Information for the processing of personal data
Reggio Calabria Chamber of Commerce, hereinafter also the “Data Controller”, in compliance with the principles enshrined in European Regulation 2016/679 (hereinafter also “GDPR”) on the protection of individuals with regard to the processing of personal data and the free movement of such data, and in Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (hereinafter also “Code”), through this information notice, provides the user (hereinafter also “interested party”) with transparent indications regarding the methods of interaction, consultation and use of the services available at www.reggiocalabriawelcome.com, corresponding to the home page of the institutional website of the Owner, hereinafter also “the Site”.
This information is provided exclusively for the Owner’s site and not for other websites that may be consulted by the user via links.
The data controller
The data controller is Camera di Commercio di Reggio Calabria. with registered office in Reggio Calabria, Via Tommaso Campanella, 12.
Contact email firstname.lastname@example.org
Data protection officer
The Data Controller has appointed a Data Protection Officer DPO
Contact email email@example.com.
Purpose of processing and legal basis
The processing of personal data through the Site is carried out for the purposes listed below:
- correct technical functioning of the Site in fulfilment of public interest tasks;
- only with prior consent, activation of services of an informative and promotional nature relating to activities/events/initiatives and any other aspect of the Chamber’s activities by sending newsletters and/or other informative communications.
Type and nature of data processed
Access to the site involves the registration of data used solely to ensure its proper functioning. The data collected include IP addresses and/or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.
Compulsory or optional nature of providing data and consequences of failure to provide data
The provision of data is compulsory for the purposes indicated in point 1.
With regard to the purposes indicated in point 2, the provision of the data is optional and is subject to your consent, without which you will not be able to use the newsletter service.
Period of data retention
The data will be stored in compliance with current legislation and the principle of minimisation:
- for the purposes referred to in point 1, until the end of each browsing session;
- for the purposes referred to in point 2, until consent is revoked.
Recipients of personal data
Personal data are processed by employees of the Chamber of Commerce, duly trained and previously authorised to process them.
The data may also be processed, on behalf of the Data Controller, by external parties designated as data processors pursuant to Article 28 GDPR, which fall into the following categories:
- companies that provide maintenance services for the Site and information systems;
- companies that provide management and maintenance services for the Controller’s database.
The data may be communicated by external parties operating as autonomous Data Controllers such as, by way of example, entities of the Chamber of Commerce system, authorities and supervisory and control bodies and, in general, public or private parties entitled to request the data.
Transfer of data abroad
The Data Controller may make use, also through its Data Processors, of IT services and telematic communications companies that may place or transit the data also in countries outside the European Economic Area.
These service companies are selected on the basis of their certifications and declarations of reliability, security and compliance with national and European legislation on the processing of personal data.
In particular, in order to guarantee an adequate level of protection of personal data, these companies may only transfer to countries (or sectors thereof) that have been the subject of specific adequacy decisions adopted by the European Commission, or on the basis of Standard Contractual Clauses approved by the Commission.
Data Subject Rights
Regulation (EU) 2016/679 grants you, as a Data Subject, various rights, which you may exercise by contacting the Data Controller or the Data Protection Officer at the contact details set out in points 1 and 2 of this information notice.
Among the rights that may be exercised, provided that the requirements of the legislation (in particular, Articles 15 et seq. of the Regulation) are met, are:
- the right to know whether the Controller is processing personal data concerning you and, if so, to have access to the data being processed and to all information relating thereto;
- the right to have inaccurate personal data concerning him/her corrected and/or incomplete data supplemented;
- the right to the deletion of personal data concerning him/her;
- the right to restriction of processing;
- the right to object to the processing;
- the right to the portability of personal data concerning him/her;
- the right to withdraw consent at any time, without prejudice to the lawfulness of processing, based on consent, carried out before the revocation.
In any case, you also have the right to lodge a formal complaint with the Italian Data Protection Authority, according to the procedures available on the Guarantor’s website.