INFORMATION PURSUANT TO ART. FROM 13 TO 22 OF REG. CE 679/16 ON PROVISION OF ELECTRONIC COMMUNICATION SERVICES
General regulation on the protection of personal data and legal basis of the processing
With this deed, and pursuant to art. from 13 to 22 of EC Reg. 679/2016, Federico Pineider, as Data Controller, wishes to inform you of the way in which he processes the personal data of website visitors in relation to electronic communication services via contact form. The Data Protection Officer is Federico Pineider, who can be reached at firstname.lastname@example.org. The treatments are carried out pursuant to art. 6 paragraph I letters b), e), f) EC Reg. 679/2016 in order to provide the Customer with the requested services and to comply with legal obligations exclusively on the following legal bases:
- L. 633/41 – Copyright law Legislative
- Decree 68/03 – Implementation of DIR 29/01 / EU
- Legislative Decree 70/03 – Implementation of DIR 31/00 / EU
- Legislative Decree 196/03 – Personal data code Legislative
- Decree 259/03 – Code of electronic communications Legislative
- Decree 206/05 – Consumer Code Legislative
- Decree 30/05 – Industrial property code Legislative
- Decree 82/05 – Code of digital administration
- Law 40/2007 – Urgent measures for the protection of consumers (Bersani Law)
- Law 48/08 – Transposition of the European Convention on Cybercrime
- EC Reg. 679/16 – General regulation on the protection of personal data
- Civil Code
- Code of Civil Procedure
- Penal Code
- Code of Criminal
- Procedure Provisions of the ordinary and administrative judicial authorities
- Provisions of the Autonomous State Monopoly Company
- Provisions of the Authority for Communications Guarantees
- Provisions of the Antitrust Authority for competition and the market
- Provisions of the Authority for the protection of personal data.
Who we are
GUICCIA STAR S.r.l.
Legal / administrative office = Piazza Beccaria, 4 – 50121 Florence Operational headquarters – Via Guicciardini, 2r – 50125 Florence VAT number / C.F. 03976700488 – tel 0552398450
The address of our website is: https://www.pinart.it
1 – Type of data processed and retention period
1.1The types of data processed are:
- Place and date of birth
- Tax code / VAT number
- Residence / registered office
- credentials for access to the control panel
- IP numbers
- Analytics traffic data
1.2- Retention period
GUICCIA STAR S.r.l. keeps the visitor’s personal data for the duration provided for by the civil code, the criminal code and the laws, regarding liability, prescription and cooperation with the judicial authorities. After this period the data is destroyed.
2 – Purpose of the processing
2.1 – Purposes required by law, essential for the fulfillment of contractual obligations, protection of company law in relation to Customers and Users
- Management of e-mail communication relationships
- Compliance with regulatory obligations
- Fulfillment of orders from the judicial authorities and / or independent authorities.
3 – Types of treatments performed on personal data
- Collection by filling in contact forms inserted on the site
- Communication to public bodies and authorities after processing (selection, research, extraction) of traffic data (for example investigations by the Guarantors and Judicial Authorities)
- Selective blocking of connections to network resources made unreachable by order of the public authorities (unauthorized online game sites, e-commerce sites indicated as fraudulent by the authorities, etc.)
- Automatic storage of contents (insofar as this is required by the contract and / or the Customer has not independently deleted the contents)
- Sending and receiving e-mails
- Cancellation at the request of the interested party.
4 – Data localization
GUICCIA STAR S.r.l. relies on the VPS (Virtual Personal Server) of Giuseppe Porzilli – Internet Press Office which are located at the Rome office of IRIDEOS-Mc-link S.p.A., in the European Union for the website hosting services.
5 – Scope of communication and dissemination
Risultati della traduzione
- due to the nature of the TCP / IP protocol (Transmission Control Protocol / Internet Protocol) and to the technical and organizational structure of an internet network, the data (and therefore also the general ones) that the Customer sends and receives can also transit outside the UE, for example because the routing of information packets is defined by the managers of the networks they make up, the “great Internet”
- the data it enters when requesting the assignment of IP numbers can be published by European entities (such as RIPE, the European Register of network number assignments)
- the data you enter when registering a domain name can be made available through the Whois services of the Registry for ccTLD.it (country code Top Level Domain) and .EU even outside the EU, or through the Whois services of other suppliers of domain name registration services located outside the EU. MC-link is unrelated to these treatments and the Customer must directly contact the individual Data Controllers also to activate, where available, the masking functions of the contact information
- the data generated by navigation are managed locally by the client’s computer and software. The Customer must therefore manage these technological components, adopting adequate measures to control and limit the personal data that enters the network through the use of secure protocols, VPNs and other available technologies.
- the DNS (Domain Name Server) systems automatically manage the IP / domain name conversion to respond to the connection request originating from the Customer’s systems. The Customer can freely choose which DNS to use, even different from those provided by Giuseppe Porzilli – Internet Press Office. Access to the DNS of Giuseppe Porzilli – Internet Press Office can be monitored and blocked by Giuseppe Porzilli – Internet Press Office on behalf of the judiciary and / or independent Authorities by virtue of specific measures
- the antispam systems commonly used in the sector involve the use of blacklists managed by third parties. The IP and / or domain of the Customer could be included – for reasons beyond the control of Giuseppe Porzilli – Internet Press Office – in the blacklists in question, making it impossible to send / receive e-mails. Giuseppe Porzilli – Internet Press Office has no legal right to intervene on the blacklist managers, which can also be located outside the EU
- the Italian National CERT (Computer Emergency Response Team) of the Ministry of Economic Development continuously and in total autonomy carries out Info Sharing activities with the other CERTs of the European Union that involve the public IPs of the Italian network, and therefore also those of the Customer. The results of the Clients’ IP activities are communicated to Giuseppe Porzilli – Internet Press Office, but there is no information on who else has access to the data in question. Giuseppe Porzilli – Internet Press Office is completely unrelated to these activities, to the results produced, as well as to the times and methods of the same
- the hosting and e-mail transport services do not prevent the Customer from using cryptographic technologies, and the prior delivery of the decryption keys is not required. This does not mean that in the event of an order from the competent Authorities, the data stored by the Customer can still be delivered even if encrypted.
- the activities for legal purposes – wiretapping, access to traffic data and other technical interventions – are covered by investigative secrecy and, without a specific order from the Judicial Authority, they cannot be the subject of information to the Customer
- the logs generated by the customer’s systems are his property and therefore the customer has the right to obtain a copy
6 – Security measures
6.1 – Technical measures
- The software and databases used are audited for compliance with the principles of data-protection by design and data-protection by default
- The telematic traffic data processed for justice purposes are managed through separate servers, physically isolated, with biometric access based on strong-authentication and monitoring of access logs
- The corporate network is protected by a firewall
- There is an antispam and antivirus system
6.2 – Protective measures
- A Data Protection Officer (RPD or DPO, Data Protection Officer) is appointed
- System administrators are identified
- The persons authorized to process the processing are identified
- The processing and organizational / technical choices affecting personal data security involve the Data Protection Officer
- Vulnerability tests of information systems and network infrastructure are performed and planned
- There is an IT emergency management procedure
- There is a Data-Breach management procedure.
7 – Exercise of the rights referred to in articles 13-25 of EC Reg. 679/2016
The EC Reg. 679/16, in articles 13 to 22, guarantees the interested party various rights including those to obtain the correction of the data processed by GUICCIA STAR S.r.l. and the cancellation of the same or the blocking of treatments.
The same rights can be exercised towards GUICCIA STAR S.r.l. even following the termination, for any reason, of any type of relationship.
The rights can be exercised by contacting the Data Protection Officer, reachable at email@example.com indicating exactly the personal data affected by the request and the reason for the request for modification, updating, cancellation, blocking and portability.
The request must be addressed to firstname.lastname@example.org – Data Controller, together with an identity document of the applicant. Within thirty days of receiving the request, GUICCIA STAR S.r.l. will communicate the acceptance of the request or its refusal (in the latter case, analytically motivating the reasons for the decision).
In case of exercise of the rights through delegates, the request must also contain a proxy with specific attribution of the power to request and receive the replies and a copy of the identity document of the delegate.
Within thirty days of receiving the request, GUICCIA STAR S.r.l. will communicate the acceptance of the request or its refusal (in the latter case, analytically motivating the reasons for the decision).