Privacy Policy

This information is provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter “GDPR”) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (“Privacy Code”), to all those who interact with the website www.parcodelleserre.it (hereinafter also the “Site”) and describes how it processes the personal data of users who consult it or use the services offered therein.

This information is provided only for this Site and not also for other websites that may be consulted by the user through links.

1. Data controller

The Data Controller isEnte Parco Naturale Regionale delle Serre, with registered office at Via Santa Rosellina 2, 89822 Serra San Bruno (VV).

Holder’s Contact Information:

  • Address: Via Santa Rosellina 2, 89822 Serra San Bruno (VV)
  • PEC: [email protected]
  • Phone: 0963 772825
  • Tax Code: [to be inserted]

2. Data Protection Officer (DPO/RPD).

The Data Controller has designated, pursuant to Article 37 of the GDPR, the Data Protection Officer in the person of Dr. Francesco Maria Pititto, who can be contacted for any questions concerning the processing of personal data and the exercise of the rights recognized by the GDPR at the contact details of the Data Controller indicated above.

3. Types of data processed

The Owner processes the following categories of personal data provided by users or automatically collected during browsing:

3.1 Navigation data

The computer systems and software procedures used to operate the Site acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct operation, as well as to ascertain liability in the event of hypothetical computer crimes against the Site or third parties.

3.2 Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mail messages to the addresses indicated on the Site, as well as the completion of the forms present (contact form and newsletter subscription), entail the subsequent acquisition of the sender’s contact data, necessary to respond to requests, as well as all personal data included in the communications.

In particular, the following are covered:

  • Contact form: first name, last name, e-mail address, subject and message content.
  • Newsletter subscription: e-mail address.

3.3 Cookies and tracking technologies

The Site uses technical cookies and, subject to user consent, profiling and/or third-party cookies. For detailed information, please refer to the Cookie Policy available at: https://parcodelleserre.it/cookie-policy-eu/

4. Purpose and legal basis for processing

Users’ personal data are processed for the following purposes:

  • (a) To enable navigation of the Site and ensure its proper functioning. Legal basis: legitimate interest of the Controller (Art. 6(1)(f GDPR) and performance of a public interest task (Art. 6(1)(e GDPR).
  • (b) Respond to inquiries sent through the contact form or by e-mail. Legal basis: execution of pre-contractual or contractual measures taken at the request of the data subject (art. 6, par. 1, lett. b GDPR) and/or execution of a task of public interest related to the institutional functions of the Controller (art. 6, par. 1, lett. e GDPR).
  • (c) Sending the newsletter with updates on events, initiatives and activities of the Park. Legal basis: consent of the data subject (Art. 6(1)(a) GDPR), freely given at the time of registration and revocable at any time.
  • (d) Anonymous statistical analysis using Google Analytics. Legal basis: consent of the data subject (Art. 6, para. 1, lett. a GDPR) given via the appropriate cookie banner.
  • (e) Fulfilling obligations under laws, regulations or EU regulations. Legal basis: legal obligation (art. 6, par. 1, lett. c GDPR).

5. Methods of processing

The processing of personal data is carried out by means of manual, computerized and telematic tools, with logic strictly related to the stated purposes and, in any case, in such a way as to ensure the security and confidentiality of the data, in compliance with the appropriate technical and organizational measures provided for in Articles 25 and 32 of the GDPR.

Specific security measures are observed to prevent data loss, illegal or incorrect use, and unauthorized access.

6. Google Analytics

The Site uses Google Analytics, a web analytics service provided by Google Ireland Limited (“Google”), in order to collect information about users’ use of the Site in aggregate and anonymous form (pages visited, time spent, geographic origin, etc.).

Google Analytics uses cookies installed on the user’s device. The information collected is transmitted and stored on Google’s servers. The Owner has taken measures to anonymize the user’s IP address (IP masking), where technically possible.

For more information, please refer to Google’s privacy policy available at: https://policies.google.com/privacy. You can turn off Google Analytics by installing the opt-out add-on provided by Google on your browser: https://tools.google.com/dlpage/gaoptout.

7. Recipients of the data

Personal data collected may be disclosed to:

  • Authorized personnel of the Park Authority, specially instructed and trained in the processing of personal data;
  • External parties performing outsourced activities on behalf of the Data Controller, appointed as Data Processors in accordance with Article 28 GDPR (by way of example: hosting service provider, Site maintenance service provider, newsletter service provider, Google Ireland Limited for the Analytics service);
  • Public authorities, judicial or supervisory bodies, where required by legal obligations or binding orders.

Personal data are not subject to dissemination, except in cases provided for by specific regulatory obligations (e.g., publications in the Transparent Administration section or in the Public Register, according to the provisions of Legislative Decree 33/2013).

8. Transfer of data to third countries

Some of the data collected may be processed by service providers based in countries outside the EEA (in particular Google, for the Analytics service). In this case, the transfer is made exclusively to entities that guarantee an adequate level of data protection, in accordance with Articles 44 et seq. of the GDPR, through the adoption of Standard Contractual Clauses approved by the European Commission or other instruments provided for by applicable legislation.

9. Period of data retention

Personal data are kept for the time strictly necessary to achieve the purposes for which they were collected and, in any case, in compliance with the terms of the law and regulations. In particular:

  • Browsing data: retained for a period not exceeding 7 days, barring any investigation of computer crimes against the Site.
  • Data provided via contact form: kept for the time necessary to process the request and for the next 24 months, unless otherwise required by legal obligations.
  • Data provided for newsletter subscription: retained until consent is revoked by the data subject (unsubscribing from the newsletter).
  • Data collected through cookies and Google Analytics: stored according to the terms stated in the Cookie Policy.

10. Rights of the data subject

In relation to the personal data processed, the data subject has the right to exercise, at any time, the rights provided for in Articles 15-22 of the GDPR, and in particular:

  • Right of access (Art. 15): to obtain confirmation of the existence or non-existence of personal data concerning him/her and, if so, access to the same.
  • Right of rectification (Art. 16): to obtain correction of inaccurate data or supplementation of incomplete data.
  • Right to deletion (Art. 17): obtain the deletion of personal data, in the cases provided for by the GDPR.
  • Right to limitation of processing (Art. 18): obtain the limitation of processing, in the cases provided for.
  • Right to portability (Art. 20): receive personal data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): object to the processing of data on grounds related to one’s particular situation.
  • Right to revoke consent: revoke the consent given at any time, without affecting the lawfulness of the processing carried out before revocation.

To exercise the rights listed above, the data subject may contact the Data Controller or the Data Protection Officer using the contacts listed in 1 and 2.

The data subject is also granted the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) if he or she believes that the processing of his or her personal data is in violation of the GDPR or applicable law (Art. 77 GDPR).

11. Compulsoriness of contribution

The provision of personal data is optional. However, failure to provide the data marked as obligatory in the forms on the Site will result in the impossibility of receiving a response to the requests submitted or taking advantage of the services offered (e.g., newsletter subscription).

12. Automated decision-making processes

The Controller does not carry out any automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR.

13. Minors

The Site is not intended for individuals under the age of 16. The Owner does not knowingly collect personal data from minors. If it is determined that data of a minor has been processed in the absence of valid consent given by the person exercising parental responsibility, the Owner will delete such data as soon as possible.

14. Amendments to this policy

The Owner reserves the right to amend, update, supplement or delete portions of this policy at its discretion and at any time, including as a result of changes in applicable law. Changes will be posted on the Site and will become effective from the date of their publication. Users are therefore encouraged to consult this page periodically.