CIELO E TERRA S.p.A. Information for data subjects (website users) pursuant to art. 13 of the EU General Data Protection Regulation (GDPR) no. 679/2016 and annexed provisions issued by the National and European Authorities
Cielo e Terra S.p.A. (hereinafter also Cielo e Terra and/or company) is constantly committed to providing visitors with a web experience in full respect and protection of their Privacy and welcomes you to the site www.cieloeterravini.com.
This document describes how the aforementioned website is managed, but not other external websites that may be consulted by the user via links. Additional information may be provided within the various access channels.
In this regard, the company is in no way responsible and has no control over:
- the rules and methods for managing personal data used by other websites, which may be accessed from the pages of the website www.cieloeterravini.com by means of links and/or references;
- contents of any e-mail services, web spaces, chat forums provided to users.
By using or consulting this site, visitors/users explicitly approve this privacy information notice and consent to the processing of their personal data in relation to the methods and purposes described herein, without prejudice to requests for authorization/consent expressed, details of which can be found in the dedicated areas.
- Data Controller - specification and contact details
Cielo e Terra S.p.A.
Via IV Novembre n. 39
36050 Montorso Vicentino (VI)
P.IVA: IT 02160070245
Tel. (+39) 0444 485211
Fax (+39) 0444 686134
- Data processors and place of processing
These are the public and private third parties, with autonomous legal identity and therefore “external” to the Data Controller, who can manage your personal data in the name and on behalf of the latter. These may be, by way of example but not limitation, partners, suppliers, technicians, IT service providers, consultants etc. In specific cases, the entities in question could be considered as data controllers.
The list of data processors, classified as such by agreement, as envisaged under art. 28 of the GDPR, is available at the company’s registered office. The processing operations connected to the web services offered by this site take place at the headquarters of Cielo e Terra (as identified above) and possibly at the offices of external Data Processors, as well as at the premises of other subjects appointed and authorized for this purpose, and are handled by natural persons and/or legal entities responsible for the management of related services, data storage and processing activities as well as the necessary maintenance operations.
With the consent of the data subjects, if required by law, and in any case subject to adequate information notice specifying the various purposes, personal data may therefore be disclosed to public and private third parties, unrelated to Cielo e Terra, who will treat them as autonomous data controllers or, where appropriate, data processors.
- Contact details of the data protection officer
The company makes use of a DPO (Data Protection Officer) by appointment of Contec AQS S.r.l. (https://www.gruppocontec.it - https://www.contecaqs.it/); the person appointed to perform this role is Beatrice Abiad (e-mail email@example.com).
- Legal basis of the processing/Why do we process your data?
- Basic purposes (provision of data and mandatory consent)
We process your personal data for the following purposes:
- To respond to explicit requests from data subjects/users and contact them where necessary/appropriate using the references they have provided.
- To fulfil the obligations established by applicable national and EU legislation and/or by specific provisions in our sector.
- To assert the rights also on behalf of third parties in judicial, arbitration, and administrative contexts in compliance with regulatory limitations.
- To monitor and analyse traffic data anonymously (e.g. most visited pages, number of visitors by time or day, geographical areas of origin, etc.) in order to keep track of user behaviour and monitor the quality of the services offered through the site.
- To collect, store and process your personal data for administrative-accounting purposes, including the possible issuing of invoices.
- What data do we process?
Personal data may be:
- collected automatically during the use of this Application.
Our site also makes use of log files, in which information collected in an automated manner is stored during your visits. The computer systems and software procedures used to operate the site, in fact, automatically acquire certain specifications during use, the transmission of which is implicit in the use of internet communication protocols.
Therefore, for needs related to operation and maintenance, this Application and any third party services used by it may collect system logs, i.e. files that record interactions and which may also contain personal data; the information that may be collected is the following:
- Internet Protocol (IP) address or domain name of the device you use;
- type of browser and device parameters used to connect to the Site;
- the URI (Uniform Resource Identifier) addresses of the requested resources or the method used to submit the request to the server;
- name of the internet service provider (ISP);
- date and time of visit;
- web page of origin (referral) and exit of the User;
- possibly the number of clicks;
- the size of the file obtained in response;
- the numerical code indicating the status of the response given by the server (successful, error, etc.);
- other parameters relating to the operating system and the IT environment of your device.
If the sending of communication via forms from the site (in addition to the data provided):
- Name of the form from which the submission was made
- IP address
This information is processed automatically and collected in aggregate form in order to verify the correct functioning of the Site.
Interaction with social networks and external platforms
This Application could allow you to interact directly with social networks, or with other external platforms. The interactions and information acquired by this Application are in any case subject to the user’s privacy settings relating to each social network.
Display of content from external platforms
These services allow you to view content hosted on external platforms directly from the pages of this Application and to interact with them.
If one of the last two services is installed, it may possibly collect traffic data relating to the pages in which it is present, even if the Users do not use them.
- entered voluntarily by the User
On the Cielo e Terra website there is a form for entering personal data in the “Contacts” section (name, surname, e-mail, contact telephone, message).
Consequently, when you fill out the form and send us your data, we collect the personal information, as detailed above, which you spontaneously provide; providing us with the aforementioned personal data is necessary for performance of the service, in order that you may be contacted to reply to the requests made.
The user assumes responsibility for the personal data of third parties published or shared through this Application and, if necessary, guarantees that he/she is entitled to communicate or disseminate them, freeing the Data Controller from any liability vis-à-vis third parties.
- How personal data is processed
Hard copy and digital
The processing of your personal data is carried out by means of the following operations provided for by the GDPR and, more precisely: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Your personal data are subjected to processing in both hard copy and digital form.If you wish to obtain further information, we remind you of your guaranteed rights as specified below.
- When do we need your data?
Basic purpose: obligation to provide data
- Protection of minors
Access to the site is expressly reserved for adults in consideration of its purpose. Cielo e Terra is held harmless from any liability in the event of access or other operations within the application by minors.
- Categories of recipients to whom the personal data may be disclosed
If necessary, personal data may be communicated to subjects internal or external to the organization who may be configured as independent data controllers (or, where appropriate, processors), for functions strictly connected and instrumental to the provision of services and/or responses to specific requests.
These subjects may be, by way of example but not limitation:
- employees and similar of Cielo e Terra qualified as persons “authorized to process data” (e.g. agents hired as employees, administrative, commercial, marketing staff, system administrators etc. ...) and duly trained and monitored by the Data Controller;
- external subjects (e.g. independent agents, professionals, legal and administrative consultants, DPOs, experts in sector regulations, technical service providers, hosting providers, information services companies, media agencies, commercial partners where necessary to fulfil specific obligations, etc. ...).
Personal data will not be disclosed to indefinite audiences of recipients, unless the desired service requires it, but may also be disclosed to third parties to comply with legal obligations, in the performance of orders from public authorities entitled to do so or to assert or defend a right in court.
- Retention period for personal data
10 years for the purposes of conservation in accordance with the law
Time necessary to carry out the activities and perform the services requested
The aforementioned terms could be reduced and/or increased (subject to communication to the data subjects) in the case, for example, of instructions from institutions and/or supervisory authorities.
- Transfer to non-EU countries
The Data Controller may transfer your data to non-EU countries to use services such as storage or for the creation of mailing lists; naturally in this case, Ciele e Terra undertakes to provide adequate guarantees.
The transfer of personal data to countries outside the European Union may involve greater risks and as such must be adequately supervised. If the Data Controller makes use of this possibility, it undertakes to collect all the supporting documentation in advance and make it available to the Supervisory Authorities or data subjects; for the latter, the request may be made in the same manner as envisaged for the exercise of rights.
- Complaint to the Data Protection Authority
The procedures at your disposal and for your protection (in addition to the exercise of your rights vis-à-vis our company) are:
- Access from the website www.garanteprivacy.it in the appropriate section dedicated to complaints, in cases where the Italian Data Protection Authority has jurisdiction;
- Respecting the procedures provided by the Supervisory Authority of the Member State (if other than Italy) in which the data subject usually resides or works, or of the place where the alleged violation occurred.
- Your rights where applicable
Right of access: you may receive a copy of your personal data at any time, provided they are subject to processing.
Right of limitation: this may be exercised not only in the event of illegal processing but also if rectification of the data is requested or the data subject objects to processing; the Data Controller undertakes to mark the data in question during the period in which it evaluates what to do, by means of organizational measures suitable for this purpose.
Right of rectification: you may ask for inaccurate personal data concerning you to be corrected without delay, and you may also have additions made to incomplete personal data by providing a supplementary statement.
Right to object: you may object at any time, for reasons connected to your particular situation, to the processing of personal data concerning you, even if used for direct marketing and/or profiling.
Right to withdraw consent when issued, for example, for marketing and similar purposes.
Right of cancellation (right to be forgotten): it is possible to request the total erasure of data, for example even after the withdrawal of consent to the processing of personal data by the data subject.
Right to portability: this does not apply to non-automated processing, and therefore to non-automated hard copy or digital archives and/or registers. Furthermore, only data provided by the data subject to the Data Controller and processed with the latter’s consent or on the basis of a contract entered into with the Data Controller are portable.
- Who should I contact to exercise my rights?
Cielo e Terra S.p.A.
Via IV Novembre n. 39
36050 Montorso Vicentino (VI)
P.IVA: IT 02160070245
Tel. (+39) 0444 485211
Fax (+39) 0444 686134
- Term and methods of response from the Data Controller to those who wish to assert a right regarding their personal data
1 (one) month extendable up to 3 (three) months in more complex cases, in writing
We represent that if you exercise your rights, the Data Controller must provide a written reply also by means of electronic tools that facilitate accessibility (orally only at the express request of the data subject) within the term of 1 (one) month, which in particularly complex cases may be extended to 3 (three) months, without prejudice to the obligation to provide feedback within one month of the request even in the event of refusal.
The Data Controller, having assessed the complexity of the request made by the data subject, may establish the amount of any contribution to be charged to the data subject, but only in the event of manifestly unfounded or excessive requests.
- Changes to this information document
Cielo e Terra S.p.A. - Data Controller
Date of update 09/06/2021