security standards put in place for data protection.

In the event of attacks or violations, however, the same will be communicated to the interested parties and the competent authorities according to legal regulations.

Data are processed at the headquarters of the Data Controller.

In constancy of processing, the data subject may exercise the following rights at any time:

– To obtain confirmation of the existence or non-existence of the same data and, if so, to know their content and origin;

– verify its accuracy request correction of inaccurate data, supplementation of incomplete data, or updating of outdated data;

– obtain the restriction of processing, where one of the cases provided for in Article 18 GDPR applies;

– Request the deletion of data processed in violation of the law, or in the presence of one of the other conditions provided for in Article 17, paragraph 1, letters a), b), c), e) and f) GDPR;

– oppose in any case, for legitimate reasons, their processing, or to oppose their processing in the other cases provided for in Article 21, paragraphs 2 and 3 and 22 GDPR;

– revoke at any time their freely given consent to the processing of personal data for the purposes specified below;

– to obtain the release of the processed personal data in a format compatible with standard computer applications, to enable their transfer to other platforms of her/his choice, without impediments to the direct transmission of the processed data to another Data Controller, where such direct transmission is technically feasible (so-called right to data portability).

Requests regarding the exercise of the above rights, should be addressed to the Holder by e-mail(info@ilrifugiodelcuore.it).

In the event of failure or partial response by the Data Controller to the aforementioned requests, the interested party shall have the right to lodge a complaint with the Guarantor for the Protection of Personal Data(www.garanteprivacy.it) or judicial recourse within the terms and according to the procedures provided for under Articles 77 et seq. EU Regulation 2016/679 (GDPR).