1. Who is the Data Controller?
The “Data Controller” is Ge-Co park Srl (VAT Reg. No. 03463450274), having its registered office in Corte Marin Sanudo 5 – Venice – Mestre. The Data Controller may be contacted by registered letter with acknowledgement of receipt or by email at firstname.lastname@example.org.
2. Which data are processed?
The Data Controller will process some personal data of users who interact with computer systems and software procedures for the operation of the website. In particular, the navigation data that the computer systems automatically collect during the use of the website will be processed, such as IP address, domain names and types of browsers. These data do not contain any additional personal information and are used to (i) obtain anonymous statistical information on the use of the website, (ii) monitor how the website is used, and (iii) to establish responsibility in the event of computer crimes.
Data provided by the user on a voluntary basis
Any emails sent to the address shown on this website will cause the source email address to be collected, together with any other personal data included in the message.
3. For what purposes are the data processed?
In addition to the purposes stated in the individual disclosures provided before the fill-in forms available on the various sections of the website, the purposes of the processing carried out by the Data Controller will be deemed to include:
- Collection, storage and processing for the purposes of the establishment and operational and administrative management of the contractual relationship related to the delivery of the service offered on the website;
- Use of the user’s personal data (in particular email address) for communications relating to the performance of the established contractual relationship;
- Processing of personal data provided and data collected from navigation on the website with a view to providing a service consistent with the information given while using the service;
- Data collection, storage and processing for statistical analysis in anonymous and/or aggregate form;
- Purposes instrumental in the conduct of our business, such as offering personalised content, e.g. newsletter services;
- For providing commercial information on future initiatives, announcements of new products or services;
- For market research, statistical and economic analysis;
- To send advertising or promotional material and run prize games and promotional events in general.
The personal data requested when completing a form will be processed without your consent for the following purposes:
Personal data will also be processed, even without your consent, in order to fulfil tax and accounting obligations; fulfil the obligations required by law, regulations, European Community legislation or orders issued by the authorities; prevention or detection of fraudulent activities or abuses harmful to the website; exercise of the rights of the Data Controller, such as the defence of legal claims.
4. On what basis are the data processed?
The users’ personal data will be processed if:
- the data subject has given his/her consent for one or more purposes and only in relation to the purpose to which that consent relates;
- the processing of the data is necessary for the performance of the contract entered into with the data subject or for the execution of pre-contractual measures requested by the data subject;
- processing is necessary for the legitimate interests of the Data Controller or of third parties, provided that they do not override the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.
5. To whom are the data disclosed?
The personal data collected on the website may be processed by other parties. Notably:
- Anyone who has access to and processes personal data under the authority of the Data Controller or the data processor (contact persons/authorised persons);
- Natural or legal persons processing personal data on behalf of the Data Controller (data processors).
In any case, the user can always obtain from the Data Controller an updated list of the data processors using the email address of the Data Controller.
Except for the cases stated above, the user’s personal data will not be disclosed to third parties unless:
- the user has given his or her express consent to disclosure;
- disclosure is necessary in order to provide the product or service requested by the user;
- the Judicial Authorities or Law Enforcement Authorities so request.
6. How and where are the data processed?
Personal data are collected by automated processes (e.g. using electronic procedures and media) and/or manually for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, in accordance with current applicable legislation. Personal data will be processed within the European Union. The data processed by the Data Controller Owner will never be disclosed.
7. How long will your data be stored?
Personal data will be processed and stored for the time necessary for the achievement of the purposes for which they were collected. With special reference to contract management purposes, the data will be retained for the entire term of the contract and, thereafter, for such period as the Data Controller is required to retain such data for tax or other purposes pursuant to law provisions or regulations. The data will, in any case, be retained for a maximum period of 10 years from the end of the contract, based on the ordinary limitation period set forth in the Italian Civil Code.
Personal data will be retained for the time strictly necessary to achieve the purposes for which they are collected and processed. Once the purpose of the processing has been achieved, or in the event the right to object to the processing or to revoke the consent given is exercised, the Data Controller will still be entitled to further retain the personal data — in whole or in part — for the purposes permitted under the GDPR (such as, for example, the need to defend a legal claim). After this period, the data will be deleted or de-identified.
8. What are the rights of the data subjects?
Pursuant to the GDPR, the data subjects to whom the personal data refer have the right at any time to obtain confirmation of whether personal data about them exist and to check their contents, origin, accuracy or request the amendment, updating, rectification of such data.
In relation to the processing of the aforementioned data, Article 7 of the GDPR grants you the right to obtain from the Data Controller:
- Confirmation of whether personal data about you exist, their disclosure in intelligible form and information about their origin, as well as the logic on which the processing is based;
- The erasure of your data within a reasonable period of time, their de-identification or blocking if processed in breach of law requirements;
- The updating of the data, their rectification and amendment to the extent as necessary;
- Certification that the operations referred to in the previous paragraphs have been notified to those to whom the data were disclosed, unless this proves impossible or involves a disproportionate effort;
- The Customer has the right to withdraw his/her consent regarding optional processing and any processing that is not related to the execution of the contract entered into with the Data Controller;
- The Customer also has the right to (i) object — for legitimate reasons — to the processing of personal data concerning him/her, even if relevant to the purpose of collection, (ii) request their portability, (iii) exercise the right to be forgotten, and (iv) reach out to the relevant supervisory authority for the protection of personal data in the event of any violation he/she feels he/she may have suffered, such authority in Italy being known as “Garante per la protezione dei dati personali”, which may be reached by email at email@example.com, by sending a fax to 06 696773785 or by letter to be sent to its office in Rome, Piazza di Monte Citorio, 121, postal code;
- The Data Controller shall reply to the user as soon as possible and in any case within one month, without prejudice to the right of the user to lodge a complaint with the aforesaid authority in the event of a breach.
9. How can the rights be exercised?
The rights may be exercised at any time by sending:
- a registered letter with acknowledgement of receipt to the Data Controller;
- an email to the Data Controller’s address;
- a certified email to the Data Controller’s address;
The Data Controller will reply to the user within 30 days, without prejudice to the latter’s right to lodge a complaint with the relevant authority in the event of a breach.
10. Changes to this policy
If the changes involve the processing of data for which the legal basis is consent, the Data Controller will collect the consent from the user again, if necessary.