In addition to the aforesaid legislation in force, specific reference is also made to Recommendation 2/2001 adopted by the European authorities for the protection of personal data, brought together in the Working Party established by article 29 of Directive 95/46/EC, adopted on 17 May 2001 to identify certain minimum requirements for collecting personal data on-line.
The Data Controller is Il Treno di Dante s.r.l. (hereinafter “Controller”) in the person of its pro tempore legal representative, with registered office in Via Mengolina 22, 48018 Faenza, Italy.
PLACE OF DATA PROCESSING
Processing regarding the Site services is performed at the Controller’s aforesaid registered office. Data are processed using the servers of the hosting service providers of the Site, which is currently Executive Service Srl
Personal data are processed using automated means for the time strictly needed to achieve the purposes for which they were collected. The Controller takes appropriate security measures to prevent the unauthorised access, disclosure, modification or destruction of the personal data. Data are processed using IT and/or telematic means, with organisational methods and logic strictly related to the purposes indicated. In addition to the Controller, in some cases, the following people may have access to the data:
- other individuals in the Controller’s organisation involved in the management of the Site (administrative, commercial, marketing and legal staff, system administrators);
- external individuals who perform duties strictly related to and instrumental in the operation of the service (such as third-party technical service providers, couriers, hosting providers, IT companies, communication agencies) who, if necessary, may be appointed Data Processors by the Controller. An updated list of the Data Processors may be requested in writing from our Privacy Department at the addresses given at the end of this Policy.
Personal information is not disclosed to other third parties without permission, except when required by law or an authority. They shall not be disclosed to third parties nor transferred to third countries or international organisations. Cloud-based services, however, may be used; in this case, service providers will be selected from those who provide appropriate safeguards as referred to in article 46 of the GDPR 679/2016 and never from outside the European Union.
MANDATORY OR OPTIONAL PROVISION OF PERSONAL DATA
Personal data may be provided freely by the User or, in the case of usage data, collected automatically when using this website. Full details of each type of data collected are given in specific information texts displayed before the data are collected.
- Data regarding User preferences expressed while visiting the Site;
- Data provided voluntarily by Users – identification information – to access specific services offered by the website; please see the special notices published in the relevant sections.
PERSONAL DATA PROCESSED
The following personal data may be processed during or after visiting this Site:
- User identification data, relating to identified or identifiable persons, such as, for example, name, surname, tax code, company, position, email address and telephone number;
- usage data, website, profession, nationality, company name, VAT number, address, fax number, state/province, post code;
- different types of data , town/city, business sector.
During normal operation, the IT systems and software procedures used to run this Site collect personal data and transmission of such data is an inherent feature of Internet communication protocols. This information is not collected to be associated to identified individuals but it could, by its very nature, allow Users to be identified after being processed and matched with data held by third parties. This category of data includes IP addresses or the domain names of computers used by individual Users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to address the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful outcome, error, etc.) and other parameters relating to the User’s operating system and IT environment. Please note that the aforesaid data may be used to establish liability in the event of computer crimes detrimental to the Controller’s site or to other sites connected or linked to it.
PURPOSES OF THE PROCESSING
The Controller processes personal data for the following purposes:
- manage correct use of the Site;
- assess, in statistical and aggregate form, how Users use the Site;
- collect information regarding the choices made by Users during navigation;
- send commercial information in line with the preferences expressed by the User during navigation;
- ascertain any illegal conduct by Users causing damage to third parties or the Controller;
- manage purchase orders. The Controller collects and processes the User’s/Client’s personal data to receive and process purchase orders, to deal with any complaints that may be lodged after purchase and to provide the Client with the available services. These data are needed in order to manage purchase orders, also with our sales partners (for example logistics service providers, couriers, banks, etc.). To this end, a Reserved Area may be created for Client login: the personal data of the Client and those regarding his/her purchase orders are saved on the Controller’s system but shall not be freely accessible for security reasons. Clients shall treat their access data in a responsible manner and in accordance with the law and shall not disclose them to third parties. The Controller shall not in any way be liable for incorrect or improper use of credentials by the Client;
- for promotional purposes, to send information about items for sale on the website. By completing the contact form with their data, Users agree to their data being used to respond to requests for information, for quotations or of any other nature indicated on the top of the form. Personal data collected: post code, town/city, tax code, name and surname, email, address, country, fax number, telephone number, VAT number, profession, state/province, company name, business sector, different types of data. The Client’s email address will only be used within the limits of the applicable law, namely where necessary after the Client has given his/her consent. Clients will receive regular emails containing advice on purchases. These promotional messages can be interrupted free of charge by sending an email to firstname.lastname@example.org, by calling the following number free of charge +39 0546 698000 or by clicking on the option “If you don’t want to receive this newsletter anymore, click here” found in every promotional email.
LEGAL BASIS FOR DATA PROCESSING
Data shall be processed and stored for the time needed to achieve the purposes for which they were collected. Accordingly:
- Personal data collected for purposes related to the execution of a contract will be retained according to the provisions of the applicable law.
- Personal data collected for purposes related to the legitimate interest of the Controller will be retained until such interest is fulfilled. The User can obtain further information on the legitimate interest pursued by the Controller in the relative sections of this document or by contacting our Privacy Department.
When processing is based on User consent, the Controller may retain the personal data until consent is withdrawn. Furthermore, the Controller may be obligated to retain the personal data for longer to comply with a legal obligation or by order of an authority. At the end of the retention period, the personal data will be deleted. Therefore, when such a term lapses, the right to access, cancellation, rectification and portability of the data can no longer be exercised.
The aforesaid Recommendation (2/2001) defines cookies as “a computer record of information sent by a web server to a user’s computer for future identification of such computer at the time of future visits to the same website”. Cookies are text files which are automatically generated in the User’s computer after visiting some of the pages of the Site. Some of these files (session cookies) are automatically removed when the browser is closed, they are technical cookies which enable operation and safe and efficient navigation within the Site. They are valid for the navigation session. They are needed to use the Site and blocking them will prevent it from operating. This category also includes function cookies which help navigation and the service given to the User according to a series of criteria which he/she selects. It would not be possible to memorize the choices made by Users during navigation. Another type of cookie, on the other hand, is recorded and stored (permanent cookies) on the User’s computer (for example, to make the access procedure to the reserved area automatic, the User can choose that his/her user ID and password identification data be stored in one of these files). Another type are analytical cookies which are used to collect information, in aggregate form, on the number of Users and the way in which they visit the website. The aforementioned cookies can be installed directly by the site manager (first party) or by a different site that installs them through the first (so-called third-party analytical cookies). The last kind of cookies – profiling cooking – are used to send advertising messages, for example through personalised banners, in line with the preferences expressed by the User during navigation.
If Users prefer not to receive cookies, they can stop the Site sending them by configuring their browser. In some cases, however, use of some parts of the Site may depend on cookies being stored on the User’s computer.
DATA SUBJECT RIGHTS
Users may exercise their rights referred to in Chapter III of Regulation (EU) 2016/679. In particular Users have the right to:
- Withdraw consent at any time. The User may withdraw previously expressed consent to the processing of his/her personal data.
- Object to the processing of his/her data. The User may object to the processing of his/her data when it takes place on a legal basis other than consent.
- Access his/her data. The User has the right to obtain information about the data processed by the Controller, about certain aspects of the processing and to receive a copy of the processed data.
- Check and ask for data to be corrected. The User may verify the accuracy of his/her data and request it be updated or corrected.
- Obtain restriction of processing. When certain conditions are met, the User may request the restriction of processing of his/her data. In this case, the Controller will not process the data for any purpose other than retention.
- Obtain the deletion or removal of his/her personal data. When certain conditions are met, the User may ask the Controller to delete his/her data.
- Receive his/her data or have them transmitted to another controller. The User has the right to receive his/her data in a structured, commonly used and machine-readable format and, where technically feasible, to transmit those data to another controller without hindrance. This provision is applicable when data are processed with automated means and the processing is based on the User’s consent, on a contract which the User is a party of or on contractual measures connected to it.
Requests to exercise the aforesaid rights must be sent to the Controller at the following addresses:
by email to: email@example.com or by post to the address Treno di Dante s.r.l. Via Mengolina 22, 48018 Faenza, Italy
Data subjects are invited to check this policy on a regular basis. To aid verification, the policy will give the date it was published on the Site.
Updated and published: 12/05/2022