raggruppa_585

PRIVACY POLICY AND COOKIE POLICY

Policy on processing the personal data of users consulting VisitEmpoli’s website and social media communication channels pursuant to articles 13-14 of GDPR (General Data Protection Regulation) 2016/679 and national legislation

This policy describes how the Municipality of Empoli collects and uses the personal data of users, whether communicated by users themselves or obtained or generated in some other way, when accessing the website www.visitempoli.it .

In accordance with the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, in short GDPR), the processing is based on the principles of fairness, lawfulness, transparency and protection of the confidentiality and rights of the user.

Data Controller

The Municipality of Empoli is the owner of the personal data. (Head Office: Empoli, Via G. Del Papa 41; Certified e-mail: comune.empoli@postacert.toscana.it; Switchboard: Tel. (+39) 0571 7571; VAT reg. no. and Tax Code 01329160483).

Data Protection Officer

The Data Protection Officer (DPO) can be contacted at: dpo@etruriapa.it.

Purpose of data processing

The purpose of processing is to ensure the use of information and communication channels and the dialogue with citizens and possible tourists and visitors, through immediate interaction and participation methods, consistent with the core functions and objectives of the organisation.

Categories of processed data

Browsing data – log files

The computer systems and applications dedicated to the functioning of this website detect, during their normal operation, certain data (the transmission of which is implicit when using Internet communication protocols) not associated with directly identifiable users.

The data collected include the IP addresses and domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters concerning the operating system and the IT environment used by the user.

These data are processed, for the time strictly necessary, for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its proper functioning.

The processing of personal data for this purpose does not require consent as it is necessary to allow consultation of the website.

Data provided voluntarily by the user (Common data: general, personal data)

The voluntary and explicit sending of e-mails to the addresses indicated in the different access channels of this website and the filling in of the specifically provided “forms” (masks) entail the subsequent acquisition of the sender’s/user’s address and data, which are necessary to reply to the requests made and/or provide the requested service. Specific summary information will in any case be reported or displayed on the pages of the website set up for particular services on request.

The personal data (such as the sender’s address and/or any other personal data) provided by users who request information material or other communications (publications, CD-ROMs, etc.) are used for the sole purpose of performing the service or activity requested.

The legal basis consists of the legitimate interests of the Data Controller and the performance of its tasks of public interest or in any case connected with exercising its public powers.

Any other data voluntarily provided by users may be processed in order to ensure the fulfilment of the requests made, pursuant to Article 6, paragraph. 1, letter b) of the GDPR.

Personal data may be processed, subject to separate consent pursuant to art. 6, paragraph 1, lett. a) of the GDPR, for subscribing to thematic areas for receiving related updates, subscribing to mailing lists-newsletters and sending advertising and information material on the products and services offered by e-mail.

Optional or mandatory nature of the consent to provide personal data.

Except as specified for browsing data, which are acquired automatically, users/visitors are free to disclose their personal data as they wish. Failure to provide them may only result in the impossibility of being granted the request.

Processing methods

Processing is carried out through automated tools (e.g. using electronic procedures and media) and/or manually (e.g. on paper) for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, in accordance with the relevant statutory provisions. Specific security measures are observed to prevent the loss of data, unlawful or incorrect use and unauthorised access. Your personal data are not subject to dissemination.

Personal data will be processed within the European Union, stored on servers located within the European Union and will not be disseminated.

Recipients of personal data.

The processing related to the web services of this website is handled exclusively by the technical staff of the Municipality of Empoli, in charge of processing.

The user’s personal data are also processed by persons designated as System Administrators pursuant to the Provision issued by the Italian Data Protection Authority of 27 November 2008, as amended.

Furthermore, the Data Controller may make use of external parties (such as third-party technical service providers, carriers, hosting providers, cloud services, IT companies) that may be appointed as external data processors.

The personal data of users requesting information material (answers to queries, notices and newsletters, acts and measures, etc.) are used solely for the purpose of performing the service or activity requested and are disclosed to third parties only in cases where this is necessary to fulfil the requests (e.g. to dispatch the requested documentation), when required by law or regulations, or during legal proceedings.

With the use of communication systems and digital platforms not owned by the Municipality of Empoli, the user also communicates their data to the owners of the aforementioned systems and platforms.

Personal data retention period.

Data are processed for the time necessary to perform the service requested by the user and then erased/destroyed by secure means of destruction.

Rights of the “Data Subject”

EU Regulation no. 679/2016 gives data subjects the possibility to exercise specific rights:

  • the right of access (Article 15), i.e. the right to receive a copy of the personal data subject to processing;
  • the right of rectification (Article 16), i.e. the right to have inaccurate personal data concerning them corrected without undue delay;
  • the right to erasure – to be forgotten (Article 17), i.e. the possibility to delete personal data concerning the Data Subject;
  • the right to restrict the processing (Article 18);
  • the right to data portability (Article 20), i.e. the possibility to transfer one’s personal data to another Data Controller without hindrance;
  • the right to withdraw consent at any time (Article 7, paragraph 3);
  • the right to lodge a complaint with the Italian Data Protection Authority in the event of a data processing breach (Article 77);
  • the right to a judicial remedy in case of unlawful data processing (Article 78);
  • the right to object at any time to processing for the purpose of sending commercial communications, by expressly requesting the removal of their names from the list

The Data Subject may exercise their rights at any time by sending a registered letter with advice of receipt to the address of the Data Controller indicated in point 1, or by contacting the Data Protection Officer (D.P.O.) indicated in point 2.

Cookies

Cookies are strings of text that websites visited by Users (so-called “first parties”) or different websites or web servers (so-called “third parties”) place and store within the User’s terminal device, because are then retransmitted to the same sites on the next visit.

The Site uses only technical cookies, for which the User’s consent is not required, which are necessary for the Site to function.

Since most browsers are set to automatically accept cookies, we remind the user that it is possible to manage and disable cookies directly from the browser settings:

Google Chrome

Firefox

Safari

Internet Explorer

or through the portal https://www.youronlinechoices.com/it/le-tue-scelte.