Privacy Information Model WEB site
Updated to Reg UE 2016/679
(European regulation on the protection of personal data)
2) Identifying details of the owner, manager and Privacy Officer
Andrea Dini, Via Lilliano and Meoli 64, 50012, Bagno a Ripoli – Italy
3) Type of data processed
The visit and consultation of the site do not generally involve the collection and processing of the user’s personal data except for the navigation data and cookies as specified below. In addition to the so-called “navigation data” (see below), personal data may be processed. Data is voluntarily provided by the user when it interacts with the functionalities of the site or requests to benefit from the services offered on the site. In accordance with the Privacy code, Florentinehills may also collect the user’s personal data from third parties in the course of its business.
4) Retention of personal data
Personal data are stored and processed through computer systems owned and operated by Florentinehills or by third-party technical service providers; For more details please refer to the section “Scope of accessibility of personal data” that follows. The data shall be processed exclusively by authorised personnel, including the personnel responsible for carrying out extraordinary maintenance operations.
5) Data processing purposes and methods
Florentinehills can treat the user’s common and sensitive personal data for the following purposes: services and functionalities present on the site, management of requests and alerts by its users, sending of newsletters, management of nominations received through the site, etc. In addition, with the additional and specific optional consent of the user, Florentinehills may process personal data for marketing purposes, i.e. to send to the user promotional material and/or commercial communications related to the services of the outdoor guide, at the contact details indicated, both through traditional methods and/or contact means (such as, paper mail, telephone calls with operators, etc.) and automated (such as Internet communications, faxes, e-mails, SMS, applications for Mobile devices such as smartphones and tablet -e.g. APPS-, social network accounts -e.g. Via Facebook or Twitter-, phone calls with auto caller, etc.).
The personal data are processed both in paper and electronic form and placed in the company information system in full compliance with the EU Reg 2016/679, including the safety and confidentiality profiles and inspired by the principles of correctness and lawfulness of treatment . In accordance with the EU REG 2016/679the data are stored and kept for 12 months.
6) Safety and quality of personal data
Florentinehills undertakes to protect the security of the user’s personal data and complies with the safety provisions laid down in the applicable legislation in order to avoid data loss, unlawful use of data and unauthorised access to them, with particular reference to the technical specification regarding minimum safety measures. In addition, the information systems and computer programs used by Florentinehills are configured in such a way to minimize the use of personal data and identificatives. Such data shall be treated only for the attainment of the specific purposes pursued. Florentinehills uses multiple advanced security technologies and procedures to promote the protection of users ‘ personal data. For example, personal data is stored on secure servers located in places with secure and controlled access. You may help Florentinehills to update and maintain your personal data correctly by communicating any changes to your address, qualification, contact information, etc.
7) Scope of communication and data access
The personal data of the user may be communicated to:
- All those subjects to whom the faculty of access to such data is recognised by virtue of regulatory measures;
- To collaborators, employees, during their tasks;
- To all those individuals (public and/or private) when the communication is necessary or functional to the performance of our business and in the manner and for the purposes described above.
8) Nature of the conferral of personal data
The conferral of certain personal data on the part of the user is required to enable Andrea Dini to manage communications. This type of data is marked From the star symbol [*] and in this case the contribution is mandatory in order to allow Andrea Dini to follow up the request that, otherwise, it will not be evaded. On the contrary, the collection of the other data not marked with the Star is optional: failure will not result in any consequence to the user.
The conferral of personal data on the part of the user for marketing, as specified in the section “purposes and modalities” is optional and the refusal to confer them will not have any consequences. The consent given for marketing purposes is intended to extended the dispatch of communications made through automated and/or traditional means of contact, as above exemplified.
9) Rights of the person concerned
9.1 Art. 15 (right of Access), 16 (right of adjustment) of the Reg. EU 2016/679
The person concerned has the right to obtain confirmation that there is a process of aquiring personal data. And in that case, to obtain access to personal data and the following information:
- A) The purpose of the treatment;
- b) The categories of personal data in question;
- C. Categories of recipients to whom the personal information has been or will be communicated, in particular of third countries or international organisations;
- (d) The period of retention of the personal data envisaged or, if it is not possible, the criteria used to determine that period;
- e) The existence of the right for the person concerned to ask the correction or deletion of personal data or the limitation of processing personal data concerning or the refusal for their treatment;
- (f) The right to propose a complaint to a supervisory authority;
- h) The existence of an automated decision-making process.
9.2 Law referred to in art. 17 of Reg. EU 2016/679 – Right to cancellation
The person concerned has the right to obtain the deletion of personal data without unjustified delay and the holder of the treatment is obliged to cancel it without undue delay, if there is one of the following reasons:
- Personal data is no longer necessary in relation to the purposes for which they were collected or processed;
- The person concerned revokes the consent on which the treatment is based in accordance with article 6 (1) (a) or article 9, Paragraph 2(a), and if no other legal basis exists for treatment;
- The person concerned is opposed to data treatment in accordance with article 21, Paragraph 1, or is opposed to treatment under the Article 21 (2);
- Personal data has been treated illicitly;
- Personal data must be deleted to fulfill a legal obligation under the law of the European Union or the Member State;
- Personal data has been collected in relation to the offer of Information society services referred in article 8, Paragraph 1 of the Reg. EU 2016/679.
9.3 Law referred to in art. 18 Treatment Restriction Right
The person concerned has the right to obtain from the data holder the limitation of data treatment when one of the following hypothesis:
- The person concerned disputes the accuracy of the personal data, for the period necessary for the holder of the treatment to verify the accuracy of such personal data;
- The treatment is unlawful and the person concerned is opposed to the deletion of personal data and asks that it has limited use;
- Although the holder of the treatment no longer needs the the purposes of processing, personal data are necessary to the concerned person for the assessment, exercise or defence of a right for Judicial matters;
- The person concerned was opposed to the treatment under article 21 (1) Reg UE 2016/679 pending the verification of possible prevalence of the legitimate grounds of the treatment.
9.4 Right referred to in art. 20 Right to data portability
The concerned person has the right to receive in a portable format the personal data from the holder of the treatment and has the right to transmit this data to another holder without impediments on the part of the data controller.
10) Revocation of consent to treatment
The person concerned may revoke the consent to the processing of his personal data by sending a official letter to the following address: Andrea Dini-Via Lilliano and Meoli 64, 50012 Bagno A Ripoli, accompanied by a photocopy of his identity document, with the following Text: <revoca del consenso al trattamento di tutti i miei dati personali>. At the end of this operation your personal data will be removed from the archives in the shortest possible time.
If you wish to have more information about processing your personal data, or use the rights as in paragraph 7 above, you may send an official letter at the following address: Andrea Dini-Via Lilliano and Meoli 64, 50012 Bagno A Ripoli. Before modifying any information, you may need to verify your identity and answer a few questions. A response will be provided as soon as possible.