This page describes how this site is managed in relation to the processing of personal information of the users who consult it. This policy is also contained in Regulation (EU) 2016/679 ‐ protection of natural persons with regard to the processing of personal data and the free movement of such data of those interacting with the web services of Comitel & Partners, accessible electronically on: www.comitelpartners.it and www.artcitiesexchange.com
The policy has been adopted to identify some minimum requirements for the collection of personal data online, and in particular, the modalities, times and nature of the information that the holders of the treatment have to provide to users when they connect to web pages, regardless of the purposes of the link.
1.DATA CONTROLLER IDENTITY
The data controller is:
- Comitel & Partners s.r.l.
- Address: Via A. Serpieri 7 ‐ 00197 Roma (RM)
- Operational Headquarters: Marino del Tronto 171 – 63100 Ascoli Piceno (AP)
- Contacts: email email@example.com Telephone +39 0736 307292 Fax +39 0736 307314
2.DATA PROCESSING PURPOSE
Further to the consultation of this site, data relating to identified or identifiable individuals can be processed. The treatments related to the web services of this website take place at the aforesaid headquarters of Comitel & Partners, and they are handled only by technical staff responsible for treatment, or by delegates in charge of occasional maintenance operations. No data deriving from the web service is communicated or diffused. Personal information provided by users submitting requests for information is used solely for the purpose of performing the requested service and is communicated to third parties only if necessary. Users’ personal data collection and processing will be managed in compliance with the general principles of necessity, correctness, pertinence and non‐exceedance; more specifically, the data processing has the following purposes:
A. To answer questions and provide the information requested by the User and to contact the User with reference to the services provided by Comitel & Partners (the optional, explicit and voluntary sending of e‐mails to the addresses indicated on these sites involves the subsequent acquisition of the address of the sender, necessary to respond to the requests as well as any other personal data included in the mail).
B. The registration for events organized or coordinated by Comitel & Partners s.r.l. aimed at the promotion and marketing of the Italian tourist product, also through the compilation by the User of specific forms either via website or via e‐mail.
C. The “Newsletter” service. When signing up to the newsletter, your data will not be sold to thirds parties or used for any other purpose than the sending of the newsletter.
D. For any necessary operational, administrative, accounting operation, some data might be used for the registrations and communications as requested by the law.
E. Customer surveys and other requests, conducted either by phone or in person.
F. With the prior consent of the interested party, for commercial/promotional purposes related to the activity of Comitel & Partners s.r.l. and the third parties with which it cooperates.
3. LAWFULNESS OF THE PROCESSING
The processing is lawful since it meets at least one of the following conditions as per article 6.1 b), c), (f) of the GDPR:
b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject;
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third‐party, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual which require protection of personal information, in particular where the individual is a child.
4. RECIPIENTS OF PERSONAL DATA
a) used to retrieve anonymous statistic information;
b) put at disposal of the Holder’s Collaborators, who are authorized to process them;
c) communicated to third parties, whether natural or legal persons, public authorities, professionals, law enforcement officers, government authorities, regulatory bodies, courts or other public authorities when authorized by law;
d) communicated to commercial partners, only with the prior and express consent of the User;
e) if necessary, transferred to another data Controller as referred to in the GDPR, also according to the Right to data portability.
The list of the data controllers is available at Comitel & Partners.
5. PERSONAL DATA CATEGORIES
Sensitive Personal Data (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade‐union membership or data concerning health or sex life and sexual orientation) and child’s personal data will not be processed. Only the necessary data will be processed, and only for the specific purpose for which the activity of Comitel & Partners is intended (see point n.2).
6. DATA RETENTION
The data provided for the purposes explained at point 2 will be stored:
- for administrative/accounting purposes according to the retention period provided for by tax legislation and the general principles of private law:
- for marketing purposes and newsletter until withdrawal of consent, exercise of the right of objection, with a maximum storage period of 10 years.
Personal data will not be shared and shall be deleted when they are no longer necessary.
7. DATA PROCESSING METHODS
Computer systems and software procedures necessary for the correct functioning of this site may collect some personal data which transmission is implicit in the internet communication protocol (i.e. IP addresses, URI addresses, etc.). Personal data are handled with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, misuse or incorrect use, and unauthorized access.
Our website, like many others, stores and retrieves information on your browser using cookies. A cookie is a small text file stored on your hard drive by web pages you visit. They are mainly session cookies, i.e. temporary cookie files, which are erased when you close your browser. We may use these cookies to help us improve our services, to deliver advertisements, to analyse the access to web pages, to help identify and prevent security risks. The so‐called Session cookies used on this site avoid the use of other potentially damaging computer techniques for the privacy of user navigation and do not allow the acquisition of personal identifying data of the user.
9. DATA PROVIDING
In addition to the navigation data, the user may provide the requested personal data in other ways. The lack of information could involve the impossibility of obtaining what is required, such as answers, services or products provided by the site operator or its commercial partners.
10. RIGHTS OF THE INTERESTED PARTIES
As interested party, you have the rights set forth in the articles 15‐16‐17‐18‐20‐21‐22 of the GDPR:
- The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision‐making, including profiling, referred to in Article 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
- A data subject should have the right to have personal data concerning him or her rectified and a ‘right to be forgotten’.
- Whether the processing complies with Article 6, Paragraph 1, Letter a) or with Article 9, Paragraph 2, Letter a) the interested party shall have the right to withdraw their consent at any time, without any consequences. • The right to lodge a complaint with a supervisory authority;
- The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form. The right to obtain a copy shall not adversely affect the rights and freedoms of others.
The above information shall be provided:
- within a reasonable period after obtaining the personal data, but at the latest within one month, having regard to the specific circumstances in which the personal data are processed;
- if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.