The Data Controller is Cart-One, with registered office in via del Lavoro, No. 2, Torrile, Parma, Tel.:0521.317011, fax number 0521.317003, as well as e-mail address firstname.lastname@example.org, PEC email@example.com. The Website is managed by Sada Partecipazioni S.r.l., in the person of its interim legal representative, with registered office in Via Pacinotti snc, 84098 Pontecagnano Faiano (SA), tel .: +39 089 38 666 11, fax: +39 089 38 666 74, e-mail: firstname.lastname@example.org, certified e-maill: email@example.com. The Data Protection Officer of Sada Partecipazioni can be reached at the telephone and fax number +39 081.5747282, as well as at the e-mail address firstname.lastname@example.org, registered e-mail: email@example.com.
Data provided intentionally by the User and related purposes
The optional, explicit and voluntary sending of e-mail messages to the e-mail addresses indicated on this Website entails the subsequent acquisition by the Controller of the sender’s address, necessary to reply to the messages and requests of the User, as well as any other personal data included in the message, always lawfully pursuant to Article 6(1) letter b) of the GDPR.
Ways of communication of Data and dissemination
The processing operations connected to the use of this Website take place at the registered office of Cart-One and are carried out by technical staff duly appointed to carry out these tasks, constantly identified and / or authorized, appropriately instructed and made aware of the constraints imposed by the GDPR; by the Italian Data Protection Code and any other EU and / or national provisions and / or regulations in point of personal data protection, as well as by means of appropriate technical and organizational measures apt to guarantee data protection and to avoid risks of loss or destruction, unauthorized access, or processing that is not permitted or does not comply with the aforementioned purposes. Technical and organizational measures are constantly improved on the basis of technological development. No Data deriving from the web service is disseminated by the Controller. This is however without prejudice to the disclosure of Data to companies expressly assigned to perform services within the activity carried out by the Data Controller and/or, in general, in its favor, that will operate as independent controllers, co-controllers and / or data processors, as well as the disclosure and/or dissemination of Data requested, in accordance with the law, by police forces, judicial authorities, information and security bodies or other public entities for the purposes of State defense or security or prevention, detection or repression of crimes.
Data relating to navigation
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some Data whose transmission is implicit in the use of Internet communication protocols. Such information is not collected to be associated with identified data subjects (i.e. Users), but by their very nature might, through processing and association with data held by third parties, allow Users to be identified. This category of data includes IP addresses or domain names of the computers used by the Users who connect to the Website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the User’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and are deleted immediately after processing. The Data may be used to ascertain liabilities in case of possible computer crimes against the Website. Without prejudice to this event, the data on web contacts do not persist for more than 7 days.
Optional provision of Data
Data voluntarily provided by the User:
- E-mail: the optional, explicit and voluntary sending of e-mails to the addresses indicated on the Website entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. In any event, Cart-One, in order to comply with the new legal provisions introduced by the GDPR, has introduced a system requesting the User to provide or refuse his consent to the processing of his data, in order to ensure that consent is knowingly given;
- Offline collections of personal data: in the event that Cart-One collects personal data off-line (e.g. paper forms), Cart-One provides simultaneous information on the processing of data pursuant to Article 13 of the GDPR and obtains, where appropriate, the consent of the data subject (this also applies if the data collection is made on forms that can be downloaded from the Website);
Duration of processing and storage of personal data
The User’s Data will be processed by the Data Controller only for the period of time necessary to achieve the aforementioned purposes. At the end of such a short period, they will be kept only in fulfillment of the legal obligations in force on the matter, for administrative purposes and / or to assert or defend their own right, in the event of judicial and pre-litigation litigation.
Navigation without registration
Navigation on the Website is free, free and does not require registration of the User. Navigation is not monitored neither with reference to the Websites of origin nor with reference to the pages visited.
Rights of the interested parties (ex Articles 15 and following of the Rules)
The User, as data subject, has the right to obtain:
- confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in an intelligible form and / or access to them;
- a copy of your personal data;
- the correction of any inaccurate personal data;
- cancellation of your personal data;
- the limitation of the processing of your personal data;
- in a structured format, in common use and readable by an automatic device, the Data that the User has provided or has created and to transmit them to another data controller (so-called data portability);
- indication: a) of the origin of the Data; b) of the categories of Data processed; c) of the purposes and methods of the processing; d) of the logic applied in case of treatment carried out with the aid of electronic instruments; e) of the identification details of the Data Controller and of any responsible parties; f) of the retention period of the Data or of the criteria used to determine this period; g) of the subjects or categories of subjects to whom the Data may be communicated or who may become aware of it as appointed representative in the territory of the State, managers or persons authorized to process the Data in the name and on behalf of the Data Controller; h) updating, rectification or, when interested, integration of the Data; i) the transformation into anonymous form or the blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; j) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment is it proves impossible or involves a use of means manifestly disproportionate to the protected right.
The User also has the right to object, in whole or in part: a) for legitimate reasons, to the processing of data concerning him, even if they are relevant to the purpose of the collection; b) to the processing of data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
Requests should be addressed to the Data Controller or to the DPO, without formalities, by sending a communication to the addresses of the Controller identified above.
If the User considers that the processing of the Data carried out through the Website is in violation of the provisions of the GDPR, the User has the right to lodge a complaint with the Data Protection Authority, as provided for by Article 77 of the GDPR, or to take appropriate judicial offices (Article 79 of the Rules).
Changes to this information