Information on the processing of data of visitors who consult our site
Following your visits on our website, and after filling out forms, preliminary contacts and/or possible business relationships, our company will collect and process some of your personal data.
For this reason, in this document we intend to provide you with a series of information on how we collect and process your data, in accordance with the provisions of art. 13 of the European Regulation 2016/679 (hereinafter GDPR).
1. Who is the data controller?
The data controller is Music Center S.r.l., (C.F. 02608340226 and P. Iva 02608340226) based in Trento (TN), Via dell'Ora del Garda 19, telephone number 04610968000, email address firstname.lastname@example.org and pec email@example.com.
2. What are the purposes of the treatment and what are its legal bases?
The purposes for which your personal data are collected and processed are multiple and specifically:
a) Contractual purpose (the data are processed to allow the visualization of the website pages and to allow the fruition of the services offered by the site itself, to manage the activities consequent to the compilation of the forms present in the various sections of our site, to satisfy your requests/questions, to manage the commercial relationships). Legal basis of the processing: the execution of a contract of which you are part and of the services you have requested.
b) Purposes of statistical analysis (the data are processed for web analysis activities, verification of the number of visitors, monitoring the progress of relations with site users). Legal basis of processing: data controller’s legitimate interest to manage the site, to maintain proper functioning of the site and to protect their rights.
c) General marketing purposes and sending newsletters (the data are processed to send by e-mail or SMS, telephone or similar means - including automated contact methods - promotional and commercial communications relating to services/products similar to those you have already used offered by the data controller and / or new services offered by the data controller, reporting of corporate events conferences, workshops, training courses, webinars or whitepapers, subscription and forwarding newsletters only in case of express request). Legal basis of the processing: data controller’s legitimate interest pursuant to art. 6, par. 1, letter F) of the GDPR and consent.
d) Purposes of profiling (personal data are processed to perform analysis of your preferences, habits, behaviors, interests, drawn from online clicks on articles/sections of the site or from responses to specific requests and/or input from the data controller, in order to send personalized commercial communications, carry out targeted promotional actions, business intelligence). The processing of your personal data for profiling purposes will take place, in case of consent, with data processing tools that, as a result of cross, will create a commercial and behavioral profile of you on the web. This processing tool relates the data collected during navigation on the site and those collected through the appropriate forms, these data and / or information, moreover, will be associated with any and / or additional data and / or information already in our possession following your accession to our services. Legal basis of the treatment: explicit and informed consent, optional and revocable at any time.
It is clarified that the data controller does not use exclusively automated processes aimed at profiling.
e) Legal obligations (data are processed for the fulfillment of obligations under regulations and national and supranational legislation). Legal basis of processing: fulfillment of a legal obligation to which the data controller is subject.
f) Exercise of the holder's rights (the data are processed if necessary to ascertain, exercise or defend the holder's rights in court). Legal basis of processing: data controller’s legitimate interest.
3. How long will your personal data be stored?
The data retention period depends on the specific purpose for which they are collected and processed, and in particular:
a) Contractual purposes, statistical purposes, legal obligations: for the entire duration of the contract and, after termination, for 10 years.
b) Purposes of generic marketing and sending newsletters: until the exercise of the right of opposition exercisable by contacting the data controller directly at firstname.lastname@example.org; in case of no opposition, for 24 months.
c) Profiling purposes: until the revocation of consent exercisable by contacting the data controller directly at email@example.com; in case of no opposition, for 12 months.
d) Data controller’s right: in case of judicial dispute, for as long as it lasts, until the expiration of the terms for appealing.
Once the above mentioned retention periods have expired, your personal data will be deleted and destroyed or made anonymous.
4. What are the methods of the treatment of personal data?
The processing of data will be done in accordance with the principle of minimization, necessity and proportionality, and always in a manner appropriate to ensure the security and confidentiality, avoiding the processing if the operations can be achieved through the use of anonymous data or by other procedures.
The processing may be carried out on paper or by means of electronic, automated, computer or manual tools and according to procedures in any case aimed at ensuring that the data are processed safely, are always intact and available, managed in accordance with the principles of the GDPR and for the sole purposes provided.
We have adopted specific security measures to prevent the loss of personal data, illicit or incorrect use and unauthorized access, but remember that it is essential, for the security of your data, that your device is equipped with tools such as antivirus, constantly updated, and that the provider who provides the internet connection, ensures the safe transmission of data through firewalls, spam filters and similar measures.
5. Who is processing your data and where?
The data are processed within the data controller’s organization, in its headquarters and for the purposes indicated above, by staff, employees and collaborators, authorized and / or appointed as external managers of the treatment by the data controller itself and never by third parties. The data are not subject to diffusion.
The data may be communicated and processed by companies and consultants of the data controller - and / or their agents - for the design and / or maintenance of the technological part of the site and for the performance of instrumental activities, support or functional execution of contracts or services requested by you. In any case, these subjects will treat and communicate to other third parties the data as autonomous "data controllers" or “data processor" (ex art. 28 GDPR) according to the directives of the data controller, including security, for the purposes indicated above.
6. Is the data transferred to a non-EU country?
Personal data may be transferred outside the national territory to countries within the European Union, but could also be transferred outside the European Union. With reference to transfers outside the territory of the European Union to countries not considered adequate by the European Commission, we inform you that our company takes all appropriate security measures to protect your personal data. Consequently, any transfer of such data to non-EU countries will take place in compliance with the appropriate and suitable safeguards for the purposes of the transfer itself, such as the standard data protection contractual clauses, in accordance with the applicable legislation and in particular Articles 45, 46, 47 and 49 of the GDPR and only for the purposes indicated in this policy.
7. What types of data are processed?
The data collected and processed are distinguished in:
Navigation data: during normal operation, the computer systems and software procedures used to operate this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or the domain names of the computers used by users who connect to the site, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user's operating system and computer environment.
These data are necessary for the use of the web service and are also processed in order to
- obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);
- checking the correct functioning of the services offered.
Navigation data are cancelled immediately after processing (except for possible use for any need to ascertain crimes or responsibilities by the judicial authorities).
Data communicated by the user: the optional, explicit and voluntary sending of electronic mail to the addresses indicated on the site, private messages sent by users to institutional profiles/pages on social media, as well as the completion and submission of forms on the site, answers to specific questions on uses, habits, interests, preferences and other personal information shared, entail the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data communicated by the user.
Cookies: cookies are information (small text files) that websites transmit to the device you are using (PC, smartphone, tablet, etc.). This information makes it possible to carry out navigation, perform computer authentication, collect information on the number of visitors and how the site is used, and monitor users.
Depending on the specific purposes, different categories of data will be processed:
- for contractual purposes, legal obligations, exercising the holder's rights, navigation data and data communicated by the user are collected and processed;
- for the purposes of statistical analysis, navigation data are processed;
- for the purposes of generic marketing and sending newsletters, navigation data and the data provided by the user are collected and processed;
- for profiling purposes, the data provided by the user are collected and processed.
8. Are you obliged to provide your personal data?
Providing your personal data is optional only for data processing related to the purposes set out in point 2. b), c) d). For the purposes referred to in point 2. a), e), f), on the other hand, it is compulsory.
Some personal data are strictly necessary for the operation of the site, others are used only to obtain anonymous statistical information on the use of the site and to check its correct operation. Navigation data are acquired automatically by the owner and are also necessary to fulfil the contractual purpose.
With regard to the data communicated by the user in the site's request forms and subsequently acquired also as a result of queries or inputs from the owner, on the other hand, you are free to choose whether or not to provide them and failure to do so may only make it impossible to be contacted or to obtain what you have requested.
Refusal to provide data or complete opposition to their processing for the purposes indicated in point 2.a), e), f) may make it impossible to satisfy certain requests/questions and to manage future and possible business relations.
On the other hand, refusal to allow the use of the data for the purposes indicated in points 2. b), c) d), will have no effect on existing commercial relations with you.
- as far as generic marketing activities are concerned (including the sending of the newsletter), in case of conferment you can decide at any time to stop receiving the relative communications by contacting the data controller directly at firstname.lastname@example.org.
- The provision of personal and contact data for profiling purposes is optional and subject to your explicit consent. If you do not give your consent, you can decide at any time to stop receiving communications relating to profiling activities by contacting the data controller directly at email@example.com.
9. What are your rights?
By contacting the data controller at firstname.lastname@example.org you can exercise the rights specifically provided for by art. 15 to art. 22 of EU Regulation 679/2016, and this in order to:
- ask for confirmation that your data is or is not being processed and possibly obtain access to it;
- request their rectification and/or integration, cancellation or restriction of their processing in the cases provided for by art. 18 GDPR;
- oppose their processing;
- ask for their portability;
- to lodge a complaint with a Supervisory Authority;
- obtain all available information on the origin and categories of data, if you did not provide them to the controller;
- obtain information on the existence of an automated decision-making process, including profiling, and, at least in such cases, meaningful information on the logic used, as well as the importance and expected consequences of such processing;
- not be subjected to a decision based solely on automated processing, including profiling.
In cases where the legal basis of the processing is consent or contract and is carried out by automated means, you have the right to request the portability of your data and to receive them in a structured, commonly used and machine-readable format, as well as, if technically feasible, to transmit them to another controller without hindrance.
In addition, you have the right to withdraw your consent at any time if given for marketing and/or profiling purposes, as well as to object to the processing of your data, including in the event of the exercise of a public interest or legitimate interest of the data controller.
In such cases, the data controller will refrain from processing, except for legitimate reasons overriding your interests, rights and freedoms, or for ascertaining, exercising or defending a right in court.
You have the right to lodge a complaint with the competent supervisory authority in the Member State in which you normally reside or work or in the State in which the alleged infringement took place pursuant to Article 77 of the Regulation itself, or to bring an action before the appropriate courts (Article 79 of the Regulation).