Pursuant to and for the purposes of Articles 13 and 14 of EU Regulation 2016/679 (General Regulation on Data Protection), the implementing provisions of Legislative Decree no. 196 of June 30th 2003, as amended and supplemented by Legislative Decree no. 101 of August 10th 2018, and the RDG no. 466 of 07/17/2018, we inform you about the methods of personal data processing of the users who interact with the campania>artecard website www.campaniartecard.it owned by Scabec SpA (hereinafter referred to as site), and about the users rights and how they can exercise them.
This information does not concern other websites, pages or online services, even if related to the regional administration, which can be reached through hypertext links that may be published on the portal but refer to outside resources.
1. DATA CONTROLLER
Following a consultation of the portal, data relating to identified or identifiable natural persons may be processed. The Data Controller is Scabec SpA, with registered office in via Generale Giordano Orsini 30 – 80132 – Napoli.
Your data will be processed according to the principles of lawfulness, fairness, transparency, security and confidentiality. The processing will be carried out mainly in non-automated form, in compliance with the provisions of art. 32 of EU Regulation 2016/679, by specially appointed persons and in compliance with the provisions of art. 29 of EU Regulation 2016/679.
2. DATA PROTECTION OFFICER
Scabec SpA appointed a Data Protection Officer: Gianfranco Imer. Contact person details: tel. 0815624561 – e-mail: [email protected]
3. LAWFUL BASIS FOR DATA PROCESSING
Personal data are processed by Scabec SpA in the performance of its tasks of public interest or otherwise related to the exercise of its public authority, including the management and protection of cultural heritage and the related communication activities.
The personal data you provide are processed only for purposes strictly related and necessary to the use of the Site and any services requested, such as, but not limited to, subscription to the newsletter or Scabec SpA mailing list, or to respond to information you require.
Whether the controller intends to further process personal data for a purpose other than that for which they were collected, before such further processing, he must provide the person concerned with information about such different purpose and any other relevant information.
4. TYPES OF DATA PROCESSED AND PURPOSES OF PROCESSING
The computer systems and software procedures used to operate the regional portal acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters relating to the operating system and computer environment. These data are used only to obtain anonymous statistical information on the use of the portal and to check its proper functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the portal.
Data provided by the user
The optional, explicit and voluntary sending of messages to the contact addresses of the Campania Region on the portal, private messages sent by users to institutional profiles/pages on social media (where this possibility is provided), as well as the completing and forwarding of forms on the regional portal, involve the acquisition of contact information of the sender.
Specific information will be published on the dedicated pages of the regional portal for the provision of certain services.
This website uses technical cookies, with which, in compliance with the art. 122 of the Personal Data Protection Code and the legal measure by the Authority of 05/08/2014, no consent by the user is required.
No cookie is used for user profiling, neither are other methods of data tracking.
We also use third party cookies to profile users, in the process of providing content, including advertising relevant to your interests, to assess the effectiveness of their ads and to perform services on behalf of Artecard.
5. PLACE, MODALITY AND RECIPIENTS OF THE PROCESSING
Personal data are processed at the headquarters of the Owner or Managers with automated tools for the time strictly necessary to achieve the purposes for which they were collected, in compliance with the rules of confidentiality and security provided by current legislation.
Specific technical and organizational security measures are adopted to protect the information from alteration, destruction, loss, theft or improper or unlawful use. Processing related to the services of the web portal are only handled by technical personnel authorized and trained in the treatment, or by the managers appointed by the owner pursuant to art. 28 of the Regulation.
No data deriving from the web services of the portal is disseminated. The personal data provided by users are used only for the purposes described in paragraph 3 and are eventually disclosed to other staff authorized or to other subjects, public and private, only where this is required by law or strictly necessary to provide the information requested by you.
6. PERIOD OF DATA RETENTION
In accordance with the principles of lawfulness, purpose limitation and data minimisation, pursuant to art. 5 of EU Regulation 2016/679, personal data will be stored within the terms provided for by current legislation(for example, in the case of navigation data).
In case of subscription to the newsletter and / or mailing list, the data will be processed until any request for cancellation by the user. In the event of the provision of services deriving from the conclusion of a contract with Scabec SpA, the data may be processed for the entire duration of the contract and for the ten years following its conclusion.
This is without prejudice to cases in which questions relating to the activities of the Office may be raised in court, in which case the personal data of the interested party, exclusively those necessary for such purposes, will be processed for the time necessary to pursue them.
7. RIGHTS OF THE INTERESTED PARTIES
We inform you that you may exercise, under current legislation, the following rights: you have the right to obtain, from the Data Controller, confirmation of the existence of a processing of personal data relating to your data and to obtain access to such data. In any case, you have the right to receive a copy of the personal data being processed.
For data processed with automated systems, you have the right to ask the communication of your data and / or transfer to another owner; to ask and obtain the integration, updating and rectification of your personal data if you believe they are inaccurate or incomplete; to ask and obtain the erasure – and/or the limitation of the treatment – of your personal data if it is unnecessary – or no more necessary – data and information for the aforementioned purposes, then after the retention period indicated in the preceding paragraph.
In particular, the following rights are recognized: “Right of access” – ex art. 15; “Right to rectification” – ex art. 16; “Right to erasure (‘Right to be forgotten’)” – ex art. 17; “Right to restriction of processing” – ex art. 18; “Right to data portability” – ex art. 20, under the EU Regulation 2016/679, within the limits and conditions provided by art. 12 of the Regulation itself. These requests could be addressed to the Scabec SpA DPO. We inform you that in accordance with current legislation, you can propose any complaints about the processing of your personal data to the Supervisory Authority for the protection of personal data.