Information note on the processing of personal data
Art. 13 of UE Regulation 2016/679 (R.G.P.D.)
Pursuant to art. 13 of EU Regulation 2016/679 (hereinafter: R.G.P.D) concerning the processing of personal data, we hereby provide the following information:
1. Data controller
Pursuant to art. 4 No. 7 R.G.P.D., the data controller is the Florence Chamber of Commerce in the person of its pro-tempore legal representative with address for service in Florence, Piazza de’ Giudici 3.
The Data Controller may be contacted by e-mail at the following PEC address: [email protected] or at this e-mail address: [email protected] [email protected] o all’indirizzo di posta elettronica [email protected].
The Chamber of Commerce has appointed PromoFirenze, Special Agency of the Chamber of Commerce as Data Processor pursuant to Art. 28 GDPR 679/2016 for the delegated activities referred to in Council resolution No. 22 of February 9, 2018
2. Data Protection Officer
The Florence Chamber of Commerce has appointed a data protection officer (DPO) who can be contacted at the following e-mail address: [email protected]
3. Purpose and legal basis of data processing
Legal grounds for data processing (art. 6, 1st par. R.G.P.D.) for the performance of tasks carried out in the public interest or in the exercise of official authority in relation to the promotion of international mediation and internationalization of businesses, within the scope of the institutional functions of the Chamber of Commerce, pursuant to Law 580/1993, through the performance of all the initiatives implemented by Florence International Dispute Resolution Academy (FIDRA)
4. Data processing methods
Personal data will be processed in such a way as to guarantee security and confidentiality using suitable paper-based, computerised and telematic means.
4.a Further processing purposes: newsletter activities, customer satisfaction analysis and market surveys
With the free and optional consent given by the User pursuant to art. 7 GDPR 679/2016, some of the User’s personal data (i.e. name, surname, e-mail address, complete shipping address, etc.) may be processed by the Data Controller / Processor also for the purpose of sending newsletters, including communications containing regulatory updates of general interest, events organized and promoted by the Data Controller, and so on.
Consent may be revoked at any time by the User without prejudice to the lawfulness of processing based on the consent given beforehand, by sending a request to the Data Controller, and may opt out of receiving any further newsletters.
Once consent has been revoked, the Data Controller / Processor will send the User a confirmation e-mail. The Data Controller / Processor informs the User that he/she may still receive promotional messages and newsletters by e-mail despite having opted out of receiving such messages, due to technical and operational reasons (e.g. the contact lists had already been completed by the Data Controller/Processor prior to receiving the User's opt-out request. If the User continues to receive promotional messages and newsletters 24 hours after exercising the right to opt out, the same may report the problem to the Data Controller using the contact details indicated in Paragraph 7 below.
The Data Controller / Processor, by virtue of the User’s specific and optional consent, is also entitled to carry out customer satisfaction analysis through a follow-up contact once the service has been provided, as well as market surveys based on product placement or company promotion.
5. Data retention times
Personal data provided by website users will be stored for the time strictly necessary to carry out the main purposes described in paragraph 1 above, or in any case, for the time required to lawfully protect the interests of both Users and Data Controller/Processor. With regard to the processing purpose under point 4, personal data will be retained until the User decides to oppose such processing according to the modes indicated in paragraph 7 of this policy.
6. Scope of data communication and dissemination
Users’ personal data may become known to employees and / or collaborators of the Data Controller in charge of managing the Website. Such subjects, formally appointed by the Data Controller, are authorized to process the User’s data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Regulation.
Also, third parties who may process personal data on behalf of the Data Controller as “External Data Processors and sub-processors”, are likely to become aware of the Users’ personal data. External data processors may include, by way of example, suppliers of IT and logistics services functional to the operation of the Website, besides outsourced or cloud computing service providers, professionals and advisors.
Users have the right to obtain a list of any appointed by Data Processors/Sub-processors by sending a request to the same according to the modes indicated below.
7. Data Subjects’ rights
Users may exercise the rights under the Applicable Legislation as expressly set forth in art. 15 and subsequent provisions of EU Regulation 2016/679 by contacting the Data Controller through the modes indicated below:
- By registered letter with return receipt sent to the Data Controller’s registered office
- Via a detailed e-mail sent to [email protected]
If you believe that the processing of your personal data violates the GDPR 679/2016 Regulation, you have the right to lodge a complaint with a Supervisory Authority (in the Member State where the same is normally based, where it carries out its activity or where the alleged violation occurred). The Italian Supervisory Authority is the Guarantor for the protection of personal data, with registered office in Piazza Venezia 11, 00186 – Rome (http://www.garanteprivacy.it/) Email: [email protected] Fax: (+39) 06.69677.3785 Switchboard No. (+39) 06.69677.1
8. Browsing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
The foregoing information is not collected with the purpose of associating it with identified data subjects. However, owing to its nature, such information, through the processing and association with data held by third parties, may allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the website, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.) and other parameters relating to the User’s operating system and computer environment.
Such data are used exclusively for the purpose of obtaining anonymous statistical information on the use of the website and to check its proper operation. Data are deleted immediately after processing, and, in any way, after 7 days.
It should be noted that browsing data may be used to ascertain responsibility in the event of computer crimes committed against the website, in accordance with the current procedures established by the competent authorities.
9. Cookie management and usage