PRIVACY POLICY FOR SITE USERS PURSUANT TO ART. 13 OF THE GDPR

Pursuant to the current legislation on the protection of personal data (the “Privacy Regulations“) including EU Regulation 2016/679 (the “GDPR“), as well as Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (the “Privacy Code“), in its capacity as the data controller, Vitrum S.r.l., (the “Company” or the “Data Controller”) hereby informs users (the “User” or the”Users“) of the website https://theitalianglassweeks.com/ (the “Site“) that it will process their personal data collected through the Site in the manner and for the purposes described in this notice (the “Policy“).

By browsing the Site, the User acknowledges that he/she has read and understood the contents of this Policy.

1.Data controller

The Data Controller is Vitrum S.r.l a Socio Unico., with registered office at Via Petitti no. 16, Milan 20149 with tax identification and VAT no. 07177790156. Vitrum Srl can be contacted by calling +39/02.33006099 or by emailing vitrum@vitrum-milano.it.

2.Type of data processed through the Site

The Company processes only the following types of personal data of Users who browse and interact with the web services of the Site, specifically:

Data collected implicitly while a User is browsing the Site

When browsing the Site, data related to technological equipment may be collected such as, but not limited to, the operating system used, host ID and IP address and pages visited (browsing data). The cookies, web beacons and related technologies used by this Site also enable recognition of:

IP addresses;
the type of browser used;
the operating system used;
the website from which the User originated;
the date and time of the visit;
the URL of the pages accessed;
other browsing data, such as downloads.

This information is not collected so that it can be associated with the identified data subjects, though Users may be identified through processing and association with data held by third parties.

For further information and warnings, please read this Site’s Cookie Policy at https://theitalianglassweeks.com/cookies-policy/. Note that currently, almost all browsers allow you to remove and block cookies and web beacons. If the User removes or blocks cookies, he/she will have to re-enter the username and password each time he/she visits the Site while receiving generic, non-targeted information about his/her specific interests, foregoing most of the benefits the service has to offer.

Personal data provided directly by the User

The personal data provided to the Company is the data provided directly by the User (such as, but not limited to: first name, last name, e-mail address, any personal data of the sender contained in e-mail communications or attachments to them, etc.) pursuant tohis/her request for electronic and/or printed mailing: of free editorial products, including periodic newsletters, invitations to exhibitions and events, etc.

3.Purpose and lawfulness of the data processing

Personal data provided (implicitly or directly) by the User will be processed for the following purposes (“Purposes“):

to fulfil legal, accounting and tax obligations required of the Company. In this case, the legal basis for processing consists of the legal obligation incumbent upon the Data Controller pursuant to Article 6(1)(c) of the GDPR;
to enable Users to navigate the Site. In this case, the legal basis for processing consists of the legitimate interest of the Data Controller, pursuant to Article 6(1)(f) of the GDPR, to: (i) inform the User, through the content of the Site, about the activities carried out by the Company; (ii) to improve the quality and structure of the Site, as well as to create new services, functionalities and/or features of the Site; (iii) to interact with the User interested in the Company’s services, through the contact references published on the Site;
perform maintenance and provide technical support as necessary to ensure the proper functioning of the Site and related services. In this case, the processing shall be lawful if it is necessary for the purposes of the legitimate interests pursued by the Data Controller, as per Article 6(1)(f) of the GDPR, to: (i) prevent the occurrence of fraud or other crimes through the use of the Site; (ii) improve the quality and structure of the Site, as well as to create new services, functionalities and/or features thereof; (iii) interact with Users interested in the Company’s services, through the contact references published on the Site;
to enable the Company to exercise its rights in court and suppress unlawful conduct. In this case, the processing shall be lawful if it is necessary for the purposes of the legitimate interests pursued by the Data Controller, as per Article 6(1)(f) of the GDPR, to: (i) prevent the occurrence of fraud or other crimes through the use of the Site; (ii) enable the Company or a third party to exercise their rights in court;
the data collected when filling in the newsletter subscription form are processed to enable the Company to send the User, via Email, promotional, informative and disclosure information and messages of interest to the User (in the form of an electronic and/or printed newsletter, invitations, brochures, posters and the like, both in electronic as well as in paper format) about the new cultural and recreational services provided by the Data Controller and/or cultural activities and/or publishing initiatives (events, exhibitions, seminars, conferences, lectures, concerts, in-depth workshops for children and adults and related activities) produced and/or organized and/or sponsored by the Data Controller, including in collaboration with third parties, market research carried out on behalf of the Data Controller and/or third parties (therefore the personal data of the data subjects may be disclosed to third parties that handle these events). In this case, processing shall be lawful if the data subject has given consent to the processing of his or her personal data, pursuant to Article 6(1)(a) of the GDPR;
to communicate the data collected from the newsletter subscription form to third parties that organise events of a cultural nature, to enable them to send the User promotional, informative and disclosure information and messages of interest to the User (in the form of an electronic and/or printed newsletter, invitations, brochures, posters and the like, disseminated in both electronic and printed format) about new cultural and recreational services provided by the third parties and/or cultural activities and/or publishing initiatives (events, exhibitions, seminars, conferences, lectures, concerts, in-depth workshops for children and adults and related activities) that are produced and/or organized and/or sponsored by the third parties. In this case, processing shall be lawful if the data subject has given consent to the processing of his or her personal data, pursuant to Article 6(1)(a) of the GDPR;

Where the lawfulness of the processing is the legitimate interest of the Data Controller, the Data Controller shall ensure the that the processing is such that the rights and freedoms of the Users are not adversely affected, taking into account the reasonable expectations of the Users in relation to the specific processing.

Users may request further information on the above assessment by sending an e-mail to the following address: privacy@vitrum-milano.it

The Data Controller also informs the User that at any time, Users are entitled to (i) revoke any consent given, it being understood that the revocation of consent does not affect the lawfulness of prior processing based on that consent; (ii) object to the processing of his/her personal data on the basis of the Data Controller’s lawfulness of the processing.

If the Company intends to use the personal data it has collected for any other purpose that is incompatible with the aforementioned Purposes for which it was originally collected or authorised, the Company will inform the User in advance, to obtain consent for further processing of the data as necessary.

4.Nature of data provision

The data is implicitly and automatically provided by the User by browsing the Site. Please note that at any time Users have the option of enabling or disabling cookies and other web beacons (subject to the Site’s Cookie Policy) collected using technology, through the options provided by their browsing software; failure to provide data that can be acquired through the use of cookies and other web beacons does not adversely affect Users insofar as navigating the Site, except that it will preclude registering and/or accessing restricted sections of the Site, which require cookies or other web beacons to be enabled.

As concerns the navigation data automatically acquired by the computer systems and software procedures required for the normal operation of this Site, Users that do not wish to provide any personal navigation data are requested to discontinue their visit to the Site or not to use this Site or provide their data to the Data Controller. This is without prejudice to any further User rights (i.e. the right to cancellation, the right to object).

The provision of personal data directly by the User as part of communications with the Company is optional, and failure to provide such data normally has no effect on Site navigation. However, failure to do so may result in the inability to receive responses to communications the User sends to the Company.

5.Data processing methods

In relation to the stated Purposes, the processing of personal data will consist of some of the activities indicated in Article 4, paragraph 1, no. 2) of the GDPR, namely: collection, recording, organisation, storage, consultation, processing, disclosure by transmission or any other available form, restriction, erasure or destruction of personal data;

The processing will take place through the use of automated tools, with logic strictly related to the Purposes themselves and always so as to ensure the security and confidentiality of the data, in addition to compliance with the specific obligations enshrined in the legislation in force and applicable from time to time.

6.Data Access by and Disclosure of Personal Data to Third Parties

Where necessary for the pursuit of the Purposes set forth in Paragraph 3 of this Policy. Personal User data will be processed by specifically designated employees of the Company who are authorized to process data.

In its capacity as an autonomous data controller, the Company may disclose the User’s data for the Purposes referred to in Paragraph 3 above to supervisory and/or control bodies of the Company, judicial authorities as well as to all other entities to which such disclosure is obligatory by law for the fulfilment of the said Purposes, even without the express consent of the User.

In addition, subject to Paragraph 2.iii above, the Company may entrust certain personal data processing operations carried out for the Purposes referred to in Paragraph 3 above to additional recipients or categories of recipients, as autonomous data controllers or, where necessary, data processors specifically appointed by the Company itself, including but not limited to:

consultants and freelancers whether or an individual basis or as a group (accountants and auditors, lawyers), both Italian and foreign;
public administrations and supervisory and control authorities, both Italian and foreign;
communication agencies involved in Site activities and the productionactivities inherent in the promotional material used and in particular, to the company CASADOROFUNGHER Comunicazione, based in Via Bissolati 6, 30172 Mestre (VE), Italy;
the Site’s technical service providers;
the web hosting providers that offer Site hosting services;
third parties involved in organizing events of a cultural nature;
parent companies and/or affiliates of the Company.

The complete and up-to-date list of data processors and entitled persons is kept at the Company’s registered office and may be requested as indicated in Section 10 below.

Users’ data are not subject to dissemination to the public or to unspecified parties except in wikis, forums, blogs, chat rooms, and other social networking environments, where information submitted by the User is disseminated to all participants.

7.Transfer of data outside the EU

Data is managed and stored on the Company’s servers located within the European Union and/or third-party companies contracted and duly appointed as data processors.

Personal data may be transferred, again for the purposes mentioned in Paragraph 3, both within the countries of the European Union and to third countries. Data transfer to third countries may take place only under the terms and with the guarantees provided by the Privacy Regulations, especially Articles 44 – 49 of the GDPR.

8.Data retention period

For the Purposes referred to in Paragraph 3 (b), and (c), personal data will be stored and processed for the duration of browsing and for a period not to exceed 24 months, following termination of the browsing activity for whatever reason.

Personal data collected for the Purposes referred to in Paragraph 3 (a) and (d) will be kept only for as long as strictly necessary to achieve the Purposes for which they were collected and, in any case, no longer than 10 years following the collection.

Finally, personal data collected for the Purposes referred to in Paragraph 3 (a) and (f) will be kept only for as long as strictly necessary to achieve the Purposes for which they were collected but no longer than 2 years following the collection.

At the end of the retention periods, personal data will be deleted, unless the Company has additional legitimate interests and/or legal obligations that require the data to be kept.

9.Third-party Web sites

It should be noted at the outset that the Company cannot exercise any control over the content of any links to third party websites nor does it have any access to the personal data of the Users of such websites. In addition, the Company has no access to the personal data of visitors/users of the websites or social network accounts of its Users with whom the Company has contractual relationships, but only to aggregated and anonymous data that it may use to evaluate the performance and effectiveness of its services.

The owners of the aforementioned websites will, therefore, remain the sole and exclusive owners and controllers of the processing of their users’ personal data, as the Company has no involvement with activity and shall not be liable for any damages or costs caused by failure to handle or improper handling of such data by these entities.

We therefore recommend that you carefully read the relevant privacy policies and terms of use of such websites before providing or consenting to the processing of your personal data.

10.Rights of Users

In their capacity as data subjects, in accordance with the law, Users will always be entitled to revoke any consent that may have been given; in addition, they may exercise the following rights at any time:

the “right of access” and specifically to obtain confirmation of the existence or non-existence of personal data concerning them and their communications in a commonly used form;
the “right to rectification” i.e., the right to request rectification or supplementation of personal data, where necessary;
the “right to erasure” i.e. the right to request the deletion, transformation into anonymous form of data processed in violation of the law, including data whose storage is not necessary in relation to the Purposes for which the personal data were collected or subsequently processed;
the “right to restriction of processing” i.e., the right to obtain from the Data Controller the restriction of processing in certain cases provided for under the Privacy Regulations;
the right to request from the Data Controller the indication of the recipients to whom any rectification or cancellation or restriction of processing (made pursuant to Articles 16, 17 and 18 of the GDPR, in fulfilment of the notification obligation except where this proves impossible or involves a disproportionate effort) has been notified;
the “right to data portability” i.e., the right to receive (or to transmit directly to another data controller) personal data in a structured, commonly used, machine-readable format;
the “right to object” i.e., the right to object, in whole or in part:
to the processing of personal data carried out by the Data Controller for its own legitimate interests;
to the processing of personal data carried out by the Data Controller for marketing or profiling purposes.

In the above cases, where necessary, the Data Controller will inform the recipients of such personal data of the rights they can exercise, except in specific cases where this is not possible or it is too burdensome to do so and, in any case, in accordance with the provisions of the Privacy Regulations.

Where processing is based on consent, Users are entitled to revoke any consent given, it being understood that the revocation of consent does not affect the lawfulness of the prior processing based on that consent.

11.Methods of exercising rights and submitting complaints to the Privacy Guarantor

Users may exercise their rights at any time, in the following ways:

by emailing privacy@vitrum-milano.it;
via regular mail, to the address of the registered office of Vitrum S.r.l. in: Via Petitti No. 16, Milan 20149.

The Data Controller informs the User that, under the Privacy Regulations, he/she has the right to lodge a complaint with the competent supervisory authority (in particular in the Member State of his/her usual residence, place of work or place of the alleged breach), if he/she believes that his/her personal data are being processed in a way that violates the provisions of the GDPR.

To facilitate the exercise of the right to file a complaint, the name and contact details of the European Union Supervisory Authorities are available at the following link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

Finally, should the User wish to lodge a complaint with the competent supervisory authority for Italy (i.e. the Italian Data Protection Authority), the complaint template is available at the following link: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524.

Updated on 09/14/2022

I acknowledge this Policy, which I declare that I have read and understood in its entirety,

I hereby give consent / deny consent by filling out and sending this form

to Vitrum, in its capacity as the Data Controller to process my personal information for promotional, informative and disclosure purposes, i.e. for the sending of promotional, informative and disclosure information and messages of interest to the me (in the form of an electronic and/or printed newsletter, invitations, brochures, posters and the like, both in electronic as well as in paper format) about the new cultural and recreational services provided by the Data Controller and/or cultural activities and/or publishing initiatives (events, exhibitions, seminars, conferences, lectures, concerts, in-depth workshops for children and adults and related activities) produced and/or organized and/or sponsored by the Data Controller, including in collaboration with third parties, market research carried out on behalf of the Data Controller and/or third parties (Paragraph 3(e) of this Policy).

to Vitrum to disclose my personal data to third parties, for their promotional, informative and disclosure purposes, that is for informative and disclosure information and messages of interest to me (in the form of an electronic and/or printed newsletter, invitations, brochures, posters and the like, disseminated in both electronic and printed format) about new cultural and recreational services provided by the Data Controller and/or cultural activities and/or publishing initiatives (events, exhibitions, seminars, conferences, lectures, concerts, in-depth workshops for children and adults and related activities) that are produced and/or organized and/or sponsored by the third parties (Paragraph 3(f) of this Policy).

The User acknowledges that where the User does not authorize the Data Controller to disclose his/her personal data to third parties pursuant to Paragraph 3(f) of this Policy, said third parties shall have no right to obtain from Vitrum any access to the Users’ personal data either for their own promotion, information and disclosure purposes or for any other purpose they pursue in their capacity as an independent data controller, that has not been expressly authorized by the User.

N.B. Consent to the processing of personal data can be revoked at any time via an email message to the following address: privacy@vitrum-milano.it.

However, revocation of previously given consent does not affect the lawfulness of processing based on consent provided prior to revocation.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Stefano Andreotti - Front End Developer

PRIVACY POLICY FOR SITE USERS PURSUANT TO ART. 13 OF THE GDPR