INFORMATION ON THE PROCESSING OF PERSONAL DATA OF NAVIGATION AND COOKIES
Information pursuant to article 13 of the General Regulations on Personal Data Protection 2016/679
Who is the Data Controller?
The Data Controller is Gruppo Toscano S.p.A., Via Nomentana 90/92 00161 Rome.
The information describes the features of processing carried out by the Data Controller in relation to the website's navigation data http://www.toscanolagodicomo.it/
What personal data do we collect?
The Data Controller collects the following data:
- such as for example, user identification data, IP addresses and computer domain names;
- data related to the use of the website by the user;
- data voluntarily provided by the user - identifying information - access to certain services offered through the website, which is referred to specific information in the relevant reference sections (for example, the section "Contact the agency for this property").
Gruppo Toscano Spa uses the following technical cookies:
- AntiXsrfToken: it is a security cookie used to prevent cross-scripting attacks - this cookie is anonymous;
- ai_user / ai_session: these cookies allow information collection on the user and the device used;
- ARRAffinity: these cookies are set by our hosting provider for performance purposes. They contain unique but random values and are destroyed as soon as you close the browser;
- cookiesDirective: these cookies memorise if the cookie law has been shown or not.
Further types of cookies consist of analytical cookies, used to collect information, in aggregate form, on the number of users and on the methods by which the latter visit the website. The aforementioned cookies can be installed directly from the site manager or from a different site that installs them through the first terminal (so-called "third party" analytical cookies). The Gruppo Toscano Spa website uses third-party analytical cookies, meaning with the latter, particularly:
- Google Analytics cookies in collecting aggregate and anomalous information on the users' browsing carried out on websites. You can disable Google Analytics cookies by downloading a specific plug-in browser available at the following url: https://tools.google.com/dlpage/gaoptout - https://www.google.com/intl/it/policies/privacy/;
- Facebook cookies in collecting information on user preferences for behavioural advertising purposes. You can disable Facebook cookies, if you have a Facebook profile using your Facebook account settings or using the Do Not Track setting of your browser. For more information, please see the page available at the following url: https://www.facebook.com/help/Cookies/ - https://www.facebook.com/privacy/explanation;
- Sharethis cookies in sharing web pages on social networks. For more information, please see the page available at the following url: http://www.sharethis.com/pri.html Finally, the last type of cookies consists of profiling cookies, for the purpose of sending advertisement messages; for example, through custom banners, in line with the preferences shown by the user while surfing the internet. Should the User prefer not to receive cookies, it can prevent their transmission by the website by appropriately configuring his web browser. In some cases, however, the use of some parts of the website may be influenced by the storage cookies on the User's computer.
For what purposes are personal data used?
The Data Controller processes personal data for the following purposes:
- to manage the correct use of the website;
- to evaluate the use of the website by users in statistical format;
- to ascertain any wrongdoing committed by users to the detriment of third parties or to the detriment of the Data Controller;
- to comply with the European and national legislation, as well as with the provisions of the Privacy Authority;
- to profile the user based on the navigation within the website.
Why is the process that we do legitimate?
The processing of personal data carried out by the Data Controller is legitimate because it is based on the consent of the interested party expressed during browsing event.
How will the Data Controller process your personal data and how long do you store them?
Your personal data are processed both in paper and electronic format. The Data Controller stores the user's personal information by following some fundamental criteria highlighted below: particularly, referring to the purposes of collection and the statute of limitations prescribed by law.
To whom do we disclose your personal data?
Within the Data Controller's organisation
Personal data can be accessed by the Data Controller's collaborators who need them to offer the requested services and to limit them to relevant and connected information only, with specific reference to specialists and administrative staff.
The Data Controller shares personal information with some suppliers who support Gruppo Toscano Spa in the website's management. If third parties access the data, they will do so in compliance with the current legislation for the protection of personal data and instructions given by the Data Controller.
We do not disclose personal information to other third parties without permission, except when required by the law or by an Authority.
Are the data transferred abroad?
User data is not transferred abroad.
What are your rights as an interested party and how can you exercise them?
The European Regulation on the protection of personal data (2016/679) guarantees you, as an interested party in processing specific rights.
For each process, you may exercise the following rights:
- Right of access: has the right to obtain a copy of the personal data we hold and are subject to processing;
- Right to rectify: has the right to rectify your personal data stored by the Data Controller if they are not updated or correct;
- Right to object the processing of personal data for commercial purposes: may request the Data Controller to cease sending commercial communications any time;
- Right to oppose decisions based on solely automated processes: may request not to be the recipient of decisions on the basis of exclusively automated processes, including profiling activity;
- Right to revoke a given consent: has the right to revoke a given consent for a given process any time;
- Right to contact the Privacy Authority for the protection of personal data: has the right to contact the Privacy Authority for the protection of personal data in case of doubts on the processing of personal data made by the Data Controller.
You may also exercise the following rights in the occurrence of certain situations:
- Right to cancel: may request the Data Controller to delete your personal data if the purposes of processing have ceased and there are no legitimate interests or legal provisions required for the continuation of data;
- Right to object a process: may request the Data Controller to cease performing a specific process on your personal data;
- Right to limit a process: has the right to request the Data Controller to limit the processing operations on personal data;
- Right to data transferability: has the right to obtain a copy of your data in a structured and computerised transferable format to another Data Controller.
If you wish to exercise your rights, please send an email or write to the following address specifying your request and providing us with the necessary information for identification (including a copy of your identity document):
The Data Privacy Officer (DPO) will reply to you within one month. If for some reason we fail to respond to you, will be provided you with a detailed explanation on why your request cannot be fulfilled.
This information is intended to inform you on how your personal data are collected by the Data Controller and how they are processed. If you need any kind of clarification, please contact us at the following references: