Pursuant to art. 13 of EU Regulation no. 2016/679 on the protection of individuals with regard to the processing of personal data and the free movement of such data, we inform visitors and users of our Portal that, as a result of its consultation or use of services offered online, personal information about them will be processed.
This information, of a general nature, concerns all of the Owner’s websites, accessible by telematic means at the following addresses (hereinafter, for the sake of brevity, these websites will be referred to collectively as “Portal”: areeprotettealpimarittime.it, parcoalpimarittime.it, parcomarguareis.it, grottedelbandito.areeprotettealpimarittime.it, roccasangiovannisaben.areeprotettealpimarittime.it, ciciudelvillar.areeprotettealpimarittime.it, cravamorozzo.areeprotettealpimarittime.it, benevagienna.areeprotettealpimarittime.it, sorgentidelbelbo.areeprotettealpimarittime.it, grottedibossea.areeprotettealpimarittime.it, centrouominielupi.it, ecomuseosegale.it, marittimemercantour.eu, centrograndicarnivori.it.
It is also to be understood as being expressly integrated with the conditions provided with reference to specific Services (for example, the newsletter, reserved accesses, etc.) provided through the web addresses above.
This information does not concern other sites, pages or online services that can be reached through hypertext links that may be published on the sites but refer to resources external to the Owner’s domains.
The Data Controller is the Ente di Gestione delle Aree Protette delle Alpi Marittime (C.F.: 96009220045) with head office in Villa Bianco – Piazza regina Elena 30 – 12010 Valdieri (CN), PEC firstname.lastname@example.org
The Data Controller hereby informs that it has appointed a Data Protection Officer (DPO) in compliance with the provision contained in art. 37, par. 1, letter a) of the GPDR, identifying a suitable person, who can be reached at the following addresses:
The duties and functions of the Manager thus designated, as provided for in Article 39, paragraph 1, of the GDPR, are detailed in the Appointment Decree available in the “Transparent Administration” section of the Portal.
The Manager is bound to secrecy or confidentiality regarding the performance of his or her duties, in accordance with Union or Member State law; reports received by the Manager are therefore considered confidential.
“Personal data” means any information whereby it is possible to identify a physical person, directly or indirectly, in this case, the User who navigates on the Owner’s sites and uses the Services.
The Owner manages numerous services, in different ways and for each of them the type of data requested and the purposes of collection vary.
Through the Portal the Owner does not acquire or process data of a sensitive nature or in any case belonging to the special categories as per art. 9 of GDPR or data relating to criminal convictions or crimes as per art. 10 of GDPR.
The computer systems and software procedures used to operate each website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and addresses of websites from which access or exit has been made, information on the pages visited by users within the site, the time of access, the permanence on the single page, the internal path analysis and other parameters related to the operating system and the user’s computer environment.
Such technical/informatics data are collected and used exclusively in an aggregate and non-identifying way and could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
Data provided voluntarily by the User
This is all personal data freely provided by the visitor on the Portal, for example, to register and/or access a reserved area, request information on a specific service through a form, write to an e-mail address or phone (in VoIP mode) to have a direct contact. The processing of such personal data will be carried out on the basis of the details provided pursuant to Articles 13 and 14 of the Regulations by the Data Controller when providing personal data during registration as requested in the appropriate forms.
Among the Personal Data collected by this Portal are: name, email, telephone, password, cookies, usage data, data communicated during the use of the contact service.
The description of the categories of personal data subject to processing will be contained in the information about each Service offered.
The User assumes responsibility for the personal data of third parties obtained, published or shared through this Portal and guarantees to have the right to communicate or disseminate them, releasing the Owner from any liability towards third parties.
Cookies and other tracking systems
For a complete description of the processing of personal data through these systems, please refer to the relevant information.
The processing operations connected to the web services of this Portal are carried out at the offices of the Data Controller or by third parties who carry out processing operations on behalf of the Data Controller and have been duly identified as Data Processors pursuant to art. 28 of GDPR.
The Data Controller shall adopt the appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of the personal data being processed.
The processing is carried out by means of computer and/or telematic tools, with methods of organisation and logics strictly related to the purposes indicated.
The processing operations are carried out only by technical personnel in charge of the processing, or maintenance operations. These subjects, duly identified and authorized, have received specific instructions on the methods and purposes of processing.
The User’s data are collected to allow the Owner to pursue the following purposes:
– to provide promotional and information services regarding activities or events proposed or participated in by the Body, the road network, alarms, notices, deadlines, emergencies, etc. and, in general, various contact services for institutional functions supplied through the use of telephone and telematic contacts, internet or social networks;
– providing services to citizens, companies, bodies and other subjects through the web or social networks through “e-government” processes, including the dissemination of data, acts and news; issuing certifications; booking appointments; sending questionnaires, newsletters; communication of data, acts, documents; public WI-FI connections, etc…
The visitor’s personal data may be used by the Owner in court or during the preparatory stages, for the defence against abuse in the use of this Portal or related Services, by the User.
Likewise, personal information may be processed by the judicial authorities in connection with any need to ascertain offences.
The Owner processes the personal data acquired during navigation on the Portal in the performance of its duties in the public interest or otherwise related to the exercise of its public powers, including that of illustrating the Authority’s activities and their operation, facilitating access to the services offered by the Authority, promoting broad and in-depth knowledge on issues of significant public and social interest, promoting the image of the Authority, as well as that of Italy, both in Europe and around the world, providing awareness and visibility to events of local, regional, national and international importance.
In some cases, duly highlighted, the processing will take place with the express and explicit consent of the visitor, expressed on the basis of this Information Notice (possibly supplemented with detailed information).
It is always possible, however, to ask the Data Controller to clarify the specific legal basis of each processing and in particular to specify whether the processing is required by law, is provided for in a contract or is necessary to conclude a contract.
The use of the content and services made available on this Portal presupposes that the navigator or user provides the required data in the form provided. This is always left to the discretion of the compiler.
Where it is necessary to express consent to the processing of personal data, it is always optional; consequently, the visitor may deny consent, and may revoke at any time a consent already provided. However, denying consent, or revoking it, may make it impossible for the Owner to provide the Services based on it and the browsing experience on the Portal may be compromised.
The data are processed and stored for the time necessary to achieve the purpose for which they were collected or subsequently processed.
Therefore, except for any different regulations contained in the pages dedicated to specific services:
– navigation data are not held for more than seven days (except for any need to ascertain crimes by the judicial authorities);
– the data provided to register and/or access a reserved area, for the entire duration of the access authorization (except for any need for judicial protection of the Owner or verification of crimes by the Judicial Authority);
– the data provided as part of a registration procedure for web services, for the entire duration of the registration (except for any need as to judicial protection of the Owner or detection of crimes by the Judicial Authority);
– the data provided in the context of an administrative procedure initiated through the Portal, for the entire duration of the same and, subsequently, for the time required by the legislation regarding the conservation of administrative documentation;
When the processing is based on the consent of the Data Subject, even after the above mentioned term of use, the Data Controller may retain the personal data until such consent is revoked.
Moreover, the Owner may be obliged to keep personal data for a longer period, in compliance with a legal obligation or by order of an Authority.
At the end of the retention period personal data will be deleted. Therefore, at the end of this period, the right of access, deletion, rectification and the right to data portability can no longer be exercised.
In addition to the Data Controller, in some cases, other external parties (such as technical, legal and consulting service providers, third parties, postal couriers, hosting providers, IT companies, communication agencies) who operate on behalf of the Data Controller and are duly classified as Data Processors may also have access to the data. The updated list of Data Processors can always be requested from the Data Controller.
The Data Controller may be obliged to disclose the data by order of public or judicial authorities.
The disclosure of personal data to third parties for commercial or profiling purposes is not foreseen.
The disclosure of personal data is not foreseen.
As provided for by article 15 of the Regulations, the interested party may access his/her personal data, request its correction and updating, if incomplete or incorrect, request its cancellation if it has been collected in violation of a law or regulation, and oppose its processing for legitimate and specific reasons.
In particular, we report below all the rights that can be exercised, at any time, against the Data Controller and/or the Affiliates:
Right of access: the right, in accordance with article 15, paragraph 1 of the Regulation, to obtain confirmation from the Data Controller whether or not personal data is being processed and, if so, to obtain access to such data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients from third countries or international organisations; d) where possible, the period for which the personal data are to be kept or, if this is not possible, the criteria used to determine this period; e) the existence of the right of the data subject to ask the data controller to correct or delete the personal data or to object to their processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data are not collected from the data subject, all available information on their source; (h) the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4) of the Regulation and, at least in such cases, significant information on the logic used and the importance and expected consequences of such processing for the data subject. All this information can be found within the information notice which will always be available in the Privacy section of each of the websites.
Right to revoke consent: if consent is required for the processing of personal data, each Interested Party may revoke, at any time, the consent already given, without prejudice to the lawfulness of the processing carried out prior to the revocation of consent.
Right of rectification: the right to obtain, in accordance with article 16 of the Regulation, the rectification of personal data that are inaccurate, taking into account the purposes of the processing; moreover, it is possible to obtain the integration of personal data that are incomplete, by providing an additional statement.
Right to cancellation: the right to obtain, in accordance with Article 17, paragraph 1 of the Regulation, the cancellation of personal data without undue delay and the Data Controller will be obliged to cancel your personal data, for even just one of the following reasons: a) the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) you have revoked the consent on which the processing of your personal data is based and there is no other legal basis for their processing; c) you have objected to the processing pursuant to Article 21, paragraph 1 or 2 of the Regulation and there is no longer any prevailing legitimate reason to process your personal data; d) your personal data has been processed unlawfully; e) it is necessary to delete your personal data in order to comply with a legal obligation provided for by a Community or national law. In some cases, as provided for by article 17, paragraph 3 of the Regulation, the Data Controller is entitled not to delete your personal data if their processing is necessary, for example, for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest, for archiving in the public interest, for scientific or historical research or for statistical purposes, for the ascertainment, exercise or defence of a right in court.
Right of limitation of processing: right to obtain the limitation of processing, in accordance with Article 18 of the Regulation, in the event of one of the following cases: the Interested Party: a) has contested the accuracy of the personal data (the limitation will continue for the period necessary for the data controller to verify the accuracy of such personal data); b) the processing is unlawful but has opposed the deletion of the personal data requesting, instead, that its use be limited; c) although the Data Controller no longer needs them for the purposes of the processing, the personal data is used for ascertaining, exercising or defending a right in court; d) has opposed the processing pursuant to Article 21, paragraph 1, of the Regulation and is awaiting verification as to whether the legitimate reasons of the Data Controller prevail over their own. In case of limitation of the processing, personal data will be processed, except for storage, only with the consent or to ascertain, exercise or defend a right in court or to protect the rights of another natural or legal person or for reasons of public interest.
Right to data portability: the right to request at any time and receive, pursuant to Article 20, paragraph 1 of the Regulation, all personal data processed by the Data Controller and/or by the joint holders of the processing in a structured, commonly used and readable format or to request their transmission to another data controller without hindrance. In this case, it will be the responsibility of the interested party to provide us the exact details of the new data controller to whom they intend to transfer their personal data by giving us written authorization.
Right to object: in accordance with Article 21, paragraph 2 of the Regulation and as also reiterated in Recital 70, you may object, at any time, to the processing of your personal data if they are processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. When personal data are processed in the public interest, in the exercise of public powers vested in the Data Controller or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their particular situation.
Without prejudice to the right to appeal in any other administrative or judicial venue, if it is considered that the processing of personal data carried out by the Data Controller and/or the joint holders of the processing is in violation of the Regulation and/or the applicable legislation, it is possible to lodge a complaint with the Guarantor Authority for the Protection of Personal Data, as provided for in art. 77 of the Regulation itself, or to bring the matter before the appropriate courts (art. 79 of the Regulation).
Further information regarding the processing of personal data may be requested at any time from the Data Controller or the Data Protection Officer (DPO) using the contact details provided.
If the changes involve treatments whose legal basis is consent, the Owner will again collect the User’s consent, if necessary.
The Portal uses so-called social plug-ins. These are special tools that allow you to incorporate social network features directly into the Portal (e.g. the Facebook “like” function).
All social plug-ins on the Portal are marked with the respective logo of the social network platform.
When you visit a page on the Portal and interact with the plug-in (e.g. by clicking on the “Like” button) or leave a comment, the corresponding information is transmitted from your browser directly to the social networking platform (in this case Facebook) and stored there.
Through the Portal it is also possible to link to other third party websites.
In this regard, the Owner cannot be held responsible for the possible management of personal data by third party websites and for the management of authentication credentials provided by third parties.
These are small text files saved in the directories used by the User’s web browser. There are various types of cookies, some to make Site use more efficient, others to enable certain features.
Some of the purposes for which cookies are installed may require your consent. Where the installation of Cookies is based on your consent, you may revoke your consent at any time by following the instructions in this document.
Cookies can be divided into two macro-categories: “technical cookies” and “profiling cookies”.
1.1 Technical cookies
Technical cookies are used to enable the safe, fast and efficient exploration of websites and to provide users with the requested services.
The prior consent of users is not required for the installation of such cookies.
1.1.1 Session technical cookies
Session cookies are used for navigation and authentication to online services and restricted areas. The use of these cookies (which are not permanently stored on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable effective navigation of the site.
Session cookies avoid the use of other computer techniques potentially prejudicial to the confidentiality of users’ navigation and do not allow the acquisition of personal identification data of the user.
The use of permanent cookies is strictly limited to the acquisition of statistical data useful to understand the level of use of the site.
1.1.2 Analytical cookies
They are assimilated to technical cookies and are used to collect information, in anonymous and aggregate form, on the number of users and how they visit the site. The data obtainable from these cookies are managed by the Owner as operator of the website exclusively for statistical purposes and for the processing of reports on the use of the website itself.
1.1.3 Third party service analysis cookies
These cookies are used to collect information anonymously about the use of the Site, such as: pages visited, time spent, traffic origin, geographical origin, age, gender and interests for the purposes of marketing campaigns. These cookies are sent by third party domains outside the Website.
1.1.4. Cookies to integrate third party software products and functions
This type of cookie integrates features developed by third parties within the pages of the site such as icons and preferences expressed in social networks in order to share site content or for the use of third party software services (such as software to generate maps and additional software offering additional services). These cookies are sent by third party domains and partner sites that offer their functionality between site pages.
1.2 Profiling Cookies
These are cookies necessary to create user profiles in order to send advertising messages in line with the preferences expressed by the user within the pages of the Site.
L’Utente può gestire le preferenze relative ai Cookie direttamente all’interno del proprio browser ed impedire – ad esempio – che terze parti possano installarne. Tramite le preferenze del browser è inoltre possibile eliminare i Cookie installati in passato.
Vista l’oggettiva complessità di identificazione delle tecnologie basate sui Cookie l’Utente è invitato a contattare il Titolare qualora volesse ricevere qualunque approfondimento relativo all’utilizzo dei Cookie stessi tramite i dati di contatto forniti.
In ogni caso La avvisiamo che questo Portale e le comunicazioni generate con l’uso e/o la registrazione sul medesimo (come e-mail promozionali o newsletter) non contengono immagini elettroniche dette “web beacons”, né da sole, né in combinazione con Cookie.
Puoi verificare quali cookie sono utilizzati dal Portale tramite gli strumenti del browser.
Una guida per i principali browser la puoi trovare qui: https://www.wikihow.it/Visualizzare-i-Cookies
How do I consent to the installation of Cookie?
You can manage your Cookie preferences directly within your browser and prevent – for example – third parties from installing cookies. You can also use your browser preferences to delete cookies that have been installed in the past.
In any case, we inform you that this Portal and the communications generated by the use and/or registration on it (such as promotional e-mails or newsletters) do not contain electronic images called “web beacons”, either alone or in combination with Cookies.
What cookies are present on this website?
You can check which cookies are used by the Portal through your browser tools.
A guide for the main browsers can be found here: https://www.wikihow.it/Visualizzare-i-Cookies
Downloadable documentation and links to consult.
– Privacy Guarantor: What is a complaint and how it is submitted to the Guarantor
To find out more.