Short version (banner)
This website implements available and reasonable measures to protect user’s privacy and minimise personal data processing, in compliance with Italian law (D.Lgs. 30 June 2003 no. 196 or Data Protection Code and its modifications) and European regulation (Regulation EU 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data or “GDPR”).
Data controller is Ivana Moscato, Via Stezzano no. 87, Bergamo, at the premises of Kilometro Rosso.
Users can contact the data controller by sending an e-mail to [email protected] or by sending a letter to the address: Via Stezzano n. 87, Bergamo, Kilometro Rosso.
Legal basis for the processing
The provision of personal data is not statutory nor a contractual requirement: users may deny their consent to the processing and revoke their consent at any time (this can be done through the banner at the bottom of the page, or by changing settings of your browser or by contacting the data controller). However, if users do not agree on data processing, the browsing experience may be hindered.
Data is also processed to maintain the Website secure and protect it from misuse and spam, as well as to analyse user’s traffic for statistical purposes. This data cannot be related to the user and is processed on the basis of data controller’s legitimate interest to the Website’s and user’s data security. In these cases, the user has the right to object to the processing at any time (see paragraph on user’s rights).
Purposes of processing
The purposes of data processing are the following:
- Browsing of the Website
Record the settings of the user, i.e. the language, and allow the user to browse the Website.
- Data analysis
Data is processed to verify that the Website works properly. This type of data cannot be attributed to the single user and does not identify the user.
Data is processed to maintain the Website secure (i.e. antispam filters, firewalls, virus detection) so that also users are protected from frauds and damages to the Website. This type of data is registered automatically and can include personal data (i.e. IP address) which may be used in compliance with laws and regulations to block activities that may damage the Website or other users, as well as criminal activities. This data, which is periodically deleted, will never be used to identify users or track user’s preferences.
- Other activities
Data may be sent to third parties who provide services that are material to the functioning of the Website (i.e. comment boxes) and who provide other activities to us, such as technical support and logistics. Our suppliers have access to data that they need to provide their services only and undertake to not use data for other purposes and commit to process data in compliance with applicable laws.
- Advisory and professional engagements
Categories of data
The Website processes two categories of user’s data.
Data that is processed automatically
While browsing the Website, the following data may be processed and stored as log files in the Website’s server:
- Internet Protocol (IP) address;
- browser type;
- characteristics of the device that has been used to connect to the Website;
- name of the Internet Service Provider (ISP);
- date and time of the visit;
- user’s webpage of entry and exit;
- number of clicks.
This data is processed for the sole purpose of data analysis in a form that does not identify the user. The IP address is processed for security reasons only and it is not matched with any other data.
Data that is provided on a voluntary basis
The Website may also process data that is provided by users when they use the services on the Website, i.e. when they leave a comment or send a query. This data will only be used to provide the service that has been requested and includes:
- name and surname;
- email address;
- any other data that is provided on a voluntary basis.
Where data is processed
Data that is processed automatically by the Website during its operations will be stored as long as it is strictly necessary to carry out the activities that have been described above. After that time, data will be deleted or pseudonomised, unless there are other reasons to keep it. Data that is used for security (i.e. IP address and attempts to damage the Websites) will be stored for 30 days.
Data that is processed for data analysis will be stored in aggregated form for 24 months.
Transfer of data to third parties
Data is not transferred to third parties, unless: (i) there is a lwaful request from a court; (ii) the transfer is necessary to provide a specific service requested by the user; and (iii) we have to perform security checks on the Website or work on its optimisation.
Transfer of data outside the EU
The Website may share some data with service providers located outside the EEA, in particular with Google. This type of transfer has been authorised by specific decisions of the European Union Commission (decision no. 1250/2016, Privacy Shield) and the Italian Commissioner for data protection, therefore no additional user’s consent is required for the transfer. Google warrants its adherence to the Privacy Shield.
Data is processed in a lawful and correct way and is protected with security measures that are aimed to prevent unauthorized accesses, publication, changes or unauthorized distruction of data. We commit to maintain security on data communication, by applying Secure Sockets Layer (SSL) software which encrypts information in transit. Data is processed by digital and/or online devices, with organisational and technical measures that are strictly related to the purposes of processing indicated above. Besides data processors, data may be processed by people that work on the Website or other service providers (i.e. technical suppliers, hosting providers).
Cookies are small text files that websites send to the user’s computer, where they are stored to be used by the said websites when the user visits them the next times. Third-party cookies are instead installed by a different website than the one that the user is visiting. This happens because every website may contain objects that may be located in different servers than the one that hosts the visited website (i.e. images, maps, sounds, links to external websited, etc.).
Cookies are used for different purposes: digital authentication, session monitoring, recording of website settings, recording of preferences, etc.
The website uses the following types of cookies:
If cookies are turned off some functions of the Website may not be available.
This Website uses third-party cookies with the aim to offer additional services to the users and facilitate the use of the Website. The Webiste does not have any control over these cookies that are fully managed by third parties and does not have access to the information collected by them. Details on the use of these cookies, on their purposes and on how they may be turned off are provided by the third parties directly at the pages indicated below.
The Website uses the following third-party cookies:
- Google Ireland Limited
Google Analytics: it is used to analyse how users use the Website, to send reports on Website’s activities and reports on user’s behaviour, to verify how often users visit the Website, how the Website is located by users and what pages are visited the most. This information is also used to compare the Webiste with other similar websites.
Categories of data: browser identification, browsing date and time, originating page and IP address.
Where data is processed: European Union.
Data does not identify the users and is not matched with other data of the same users. Data is processed in aggregated form and it is anonimised (last eight digits are truncated). Google Inc. may not match this data with the one collected from other services, in compliance with a specific agreement (DPA).
More information on Google Analytics cookies is available on Google Analytics Cookie Usage on Websites page (Google Analytics Cookie Usage on Websites).
User’s rights on his data
In compliance with the GDPR, the user may exercise the following rights according to and within the limits of the applicable law:
- to object to all of part of the processing for legitimate reasons;
- to demand confirmation as to whether or not personal data concerning him is being processed;
- to know the source of data;
- to obtain information on the logic, purposes of the processing and how processing is being done;
- to demand un update, rectification, integration, deletion and pseudonymization of data;
- to receive the personal data concerning him, which he has provided to the data controller, in a structured, commonly used and machine-readable format;
- to lodge a complaint with a supervisory authority (i.e. the Italian Data Protection Commissioner - https://www.garanteprivacy.it/web/guest/home_en);
- to exercise all other statutory rights.
Requests may be addressed to the data controller.