Privacy Policy
This document describes the management methods of the website www.otiumrooftop.it (“Site”), with reference to the processing of personal data of Users (“User/Users”) who consult it.
This is information provided pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”) and national legislation on privacy and personal data protection applicable to all those who visit the Site.
The information is provided only for the Site and not for other websites that may be consulted by the User via links on the Site.
The User is informed that this website is owned by the company Otium srl
1. Data controller
The data controller is Otium Srl, with registered office in Turin, c.so Massimo d'Azeglio 60, Italy, in the person of the legal representative pro tempore, (“Data Controller”). Email: info@otiumrooftop.it
2. Type of data collected
2.1 Browsing data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols.
This information is not collected to be associated with identified subjects, but by its very nature could allow Users to be identified.
This includes, for example: (i) the IP addresses or domain names of the computers used by Users who connect to the Site, (ii) the URI (Uniform Resource Identifier) addresses of the requested resources, (iii) the time of the request, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numeric code indicating the status of the response given by the server (successful, error) and (vii) other parameters relating to the operating system and the User's IT environment.
2.2 Data provided voluntarily by the User
CONTACT FORM:
The Data Controller processes personal and identifying data (name, surname, address, email) hereinafter “personal data”. Users are free to provide their personal data to make requests for information. As regards the data, there is no automated decision-making process, nor a processing that involves profiling the User. If the User provides personal data of third-party Users, he/she must be sure that these subjects have been adequately informed and have given their consent.
2.3 Cookie
Technical Cookies are installed on the Site for the correct functioning of the Site and anonymized Google Analytics Cookies for [*]. Please read the relevant Cookie policy.
3. Purpose and legal basis of the processing
3.1 Browsing data
Browsing data may be used to generate anonymous statistics on the use of the Website, for the purposes of Site security and to check its correct functioning and may be used to ascertain responsibility in the event of any computer crimes. The legal basis for the processing of such data is the legitimate interest of the Owner and in the case of requests by the Judicial Authority, the legal obligation.
3.2 Data provided voluntarily by the User
CONTACT FORM:
The personal data entered in the contact form are processed exclusively to respond to the request for information, or to provide the service and to fulfill pre-contractual, contractual or tax obligations.
The User's personal data are also processed to fulfill obligations established by law, by a regulation, by community legislation or by an order of the Authority and to pursue a legitimate interest of the Owner or to exercise the rights of the Owner, for example the right of defense.
4. Categories of data recipients
Personal data may be communicated to third parties belonging to the following categories:
-
- freelancers, firms or companies in the context of assistance and consultancy relationships;
- entities that provide services for the management of the information system and telecommunications networks;
- web platform managers (management software such as MailUp for sending newsletters);
- competent authorities to fulfill legal obligations and/or provisions of public bodies, upon request.
The subjects belonging to the above categories perform the function of Data Controller pursuant to art. 28 GDPR. Personal data will be processed only by persons authorized by the Data Controller, pursuant to art. 29 GDPR, by virtue of their job description or corporate role.
5. Retention period
CONTACT FORM:
The data provided directly by the User are retained for the time strictly necessary to process the requests and to achieve the purposes of the processing, after which they will be retained only in compliance with the legal obligations in force in the matter, for administrative purposes and/or to assert or defend one's own right.
6. Security measures
Personal data are collected electronically, recorded in digital format, through the use of organizational and technical security measures aimed at guaranteeing the protection of confidentiality and avoiding the risks of loss or destruction, unauthorized access, processing not permitted or not compliant with the purposes indicated above.
7. Data transfer outside the EU
The personal data provided will not be transferred abroad to non-EU countries or to an international organization. The management and storage of data takes place on servers located in the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move to non-EU countries.
In that case, the transfer of data outside the EU will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.
8. Minors
This Site is not intended for use by minors and no data of minors is knowingly collected or processed. In accordance with applicable laws, the person exercising parental responsibility must provide consent to the collection of personal data of the minor. In the event that the data of minors are inadvertently processed, the Data Controller will delete them promptly, upon written request of the person exercising parental responsibility.
9. Rights of the interested party
The User may assert his/her rights as expressed in articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679 by contacting the Data Controller by writing an email to the address info@otiumrooftop.it or by sending a registered letter with return receipt to Otium Srl, c.so Massimo d'Azeglio 60, 10126 Turin, Italy.
The User has the right, at any time, to ask the Data Controller for access to his/her personal data, rectification, erasure of the same, limitation of processing. Furthermore, in the cases provided for, he/she has the right to object, at any time, to the processing of data (including automated processing, e.g. profiling), as well as to revoke the consent given without prejudice to the lawfulness of the processing based on the consent previously given. The User has the right to lodge a complaint with the Guarantor for the protection of personal data (www.garanteprivacy.it) and/or to another competent Supervisory Authority pursuant to the Regulation. The User has the right to the portability of his/her data and in this case the Data Controller will provide the personal data concerning the User in a structured, commonly used and machine-readable format.
10. Changes to the privacy policy
The Owner reserves the right to modify and update this information. Any updates will be published on this page. If the changes to the Information are significant and specific consent is required by law, the Owner may send a communication via email to the User.
Updated: March 31, 2023