Privacy Policy

 

PRIVACY POLICY EX ART. 13 GDPR

 

The Controller is BRUNA ROSSO srl, in the person of its legal representative pro tempore, located in Corso Nizza 36, ??Cuneo, tel. 0171692295, C.F and P.Iva .: 00917330045, which can be contacted at the email address contatti@brunarosso.com.

The Controller processes the data according to the principles established by the GDPR (General Regulation on EU data protection 2016/679), of lawfulness, fairness, transparency, purpose limitation and conservation, data minimization, accuracy, integrity and confidentiality.

 

Processed data

The processed data are:

a) Navigation data;

b) Personal, identification and contact data (it is expressly forbidden to transmit special categories of personal data or data relating to criminal convictions and offenses - own or of third parties - as per articles 9 and 10 GDPR), voluntarily provided by the user in any requests advanced via the request form, or to the addresses indicated on this site.

 

Purposes of the processing

The purposes of the processing are as follows:

a) allow the user to browse the site; statistical research / analysis on aggregate or anonymous data, without the possibility of identifying the Visitor, aimed at measuring the functioning of the site, measuring traffic and assessing usability and interest of the Site (in this case the Controller does not process data), fulfillment of legal obligations to whom the Controller is subject

b) respond to users' requests and update them - also by e-mail or newsletter service - on the activities of the Controller.

 

Legal basis for data processing

The legal basis of the processing are as follows:

a) legitimate interest of the Controller and user consent;

b) need to respond to user requests and his consent.

 

Navigation data and cookies

IT and telecommunications systems as well as the software used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) ??addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's IT environment.

This data is useful only for detailed statistics on the use of the site and to check for errors and it’s deleted immediately after processing.

It should be noted that the aforementioned data could be used to ascertain responsibility in the event of computer crimes against the site or to other sites: except for this eventuality, the data on web contacts do not persist if not for a few days.

Cookies aren’t used to transmit personal information nor for tracking users. The use of session or navigation cookies (which are not stored permanently on the user's device and are deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient site exploration. Session cookies that may be used on this site avoid the use of other IT techniques that are potentially prejudicial to the privacy of users' browsing and do not allow the acquisition of personal identification data of the user.

The user can selectively disable the action of Google Analytics by installing the opt-out component provided by Google on his browser.

Duration - some cookies (so-called session cookies) remain active only until the browser is closed. Other cookies (c.d. persistent cookies) "survive" when the browser is closed and are also available in subsequent visits by the user, and their duration is set by the server at the time of their creation, normally no later than 6 months.

The usability of the contents is also possible by completely disabling cookies, and disabling "third party" cookies does not in any way affect the navigability of the Site.

The setting can be defined specifically for different websites and web applications. In addition, the most used browsers allow you to define different settings for different types of cookies.

We also point out the possibility of using specific tools for managing privacy regarding cookies for advertising purposes such as Your Online Choices, limited to the ad networks that adhere to the initiative. For more information, http://www.edaa.eu

 

Processing methods

Data will be:

  • collected electronically;
  • recorded in digital format at the server in the exclusive availability of the Controller;
  • protected from risks of destruction, modification, erasure and unauthorized access through appropriate security measures of a physical, logical and organizational nature;
  • further processed, even on paper, to the extent and time strictly necessary to carry out the purposes indicated above;

All the persons authorized to the processing by the Controller are adequately educated regarding the rules of law and the other rules of processing, committing themselves to confidentiality.

 

Communication to recipients and dissemination

The data acquired through the site will not be disseminated.

The data is communicated to the recipients to the extent strictly necessary in relation to the aforementioned purposes.

The categories of recipients are as follows:

a) subjects necessary for the functioning and provision of the services offered by the Site, acting as Data Processors, pursuant to contracts stipulated pursuant to art. 28 GDPR;

b) persons authorized by the Controller.

c) as mentioned above, the Controller may also need to communicate data to fulfill legal obligations or to comply with orders from Authorities.

 

Period for which the personal data will be stored

The Controller store the data for the time necessary to achieve the aforementioned purposes, or to carry out what has been requested by the user, or requested by the purposes described in this document, and the user can always request the erasure, rectification and portability, or to object to processing of personal data concerning him, or to obtain limitation.

In particular, the Controller will store the Personal Data with the following deadlines:

Navigation data: maximum 7 days;

Identification and contact data provided by the user via the request form: no more than 24 months from the user's request (while the data necessary for the update service on the activities of the Controller, until the service itself: the Controller will verify however periodically, at least every three years, the persistence of the consent of Data subject).

Without prejudice to the above, the Controller will retain Personal Data up to the maximum time allowed by Italian law to protect its rights and / or interests.

 

Mandatory and optional nature of the communication of Personal Data

a) Navigation data: their provision is mandatory and indispensable to allow the Controller to make use the site for the user: the latter may not refuse to provide navigation data, to the extent that they consist of personal data.

b) Personal data provided by the user through the request form or the addresses indicated on the site: their provision is optional. If the user refuses to provide such Data, the Controller may not be able to process these requests, partly or completely.

c) Newsletter service: consent to its processing is optional. If the user does not give his consent, the Controller will not be able to provide the service.

 

Rights of the data subject

The data subject has the right to:

• access their Personal Data held by the Controller;

• ask for their rectification and / or erasure ("right to be forgotten");

• ask for the restriction of processing or to object to the processing;

• request data portability;

• lodge a complaint with a Supervisory Authority.

 

Changes to this Policy

This Policy is effective as of May 24, 2018.

The Controller reserves the right to modify the content, in part or completely, also due to changes in the Privacy Statement.

The Controller will publish the updated version of this document on the Site, and from that moment it will be binding: the data subject is therefore invited to visit this section regularly.