- Identification of the data controller and manager
The data controller is the company Domus&Tour Srl and the controller Mr. Luca Frau
- Type of data processed
The consultation of the website does not usually involve the collection and processing of the user’s personal data, with the exception of data regarding traffic on the website (“web navigation data”) and cookies, as specified below. In addition to the so-called “web navigation data”, personal data voluntarily provided by the user may be processed when the latter interacts with the functionality of the website or requests to use the services offered on the website. In compliance with the Privacy Code, Domus&Tour Srl could also collect personal data of the user from third parties.
Cookies and browsing data
Technical cookies are necessary for the proper functioning of a website and to allow users’ navigation; without them the user may not be able to view the pages correctly or to use some website functions.
Profiling cookies have the task of creating users’ profiles in order to send advertising messages.
Cookies can also be classified as:
_ “session” cookies, which are deleted immediately when the browser is closed;
_ “persistent” cookies, which remain in the browser for a certain period of time. They are used, for example, to recognize the device that connects to a website facilitating authentication operations for the user;
_ “own” cookies, generated and managed directly by the manager of the website;
_ “third-party” cookies, generated and managed by parties other than the operator of the website.
Cookies used on the website
The Website uses the following types of cookies:
1) own, session and persistent cookies, necessary to allow navigation on the website, for purposes of internal security and system administration;
2) third-party, session and persistent cookies, necessary to allow the user to use multimedia elements on the website, such as images and videos;
3) persistent third-party cookies, used by the website to send statistical information to the Google Analytics system, through which Domus&Tour Srl can perform statistical analysis of accesses / visits to the website. The cookies used exclusively pursue statistical purposes and collect aggregated information. Through one persistent cookie and one session cookie (expiring when the browser is closed), Google Analytics also collects information regarding the opening and the closing time of the user’s navigation on the website. The user can prevent Google from tracking his/her data through cookies and the subsequent processing of data by downloading and installing the browser plug-in at the following link: http://tools.google.com/dlpage/gaoptout?hl=it
4) persistent third-party cookies, i.e. cookies used when on the website pages there are links to social networks (e.g. Facebook, Twitter, Google+) that allow the user to share the website content on his/her personal social media profiles.
How to disable cookies in browsers
Storage of personal data
Personal data are stored and processed through computer systems owned by Domus&Tour Srl and managed by Domus&Tour Srl or by third parties managing Domus&Tour Srl’s technical services. For more details, please refer to the “Scope of accessibility of personal data” section below. The data is processed exclusively by authorized personnel, including personnel assigned to implement extraordinary maintenance operations.
Purposes and methods of data processing
Domus&Tour Srl can process the user’s common and sensitive personal data for the following purposes: users’ access to the website services and functionalities, management of users’ requests, newsletters, etc.
Furthermore, if the user allows the analysis of further personal data, Domus&Tour Srl may process the user’s personal data for marketing purposes, e.g. to send the user promotional material related to the Company’s services either through traditional methods (such as paper mail, telephone calls, etc.) or automated (such as e-mail, text messages, applications for mobile devices, via social networks, etc.).
Personal data are processed both on paper and in electronic form and entered into the company information system in full compliance with EU Reg. 2016/679, including security and confidentiality profiles and based on principles of correctness and lawfulness of processing. In accordance with EU Reg. 2016/679 data are kept and stored for 10 years.
Security and quality of personal data
Domus&Tour Srl is committed to protect the security of the user’s personal data and complies with the security provisions of the applicable law in order to avoid data loss, illegitimate or illegal use of data and unauthorized access to the users’ data. Furthermore, information systems and computer programs used by Domus&Tour Srl are configured in such a way as to minimize the use of personal and identifying data; these data are only processed for specific purposes pursued from time to time. Domus&Tour Srl uses multiple advanced security technologies and procedures to promote the protection of users’ personal data; for example, personal data is stored on secure servers located in places with secure and controlled access. Users can help Domus&Tour Srl to update their personal data by communicating any changes related to their address, contact information, etc.
Scope of communication and access to data
Your personal data may be shared with:
- everyone to whom the right of access to such data is recognized by virtue of regulatory provisions;
- to our collaborators, employees, as part of their duties;
- to all those natural and / or legal persons, public and / or private, when the communication is necessary or functional to the performance of our activity for the purposes illustrated above.
Nature of provision of personal data
The provision of some personal data by the user is mandatory to allow the Company to manage communications, users’ requests or to contact the user himself in order to reply to his/her request. This type of data is marked with an asterisk symbol [*] and – in this case – the conferment is mandatory to allow the Company to process the request. On the contrary, the collection of other data not marked with an asterisk is optional: failure to provide these data will not entail any consequences for the user.
The provision of personal data by the user for marketing purposes, as specified in the section “Purposes and methods of processing” is optional and the refusal to provide them will have no consequence. The consent granted for marketing purposes is intended to be extended to the sending of communications carried out through automated and traditional methods and/or contact means, as above mentioned.
Rights of the interested party
12.1 Article 15 (right of access) and Article 16 (right of rectification) of EU Reg. 2016/679
The interested party has the right to receive confirmation from the data controller about whether or not the processing of his/her personal data is being implemented; when the data processing is concerning him/her, the interested party has the right to obtain access to the personal data and to the following information:
- a) the purposes of the processing;
- b) the categories of personal data in question;
- c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are international recipients or organizations;
- d) the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
- e) the right of the interested party to request the data controller to rectify or delete personal data, or to limit the processing of personal data concerning him or to oppose their treatment;
- f) the right to lodge a complaint with a supervisory authority;
- h) the existence of an automated decision-making process, including profiling and significant information on the logic used, as well as the importance of such processing for the data subject and related expected consequences.
According to 12.2 Art. 17 (the so-called “right to be forgotten”, “diritto all’oblio” in Italian) – EU Reg. 2016/679, the user has the right to obtain from the data controller the deletion of personal data concerning him/her, and the data controller is obliged to cancel the personal data with no undue delay if one of the following reasons exists:
- a) personal data are no longer necessary for the purposes for which they were collected or processed;
- b) the user revokes the consent regarding the milestones on which the data processing is based, in accordance with Article 6,1,a or Article 9,2,a and if there is no other legal basis for the data processing;
- c) the user opposes the data processing in according to Article 21,1 and there is no legitimate reason to proceed with the data processing; the user opposes the data processing in according to Article 21,2;
- d) personal data have been processed illicitly;
- e) personal data must be deleted to fulfill a legal obligation under the union or the country where the controller is subject to legal obligations;
- f) personal data have been collected in relation to the information society service offer referred to in Article 8, paragraph 1, EU Reg. 2016/679
12.3 Article 18 (right of processing limitation), EU Reg. 2016/679
The interested party has the right to obtain from the data controller a limitation of data processing when one of the following hypotheses occurs:
- a) the interested party disputes the accuracy of personal data for the period necessary for the data controller to verify the accuracy of such personal data;
- b) the processing is illegal and the interested party opposes the cancellation of personal data and asks instead that its use is limited;
- c) although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to verify, exercise or defend a right in court;
- d) the interested party has opposed the treatment in according to article 21, paragraph 1, Reg EU 2016/679, pending the verification of the possible prevalence of legitimate reasons of the data controller with respect to those of the interested party.
12.4 Article 20 (right to data portability), EU Reg. 2016/679
The user has the right to receive, in a structured, commonly used and automatically readable form, the personal data concerning him / her provided to a data controller and has the right to transmit such data to another data controller without impediments by the former.
12.5 Withdrawal of consent to treatment
The user has the right to withdraw his/her consent regarding the processing of his/her personal data by sending an e-mail to the following address: email@example.com followed by a copy of your identity document, with the following text: << revocation of consent to the processing of all my personal data >>. At the end of this operation your personal data will be removed from the archives as soon as possible.
If you would like to gain additional information on the processing of your personal data, or exercise the rights referred to in paragraph 8 abovementioned, you can send an e-mail to the following address: firstname.lastname@example.org. Before we can provide any information, we may need to verify your identity. An answer will be provided as soon as possible.