CONTACT FORM INFORMATION
This information is provided to users who fill in the contact form (form) offered by the website www.cittadinidellordine.com of Citizens of the Order, in accordance with Article 13 of the European Regulation (EU) 2016/679 on the protection of personal data (GDPR).
Data controller
The data controller (hereinafter “Controller”) is Cittadini dell’Ordine S.p.A., with registered office in Via Lancia 6/A – 39100 Bolzano (BZ) and administrative office in Via dell’Arrigoni, 60/120 – 47522 Cesena (FC) – Tax code and VAT number 02415990213. Data Protection Officer (DPO) is Uomo & Ambiente S.r.l. Benefit Society, whose contact person Ing. Gianluigi Carbone can be contacted at the e-mail address privacy@cittadinidellordine.com.
Source and Type of Data
Personal data, identifying (company name or name, type of activity, geographic area or name and surname of natural persons, etc.) and contact data (address or other elements of personal identification, such as telephone, e-mail, etc.) as well as pertaining to the issues that identify the area of interest, are conferred spontaneously by the interested party through the form (form) proposed by the website.
Purpose of processing
The personal data of data subjects, users who fill in the fields provided by the “contact” or “quote” form, are collected and processed exclusively to enable the use of telematic services having the following purposes:
- Responding to inquiries from them.
Legal Basis
The legal basis for the processing of personal data is the receipt of a request from the user. The personal data of the interested party, spontaneously provided by filling in the appropriate online form (form), are in fact legitimately collected and processed to satisfy the requests for information received by e-mail. In this context, the processing of data for the above-mentioned purposes is necessary for the pursuit of the legitimate interest of the Data Controller.
Mandatory or optional nature of providing data
The data subject may refuse to provide the Data Controller with his or her personal data, as the provision of such data is optional. However, the completion of the indicated fields is indispensable in order to fulfill the requests received. Any refusal to provide the data (identification and contact data) will therefore prejudice the successful outcome of the request and will not allow the aforementioned service to be used.
Mode of treatment
Personal data will be processed by electronic means, including automated means, in accordance with the principles of lawfulness, necessity and relevance, taking safeguards to identify adequate security measures at any stage of the processing, having regard to the specific purposes of processing. In this regard, the anonymization of personal data and the removal of identifying data is carried out if there is no need to process the data in an identifiable form for the aforementioned processing purposes and, in any case, upon expiry of the retention period indicated in the following paragraph. The Data Controller does not carry out processing that consists of automated decision-making processes (such as profiling) on the data of users who interact with this website to take advantage of this service. The data will be processed by individuals expressly authorized and trained in the protection of personal data. Data may be accessed, incidentally, by ICT personnel and computer technicians (including outsourced) who oversee the operation of the computer system.
Data retention
The Data Controller will retain the personal data for as long as necessary to pursue the purposes set out in this policy and, in any case, until any request for restriction and/or opposition by the data subject. Thereafter, the data can only be kept for the time established by the relevant provisions in force.
Data recipients
Personal data processed by the Data Controller will not be disclosed, i.e., it will not be made known to unspecified parties, in any possible form, including making it available or mere consultation. Personal data may, on the other hand, be communicated, to the extent strictly necessary to perform services or services on our behalf, to third parties (we cite, by way of example, companies specializing in the management, development and maintenance of websites, companies providing IT services, companies specializing in the management of electronic communications services, etc.) which we use exclusively for the provision of services related to the purpose pursued, which our organization, in order to ensure greater protection, has from time to time appointed as Data Processors (art. 28 of the GDPR) of the processing operations carried out by them. The full list of the Data Processors, identified and appointed in writing, is available from the Data Controller. Finally, personal data may be communicated to the subjects entitled to access them by virtue of provisions of law, regulations, and EU legislation.
Data Transfer
There are no plans to transfer personal data to a third country or international organization (Art. 13(1)(f) GDPR) outside the European Union (or the European Economic Area). However, the Data Controller reserves the option to use cloud services, in which case, service providers will be chosen from those companies that can provide specific third-country adequacy guarantees recognized through a decision of the European Commission or, in the absence thereof, suitable contractual or covenant-based guarantees provided by the data controllers involved (including Binding Corporate Rules “BCRs” and Standard Contractual Clauses “SCCs”).
Rights of the data subject
The data subject, to whom the personal data refer, is entitled to exercise his or her rights (under Articles 15-22 of the GDPR) at any time in order to obtain:
- confirmation as to whether or not personal data concerning him or her are being processed, as well as access to the data and the following information (purpose of processing, categories of personal data, recipients and/or categories of recipients to whom the data have been and/or will be disclosed, storage period);
- rectification of inaccurate personal data concerning him/her and/or supplementation of incomplete personal data, including by providing a supplementary statement;
- The deletion of personal data or the restriction of the processing of personal data (as a means of reacting to unlawful or improper processing) in the cases provided for by current legislation;
- The opposition to the processing (c.d. “opt out”) of the processing of personal data (as a manifestation of willingness to have a given data processing cease) in the cases provided for by the regulations in force (it is understood that this right does not exist where the legitimacy of the processing is based on consent since in this case the right to revocation prevails); it may extend to the processing of one’s own data for purposes related to marketing activities carried out by automated contact or through traditional means, being able to be exercised in whole or in part (e.g., to e-mail or telephone communications only or by objecting only to the sending of promotional communications carried out by automated means, etc.) or to processing that consists of automated decision-making processes (such as profiling, insofar as it is related to direct marketing purposes);
- the portability of data, pertaining to the data subject and provided by the data subject, in order in particular to request from the data controller the personal data concerning him/her and/or to request from the data controller the direct transmission of his/her data to another data controller (it is understood that this right applies only if the processing is based on contract or consent and is carried out through electronic processing) in the cases provided for by the applicable legislation.
Regarding the exercise of his or her rights, the data subject may address his or her requests through specific communication by mail addressed to the Data Controller (at the above address) or by sending communication to the e-mail address privacy@cittadinidellordine.com, specifying the subject of his or her request and the right he or she legitimately intends to exercise.
Right of complaint
Data subjects who believe that the processing of personal data relating to them occurs in violation of the provisions of the Regulations, have the right to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data) in the manner provided on the website www.garanteprivacy.it (pursuant to Article 77) or to take appropriate legal action pursuant to Article 79 of the Regulations themselves (GDPR).