AUTHORIZATION TO PROCESS OF PERSONAL DATA
(Information pursuant to Article 13 of Legislative Decree n° 196/2003)
1. INFORMATION PURPOSE
The purpose of this page is to describe the way in which the site is managed with regard to processing the user's personal data that will be processed accordingly to the rules of lawfulness, correctness, pertinence and non excess.
This information is given accordingly to Article 13 of Legislative Decree n° 196/2003 – Code regarding the protection of personal data
2. OWNER OF THE PROCESS
As a consequence of consultation of this web site, the data of identified or identifiable subjects can be processed.
The “owner” of the process is:
DYE UP DI ZARDO STEFANO, legal address Via T. Rubelli 1, 31020 San Zenone degli Ezzelini - Treviso – Italy – VAT number 04936180266.
3. PLACE OD DATA PROCESSING
The processing concerning this web site services takes place in the above mentioned DYE UP DI ZARDO STEFANO head office and are treated only by the technical staff of the Office in charge of processing, or by subjects in charge of possible maintenance operations.
The data processing takes place on the basis of its preservation in computer files in the company that access to such files only for maintenance procedures accordingly to enclosed B.
No data arising from the web service is shared or widespread.
The personal data provided by USERS that ask for promotional material (such as newsletter, information requests, catalogues, Cd-rom, etc.) are used only for carrying out the service or the performance required and are shared with third parties only if necessary (DYE UP DI ZARDO STEFANO shipment services).
4. KIND OF PROCESSED DATA
a. Navigation data:
The computer systems and the software procedures in charge of this web site functioning, during their normal practice acquire some personal data (c.d. log files) which transmission is implicit in using the Internet communication protocols.
It's about information that are not collected to be associated to identified interests, but for their own nature could allow to identify the users through elaborations and associations with data detained by third parties.
In this data category we can find the IP addresses or the computer dominion names utilized by users that log on to the site, the addresses in URI notation (Uniform Resource Identifier) of asked resources, the request time, the method used to make the request to the server, the size of the received file, the number code showing the answer given by the server (OK, error, etc.) and other parameters concerning the operating system and the user's computer environment.
These data are used only to get statistical and anonymous information about the site use and to check its correct functioning. The data could be used to verify liabilities in case of hypothetical computer crime to the site and, if explicitly required, could be produced to Legal Authority.
b. Data given voluntarily by the user:
The facultative, explicit and voluntary sending of electronic mail to the addresses above mentioned in this site, involve the subsequent attainment of the sender's address (needed to answer to his requests) and of other personal data entered in the mail.
Specific summary information will be given from time to time in the site pages arranged for particular services on demand.
No users personal data is purposely acquired by the site. Neither cookie is used to transfer personal information nor tracement users identification systems are used.
The use of c.d. Cookies is strictly limited to the transmission of session identifications (made by casual numbers given by the server) needed to allow the safe and efficient site exploration and used in order to get the monthly single visitors survey. Cookie can be removed by the surfer using his navigation program functions.
5. OPTIONAL DATA COMMUNICATION
Apart from what specified for the navigation data, the user is free to provide his personal data to DYE UP DI ZARDO STEFANO in the requested forms or in contacts with the Office in order to ask for promotional materials or other communication.
The missing communication of such data can entail the impossibility to obtain what asked.
To be completely exhaustive, it must be reminded that in some cases (not object of this web site) the Authority can ask information pursuant to Article 157 of Legislative Decree n° 196/2003 , in order to check the personal data processing.
In these cases it is compulsory to give an answer, on the contrary the risk is of administrative sanction.
6. PROCESSING WAYS
The personal data are processed with computerized tools for a period of time strictly necessary to achieve the purpose for which they had been collected.
Particular security measures are respected in order to prevent data loss, illicit or mistaken uses and non-authorized accesses.
7. RIGHTS OF THE CONCERNED SUBJECTS
The subjects to whom the personal data are referred to, have in every moment the right to know if their data still exist in the database or not and to know their contents and origin, to verify their correctness or to ask their integration or updating, or their rectification.
Pursuant to the same Article the Subjects have the right to ask the deletion, the transformation in an anonymous form or the block of the data processed in violation of laws, as well as they can always oppose, for reasonable causes, to the data process.
The requests must be addressed to DYE UP DI ZARDO STEFANO.
(Information to Data Subjects)
1. The data subject as well as any entity from whom or which personal data are collected shall be preliminarily informed, either orally or in writing, as to:
a) the purposes and modalities of the processing for which the data are intended;
b) the obligatory or voluntary nature of providing the requested data;
c) the consequences if (s)he fails to reply;
d) the entities or categories of entity to whom or which the data may be communicated, or who/which may get to know the data in their capacity as data processors or persons in charge of the processing, and the scope of dissemination of said data;
e) the rights as per Section 7;
f) the identification data concerning the data controller and, where designated, the data controller’s representative in the State’s territory pursuant to Section 5 and the data processor. If several data processors have been designated by the data controller, at least one among them shall be referred to and either the site on the communications network or the mechanisms for easily accessing the updated list of data processors shall be specified. If a data processor has been designated to provide responses to data subjects in case the rights as per Section 7 are exercised, such data processor shall be referred to.
2. The information as per paragraph 1 shall also contain the items referred to in specific provisions of this Code and may fail to include certain items if the latter are already known to the entity providing the data or their knowledge may concretely impair supervisory or control activities carried out by public bodies for purposes related to defence or State security, or else for the prevention, suppression or detection of offences.
3. The Garante may issue a provision to set out simplified information arrangements as regards, in particular, telephone services providing assistance and information to the public.
4. Whenever the personal data are not collected from the data subject, the information as per paragraph 1, also including the categories of processed data, shall be provided to the data subject at the time of recording such data or, if their communication is envisaged, no later than when the data are first communicated.
of subjects that interact with the DYE UP DI ZARDO STEFANO web services, accessible through Internet starting from the address: www.soullimit.com, corresponding to DYE UP DI ZARDO STEFANO official web site home page.
The present information is given only for DYE UP DI ZARDO STEFANO website and not for other websites consulted bu the user through link.
This information is suggested even by the Advice n° 2/2001 that the European authorities for the protection of personal data, gathered in the Group instituted by Article 29 of directive n°95/46/CE (download), have adopted on May 17th 2001 in order to specify some least requirements for the on-line collection of personal data, and in particular, the modalities, the time and nature of the information that the owners of the process must give to users when these connect to web pages, regardless of the connection purposes.
5. Paragraph 4 shall not apply
a) if the data are processed in compliance with an obligation imposed by a law, regulations or Community legislation;
b) if the data are processed either for carrying out the investigations by defence counsel as per Act no. 397 of 07.12.2000 or to establish or defend a legal claim, provided that the data are processed exclusively for said purposes and for no longer than is necessary therefor;
c) if the provision of information to the data subject involves an effort that is declared by the Garante to be manifestly disproportionate compared with the right to be protected, in which case the Garante shall lay down suitable measures, if any, or if it proves impossible in the opinion of the Garante.
(Request for Information and Production of Documents)
1. In discharging its tasks, the Garante may request the data controller, the data processor, the data subject or a third party to provide information and produce documents.
1. The Garante may order that data banks and filing systems be accessed and audits on the spot be performed as regards premises where the processing takes place or investigations are anyhow to be carried out with a view to checking compliance with personal data protection regulations.
2. The inquiries referred to in paragraph 1 shall be carried out by staff from the Office. The Garante may also avail itself, if necessary, of the co-operation of other State agencies.
3. The inquiries referred to in paragraph 1, if carried out at a person's home or in another private dwelling place and/or the relevant appurtenances, shall be carried out with the data controller's or data processor's informed consent. Alternatively, an authorisation from the judge presiding over the geographically competent court - by having regard to the place where the inquiries are to be carried out - shall be required, whereby the judge shall issue a reasoned decree without delay and anyhow by no later than three days after receiving the relevant request from the Garante if it can be proven that the inquiries cannot be postponed.
1. The staff in charge of the inquiries shall be provided with an ID document and may be assisted, if necessary, by consultants bound by secrecy rules pursuant to Section 156(8). In carrying out measurements and technical operations, said staff may also make copies of papers, data and documents, also by samples and on computer media or else via electronic networks. Summary minutes of the inquiries shall be drawn up, also taking note of any declarations made by the persons attending them. 106
2. The entities concerned by the inquiries shall be given a copy of the authorisation issued by the judge presiding over the competent court, if any. They shall be required to allow the inquiries to be carried out and cooperate as necessary to that end. In case of denial, the inquiries shall be performed in any case and the expenses incurred shall be charged to the data controller by means of the provision finalising the relevant proceeding – which shall be regarded, as for this portion, to be an enforcement order pursuant to Sections 474 and 475 of the Civil Procedure Code.
3. If the inquiries are carried out at the data controller’s or processor’s premises, they shall be performed by informing either the data processor or, if the latter is absent or has not been designated, the persons in charge of the processing. Any person that has been designated by the data controller or processor to this effect may attend the inquiries.
4. No inquiries may be started either before 7 or after 20, except where provided otherwise in the authorisation issued by the judge presiding over the competent court; inquiries may also be carried out upon prior notice if this can facilitate their performance.
5. The information notices, requests and orders referred to in this Section and in Sections 157 and 158 may also be transmitted by e-mail or facsimile.
6. If the findings are such as to point to commission of an offence, Section 220 of the implementing, coordination and transitional provisions of the Criminal Procedure Code, as adopted by legislative decree no. 271 of 28.07.1989, shall apply.
1. As regards the data processing operations referred to in Titles I, II and III of Part II, the relevant inquiries shall be carried out by the agency of a member designated by the Garante.
2. Should the processing fail to comply with laws or regulations, the Garante shall draw the data controller’s or processor’s attention to the changes and additions that are required and verify that they are implemented. Where the request for the inquiries was made by the data subject, the latter shall be informed of the relevant outcome unless this may be prejudicial to actions or operations aimed at protecting public order and security or preventing and suppressing offences, or if there exist grounds related to State defence or security.
3. The inquiries may not be committed to others. Where necessary on account of the specific nature of the audit, the member designated as above may be assisted by specialized staff that shall be bound by secrecy rules as per Section 156(8). All records and documents, once acquired, shall be kept in such a way as to ensure their confidentiality and may be disclosed to the President and members of the Garante as well as to a limited number of employees in the Office, to be designated by the Garante pursuant to criteria laid down in the regulations as per Section 156(3), letter a), if this is necessary for the discharge of official duties.
4. As for inquiries concerning intelligence and security bodies or data that are covered by State secrecy, the designated member shall inspect the relevant records and documents and report on them orally during the meetings of the Garante. 107
5. In carrying out inquiries as per this Section with regard to judicial offices, the Garante shall take suitable arrangements in line with the respective powers and the specific institutional role of the authority in charge of the relevant proceeding. Inquiries concerning investigational records that are subjected to secrecy shall be postponed until secrecy is lifted, if so requested by the authority in charge of the proceeding.
6. Validity, enforceability and applicability of records, documents and measures related to judicial proceedings that are based on personal data processed by failing to comply with laws or regulations shall further be regulated by the relevant procedural provisions concerning civil and criminal matters.