INFORMATION ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO REGULATION (EU) 2016/679 (GDPR)
This information, made in accordance with the provisions of art. 13 of the EU Regulation 2016/679 (GDPR) and of the Legislative Decree n. 196/2003 as updated by Legislative Decree n. 101/2018, describes the operations carried out on the personal data of users collected when accessing, browsing and using the services of this website (https://www.cosepuri.it), hereinafter the Site) and not also for other websites that may be consulted by the user through links on the site itself, or when accessing, registering and using the services on the “Cosepuri” APP.
THE HOLDER OF THE TREATMENT
COSEPURI Soc. Coop. p. a., currently in Bologna in via Pollastri 8, is the Data Controller of the users' personal data collected when using the services.
COSEPURI will process the personal data that it comes into contact with in compliance with the principles of lawfulness, correctness and transparency and for the following purposes:
- Access to the website and navigation;
- Management of requests for information;
- Subscription to the information and promotional newsletter;
- Registration, access and management of the reserved area of the site;
- Registration, access to the App;
PLACE OF DATA PROCESSING
The processing connected to the web services of this Site as well as the App takes place at the aforementioned registered office of the Data Controller and at the hosting company providing the service with servers located in the EU.
CATEGORIES OF PERSONAL DATA
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of computer crimes against the site or the owner: except for this possibility, at present, the data on web contacts do not persist beyond the terms of the law.
Data provided voluntarily by the user
The optional, specific and voluntary sending of e-mails, as well as any other personal data included in the communication, to the addresses indicated on this site entails the subsequent acquisition of the sender's address by COSEPURI, necessary to respond to requests.
TYPES OF PERSONAL DATA PROCESSED
Through the features present within the COSEPURI website and the APP, the user can therefore grant some of their personal information that can make them identifiable and that can be processed in order to manage the latter's requests. Among the information that may be requested, there are, by way of example but not limited to, personal data such as:
- Name and surname
- Living address
- Telephone number
- Email address
- The IP address of the device used
- The pages visited by the User
- The time and date on which the user visited the Site
PRINCIPLES APPLICABLE TO DATA PROCESSING BY COSEPURI.
COSEPURI will process the personal data of users in a lawful, correct and transparent way.
The data processed by COSEPURI will be adequate, relevant and limited to what is necessary for the purposes for which they are processed.
MANAGEMENT OF INFORMATION REQUESTS
COSEPURI will process the personal data of Users who fill in the appropriate online forms to request information regarding the services offered by the Data Controller to manage, find and provide what is requested by Users.
The data will be recorded, stored and used exclusively to manage and respond to the requests of the interested parties and for the time necessary to achieve the aforementioned purpose.
The provision of data for this processing purpose is optional. However, failure, partial or incorrect provision of data may make it impossible for COSEPURI to manage and follow up on user requests.
SUBSCRIBE TO THE NEWSLETTER
COSEPURI will process the personal data of Users who enter their e-mail address in the appropriate form to register for the newsletter with informative, commercial and promotional content. The data will be recorded, stored and used exclusively for the registration of interested parties in the Controller's newsletter.
The legal basis of this treatment is the consent of the interested party.
The provision of data for this processing purpose is optional. However, failure, partial or incorrect provision of data may make it impossible for the Data Controller to subscribe the data subject to the newsletter service.
The data will be processed until the consent is revoked by the interested party (opt-out) in order to allow the latter to express their desire not to be contacted in the future.
REGISTRATION, ACCESS AND MANAGEMENT OF SERVICES THROUGH THE SITE AND APP
COSEPURI will process the user's personal data to allow the use of the services reserved for registered users.
The legal basis for this processing is the fulfillment of the contract or, depending on the case, the execution of pre-contractual measures adopted at the request of the interested party. For these purposes, the data will be processed for the time strictly necessary to carry out the individual processing activities. COSEPURI may however keep the data for a longer period of time to fulfill specific obligations established by Regulations and / or laws in force and to which the Data Controller is subject.
COSEPURI will process users' personal data for:
- Allow the user to access the Site and browse it;
- Allow the user to register on the Site and the APP, by creating an account, and to use the services reserved for registered users;
- Maintain and manage the user's account;
- Store user data and information in the account (personal data, booking history, addresses etc.);
- Allow the user the ability to pay for services online and therefore allow the conclusion of the contract and the correct execution of obligations;
- Receive commercial communications to support the purchase and / or customer satisfaction.
During the purchase procedure, the user must provide some information to complete the purchase and / or request the issuance of an invoice (VAT number, tax code etc.).
The legal basis for the aforementioned processing is the fulfillment of the contract by COSEPURI.
For these purposes, the data will be processed for the time strictly necessary to carry out the individual processing activities and no later than 10 years from the time of purchase. If required by specific legislation, the data retention time may be longer.
The provision of data for this purpose is optional. However, failure, partial or incorrect provision of data may make it impossible for the Owner to execute the online purchase contract and for the user to obtain the requested service (s).
The e-mail address of the user who registered will also be processed by COSEPURI for sending promotional offers and commercial communications, as well as for sending the Data Controller's informative and commercial newsletter.
The legal basis that legitimizes the sending of this newsletter is the legitimate interest of the Data Controller (Article 130, paragraph 4 of Legislative Decree 196/2003 and Recital 47 GDPR).
The interested party may at any time oppose such processing by means of a specific unsubscribe link.
METHOD OF TREATMENT
Personal data are and will be processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. The data are processed by technical personnel authorized for processing, duly instructed by COSEPURI.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
TRANSFER OF PERSONAL DATA TO COUNTRIES NOT BELONGING TO THE EUROPEAN UNION
The personal data collected by the Data Controller are processed and stored within the territory of the European Union and will not be transferred to third countries outside the European Economic Area.
CATEGORIES OF SUBJECTS TO WHOM THE DATA MAY BE COMMUNICATED (RECIPIENTS)
The subjects to whom COSEPURI communicates the collected data act as Data Processors designated by the Data Controller through a specific contract or as persons authorized to process personal data under the direct authority of the Data Controller.
The data being processed will in no case be disclosed.
RIGHTS OF THE INTERESTED PARTIES
Interested users of the Site have the right, pursuant to art. 15-22 GDPR, of:
• Request for access to personaldata: the user has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him is being processed and, in this case, access to the data. Access can be directed to obtain the following information:
o The purposes of the processing;
o The categories of personal data in question;
o The recipients or categories of recipients to whom the data have been or will be communicated, in particular if they are intended for third countries or international organizations;
o The retention period of personal data or the criteria used to determine this period;
o The existence of the right to request the Data Controller to correct or delete the data or to limit the processing or object to the same;
o The existence of an automated decision-making process.
• Request for rectification of personal data: the interested party has the right to obtain the correction of inaccurate personal data concerning him, as well as to obtain the integration of incomplete personal data.
• Request for deletion of personal data: for the reasons indicated in art. 17 GDPR, the interested party has the right to request the Data Controller to delete the data without undue delay and the Data Controller is obliged to delete the personal data of the interested party, provided that the data is not subject to a retention obligation pursuant to law.
• Request for limitation of data processing: in the event that one of the hypotheses referred to in art. 18 GDPR, the interested party has the right to request the limitation of the processing of data concerning him.
• Request for data portability: the interested party has the right to receive in a structured format, commonly used and legible, the personal data concerning him provided to a Data Controller and has the right to transmit such data to another Data Controller if the processing is based on consent, on a contract or is carried out by automated means.
• Request for opposition to processing: the interested party has the right to object to the processing of personal data concerning him at any time, for reasons related to his particular situation.
• Withdrawal of consent: the interested party has the right, at any time and with the ease with which he has given it, to withdraw consent to the processing of their personal data.
The interested party also has the right to lodge a complaint with the Italian Authority for the protection of personal data (www.garanteprivacy.it).
Requests for the exercise of rights can be addressed to [email protected]