Privacy Policy
Information document pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 (GDPR)
WHY THIS INFORMATIONS
Pursuant to Regulation (EU) 2016/679 (hereinafter “GDPR”), this page describes how we process your personal data. This information is provided pursuant to art. 13 GDPR. The information is not to be considered valid for other third-party websites, which may be consulted through links on this website, for which no responsibility is assumed.
Processable personal data
Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological identity of that natural person, genetic, mental, economic, cultural or social (C26, C27, C30 GDPR).
Contractor/User Data.
Navigation data
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and IT environment.
Data provided voluntarily
The optional, explicit and voluntary sending of messages to the contact addresses indicated on this site and/or the compilation of data collection forms involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered.
Information about the processing of personal data carried out through Social Media platforms
With regard to the processing of personal data carried out by the managers of the Social Media platforms used by the Data Controller, please refer to the information provided by the latter through their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of dedicated Social Media platforms, to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation.
Specific disclosures
Specific information may be present on the pages of the Site in relation to particular services or processing of the data provided.
Cookies and other tracking systems. What are they? What are they for?
For cookies and other tracking systems, see the cookies policy in the footer of the site and at the following link.
1. WHO IS THE DATA CONTROLLER? HOW TO CONTACT HIM?
The Data Controller is Como 1907 Srl, with registered office in Via A. Volta 70, 22100 Como, (Italy) in the person of its pro-tempore Legal Representative, whom you can contact for any information by telephone 031 574425, e-mail privacy@como1907.net.
2. HAS THE DATA PROTECTION OFFICER BEEN APPOINTED? WHAT ARE YOUR CONTACT DETAILS?
Como 1907 Srl has appointed its Data Protection Officer (DPO) pursuant to Articles 37, 38 and 39 of the GDPR. The DPO can be reached at the Data Controller’s office indicated above and by email dpo.como1907@dpoprofessionalservice.it.
3. PURPOSE OF THE PROCESSING, LEGAL BASIS, DATA RETENTION PERIOD AND NATURE OF THE PROVISION
PURPOSE OF THE PROCESSING | LEGAL BASIS | RETENTION PERIOD | NATURE OF THE PROVISION |
Navigation on this website. | The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that the interests or fundamental rights and freedoms of the data subject which require the protection of personal data are not overridden, taking into account the reasonable expectations of the data subject and the activities strictly necessary for the operation of the website and navigation itself (Art. 6, par. 1 lett. f e C47 del GDPR). | The retention of browsing data will be for as long as the duration of the browsing session. | The provision of data is necessary for the user’s navigation on the website. |
In addition to browsing, personal data will be processed for:
PURPOSE OF THE PROCESSING | LEGAL BASIS | RETENTION PERIOD | NATURE OF THE PROVISION |
A) Contacts, sending contact requests, requests for information from the user. | The processing is necessary for the performance of a contract to which the data subject is a party or for the execution of pre-contractual measures adopted; (C44) art. 6 paras. 1 easy. b) part GDPR) |
Maximum 12 months | The provision is necessary. Failure to provide the necessary data will make it impossible to be contacted and receive information |
B) Direct marketing activities, for sending advertising material or direct sales or for carrying out market research, commercial and promotional communication, newsletters, through automated means (e-mail). Communications may contain activities, information/logos of partner companies and group companies. For a complete list of group companies and partners, please write to privacy@como1907.net. | The processing is based on consent to the processing of personal data (C42, C43) art. 6 para. 1 lett. a) of the GDPR | Until you withdraw your consent (or opt-out) | The provision of data is optional. Failure to provide the necessary data will make it impossible to receive direct marketing communications via newsletter from the Data Controller |
C) Transfer of your data to third parties for their own marketing purposes (Sent Group Companies and Sponsor Companies). | The processing is based on consent to the processing of personal data (C42, C43) art. 6 para. 1 lett. a) of the GDPR | Until consent is revoked (Opt-out), to be exercised against the third party who, following the transfer of data for marketing purposes, is an independent Data Controller for the marketing activity. | Failure to consent will make it impossible to be contacted for marketing purposes by the Sent Group Companies and Sponsor companies. |
D)Management of your requests and requests of other data subjects, pursuant to Article 15 et seq. of the GDPR (rights of the data subject) | The processing is necessary for compliance with a legal obligation to which the controller is subject (C45) Art. 6 par. 1 easy. c) part GDPR) | 5 years from the closing of the application, except for litigation. | The provision of personal data is mandatory, as it is essential to be able to comply with legal obligations. |
4.TO WHOM WILL THE PERSONAL DATA BE COMMUNICATED? DATA RECIPIENTS
The data will not be disseminated. Personal data will be communicated to subjects who will process the data as independent Data Controllers, or Data Processors (Article 28 of the GDPR) and processed by natural persons (Article 29 of the GDPR) who act under the authority of the Data Controller and the Data Processors on the basis of specific instructions provided regarding the purposes and methods of the processing. The data will be communicated to recipients belonging to the following categories:
– Subjects who provide services for the management, maintenance and hosting of the site; – Third Parties: Group Companies and Business Partners/Sponsoring Companies, only upon prior consent; – Freelancers, firms or companies in the context of assistance and consultancy relationships; – Competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request.
The subjects belonging to the above categories perform the function of Data Processor, or operate in total autonomy as separate Data Controllers.
The list of Data Processors under Article 28 is available by writing to privacy@como1907.net or to the other addresses indicated above.
5.WILL THE DATA BE TRANSFERRED TO NON-EEA COUNTRIES?
Personal data will be transferred to non-EEA countries, in order to comply with related purposes based on the purposes of data processing. The data will be transferred in accordance with Article 44 et seq. of the GDPR:
– Article 45 towards third countries for which the Commission has intervened with a specific adequacy assessment. Countries: United Kingdom.
– Article 46(2)(c) and (d) to parties that have provided adequate guarantees, with standard contractual clauses (SCCs) of the European Commission.
For information on safeguards for the transfer of data outside the EEA, please write to privacy@como1907.net.
6. IS THERE AN AUTOMATED PROCESS?
Personal data will be subject to manual, traditional and automated processing (newsletter). It should be noted that fully automated decision-making processes are not carried out.
7. WHAT ARE YOUR RIGHTS? HOW CAN YOU EXERCISE THEM?
You may assert your rights as expressed in Articles 15 et seq. of the GDPR, by contacting the DPO/DPO at the address dpo.como1907@dpoprofessionalservice.it or by contacting the Data Controller at the e-mail address privacy@como1907.net, or at the contacts indicated above, or. You have the right, at any time, to request access to your personal data (art.15), rectification (art.16), deletion (art.17), limitation of processing (art.18). The Data Controller shall communicate (art. 19) to each of the recipients to whom the personal data have been transmitted any rectification, erasure or restriction of processing carried out. The controller shall notify the data subject of these recipients if the data subject so requests. In the cases provided for, you have the right to the portability of your data (art.20) and in this case they will be provided to you in a structured, commonly used and readable format, by an automatic device. If you would no longer like to receive automated direct marketing communications (e-mails), please send an e-mail to privacy@como1907.net with the subject line “unsubscribe from marketing newsletters” or use our automatic opt-out systems for the newsletter.
In the event that the data subject believes that the processing of personal data carried out by the Data Controller is in violation of the provisions of Regulation (EU) 2016/679, the data subject has the right to lodge a complaint with the Supervisory Authority, in particular in the Member State in which he/she habitually resides or works or in the place where the alleged violation of the regulation occurred (Data Protection Authority https://www.garanteprivacy.it/), or to take legal action.
8. CHANGES TO THE POLICY
The Data Controller reserves the right to modify, update, add or remove parts of this policy. In order to facilitate the verification and modification of the text, the information will contain the date of the latest update.
Updated: 17/01/2024