This document describes how to manage the website margheritaburgener.com (“Site”), with reference to the processing of personal data of Users (“User/Users”) consulting it.
This is an information notice provided pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”) and the national legislation on privacy and personal data protection applicable to all those who visit the Site.
This information is provided only for the Site and not also for other websites that may be consulted by the User through links on the Site.
The User is informed that this website is owned by the company Lombardi Massimo S.R.L.
1. Data controller
The data controller is Lombardi Massimo S.R.L., with registered office at Via Tortrino 17/A – 15048 – Valenza (AL), in the person of the legal representative pro tempore, (“Data Controller”). Email: firstname.lastname@example.org.
2. Type of data collected
2.1 Browsing data
The computer systems and software procedures used to operate the Site acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected in order to be associated with identified subjects, but which by its very nature could allow Users to be identified.
This includes, for example: (i) IP addresses or domain names of the computers used by Users who connect to the Site, (ii) the URI (Uniform Resource Identifier) notation addresses of the resources requested, (iii) the time of the request, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numerical code indicating the status of the response given by the server (successful, error) and (vii) other parameters relating to the User’s operating system and computer environment.
2.2 Data voluntarily provided by the User
The Owner processes personal and identifying data (first name, last name, address, email) hereinafter “personal data”. Users are free to provide their personal data to make requests for information. With regard to the data, there is no automated decision-making or processing involving User profiling. If the User provides personal data of third-party Users, he or she must be sure that these individuals have been adequately informed and have given their consent.
3. Purpose and legal basis for processing
3.1 Navigation data
Browsing data may be used to generate anonymous statistics on the use of the Website, for purposes of security of the Website and to check its proper functioning and could be used to ascertain responsibility in case of any computer crimes. The legal basis for the processing of such data is the legitimate interest of the Data Controller and in the case of requests by judicial authorities, the legal obligation.
3.2 Data voluntarily provided by the User
Personal data entered in the contact form are processed exclusively to respond to the request for information, i.e. for the provision of the service and to fulfill pre-contractual, contractual or tax obligations.
The User’s personal data are also processed to fulfill obligations under the law, a regulation, EU legislation or an order of the Authority and to pursue a legitimate interest of the Data Controller or to exercise the rights of the Data Controller, such as the right of defense.
4. Categories of data recipients
Personal data may be disclosed to third parties belonging to the following categories:
- freelancers, firms or companies within the scope of assistance and consulting relationships;
- subjects that provide services for the management of the information system and telecommunications networks;
- operators of web platforms (management software e.g. MailUp for sending newsletters);
- competent authorities for fulfillment of legal obligations and/or provisions of public bodies, upon request.
Persons belonging to the above categories act as Data Processors pursuant to Art. 28 GDPR. Personal data will be processed only by persons authorized by the Data Controller, pursuant to Art. 29 GDPR, due to their job description or company role.
5. Retention period
The data provided directly by the User are kept for the time strictly necessary to process requests and to achieve the purposes of the processing, after which they will be kept only in execution of the relevant legal obligations, for administrative purposes and/or to assert or defend one’s own right.
6. Security measures
Personal data are collected electronically, recorded in digital format, through the use of organizational and technical security measures to ensure the protection of confidentiality and to avoid the risks of loss or destruction, unauthorized access, unauthorized processing or processing that does not comply with the above purposes.
7. Extra EU data transfer
Personal data provided will not be transferred abroad to non-EU countries or to an international organization. Data management and storage is done on servers located in the European Union. It is in any case understood that the Data Controller, if it becomes necessary, will have the right to move to countries outside – EU.
In that case, the transfer of data outside the EU will take place in accordance with the applicable legal provisions by entering, if necessary, into agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.
This Site is not directed for use by minors and no data from minors are knowingly collected or processed. In accordance with applicable laws, the exercising parental responsibility must provide consent to the collection of a minor’s personal data. In the event that data from minors is unintentionally processed, the Owner will delete it in a timely manner upon written request from the exercising parental responsibility.
9. Rights of the data subject
The User may assert his/her rights as expressed in Articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, by contacting the Data Controller, by writing an email to email@example.com or by sending a registered letter with return receipt to Lombardi Massimo S.R.L., Via Tortrino 17/A – 15048 – Valenza (AL).
The User has the right, at any time, to ask the Data Controller for access to his/her personal data, rectification, cancellation of the same, limitation of processing. In addition, in the cases provided for, he/she has the right to object, at any time, to the processing of data (including automated processing, e.g. profiling), as well as to revoke the consent given without affecting the lawfulness of the processing based on the consent given previously. The User has the right to lodge a complaint with the Garante per la protezione dei dati personali (www.garanteprivacy.it) and/or other competent Control Authority under the Regulations. The User has the right to portability of his/her data and in this case the Data Controller will provide in a structured, commonly used and machine-readable format the personal data concerning the User.
The Owner reserves the right to modify and update this policy. Any updates will be posted on this page. If changes to the Policy are significant and specific consent is required by law, the Owner may send an email notice to the User.
Updated Date: 03/08/2023