1. Scope of the European Regulation 2016/679 of the European Parliament and of the Council

The Regulation applies "to the processing of personal data carried out as part of the activities of an establishment by a controller or a controller within the Union, regardless of whether the processing is carried out in the Union or not" and "to the processing of personal data of data subjects located in the Union, carried out by a controller or a controller who is not established in the Union, when the activities relate to: (a) the supply of goods or the provision of services to the aforementioned interested parties in the Union, irrespective of the obligation of a payment by an person concerned ; or (b) monitoring their behavior to the extent that such behavior takes place within the Union ".

 

2. Why a Privacy Policy?

The information provided below describes, the processing operations performed on the personal data of the users visiting the website.

This Customer Privacy Notice is given according to the Chapter III of EU Regulation 679/2016 to those who interact with the web services offered by L'Oca Nera Srl from the home page https://locanera.it of the L'Oca Nera Srl Internet site.
The information provided does not concern other online websites and pages or services that can be accessed via links on the AL.PI. Srl website.
The information is also inspired by the Recommendation n. 2/2001 that the European authorities for the protection of Personal Data, gathered in the Group established by art. 29 of the directive n. 95/46/EC, adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that the data controllers must provide to the users when they connect to web pages, regardless of the purpose of the link.
The Recommendation and a summary description of its purposes are reported on the website of the “Garante della Protezione dei Dati Personali” http://www.garanteprivacy.it also in English language.

 

3. Data Controller

Visiting the website stated above may result into processing data relating to identified or identifiable natural persons.
The data controller is
L'Oca Nera Srl
Via U.Foscolo, 7
62010 Montecassiano (Mc)
Partita IVA 01094670435
Contacts Phone 0733290050 Email mail@locanera.it

 

4. Place of data processing

The treatments connected to the web services of this site take place at the AL.PI. Srl structure or at third-party hosting companies commissioned by AL.PI. Srl and are only handled by technical staff in charge of processing, or by persons in charge of occasional maintenance operations.
No data deriving from the web service is communicated or disclosed to third parties except for legal obligations or contractual obligations.

 

5. Types of data processed

Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user's computer environment.
These data are used for the only purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, the data on web contacts do not persist for more than seven days (see Cookies Policy at the following link).

Data provided by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
Specific information pursuant to Chapter III of Regulation (EU) 2016/679 with any request for consent to the processing will be reported or linked via links on the pages of the site prepared for the acquisition of personal data.

 

6. Cookies

When you visit this website, cookies will be saved on your PC.
Cookies are small text files that the website records on its computer or mobile device, for technical purposes (such as the management of navigation within the site) or for statistical purposes (to know, for example, the number of people who have visited the various sections of the website or the hours with the greatest number of visitors).
This information is useful to improve navigation on our site.
We do not use cookies to transmit information of a personal nature, nor are persistent cookies used, or systems for tracking users, of any kind. The use of session or technical cookies (which are not stored permanently on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary for allow safe and efficient exploration of the site.
Session cookies or technical cookies used on this site avoid the use of other technologies that could compromise the privacy of users' browsing and do not allow the acquisition of personal identification data.
Pursuant to the provision of the Garante della Protezione dei dati personali "Identification of simplified procedures for the disclosure and acquisition of consent for the use of cookies - May 8, 2014 (Published in Italian Official Gazette No. 126 of June 3, 2014) the use of technical cookies are allowed without prior consent from the User.

Google Analytics (Google Inc.)
The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.
Google Analytics is a web analytics service provided by Google Inc. ("Google"). Google uses Personal Information collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data to contextualise and personalize the advertisements of its advertising network.

Personal Data collected: Cookies and Usage Data.

Place of processing: United States - Privacy Policy - Opt Out. Subject to the Privacy Shield.

Google itself has released a plugin, compatible with the major browsers (Chrome, Firefox and Internet Explorer), which disables the ga.js code, which is the web tag system of Google products that allows you to monitor sites, measure online activities users so that the owners of the websites can have more information on the visibility of their pages and be able to optimize the content in an optimal manner.
The add-on and further information can be found at https://tools.google.com/dlpage/gaoptout?hl=it .

 

7. Optional nature of the provision of data

Apart from that specified for navigation data, the user is free to provide personal data contained in the various modules on the site according to the indications in the relevant information ex Chapter III of Regulation (EU) 2016/679.
Failure to provide the data indicated as mandatory implies the impossibility on the part of the User to participate in the initiative.
For completeness it should be noted that in some cases (not subject to the ordinary management of this site) the Authority for the protection of personal data can request news and information pursuant to Art. 157 of Legislative Decree 196/2003, for the purpose of monitoring the processing of personal data. In these cases the answer is mandatory under penalty of administrative sanction.

 

8. Methods of processing

Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected.
Specific security measures have been implemented to prevent data loss, illicit or incorrect use and unauthorized access.

 

9. Rights of Data Subjects

One of the fundamental rights of the person concerned guaranteed by the European Regulation 679/2016 is certainly the right of access that is regulated by the Art. 15 where it is established that the person concerned has the right to obtain from the data controller confirmation that it is or is not undergoing treatment of personal data concerning him and, if this treatment is being processed, access to the data and the following information:

a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
(d) where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
e) the existence of the right of the data subject to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
f) the right to lodge a complaint with a supervisory authority;
g) if the data are not collected from the data subject, all information available on their origin;
h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
The data controller must provide the data subject with regard to the action taken regarding a request for access, pursuant to Articles 15 to 20, without undue delay and no later than one month after receipt of the request. This deadline may be extended for up to a further two months, if necessary, taking into account the complexity of the request and the number of requests.

If the extension is applied, the person concerned is informed of the reasons for the delay within one month of receiving the request. If the person concerned submits the request in electronic format, the information is provided, where possible, in electronic format, unless otherwise indicated by the person concerned .

Other rights of the person concerned are:
the right of rectification for which the person concerned has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.
The person concerned , however, has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:
a) the person concerned disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
b) the processing is illegal and the person concerned opposes the cancellation of personal data and asks instead that its use is limited;
c) although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court;
d) the person concerned has opposed the treatment pursuant to Article 21 (1), pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the person concerned .

If the processing is limited, personal data are treated, except for storage, only with the consent of the person concerned or for the assessment, exercise or defense of a right in court or to protect the rights of an other natural or legal person or for reasons of significant public interest of the Union or of a Member State. With the recognition of the right to cancel and to be forgotten, the person concerned must have the right to request that their personal data that are no longer necessary for the purposes for which they were collected or otherwise processed are deleted and no longer processed. , when you have withdrawn your consent or have opposed the processing of your personal data or when the processing of your personal data is not otherwise compliant with the Rules.
This right is particularly relevant if the data subject gave consent when he was minor, and therefore not fully aware of the risks deriving from the treatment, and subsequently wants to delete this type of personal data, in particular from the Internet.

Finally, the Art. 20 of the Regulation introduces a new right compared to the previous legislation, namely the right to data portability for which the data subject has the right to receive personal data concerning him provided in a structured format to a data controller and has the right to transmit such data to another data controller without impediments by the data controller to whom he / she has provided them if:a) the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) or on a contract within the meaning of Article 6 (1) b).
b) processing is carried out by automated means.

Requests must be sent to the Data Controller at the contact numbers indicated above.

Document updated to 27/05/2019