The purpose of this section of the website is to outline the policies of San Servolo srl, pursuant to Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, with respect to the processing of data collected while browsing the website.
Following the consulting of this site, data relating to identified or identifiable persons may be processed.
The Data Controller of this data is San Servolo srl, based in San Servolo Island No. 1 – 30124 Venice, phone number +39 041 2765001 -
DATA PROTECTION OFFICER CONTACT DETAILS
The Data Controller, in compliance with Art. 37 GDPR, has designated a Data Protection Officer (DPO). Contact details of DPO are: Ivano Pecis – I&P Partners S.r.l.
TYPE OF PROCESSED DATA
Data provided voluntarily by the user
Personal data provided by users is used for the sole purpose of performing the requested service and is disclosed to third parties only if this is necessary for that purpose. Therefore, personal data is processed to fulfil contractual obligations and/or a legal obligation to which the Data Controller is subject.
If the processing is based on the consent of the data subject, this may be expressed in the procedures indicated from time to time. Consent can always be withdrawn at any time by contacting the Data Controller via the aforementioned contact details. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
During their normal operation, the computer systems and software procedures used to operate the website acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols.
Such information is not collected in order to be associated with identified data subjects. Nonetheless, due to their own nature, they could allow to identify users through processing and association with data held by third parties.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the server response status (success, error etc.), and other parameters relating to the user's operating system and IT environment.
OPTIONAL NATURE OF DATA PROVISION AND CONSEQUENCES OF ANY REFUSAL
Apart from what is specified for browsing data or what will eventually be indicated regarding particular processing of the various services offered on the website, the user is free to provide the personal data contained in the request forms.
Failure to provide personal data may result in the non-provision of what requested (e.g. dispatch of informative material).
In order to ensure proper management of the practices and services requested, the user shall notify the Data Controller of any changes in the processed data, without prejudice to the right to rectification.
PROCESSING METHODS AND STORAGE PERIOD OF PERSONAL DATA
Data is processed by paper media or computer procedures performed by specifically authorized internal personnel. Such personnel may access your personal data to the extent that it is necessary to perform data processing affecting you. All your data, including special category data, is subject to appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
In addition, to ensure the security and confidentiality of the provided information, personal data shall be processed in a manner that guarantees adequate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures.
San Servolo srl periodically verifies the instruments used to process your data and the security measures that apply to it, which are updated constantly; through authorized processors, it verifies that personal data is not collected, processed, stored or retained where the data processing in question is not necessary or whose purposes are met; it verifies that data is stored with guaranteed integrity and authenticity and is used for the purposes of the processing actually performed.
San Servolo srl periodically verifies special category data (personal data revealing health status, ethnic origin, political opinions etc.), allowing it to assess its strict relevance, non-excess and essentiality with respect to the relation, service or assignment in progress or terminated, with regard to the provided data.
San Servolo srl guarantees that, even after verification, the data that is excessive or irrelevant or not essential will not be used, without prejudice, in accordance with the law, to the possible storage of the deed or document that contains them.
RECIPIENTS OR CATEGORIES OF RECIPIENTS
Data processing related to the services provided through browsing on this website takes place at the registered office of the Data Controller and may be disclosed to other recipients to fulfill applicable legal obligations, if necessary.
Your data may also be processed by authorized personnel who is also entrusted with the management of the services requested by the user. The data related to the browsing of the website will be exclusively processed by technical personnel, authorized and instructed by the Data Controller, or by third parties occasionally entrusted with maintenance activities. The companies in charge of the management and maintenance of information systems that, for technical reasons only, can access the data processed on this website are appointed as Data Processors; communication of the identity of these providers can be requested at any time to the Data Controller.
RIGHTS OF THE DATA SUBJECT
As Data Subject, you may at any time exercise the right of access (art. 15 GDPR), the right to rectification (art. 16 GDPR), the right to erasure (art. 17 GDPR), the right to restriction of processing (art. 18 GDPR), the right to data portability (art. 20) and the right to object (art. 21 GDPR) according to the procedures indicated in the same articles, to which reference is explicitly made.
In order to exercise the aforementioned rights, and for any further information and communication regarding personal data, the Data Subject may contact the Data Controller through the means indicated above.
RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the Regulation (EU) 2016/679.