Privacy Policy
This Privacy Policy has been drafted, pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter also the “Regulation“), in order to inform those who interact with the website www.oratoriosolomeo.it (hereinafter also the “Site“) about how personal data will be processed both through simple consultation and through the use of specific information request channels made available through the Site. The information is provided for the Site mentioned above and not for other websites that may be consulted by the user through links present on the Site (for which reference is made to their respective privacy policies).
***
1. DATA CONTROLLER The Data Controller is Solomeo Castel Rigone S.S.D. arl., with registered office at Piazzetta dei sapienti n. 1, Solomeo – Perugia, Italy (hereinafter, “Controller“), reachable at the email address info@oratoriosolomeo.it.
2. PERSONAL DATA SUBJECT TO PROCESSING We inform you that, by using the Site, the Controller may collect and process information and personal data relating to you, which may consist of an identifier such as your name, an identification number, location data, an online identifier or one or more elements characteristic of your physical, physiological, psychic, economic, cultural or social identity suitable to identify you or make you identifiable, depending on the type of services requested by you (hereinafter also “Personal Data“).
In particular, the Controller will process the following categories of Personal Data:
a. Browsing data
The Controller will process Personal Data collected during your navigation on the Site. Such Personal Data includes, for example, the IP address, location (country), domain names of the computer or device you use, URI (Uniform Resource Identifier) addresses of resources requested on the Site, request times, methods used to submit requests to the server, file sizes obtained in response to a request, numerical codes indicating the status of the server’s response (successful, error, etc.), and so on. The operation of the Site involves the use of computer systems and software procedures that collect information about users of the Site as part of their normal operation. Although the Controller does not collect such information in order to link it to specific users, it is still possible to identify such users either directly through such information or by using other information collected – as such, this information is also considered personal data.
b. Data voluntarily provided by you
The Controller will process Personal Data you may provide in connection with requests sent to email addresses and assistance phone numbers present on the Site and/or through filling out forms within it. Specifically:
With reference to requests sent to the Controller, we invite you to share only personal data strictly necessary for managing your request, excluding non-relevant information and/or information that may fall within special categories of personal data under Article 9 of GDPR ([…]personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data concerning health or sex life or sexual orientation). In case of transmission of non-relevant personal data not strictly necessary for managing your request, the Controller will refrain from processing such data and will proceed with their immediate deletion.
c. Cookies
The Controller will process Personal Data collected through cookies and other tracking tools. For more information on Personal Data processed through cookies and other tracking tools, please refer to the relevant Cookie Policy.
3. PURPOSES AND LEGAL BASIS OF PROCESSING
Your Personal Data will be processed for the following purposes:
a) To allow navigation of the Site and interaction with its contents, including managing Site security
The Controller will process Personal Data referred to in paragraph 2(a) above in order to allow you to access and navigate the Site as well as ensure its proper functioning. Providing Personal Data for this purpose is optional but failure to provide it would make it impossible to access and navigate the Site.
b) To manage and respond to specific requests addressed to the Controller through contact channels available on the Site
The Controller will process Personal Data referred to in paragraph 2(b) above provided by you in connection with specific requests sent to email addresses and assistance phone numbers present on the Site. Providing Personal Data for this purpose is optional but failure to provide it would make it impossible to send requests and consequently receive a response from the Controller.
c) To comply with any obligations under applicable laws, regulations or community legislation or satisfy requests from authorities
The Controller will process Personal Data referred to in paragraph 2 above in order to comply with a legal obligation incumbent on it.
d) To meet any defensive needs related to detecting, preventing mitigating and ascertaining fraudulent or illegal activities related to services provided on site
The Controller will process Personal Data referred to in paragraph above in order to defend its own right and/or legitimate interest in judicial extrajudicial settings. Please note that under Article 21 of Regulation you have right object at any time based your particular situation processing your Personal Data this purpose case objection Controller reserves evaluate such instance which may not accepted if there are compelling legitimate grounds proceed processing prevail over your interests rights freedoms.
4. RECIPIENTS OF PERSONAL DATA
Your Personal Data may be shared for purposes referred paragraph present Privacy Policy with:
persons authorized by Controller under Articles 29 32 Regulation Article 2-quaterdecies Legislative Decree 196/2003 (so-called “Privacy Code”) processing necessary perform activities strictly related provision services who have committed confidentiality adequate legal obligation confidentiality;
entities acting typically processors under Article 28 Regulation behalf Controller particular entities responsible provision services necessary usability Site (e.g., hosting providers technical maintenance service providers etc.); complete list processors available sending written request Controller DPO contacts indicated paragraph 1 above.
In addition Controller may communicate your Personal Data entities authorities whose communication required law orders authorities. Such entities will process Personal Data independent controllers.
Such entities collectively defined “Recipients”.
5. TRANSFERS OF PERSONAL DATA
Some your personal data may shared Recipients located outside European Economic Area. Controller ensures processing your personal data these Recipients carried accordance law one methods permitted law under Articles 44-49 Regulation such example consent adoption Standard Clauses approved European Commission selection entities adhering international programs free movement data accordance Recommendations 01/2020 adopted November 10th 2020 European Data Protection Board.
More information transfers carried guarantees adopted can requested writing Controller contacts indicated paragraph 1 above.
6. RETENTION OF PERSONAL DATA
Personal Data processed purposes referred paragraph present Privacy Policy will processed time strictly necessary achieve those same purposes compliance principles minimization storage limitation under Article 5(1)(c)(d) Regulation. Personal Data processed purposes referred paragraph present Privacy Policy will retained time provided specific obligation applicable law. Controller reserves retain Personal Data also time necessary ascertain exercise own right meet any defensive needs judicial extrajudicial settings phases preceding litigation.
More information retention period criteria used determine such period can requested writing Controller contacts indicated paragraph 1 above.
7. RIGHTS OF THE DATA SUBJECT
Personal Data processed for the purposes referred to in paragraph 3, letters a) and b) of this Privacy Policy will be processed for the time strictly necessary to achieve those same purposes, in compliance with the principles of minimization and storage limitation pursuant to Article 5, paragraph 1, letters c) and d) of the Regulation. Personal Data processed for the purposes referred to in paragraph 3, letter c) of this Privacy Policy will be retained for the time provided for by the specific obligation or applicable law. The Controller also reserves the right to retain Personal Data for the time necessary to ascertain and exercise its own right and/or meet any defensive needs in judicial and extrajudicial settings and in the phases preceding litigation. More information on the retention period of data and the criteria used to determine such period can be requested by writing to the Controller at the contacts indicated in paragraph 1 above.
8. RIGHTS OF THE DATA SUBJECT
You, as the data subject, can, at any time, exercise the following rights:
Right of access (Article 15 of the Regulation) – You have the right to obtain confirmation as to whether or not processing concerning your personal data is taking place, as well as the right to receive any information related to the same processing;
Right to rectification (Article 16 of the Regulation) – You have the right to obtain the rectification of your personal data, where they are incomplete or inaccurate; please note that, with respect to personal data collected through audio and video recording systems, the right to rectification is not concretely exercisable due to the intrinsic nature of the data collected, which pertains to an objective and determined fact;
Right to erasure (Article 17 of the Regulation) – In certain circumstances, you have the right to obtain the erasure of your personal data present in our archives;
Right to restriction of processing (Article 18 of the Regulation) – Upon the occurrence of certain conditions, you have the right to obtain the restriction of the processing of your personal data;
Right to data portability (Article 20 of the Regulation) – You have the right to obtain the transfer of your personal data to a different data controller as well as the right to obtain in a structured, commonly used, and machine-readable format the data concerning you;
Right to object (Article 21 of the Regulation) – You have the right to formulate a request to object to the processing of your personal data, in which you provide evidence of the reasons justifying the objection; the Controller reserves the right to evaluate such request, which may not be accepted if there are compelling legitimate grounds to proceed with the processing that prevail over your interests, rights, and freedoms.
To exercise the above rights, you can write to the Data Controller at the address Piazzetta dei sapienti n. 1, Solomeo – Perugia, Italy or at the email address info@oratoriosolomeo.it.
Furthermore, if you believe that the processing of your Personal Data violates the data protection regulations, you are informed that you have the right, pursuant to Article 77 of the Regulation, to lodge a complaint with the supervisory authority of the Member State in which you habitually reside, work, or where the alleged violation occurred.
9. CHANGES
The Controller reserves the right to modify or simply update the content of this Privacy Policy, in part or completely, also due to changes in the applicable legislation. The Controller therefore invites you to regularly visit this section to take cognizance of the most recent and updated version of the Privacy Policy so as to always be informed about the data collected and the related processing by the Controller.