EU REGULATION 679/2016 on the protection of individuals with regard to the treating of personal data, as well as on the free circulation of such data
DAU S.R.L. A SOCIO UNICO (sole member) shall process the data in compliance with the provisions of the European Regulation 679/16 concerning the protection of individuals with regard to the processing of personal data, as well as the free movement of such data.
Under Articles 13 and 14 of the above mentioned regulation, below is provided information regarding the identification data of the Holder of the treatment and the Responsible of the treatment with regard to the processing of personal data relating to contracts and the provision of services.
HOLDER OF THE TREATMENT (Data Controller)
Following consultation of this site, data relating to identified or identifiable persons may be processed.
Holder of the treatment is Dau S.r.l. a Socio Unico (Sole Member) located in Via Sernaglia, 76 31053 Pieve di Soligo (TV), Italy.
PLACE OF THE TREATMENT OF DATA
The treatments related to the web services of this site, occur at the abovementioned headquarters of Dau S.r.l. a Socio Unico (Sole Member), and are only handled by technical staff of the Office in charge of processing. If necessary, the data related to the newsletter service may be processed by the staff of the company that takes care of the maintenance of the technological part of the site.
TYPE OF DATA TREATED
The computer systems and software procedures used to operate this website attain, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
Such information is not collected to be associated to identified subjects, but by its very nature could, through processing and association with data held by third parties, allow the identification of users.
In this category of data are included IP addresses or names at domain of the computers used by users who connect to the site, addresses in URI notation (Uniform Resource Identifier) for the required resources, time of the request, method used for submitting the request to the server, the dimension of the file obtained in response, the numerical code indicating the status of the answer given by the server (successful, error, etc.) and other parameters related to the operating system and to the user’s computer environment.
These data are used only for obtaining anonymous statistical information on the use of the site and for controlling its correct working and are deleted immediately after processing. The data may be used to determine responsibility in case of supposed computer crimes against the site: except in this case, currently data of web contacts are kept for no longer than seven days.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated in this site implicates the succeeding achievement of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.
No personal data of the users is acquired with regards to this.
Cookies are not used for transmitting personal data, neither are used persistent c.d. cookies of any kind, or systems for tracking users.
The use of c.d. session cookies (that are not recorded in a persistent way on the user’s computer and vanish when closing the browser) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary for a safe and efficient exploring of the site.
The c.d. session cookies used in this site avoid the use of other computer techniques that are potentially harmful to the privacy of users’ browsing and do not permit the achievement of user’s personal identification data.
OPTIONALITY OF DATA SUPPLY
Apart from that specified for browsing data, the user is free to supply to Dau S.r.l. a Socio Unico (Sole Member) personal data reported in the forms of request or else way indicated in contacts with the Office for requesting the sending of informative material or other communications.
Failure to provide such data may make it impossible to obtain what has been requested.
For completeness it should be noted that in some cases (not subject to the ordinary management of this site) the Authority can request news and information pursuant to Article 157 of Legislative Decree no. 196/2003, for the purpose of monitoring the processing of personal data. In these cases the answer is mandatory under penalty of administrative sanction.
Processing methods and access to data
Data collected by means of subscription of standard contracts in analog format are treated both in paper form and with IT and telematic tools and they may be processed in aggregate form for statistical purposes and to verify the quality standards of assistance and maintenance services, excluding in this case the processing of identification data.
Data collected by filling online forms are treated electronically and by means of management information systems.
Data is accessible only by persons in charge, adequately trained and informed about their tasks and the activities allowed to them on the collected data, which operate on behalf of Dau S.r.l. a Socio Unico (Sole Member) and that are the recipients of instructions and tasks given by the controller, by means of appointment letter.
The holder of the treatment will treat data for the above-mentioned scopes following its legitimate interests that do not prevail over the interests or rights and freedoms of the person concerned.
The rights of the interested party
The interested party will may exercise the rights referred to in articles 16 to 22 of the European regulation 679/16:
- Art 16 – Right to rectification – The interested party has the right to obtain from the holder of the treatment the correction of inaccurate personal data concerning him without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.
- Art 17 – Right to erasure (‘right to be forgotten’) – The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: a) the personal data are no longer necessary for the purpose for which they were collected or otherwise treated 4.5.2016 IT Official Journal of the European Union L 119/43; b) the interested party revokes the consent on which the processing is based in accordance with Article 6, paragraph 1, point a), or Article 9, paragraph 2, point a), and whether there is no other legal basis for the processing; c) the interested party opposes the processing pursuant to Article 21, paragraph 1, and there is no legitimate prevailing reason to proceed with the treatment, or opposes the processing pursuant to Article 21, paragraph 2; d) personal data have been processed illegally; e) personal data must be deleted to fulfill a legal obligation under Union or Member State law to which the holder of the treatment is subject; f) the personal data have been collected in relation to the provision of services of the information society as referred to in Article 8, paragraph 1. 2. The controller, if he has made personal data public and is obliged, in accordance with paragraph 1, to delete them, taking into account the available technology and implementation costs, takes reasonable measures, including technical ones, to inform the data controllers who are processing the personal data of the request of the person concerned to delete any link, copy or reproduction of his personal data . 3. Paragraphs 1 and 2 shall not apply, insofar as the treatment is necessary: a) for the exercise of the right to freedom of expression and information; b) for the fulfillment of a legal obligation requiring treatment under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority of which the data controller is invested; c) for reasons of public interest in the field of public health in accordance with Article 9, paragraph 2, letters h) and i), and Article 9, paragraph 3; d) for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89, paragraph 1), insofar as the right referred to in paragraph 1 risks making it impossible or to seriously affect the achievement of the objectives of this treatment; or e) for the assessment, exercise or defense of a right in court.
- Art 18 – Right to restriction of processing – 1. The interested party has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs: a) the data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the data accuracy of such personal data; b) the processing is illegal and the interested party opposes the cancellation of personal data and asks instead that its use is limited; c) although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to verify, exercise or defend a right in court; d) the interested party has opposed the treatment pursuant to Article 21, paragraph 1, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party. 2. If the processing is restricted pursuant to paragraph 1, such personal data shall only be processed, except for storage, with the consent of the data subject or for the establishment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of significant public interest of the Union or of a Member State. L 119/44 IT Official Journal of the European Union 4.5.2016 3. The interested party which has obtained a processing restriction pursuant to paragraph 1 shall be informed by the controller before the limitation is revoked.
- Art 19 – Notification obligation regarding rectification or erasure of personal data or restriction of processing – The interested party communicates to each recipient to which personal data was transmitted any corrections or cancellations or limitations on processing carried out pursuant to Article 16, Article 17, paragraph 1, and Article 18, unless this proves impossible or involves an inadequate effort. The data controller informs the interested party of these recipients if the data subject requests it.
- Art 20 – Right to data portability – 1. The interested party shall have the right to receive, in a structured, commonly used and machine-readable form, personal data concerning him / her provided to a data controller and has the right to transmit such data to another data controller without impediments on the part of the data controller to whom he has provided them if: a) the processing is based on consent pursuant to Article 6, paragraph 1, point a) or Article 9, paragraph 2, point a), or on a contract within the meaning of Article 6, paragraph 1, point b); and b) processing is carried out by automated means. 2. In exercising its rights relating to the portability of data in accordance with paragraph 1, the data subject shall have the right to obtain direct transmission of personal data from one controller to another, if technically feasible. 3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right does not apply to the treatment necessary for the performance of a task carried out in the public interest or in connection with the exercise of official authority as the data controller is invested. 4. The right referred to in paragraph 1 must not affect the rights and freedoms of others.
- Art 21 – Right to object – The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point e) or f) of Article 6, paragraph 1, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. 2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. 3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. 4.5.2016 IT Official Journal of the European Union L 119/45. 4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information. 5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications. 6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89, paragraph 1, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
- Art 22 – Automated individual decision-making, including profiling – 1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. 2. Paragraph 1 shall not apply if the decision: a) is necessary for entering into, or performance of, a contract between the data subject and a data controller; b) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; c) is based on the data subject’s explicit consent. 3. In the cases referred to in points a) and c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. 4. Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9, paragraph 1), unless point a) or g) of Article 9, paragraph 2, applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
In this sense, the data subject is allowed to access his / her data for:
- Verify its veracity
- Change them if they become inaccurate
- Integrate them also with a supplementary declaration
- Request cancellation
- Limit the treatment
- Oppose treatment
The data controller is obliged to respond without unjustified reason.
Erasure of data
Dau S.r.l. a Socio Unico (Sole Member) in compliance with the corresponding right of access to the interested party, has prepared procedures for which the interested parties can request the cancellation without unjustified delay of personal data or the limitation of the processing of personal data concerning them for the following reasons:
- Because the data are no longer necessary for the purposes for which they were collected
- Because the interested party has revoked the consent
- Because the interested opposed to the treatment
- Because the data are treated illegally.
To exercise the rights provided by the articles From 16 to 22 of the EU Reg 679/16 the interested party must send a written request addressed to:
DAU S.R.L. A SOCIO UNICO
Requests should be addressed:
by e-mail to: firstname.lastname@example.org
or by mail, to:
Dau S.r.l. a Socio Unico, Via Sernaglia, 76 – 31053 Pieve di Soligo (TV).