of users accessing and consulting the Gen Verde website for the protection of personal data pursuant to Regulation (UE) 2016/679 https://www.genverde.it/
This page describes how the website is managed with regard to the processing of personal data of users who access and consult it. According to the legislation indicated, all processing will be based on the principles of correctness, lawfulness, transparency and protection of the confidentiality and rights of Users. This information is provided on the subject of privacy in accordance with Regulation (EU) 2016/679 (hereinafter “Regulation” or “GDPR”).
The “data controller”, i.e. the legal entity that determines the purposes and means of the processing of personal data, is Gen Verde of P.A.F.O.M. with registered office in via Frascati n. 306, Rocca di Papa (Rome-Italiy). Holder’s e-mail address: email@example.com
Following consultation of this platform, data relating to identified or identifiable persons may be processed.
AUTHORITY OF DATA PROTECTION
The Data Protection Manager (DPM) is Mr Sergio Barbaro (Attorney At Law) who can be contacted at the following address: Data Protection Manager, Via Frascati 306, Rocca di Papa (Rome-Italy), e-mail: firstname.lastname@example.org.
TYPES OF DATA COLLECTED
All personal data provided will be processed lawfully, correctly and transparently in order to provide the services requested.
Personal Data may be freely provided by the User or, in the case of User Data, automatically collected during the use of this Application.
Unless otherwise specified, all Data requested by this Application are mandatory. If the User refuses to communicate them, it may be impossible for this Application to provide the Service. In cases where this Application indicates certain Data as optional, Users are free to refrain from communicating such Data, without any consequences on the availability of the Service or its operation. Users in doubt as to which Data are mandatory are encouraged to contact the Data Controller.
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Application and guarantees that and/or has the right to communicate or disseminate them, releasing the Owner from any liability towards third parties.
For the newsletter service, Gen Verde of P.A.F.O.M. uses the Mailchimp platform (https://mailchimp.com/legal/terms) to manage the flow and monitoring of e-mails and data processing. Failure to provide consent in the appropriate section will prevent the user from taking advantage of the service.
MODALITIES OF DATA PROCESSING
The Data Controller adopts appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data. The processing is carried out by means of computer and/or telematic instruments, with organisational methods and logics strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other subjects involved in the organisation of this Application (administrative, sales, marketing, legal, system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data.
For operation and maintenance purposes, this Application and any third-party services used by it may collect system logs, i.e. files that record interactions and which may also contain Personal Data, such as the User’s IP address.
LEGAL BASIS FOR PROCESSING
The Data Controller processes Personal Data relating to the User if one of the following conditions exists:
• the User has given consent for one or more specific purposes; Note: in some jurisdictions, the Controller may be authorised to process Personal Data without the need for the User’s consent or another of the legal bases specified below, as long as the User does not object (“opt-out”) to such processing. However, this does not apply if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
• the processing is necessary for the performance of a contract with the User and/or the performance of pre-contractual measures;
• the processing is necessary for the performance of a legal obligation to which the Controller is subject;
• the processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority vested in the Controller;
• the processing is necessary for the pursuit of the legitimate interest of the Controller or of third parties.
However, it is always possible to ask the Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on law, provided for by a contract or necessary to conclude a contract.
PLACE OF PROCESSING
The processing operations connected to the web services of this site take place at the aforementioned premises and are carried out only by technical personnel appointed by the data controller, or by persons in charge of occasional maintenance operations, under the direct authority of the data controller. No data deriving from the web service is communicated or disseminated.
The personal data provided by users who request information material to be sent to them (answers to queries, newsletters, etc.) are used for the sole purpose of replying to the request and are communicated to third parties only if this is required by law.
Data are processed and stored for the time required by the purposes for which they were collected.
- – Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until the performance of such contract is completed.
- – Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied. The User may obtain further information regarding the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller.
When the processing is based on the User’s consent, the Data Controller may keep the Personal Data longer until such consent is revoked. Moreover, the Controller may be obliged to keep the Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period the Personal Data will be deleted. Therefore, at the end of this period, the right of access, deletion, rectification and the right to Data portability can no longer be exercised.
Users may exercise certain rights with reference to the Data processed by the Data Controller.
In particular, the User has the right to:
- – withdraw consent at any time. The User may revoke the consent to the processing of its Personal Data previously expressed.
- – object to the processing of their Data. The User may object to the processing of its Data when it is done on a legal basis other than consent. Further details on the right to object are set out in the section below.
- – access to their Data. The User has the right to obtain information on the Data processed by the Controller, on certain aspects of the processing and to receive a copy of the Data processed.
- – verify and request rectification. The User may verify the correctness of its Data and request that it be updated or corrected.
- – obtain the restriction of the processing. When certain conditions are met, the User may request the restriction of the processing of its Data. In this case, the Data Controller will not process the Data for any purpose other than its preservation.
- – obtain the deletion or removal of their Personal Data. When certain conditions are met, the User may request the deletion of its Data by the Data Controller.
- – receive their Data or have them transferred to another Data Controller. The User has the right to receive its Data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transferred without hindrance to another data controller. This provision is applicable when the Data are processed by automated means and the processing is based on the User’s consent, on a contract to which the User is party or on contractual measures related thereto.
- – Proposing a complaint. The User may lodge a complaint with the competent data protection supervisory authority or take legal action.
When Personal Data are processed in the public interest, in the exercise of public powers vested in the Controller or in pursuit of a legitimate interest of the Controller, Users have the right to object to the processing for reasons related to their particular situation.
Gen Verde of P.A.F.O.M. reminds that, should the response to requests not be considered satisfactory, the user may address and lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) in the manner provided for by the Applicable Regulations.
If the changes affect processing whose legal basis is consent, the Data Controller will collect the User’s consent again, if necessary.
PROVISION OF ANSWER TO THE DATA SUBJECT’S REQUESTS AND ADDRESSES
Gen Verde of P.A.F.O.M. may therefore be contacted for any request, clarification or feedback on the application of personal data protection regulations and for the concrete exercise of the rights of the data subject, as better specified in the previous paragraph, also in the event that it is necessary to update, amend, supplement, correct and/or delete data, as provided for by the law or in relation to the assessment of the specific needs explicitly stated by the data subject.
To this end, in order to facilitate the interested party in the exercise of his/her rights and in the interaction with Gen Verde of P.A.F.O.M., the following contact details are provided to which and/or may refer in case of need: tel. (+39) 055/9051450, e-mail address: email@example.com; www.genverde.it; Loppiano, Via San Vito 12 50064 Figline e Incisa in Valdarno (Florence) – Italy.