(Notice on the processing of personal data pursuant to Article 13 of Italian Legislative Decree no. 196/2003 and Regulation EU 679/2016)
Is understood to be for the website www.solomeo.it (henceforth "Website').
Is an integral part of the Website and the services offered.
Is provided pursuant to article 13 of the Code, as well as article 13 of the Regulation, to those who interact with the web services of the Website.
The processing of your personal data shall be based on the principles of propriety, lawfulness, transparency, limitation of purpose and storage, minimization and accuracy, integrity and confidentiality, as well as on the principle of accountability pursuant to article 5 of the Regulation. Your personal data shall therefore be processed in accordance with the legal provisions of the Regulation and the confidentiality obligations set out therein.
By "processing” of personal data we mean any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- DATA CONTROLLER
- PERSONAL DATA PROCESSED; Browsing data; Cookies
- PURPOSES OF THE PROCESSING
- LEGAL BASIS AND COMPULSORY OR OPTIONAL NATURE OF THE PROCESSING
- RECIPIENTS OF THE PERSONAL DATA
- TRANSFERS OF PERSONAL DATA
- STORAGE OF PERSONAL DATA
- RIGHTS OF THE DATA SUBJECT
1. DATA CONTROLLER AND DATA PROTECTION OFFICER
The data controller is the Brunello and Federica Cucinelli Foundation with registered office in Via Giovine Italia, 06073, Solomeo, Municipality of Corciano (PG, Italy), enrolled in the Register of Legal Persons of the Prefecture of Perugia, general part no. 1172, detail no. 1173.
2. PERSONAL DATA PROCESSED
We inform you that the personal data being processed may consist of an identifier such as a name, an identification number, location data, an online identifier or one or more elements that are characteristic of your physical, physiological, mental, economic, cultural or social identity which are capable of making you identified or identifiable, depending on the type of services requested (hereinafter only "personal data"). The personal data processed through the Website are as follows:
- Browsing data
During their normal operation, the computer systems and software procedures used to operate the Website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. It is information that is not collected to be associated with identified interested parties, but by its very nature could allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of the computers used by users connecting to the Website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment.
Information on the cookies served by the Website is available here.
3. PURPOSES OF THE PROCESSING
Your personal data will be processed for the following purposes:
3.1. To allow you to browse the Website and to provide the services made available by the Data Controller, including the management of the Website's security.
3.2. To fulfil any obligations envisaged by current laws, regulations or Community legislation, or to comply with requests from the authorities.
3.3. For the processing of statistics, without it being possible to trace your identity.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
4. LEGAL BASIS AND COMPULSORY OR OPTIONAL NATURE OF THE PROCESSING
The legal basis for the processing of personal data for the purposes referred to in section 3.1 is article 6(1)(b) of the Regulation (“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”), as the processing is necessary for the provision of services. The legal basis for the processing of personal data for the purposes referred to in section 3.2 is, on the other hand, is article 6(1)(c) of the Regulation (“processing is necessary for compliance with a legal obligation to which the controller is subject”). The provision of personal data for these purposes is optional, but failure to do so will make it impossible to provide the services requested. Note, however, that the processing referred to in section 3.3 is not performed on personal data and can therefore be freely carried out by the Controller.
5. RECIPIENTS OF THE PERSONAL DATA
5.1. Parties that typically act as data processors pursuant to articles 29 of the Code and 28 of the Regulations, i.e., parties that cooperate with the Data Controller for the pursuit of the above purposes, including parties delegated to perform technical maintenance (collectively "Recipients").
5.2. Parties, entities or authorities that it is mandatory to disclose your personal data to by virtue of provisions of law or orders of the authorities.
5.3. Parties authorized by the Data Controller pursuant to articles 30 of the Code and 29 of the Regulation to process personal data necessary to perform activities closely related to the provision of the services, which are committed to confidentiality or have an appropriate legal obligation of confidentiality. The updated list of the parties that may process your personal data as data processors is available by sending a written request to the Data Controller at the addresses specified in the "Contacts" section of this policy.
6. TRANSFERS OF PERSONAL DATA
Some of your personal data may be shared with recipients outside the European Economic Area. The Data Controller ensures that the processing of your personal data by these Recipients is done in compliance with articles 43 and 44 of the Code, as well as articles 44 to 49 of the Regulation. Further information is available by sending a written request to the Data Controller at the addresses specified in the "Contact" section of this policy.
7. STORAGE OF PERSONAL DATA
Personal data processed for the purposes set out in section 3.1 shall be kept for the time strictly necessary to achieve those purposes. In any case, since the processing is carried out for the provision of the services, the Data Controller shall keep the personal data for the period of time envisaged and permitted by Italian law to protect its interests (article 2946 of the Italian Civil Code as amended).
Personal data processed for the purposes referred to in section 3.2 shall be kept for as long as required by the specific obligation or applicable regulation.
Further information on the data retention period and the criteria used to determine this period may be requested by sending a written request to the Data Controller at the addresses specified in the "Contact" section of this policy.
In any case, this is without prejudice to the possibility for the Controller to retain your personal data for the period of time envisaged and permitted by Italian law to protect its interests (article 2947(1)(3) of the Italian Civil Code).
8. RIGHTS OF THE DATA SUBJECT
Pursuant to article 7 of the Code, you have the right at any time to obtain confirmation of the existence or otherwise of your personal data and to know their content and origin, verify their accuracy or request their completion or updating, or their correction. You have the right to request their erasure, transformation into anonymous form or blocking of data processed in violation of the law, and in any case to oppose their processing for legitimate reasons. As of 25 May 2018, you also have the right to request access to your data, to object to their processing, to request the restriction of their processing in the cases envisaged by article 18 of the Regulation where technically possible, and to receive your data in a structured, commonly used and machine-readable format in the cases envisaged by article 20 of the Regulation. Such requests must be addressed in writing to the Data Controller at the addresses specified in the "Contact" section of this policy. In any case you always have the right to lodge a complaint with the competent supervisory authority (Personal Data Protection Authority) pursuant to art. 77 of the Regulation if you believe that the processing of your data is being done contrary to current law.
To exercise the above rights or for any other request you may write to the Data Controller at the postal address specified above or to the email address firstname.lastname@example.org, preferably with the words "request to exercise privacy rights" in the subject line.