Information on the protection of privacy
In accordance with national legislation (Legislative decree 196/June 30, 2003 regarding the protection of personal data) and community legislation (EU regulation for the protection of personal data, n. 679/2016, GDPR) and later modifications, this website respects and safeguards the privacy of visitors and users, ensuring that every possible and proportional attempt will be made to not impinge on the rights of its users.
Legal basis of processing data
The present website processes data only upon agreement.
The provision of data and therefore Agreement to collect and process data is optional; the User can refuse to consent and revoke at any time previously-given consent. Doing so, however, could result in blocked access to some services and navigation of the website could be compromised. Beginning on May 25, 2018 (when the GDPR went into effect), the present website will process some data selected based on the legitimate interests of the owner of the data processing.
Data collected and aims
As with all websites, the present site also uses log files which conserve data collected automatically during a visit to the website. The data collected could be the following:
– internet protocol address (IP);
– browser type and parameters of the device used for connecting to the site;
– name of the internet service provider (ISP);
– date and time of visit;
– webpage the visitor connected from (referral), as well as the subsequent page upon exiting;
– the number of clicks.
The aforementioned data are processed automatically and collected exclusively in a consolidated form in order to verify the correct operation of the website, and for security reasons (since May 25, 2018, data will be processed based on the legitimate interests of the owner of the data processing).
To ensure security (anti-spam filters, firewall, survey of viruses), the data registered automatically can potentially include personal data, like an IP address, which could be used, in accordance with the relevant current laws, to block attempts to damage the website or other users, as well as damaging or criminal activities. Such data are never used for identifying and profiling the user, but are only intended to safeguard the website and its users (since May 25, 2018, data will be processed based on the legitimate interests of the owner of the data processing).
The data can also be transferred to specialized banks for reports and marketing.
The data collected from the website during its operation are used exclusively for the aims indicated and are conserved for the time necessary for carrying out precise activities or, if applicable, until there is a cancellation request for accounts registered to the website. The data collected from the website will never be passed to third parties for any reason, unless there is a legitimate request from judicial authorities and only in cases allowed by law.
The data collected from the website are processed at the web hosting’s data centre (TIX – Tuscany Internet Exchange, Via San Piero a Quaracchi 250, Florence).
Session cookies are essential for distinguishing connected users, and are useful for ensuring that a requested function not be provided to the wrong user, as well as for security purposes so as to avoid damaging attacks on the website. Session cookies do not contain personal data and last only as long as the session does, that is, until the browser is closed. Consent is not needed for them.
Functionality cookies used by the website are strictly necessary for operating the site; they are those connected to a user’s request for a specific function (like Login), for which consent is not needed).
Social Network Plugin
The collection and use of data obtained via the plugin are regulated according to the related privacy policies of the social networks, which users are advised to refer to.
The present website processes users’ data legitimately and correctly, adopting appropriate security measures aimed at impeding unauthorized access to and disclosure, modification or destruction of data. Processing is carried out using computer and/or online tools, with organizational procedures and reasons strictly related to the intended aims. In addition to the owner, in some cases certain categories of representatives can have access to data who are involved in the organization of the website (administrative, commercial, marketing and legal personnel and system administrators), as well as external individuals (like providers of third-party technical support, postal workers, hosting providers, IT companies and communication agencies).
In accordance with EU Regulation 679/2016 (GDPR) and national legislation, the User can, with the procedures and limits provided in current legislation, exercise the following rights:
– request the confirmation of the existence of personal data regarding him/herself (right to access);
– be informed of their origin;
– receive comprehensible communication about them;
– receive information about the reason, procedures and aims of their processing;
– request an update, modification, integration, cancellation, transformation into anonymity and blocking of data processes that are in violation of the law, including those no longer necessary for carrying out the aims for which they were collected;
– in cases of consent-based processing, receive the data provided to the owner, in a structured and legible manner, from a data processor and in a format commonly used by an electronic device; the cost for doing so only regards possible support;
– the right to present a complaint to the Supervisory Authority (Warranty Policy);
– more generally, all rights that are recognized by current laws.
In cases in which data are processed based on legitimate interests, the rights of interested parties are nonetheless guaranteed (except the right of portability, which is not required by current regulations), especially the right to oppose processing, which can be applied by sending a request to the owner of the data processing.
Manging cookies: consenting their use
Cancelling cookies does not block use of the website www.vetrina.toscana.it.
Users/visitors can program the browser to accept/refuse all cookies or have appear a warning whenever a cookie is presented in order to evaluate whether or not to accept it.
By default, almost all web browsers are programmed to automatically accept cookies. You can modify the pre-set configuration, which is set to medium security on browsers (like, for example, Internet Explorer 6.0), and disable cookies (block them definitively), programming a higher level of protection in the dedicated tab (Privacy), but it should be kept in mind that disabling cookies can compromise use of the site’s features.
Users also have the possibility of cancelling (or eliminating) cookies from his/her personal computer, using the browser’s specific feature. Cancelling cookies does not block use of the site, but results in the repeated need to re-authorize, that is, include the user’s credentials upon each visit.
To this aim, there are elements (plugins) for the more common browsers that allow for:
– management (visualization, cancellation, blocking) of cookies;
– visualizing technology used by the website;
– visualizing and blocking (selective) various tracing mechanisms
Owner of the data processing
In accordance with current laws, the owner of the data processing is Fondazione Sistema Toscana.
Supervisor for the data processing
Mr. Alessandro Giannini has been appointed supervisor for the data processing, having agreed to process the data on behalf of the owner.
In reading the above information, with reference to the EU regulation 679/2016, the user agrees:
– to the processing of personal data, both public and sensitive, regarding him/her, which is used for the aims declared above.
– to the communication of the data to categories of individuals as stated above. Consent remains conditional on compliance with the provisions of current legislation.