Personal data processing policy

Campo dei Fiori S.r.l. (“CDF”) is aware of the importance of protecting the right to privacy and, in its quality of Data Controller, informs the users of www.campodeifiori.it website (“Users” or “Data Subjects”) that the personal data collected through navigation on the website (“Data”) will be processed in compliance with the law on the protection of personal data. When using the services offered by the site (filling out MTM forms, etc.) the user will receive specific information regarding the further processing of personal data made by CDF.
Pursuant to Article 13 of Regulation (EU) no. 679/2016 (“Regulation”), with reference to the methods of management and processing of Users’ Data, CDF provides the following information.

1. Types of data collected, purpose and legal basis of processing

Navigation data

The computer systems and software procedures used to operate the www.campodeifiori.it website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the users' terminals that connect to the site, the MAC (Media Access Control) addresses, the addresses in the URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to forward the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and parameters related to the operating system and to the user's computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site. The legal basis that legitimises that processing is art. 6 par. 1, lett. b) of the Regulation, since it allows the User to use the service requested. The same data may also be used to fulfil legal obligations or to requests of the judicial Authority. The legal basis that legitimises that processing is art. 6 par. 1, lett. c) of the Regulation, since it is necessary to fulfil a legal obligation to which the data controller is subject

Data provided voluntarily by the user

Following the voluntary sending of e-mail messages to the e-mail addresses on the site, CDF may process the sender's e-mail address and the additional personal data contained in the message to respond to requests made by the user. Specific privacy policy will still be given when using particular tools provided by the site. The legal basis that legitimises the processing of personal data for this purpose is to be found in the hypothesis provided for by art. 6 par. 1, lett. b) of the Regulation (EU) no. 679/2016, or to provide the requested service to the user. The same data may also be used to fulfil legal obligations or to requests of the judicial Authority. The legal basis that legitimises the processing of personal data for this purpose is to be found in the hypothesis provided for by art. 6 par. 1, lett. c) of the Regulation (EU) no. 679/2016, or as the processing is necessary to fulfil a legal obligation to which the data controller is subject.

Users are requested not to use the tools provided by the site any data concerning health, political opinions or religious beliefs as well as any other special categories of data. If provided without a proper written consent of their processing, such Data will be immediately deleted

Cookie

The site uses technical cookies (session and navigation), to ensure normal navigation and use of the website (allowing, for example, to authenticate the access in restricted areas). The site also uses profiling cookies and third-party analytics (with reduced identifying potentials), in order to monitor the use of the site by users for the purpose of optimising the web platform and statistics (analytical). For all information concerning the processing of personal data by means of cookies, please refer to the policy on the extended cookie, linked in the footer of each website page.

2. Data retention period

Personal data collected and processed when browsing the www.campodeifiori.it site will be kept for the entire period of service providing and in any case deleted or rendered anonymous within 7 days. Personal data sent voluntarily by users through the tools on the site will be deleted after providing the service requested or having responded to them and in any case within the maximum period of 6 months from the end of this activity, with the exception of those required to comply with fiscal, accounting and administrative regulations or to fulfil other legal obligations and to document the activities carried out.

3. Modalities for Data processing

The Data will be stored and processed with electronic tools and will be stored both electronically and on paper, organised in a database, and on any other type of appropriate support. Specific security measures are followed to prevent data loss, illicit or incorrect use and unauthorised access. The processing of Data carried out by CDF does not involve automated decision-making processes.

4. Reporting data

The communication of navigation data is a necessary to provide the requested service (navigation on the site) and mandatory for this purpose: in default, the navigation of the www.campodeifiori.it website will be impossible.

5. Entities to whom personal data may be disclosed

The Data may be communicated to: (i) subjects who are entitled and have the interest to access to the Data by law or secondary and / or EU legislations; (i) Data Controller’s internal staff; (iii) companies, associations or professional offices that provide services and activities, on behalf of the Data Controller, as Data Processors for the fulfilment of legal obligations, as well as for every organizational and administrative need necessary to provide the services requested. The names of the Data Processors are listed in an updated list available at CDF premises (to be requested at the addresses indicated in point 9). The Data will not be disseminated.

6. Data Transfer abroad or to international organisations

CDF does not transfer customer data processed for the purposes indicated in this policy in countries located outside the European Union or to international organizations

7. Link to sites or services of third parties

This policy is provided only for the processing of personal data made through this website and the tools provided by the same, and not for other websites that may be consulted by the user through connection, whose managers operate as independent data controllers. Users are therefore invited to read their privacy policies carefully, before accessing the services of third parties.

8. Data Subject’s rights

In relation to the above-mentioned Data processing, Data Subjects have the right to exercise at any time the rights provided by the Regulation, including, for example, to obtain: (a) access, updating, correction or, when interested, integration of data; (b) deletion, transformation into anonymous form or blocking of data processed in violation of the law; (c) the limitation of data processing; (d) copy of their data in standard format.
Furthermore, Data Subjects have the right to obtain the indication of: (i) the origin of personal data; of the purposes and methods of the processing; (ii) the logic applied in case of processing carried out with the aid of electronic instruments; (iii) details of the Controller, Processor(s), and appointed representative.
Data Subjects are also entitled to object, in whole or in part:

• to processing for scientific or historical research purposes or statistical purposes, for legitimate reasons, even if pertinent to the purpose of the collection;
• to processing of Data carried out pursuant to Article 6 (1) of the GDPR, letters e. ("processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller ") or f. ("Processing is necessary for the pursuit of the legitimate interest of the data controller or third parties") including profiling on the basis of these provisions.
• to processing of Data for the dispatch of advertising or direct sales material or for the conduction of market research or commercial communication (direct marketing), including profiling in so far as it is connected to it.

Data Subjects have, finally, the right to revoke their consent to processing, when this is based on the hypothesis by the art. 6, paragraph 1, letter a. (when "the data subject has given consent to the processing of their personal data for one or more specific purposes"), or by Article 9, paragraph 2, letter a. (when “the data subject has explicitly consented to the processing of such personal data for one or more specific purposes”) of the Regulation, at any time without prejudice to the lawfulness of the treatment based on consent given prior to the revocation.
If the Data Subjects consider that the processing concerning them is in violation of the legislation in force, hey have the right to lodge a complaint with a supervisory authority, particularly in the Member State in which they normally reside, work or where the alleged violation has occurred. The Italian Supervisory Authority can be reached at the addresses www.garanteprivacy.it.

9. Data controller - Contact details

The Data Controller is è Campo dei Fiori S.r.l., Via Cesare Battisti 80, 20120 – Daverio (VA), VAT no. 02929410120, in the person of the legal representative pro tempore. The Company may also be contacted at the e-mail addresses info@campodeifiori.it and campodeifiori@certimprese.it.
To exercise the rights listed above, the data subject may make a request using the e-mail account info@campodeifiori.it.
CDF retains the right to update this personal data processing policy.