According to the rules of the Regulation, the processing carried out by BOGANA FRATELLI S.R.L. will be based on the principles of lawfulness, correctness, transparency, limitation of purposes and storage, minimisation of data, accuracy, integrity and confidentiality, as well as the principle of responsibility referred to in art. 5 of the Rules of Procedure.
1) DATA CONTROLLER
The data controller is BOGANA FRATELLI S.R.L. (hereinafter also BOGANA, Company or Owner), with registered office in La Moglia 27 Cherasco (CN) and VAT: 02686200045, in the person of Davide Bogana, legal representative of the Company.
APPOINTMENT OF THE DPO (DATA PROTECTION OFFICER)
The Owner, not falling back in the cases indicated by Art. 37 of the GDPR, nor in those indicated in the various interpretations of the Data Protection Authority, did not consider it necessary to appoint a Data Protection Officer.
3) SUBJECT MATTER OF PROCESSING
Depending on your use of the site, the personal data processed through the Site are as follows.
a) a) NAVIGATION DATA
The computer systems and software procedures responsible for the operation of the Site automatically acquire, in normal operation, some information related to web navigation whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects but that by their nature could, through associations and processing with data held by third parties, allow you to identify users or surfers. This category includes information about IP addresses, domain names of computers used by users connecting to the site, addresses in URI (Uniform Resource Identifier) notation of the required resources, time of request, the method used to submit the request to the web server, the size of the file obtained in response, numeric code indicating the status of the response given by the web server (good end, error, etc.) and other parameters related to the operating system and the computer environment of the user. This data is used for the sole purpose of obtaining anonymous statistical information on the use of this Website and to check its correct functioning, to identify anomalies and/or abuses, and is deleted immediately after processing. The data may be used to ascertain liability in case of hypothetical computer crimes against the site or third parties.
b) DATA COLLECTED BY COOKIES
What are cookies
Browsing this Site involves the receipt of cookies, short strings of text that websites visited send to the user’s browser (ie the program that serves to navigate such as, eg, Chrome, Explorer, Mozilla, etc.) where they are stored and then transmitted to the same websites during subsequent visits. During navigation on a site, the user can also receive cookies on his computer of sites or web servers other than the one he is visiting (c.d. cookies "third parties"). Specific information is provided in the sections of the website prepared for particular services, also accessible following registration, where personal data are requested to the user of the site. It is possible to distinguish technical cookies, which allow the performance of activities strictly related to the operation of the site and can be used freely, and profiling cookies, used in order to display advertising messages in line with the preferences expressed by the user during navigation and for which it is necessary to acquire the user’s consent.
Through this website the user’s browser can receive technical cookies and third-party profiling cookies.
In particular, technical navigation cookies are used, in order to store navigation preferences and improve navigation on the site.
How to manage cookies in your browser
The user can set his browser in order to be warned of the presence of cookies and decide whether or not to accept a specific cookie or automatically reject all cookies. Here are the references to how to manage the activation/ deactivation of cookies for the main browsers:
Google Chrome: https://support.google.com/accounts/answer/61416?hl=it
Mozilla Firefox: https://support.mozilla.org/it/kb/Bloccare%20i%20cookie
Apple Safari: https://support.apple.com/kb/PH19214?locale=it_IT
Microsoft Internet Explorer e Microsoft Edge: https://support.microsoft.com/it-it/help/17442/windows-internet-explore…
c) DATA COLLECTED CONTACT PURPOSE
In the "CONTACT" area, the user can request general information. At that time, he must release some personal data: name, surname and e-mail. This data is recorded in order to be able to correctly address the request for information, and to properly manage the follow-up of this request.
4) PURPOSE OF PROCESSING, LEGAL BASIS AND MANDATORY PROVISION
with regard to point 3.a
the purpose of the processing is to allow the navigation of the Site and the provision of services therein provided by the Data Controller, including the management of the security of the Site; The legal basis for the processing of personal data for the purposes referred to in section 3.a is art. 6.1.b) of the Regulation insofar as the treatments are necessary for the provision of the services or for the response of the requests of the interested party. The provision of these data is mandatory.
With regard to point 3.b
the purpose of processing is to improve the browsing experience of the Site, and to ensure some additional services, the deactivation of which does not compromise the functioning of the website. In addition, the data collected here are used, in aggregate and anonymous form, to produce analysis on preferences and browsing behavior. This processing is lawful pursuant to art. 6.1 of the Regulations and requires the explicit consent of the user, which can be managed through the procedures indicated in point 3.b. The provision of this data is optional, but failure to provide it may affect the proper functioning of certain areas of the site (however not basic).
With regard to point 3.c
lthe purpose of the processing is to make it possible for the user to contact the Company in order to use the booking service or generic information. The information collected is not necessary for the browsing experience, but is mandatory to proceed with this processing. Failure to provide even one of the requested data prevents the continuation of the procedure. The data collected fully meet the criteria of minimisation and balancing of interests indicated in the Regulation. The processing is lawful pursuant to art. 6.1 of the Regulation and does not require the explicit consent of the user.
5) PROCESSING METHODS: DATA OPERATIONS, RETENTION PERIOD
The processing of your personal data is carried out through the operations indicated in Art. 4 n. 2) GDPR and precisely: collection, registration, organization, storage, consultation, use, blocking, communication, cancellation and destruction. Your personal data is subject to electronic and/or automated processing.
All the data you provide that have fiscal and/ or civil relevance will be stored in our archives for a period of 10 years, as required by current legislation. All data provided by you that are not of tax relevance will be kept, unless otherwise indicated, until the conclusion of the contract for which they were provided.
6) RECIPIENTS OF PERSONAL DATA
6.1. subjects who typically act as data processors pursuant to art. 28 of the Regulation, that is subjects that cooperate with the Data Controller for the pursuit of the above purposes, including subjects delegated to perform technical maintenance activities.
6.2. persons authorized by the Data Controller, pursuant to art. 29 of the Regulation, to the processing of personal data necessary to carry out activities strictly related to the provision of services, which are committed to confidentiality or otherwise have an adequate legal obligation of confidentiality.
7) COMMUNICATION OF PERSONAL DATA
Without the need of an express consent (ex art. 6 lett. b), c) of the GDPR), the Data Controller may communicate the user’s data for the purposes referred to in point 4) to Supervisory Bodies, Judicial Authorities, as well as to those subjects to whom the communication is mandatory by law for the fulfilment of the aforementioned purposes. These parties will process the data as independent data controllers. The user data will not be disseminated.
8) TRANSFER OF PERSONAL DATA
With regard to the possible transfer of Data to countries outside the European Economic Area, the Data Controller announces that the processing will take place in one of the ways allowed by current law, such as the consent of the data subject, the adoption of Standard Clauses approved by the European Commission, the selection of subjects belonging to international programs for the free movement of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission. It is possible to have more information, on request, at the Data Controller at the contacts indicated below.
9) RIGHTS OF DATA SUBJECTS
As data subjects, the persons referred to in point 3) enjoy the rights referred to in Articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR. In detail:
Right of access
Right to rectification
Right to cancellation («right to be forgotten»)
Right to restriction of processing
Right to notification in case of rectification or deletion of personal data or restriction of processing
Right to data portability
Right to object
Rights relating to the automated decision-making process relating to individuals, including profiling
10) PROCEDURES FOR EXERCISING THE RIGHTS OF THE DATA SUBJECT
Who wishes it, among the subjects described in point 3), can at any time exercise their rights by sending:
- a registered letter a.r. addressed to the Data Controller, referred to in point 1)