WHO WE ARE: THE "DATA CONTROLLER"
The "data controller" is: Fiorirà un giardino S.r.l., VAT number 01354520304, with registered office at via G. Galilei 10 – 33042 Buttrio UD.
The contact details are as follows: Tel: +39 0432 602332; Fax: +39 0432 526162; Email: firstname.lastname@example.org
PERSONAL DATA PROCESSED AND PURPOSE OF PROCESSING
The computer systems and software procedures used for the operation of this website acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user's operating system and computer environment. These data, necessary for the use of the web services, are also processed for the purpose of:
-obtaining statistical information on the use of the services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.);
-monitoring the proper functioning of the services offered.
Browsing data do not persist for more than seven days and are deleted immediately after their aggregation (unless there is a need for their retention for investigation of crimes by the judicial authorities).
The optional, explicit, and voluntary sending of messages to the contact addresses published on the website, as well as the completion and submission of forms on the website, involve the
acquisition of the sender's contact data, necessary to respond, as well as any other personal data included in the communications. Specific information is provided on the website pages dedicated to the provision of specific services, with a request for any consent to the processing.
Data acquired through Social Media:
If the user connects to the company's social media page via social login (i.e., using their social media account), the company may acquire data published by the user on that social media
platform, based on the user's privacy settings (e.g., information contained in the message/post to respond to requests for information or assistance, images, or information derived from the
published profile). Specific information about the processing of data carried out by social media platforms is provided by the platforms themselves (e.g., https://www.facebook.com/privacy/explanation).
Facebook: Informative: https://www.facebook.com/policies/cookies/
Twitter: Informative: https://support.twitter.com/articles/20170514
LinkedIn: Informative: https://www.linkedin.com/legal/cookie-policy
LEGAL BASIS FOR THE PROCESSING
The company may process the aforementioned personal data even without specific consent, except for what is required to complete specific forms, as the legal basis for the processing derives from the performance of a contract or pre-contractual measures taken at the request of the data subject (e.g., request for information via email), as well as the legitimate interests pursued by the company to promote and achieve its statutory purposes. The provision of data for the aforementioned purposes is voluntary; however, any refusal may result in the company's inability to fulfill the stated purpose.
The data is stored in an electronic database and/or kept in paper archives. The data is not subject to automated decision-making processes, nor is any profiling of any kind conducted.
The personal data may be accessed by the company's collaborators and employees who are authorized to process the data and have been specifically instructed. The data may be disclosed to external parties (e.g., companies managing web platforms, affiliated companies, external consultants, subcontractors, etc.) for the purposes outlined above, whenever their involvement is necessary. These parties will act as autonomous data controllers or will be designated as data processors.
DATA RETENTION PERIOD
The company will retain the data for the time strictly necessary to achieve the purposes stated above and also to respond to any access and retrieval needs. After 24 months from the acquisition (7 days for navigation data), or if there are no further contact needs or retention obligations, the data will be deleted.
RIGHTS OF THE DATA SUBJECT
Among the recognized rights, you have the right to:
- Request access to your personal data and information related to them; rectify inaccurate data or complete incomplete data; delete personal data (when one of the conditions indicated in Article 17, paragraph 1 of the GDPR occurs and subject to the exceptions provided in paragraph 3 of the same article); restrict the processing of personal data (when one of the situations indicated in Article 18, paragraph 1 of the GDPR occurs).
- Request and obtain, in cases where the legal basis for processing is a contract or consent, and the processing is carried out by automated means, your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another data controller (the so-called right to data portability).
- Object at any time to the processing of your personal data, especially in cases of specific circumstances that concern you.
- Withdraw your consent at any time, limited to cases where the processing is based on consent for one or more specific purposes and concerns common personal data (such as date and place of birth or residence) or special categories of data (such as data revealing health or sex life). However, the lawfulness of processing based on consent before its withdrawal is not affected.
Regarding the purposes mentioned above, you have the option to request the cessation of processing and the cessation of email communications from the company at any time, by
contacting the aforementioned contacts.
RIGHT TO LODGE A COMPLAINT
If the data subject believes that there has been a violation in the processing of their personal data, they have the right to lodge a complaint with the Supervisory Authority of their habitual residence, place of work, or the location where the alleged violation occurred. In Italy, they can lodge a complaint with the Garante per la Protezione dei Dati (Data Protection Authority).