Pursuant to the current legislation on the protection of personal data (the “Privacy Regulations“) including EU Regulation 2016/679 (the “GDPR“), as well as Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (the “Privacy Code“), in its capacity as the data controller, Vitrum S.r.l., (the “Company” or the “Data Controller”) hereby informs users (the “User” or the”Users“) of the website https://theitalianglassweeks.com/ (the “Site“) that it will process their personal data collected through the Site in the manner and for the purposes described in this notice (the “Policy“).
By browsing the Site, the User acknowledges that he/she has read and understood the contents of this Policy.
The Data Controller is Vitrum S.r.l a Socio Unico., with registered office at Via Petitti no. 16, Milan 20149 with tax identification and VAT no. 07177790156. Vitrum Srl can be contacted by calling +39/02.33006099 or by emailing email@example.com.
2.Type of data processed through the Site
The Company processes only the following types of personal data of Users who browse and interact with the web services of the Site, specifically:
Data collected implicitly while a User is browsing the Site
When browsing the Site, data related to technological equipment may be collected such as, but not limited to, the operating system used, host ID and IP address and pages visited (browsing data). The cookies, web beacons and related technologies used by this Site also enable recognition of:
the type of browser used;
the operating system used;
the website from which the User originated;
the date and time of the visit;
the URL of the pages accessed;
other browsing data, such as downloads.
This information is not collected so that it can be associated with the identified data subjects, though Users may be identified through processing and association with data held by third parties.
Personal data provided directly by the User
The personal data provided to the Company is the data provided directly by the User (such as, but not limited to: first name, last name, e-mail address, any personal data of the sender contained in e-mail communications or attachments to them, etc.) pursuant tohis/her request for electronic and/or printed mailing: of free editorial products, including periodic newsletters, invitations to exhibitions and events, etc.
3.Purpose and lawfulness of the data processing
Personal data provided (implicitly or directly) by the User will be processed for the following purposes (“Purposes“):
Where the lawfulness of the processing is the legitimate interest of the Data Controller, the Data Controller shall ensure the that the processing is such that the rights and freedoms of the Users are not adversely affected, taking into account the reasonable expectations of the Users in relation to the specific processing.
Users may request further information on the above assessment by sending an e-mail to the following address: firstname.lastname@example.org
The Data Controller also informs the User that at any time, Users are entitled to (i) revoke any consent given, it being understood that the revocation of consent does not affect the lawfulness of prior processing based on that consent; (ii) object to the processing of his/her personal data on the basis of the Data Controller’s lawfulness of the processing.
If the Company intends to use the personal data it has collected for any other purpose that is incompatible with the aforementioned Purposes for which it was originally collected or authorised, the Company will inform the User in advance, to obtain consent for further processing of the data as necessary.
4.Nature of data provision
As concerns the navigation data automatically acquired by the computer systems and software procedures required for the normal operation of this Site, Users that do not wish to provide any personal navigation data are requested to discontinue their visit to the Site or not to use this Site or provide their data to the Data Controller. This is without prejudice to any further User rights (i.e. the right to cancellation, the right to object).
The provision of personal data directly by the User as part of communications with the Company is optional, and failure to provide such data normally has no effect on Site navigation. However, failure to do so may result in the inability to receive responses to communications the User sends to the Company.
5.Data processing methods
In relation to the stated Purposes, the processing of personal data will consist of some of the activities indicated in Article 4, paragraph 1, no. 2) of the GDPR, namely: collection, recording, organisation, storage, consultation, processing, disclosure by transmission or any other available form, restriction, erasure or destruction of personal data;
The processing will take place through the use of automated tools, with logic strictly related to the Purposes themselves and always so as to ensure the security and confidentiality of the data, in addition to compliance with the specific obligations enshrined in the legislation in force and applicable from time to time.
6.Data Access by and Disclosure of Personal Data to Third Parties
Where necessary for the pursuit of the Purposes set forth in Paragraph 3 of this Policy. Personal User data will be processed by specifically designated employees of the Company who are authorized to process data.
In its capacity as an autonomous data controller, the Company may disclose the User’s data for the Purposes referred to in Paragraph 3 above to supervisory and/or control bodies of the Company, judicial authorities as well as to all other entities to which such disclosure is obligatory by law for the fulfilment of the said Purposes, even without the express consent of the User.
In addition, subject to Paragraph 2.iii above, the Company may entrust certain personal data processing operations carried out for the Purposes referred to in Paragraph 3 above to additional recipients or categories of recipients, as autonomous data controllers or, where necessary, data processors specifically appointed by the Company itself, including but not limited to:
consultants and freelancers whether or an individual basis or as a group (accountants and auditors, lawyers), both Italian and foreign;
public administrations and supervisory and control authorities, both Italian and foreign;
communication agencies involved in Site activities and the productionactivities inherent in the promotional material used and in particular, to the company CASADOROFUNGHER Comunicazione, based in Via Bissolati 6, 30172 Mestre (VE), Italy;
the Site’s technical service providers;
the web hosting providers that offer Site hosting services;
third parties involved in organizing events of a cultural nature;
parent companies and/or affiliates of the Company.
The complete and up-to-date list of data processors and entitled persons is kept at the Company’s registered office and may be requested as indicated in Section 10 below.
Users’ data are not subject to dissemination to the public or to unspecified parties except in wikis, forums, blogs, chat rooms, and other social networking environments, where information submitted by the User is disseminated to all participants.
7.Transfer of data outside the EU
Data is managed and stored on the Company’s servers located within the European Union and/or third-party companies contracted and duly appointed as data processors.
Personal data may be transferred, again for the purposes mentioned in Paragraph 3, both within the countries of the European Union and to third countries. Data transfer to third countries may take place only under the terms and with the guarantees provided by the Privacy Regulations, especially Articles 44 – 49 of the GDPR.
8.Data retention period
For the Purposes referred to in Paragraph 3 (b), and (c), personal data will be stored and processed for the duration of browsing and for a period not to exceed 24 months, following termination of the browsing activity for whatever reason.
Personal data collected for the Purposes referred to in Paragraph 3 (a) and (d) will be kept only for as long as strictly necessary to achieve the Purposes for which they were collected and, in any case, no longer than 10 years following the collection.
Finally, personal data collected for the Purposes referred to in Paragraph 3 (a) and (f) will be kept only for as long as strictly necessary to achieve the Purposes for which they were collected but no longer than 2 years following the collection.
At the end of the retention periods, personal data will be deleted, unless the Company has additional legitimate interests and/or legal obligations that require the data to be kept.
9.Third-party Web sites
It should be noted at the outset that the Company cannot exercise any control over the content of any links to third party websites nor does it have any access to the personal data of the Users of such websites. In addition, the Company has no access to the personal data of visitors/users of the websites or social network accounts of its Users with whom the Company has contractual relationships, but only to aggregated and anonymous data that it may use to evaluate the performance and effectiveness of its services.
The owners of the aforementioned websites will, therefore, remain the sole and exclusive owners and controllers of the processing of their users’ personal data, as the Company has no involvement with activity and shall not be liable for any damages or costs caused by failure to handle or improper handling of such data by these entities.
10.Rights of Users
In their capacity as data subjects, in accordance with the law, Users will always be entitled to revoke any consent that may have been given; in addition, they may exercise the following rights at any time:
In the above cases, where necessary, the Data Controller will inform the recipients of such personal data of the rights they can exercise, except in specific cases where this is not possible or it is too burdensome to do so and, in any case, in accordance with the provisions of the Privacy Regulations.
Where processing is based on consent, Users are entitled to revoke any consent given, it being understood that the revocation of consent does not affect the lawfulness of the prior processing based on that consent.
11.Methods of exercising rights and submitting complaints to the Privacy Guarantor
Users may exercise their rights at any time, in the following ways:
by emailing email@example.com;
via regular mail, to the address of the registered office of Vitrum S.r.l. in: Via Petitti No. 16, Milan 20149.
The Data Controller informs the User that, under the Privacy Regulations, he/she has the right to lodge a complaint with the competent supervisory authority (in particular in the Member State of his/her usual residence, place of work or place of the alleged breach), if he/she believes that his/her personal data are being processed in a way that violates the provisions of the GDPR.
To facilitate the exercise of the right to file a complaint, the name and contact details of the European Union Supervisory Authorities are available at the following link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
Finally, should the User wish to lodge a complaint with the competent supervisory authority for Italy (i.e. the Italian Data Protection Authority), the complaint template is available at the following link: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524.
Updated on 09/14/2022
I acknowledge this Policy, which I declare that I have read and understood in its entirety,
to Vitrum, in its capacity as the Data Controller to process my personal information for promotional, informative and disclosure purposes, i.e. for the sending of promotional, informative and disclosure information and messages of interest to the me (in the form of an electronic and/or printed newsletter, invitations, brochures, posters and the like, both in electronic as well as in paper format) about the new cultural and recreational services provided by the Data Controller and/or cultural activities and/or publishing initiatives (events, exhibitions, seminars, conferences, lectures, concerts, in-depth workshops for children and adults and related activities) produced and/or organized and/or sponsored by the Data Controller, including in collaboration with third parties, market research carried out on behalf of the Data Controller and/or third parties (Paragraph 3(e) of this Policy).
to Vitrum to disclose my personal data to third parties, for their promotional, informative and disclosure purposes, that is for informative and disclosure information and messages of interest to me (in the form of an electronic and/or printed newsletter, invitations, brochures, posters and the like, disseminated in both electronic and printed format) about new cultural and recreational services provided by the Data Controller and/or cultural activities and/or publishing initiatives (events, exhibitions, seminars, conferences, lectures, concerts, in-depth workshops for children and adults and related activities) that are produced and/or organized and/or sponsored by the third parties (Paragraph 3(f) of this Policy).
The User acknowledges that where the User does not authorize the Data Controller to disclose his/her personal data to third parties pursuant to Paragraph 3(f) of this Policy, said third parties shall have no right to obtain from Vitrum any access to the Users’ personal data either for their own promotion, information and disclosure purposes or for any other purpose they pursue in their capacity as an independent data controller, that has not been expressly authorized by the User.
N.B. Consent to the processing of personal data can be revoked at any time via an email message to the following address: firstname.lastname@example.org.
However, revocation of previously given consent does not affect the lawfulness of processing based on consent provided prior to revocation.