Information note pursuant to art. 13 of EU Regulation 2016/679 (GDPR).

In application of European Regulation no. 679 of 2016 (GDPR) of Legislative Decree no. 196 of 2003 relating to the protection of personal data, we inform you that the Data Controller is Mariangela Toti, hereinafter referred to as "the Controller").

Personal data are processed in full compliance with EU Regulation 679/2016 (GDPR) and Legislative Decree 196/2003 and subsequent amendments.

The data provided by you (hereinafter referred to as "the Interested Party") will be used for the sole purpose of following up on your requests and may be communicated to third parties only if this is necessary for this purpose, or with your explicit consent.

The data will be processed by personnel appointed by the Data Controller with procedures, technical and IT tools suitable for protecting the confidentiality and security of the Interested Party's data and consists of their collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation, destruction of the same including the combination of two or more of the aforementioned activities.

The data will be retained for the time strictly necessary to provide the interested party with the requested services and will in any case be deleted following a request from the interested party, without prejudice to further conservation obligations provided by law.

The interested party's data will not be disseminated.

Within the scope of its activity and for the purposes indicated above, the Data Controller may avail itself of services provided by third parties who operate on behalf of the Data Controller and according to its instructions, as data controllers.

These are suppliers, commercial and production partners, intermediaries, technical consultants and other similar subjects who collaborate with our organization to fulfill the contractual commitments undertaken with you; subjects who provide a service strictly and necessarily connected to the activity of the Data Controller such as tax consultants, banks, freight forwarders, insurance companies, public and private bodies, also in relation to inspections or audits; subjects who can access the data pursuant to legal provisions.

The data may also be communicated to all those subjects authorized by law to collect them (e.g. provincial health services companies, financial administration, etc.).

The interested party may request a complete and updated list of the subjects appointed as data controllers by contacting the contact indicated below.

Rights of the interested party

Right of access (art. 15 GDPR). Right of the interested party to obtain access to their data and to lodge a complaint with the supervisory authority.

Right of rectification (art. 16 GDPR). Right of the interested party to obtain from the Data Controller the rectification of inaccurate personal data concerning them.

Right to erasure (right to be forgotten) (art. 17 GDPR). The Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay.

Right to restriction of processing (Article 18 of the GDPR). The Data Subject has the right to obtain restriction of processing.

Notification obligation (Article 19 of the GDPR). The Data Controller shall communicate to each of the recipients to whom the personal data have been transmitted any rectification or erasure or restriction of processing carried out pursuant to Articles 16; 17; 18.

Right to data portability (Article 20 of the GDPR). The Data Subject has the right to receive the personal data concerning him or her provided to the Data Controller and has the right to transmit such data to another data controller without hindrance from the Data Controller.

Right to object (Article 21 of the GDPR). Right of the interested party to object to the processing of his/her personal data.

Profiling (art. 22 GDPR). The interested party has the right not to be subjected to a decision based solely on automated processing, including profiling or which significantly affects him/her.

The Data Controller is: Mariangela Toti

Art. 7 - Right of access to personal data and other rights

1. The interested party has the right to obtain confirmation of the existence or otherwise of personal data concerning him/her, even if not yet recorded, and their communication in an intelligible form.

2. The interested party has the right to obtain the indication: a) of the origin of the personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) of the identification details of the owner, the managers and the designated representative pursuant to Article 5, paragraph 2; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or agents.

3. The interested party has the right to obtain: a) the updating, rectification or, when interested, integration of the data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data were communicated or disseminated, except in the case in which such fulfillment proves impossible or involves the use of means manifestly disproportionate to the right protected.

4. The interested party has the right to object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning him/her, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.

The Data Protection Officer is: Mariangela Toti

Owner and Controller of Personal Data

Pursuant to art. 28 of Legislative Decree 196/2003:

The Data Controller: Mariangela Toti

The Data Processor: Mariangela Toti

Registered Office: Alle Due Porte - Via Stalloreggi, 51 - 53100 Siena (Italy)

VAT Number: 01495900522

Email: alledueportesiena@gmail.com

Domain: http://www.sienatur.it

Links to other sites

The sites to which we redirect, including (but not limited to) secondary sites and third-party service providers, may have a different privacy policy than the one set out here.

We do not We are not responsible for the privacy policies of linked sites and therefore encourage you to learn about them.

Questions or concerns

If you believe that the Owner has not followed the above policy, please notify us by sending an email to alledueportesiena@gmail.com and we will do our best to identify and resolve any issues.

You can also write to us at: alledueportesiena@gmail.com

Changes to this online privacy policy

We may change this Privacy Statement from time to time to address changes in the law, business needs, or to meet the requirements of our visitors, guests, marketing partners and service providers. Updated versions will be posted on our site, along with the update dates, to inform you of the last update to the privacy policy.