We would like to inform you that the European Regulation 2016/679 (hereinafter GDPR) establishes rules concerning the protection of natural persons with regard to the processing of personal data, as well as rules regarding the free movement of such data aimed at protecting the fundamental rights and freedoms of natural persons, in particular the right to the protection of personal data. The free movement of personal data within the Union cannot be restricted or prohibited for reasons related to the protection of natural persons with regard to the processing of personal data. Please note that "personal data" means, according to the aforementioned GDPR, any information relating to you directly or indirectly as a Data Subject, with particular reference to an identifier such as a name, identification number, location data, online identifier, or one or more elements specific to your physical, physiological, genetic, mental, economic, cultural, or social identity. This document also describes how the website is managed in relation to the processing of personal data of users who access it and enter the reserved area. This notice is also provided pursuant to Articles 13–14 of the GDPR to those who interact with the web services of the Data Controller (see point 2 below), accessible online at:
www.consulre.it
This privacy policy applies only to the websites referring to the Data Controller and not to any other websites that may be visited by the User/Data Subject via links. Following the consultation of this site, data relating to identified or identifiable persons may be processed. This notice aims to:
identify some minimum requirements for collecting personal data online, particularly regarding the methods, timing, and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purposes of the connection;
provide the Data Subject, in a single document, all the information concerning the processing of their personal data carried out by the Data Controller, even when such data is collected directly from the Data Subject.
The data processing related to the web services of this site takes place both at the headquarters of the Data Controller and at the location identified by the website manager and is handled only by authorized personnel or those tasked with occasional maintenance operations. No data derived from the web service is disseminated. The personal data provided by users submitting requests for material or information regarding services are used only to fulfill such requests and may be disclosed to third parties only if necessary and instrumental to the fulfillment of said requests. The collection and processing of personal data will be carried out in compliance with the general principles of necessity, fairness, relevance, and non-excessiveness.
The identity and contact details of the Data Controller, also shown in the header, are as follows:
CONSUL RE S.a.s. di Lorena Carini & C. (hereinafter "Data Controller")
Address: Via Enzo Ferrari, 28/B - 60022 Castelfidardo (AN)
Email: info@consulre.it PEC: consulre@pec.it Phone: 071 78561
The Data Controller does not carry out activities requiring the mandatory designation of a Data Protection Officer.
operation of the website(s)
responding to inquiries and providing information requested directly by the Data Subject through the optional, explicit, and voluntary sending of emails to the addresses indicated on this site, and contacting the Data Subject regarding services provided by the Data Controller;
fulfilling the Data Subject’s requests made through forms on certain pages of the website;
operational, managerial, accounting, and other essential processing;
market research and statistical purposes, in anonymous form;
promotional and commercial communication related to service/product offers;
newsletter subscription
Art. 6 para. 1 letters b), c), f):
b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject;
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, particularly if the data subject is a minor;
Art. 6 para. 1 letter a): the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
WEBSITE USERS (points 3 a–c):
point a): only personal data necessary and functional for navigating the site or using web services or subscribing to the newsletter is processed. Special categories of personal data are generally not processed.
point c): registration via the designated form entails the automatic acquisition of identification and contact data (name, email). Special categories of data are generally not processed. If the user provides additional data via the “message” field, such data will be acquired and processed in full compliance with regulations and, if excessive in relation to the purpose of processing, will be deleted.
FACILITY USERS (points 3 b–d):
point b): identification and contact data (first name, last name, phone, email...). If users provide additional data via email or letters, it will be acquired and processed accordingly and deleted if excessive.
point d): contact or tax data (first name, last name, phone, email, tax code, bank details, payment methods, etc.)
IDENTIFICATION DATA: identification and contact data (first name, last name, phone, email...)
Apart from what is specified for browsing data, the User/Data Subject is free to provide personal data via the forms on the site.
The provision of the requested data by the Data Subject is optional but refusal may result in the impossibility:
to receive a response to their request,
to fulfill contractual obligations and pre-contractual measures requested by the data subject.
Consent is not required for purposes outlined in point 3 letters a–e.
Only with the explicit consent of the data subject (optional and revocable at any time).
[1] The optional, explicit, and voluntary sending of emails to the addresses listed on the site implies the subsequent acquisition of the sender’s email address, necessary to respond to requests, as well as any other personal data included in the message.
WEBSITE: The IT systems and software procedures used to operate this website acquire, during normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is collected to be associated with the Data Subject who registers in the reserved area (ACCOUNT) and voluntarily chooses to use this method to access services, products, and other features offered by the Data Controller or its commercial partners. This data includes IP addresses (for verifying User/Data Subject reliability and security), domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, request time, request method, file size received in response, response status code (success, error, etc.), and other data regarding the user’s operating system and IT environment.
DATA ACQUIRED THROUGH OTHER MEANS: Personal data, including those collected from the Data Subject, will be processed manually and/or electronically and stored in dedicated paper and/or electronic archives. Both paper and electronic documentation will be properly maintained and protected for the necessary processing time using appropriate security measures, minimizing the risk of destruction or loss, unauthorized access, or processing not in line with the stated purposes. No automated decision-making or profiling is carried out.
So-called cookies are used—small files stored on your computer’s hard drive, used to provide services and/or information. Most cookies are "session cookies" and are deleted from the hard drive after the session ends (when the browser is closed or user logs out). They may be used on some site pages to analyze access to web pages, personalize services, content, and ads, measure promotion effectiveness, and ensure trust and security.
Session cookies used on this site avoid the use of IT techniques potentially prejudicial to user navigation privacy and do not allow acquisition of personal identifying data.
Our website’s cookie policy can be consulted in the appropriate section.
Data provided will be retained as follows:
Website navigation: data collected is used solely for anonymous statistical analysis of site use and to check proper functioning, and is deleted immediately after processing. Data may be used to ascertain liability in case of hypothetical computer crimes against the site(s); otherwise, web contact data will not persist for more than 7 days;
Administrative/accounting purposes: for the duration required by tax and civil regulations (10 years from invoice issue/receipt: Art. 2220 c.c., “records must be kept for ten years from the last entry date”);
Service/product provision: for the duration specified in the service contract or, if unspecified, for up to 2 years from the provision of the product/service;
Marketing and newsletter purposes: until consent is withdrawn or the right to object is exercised, and in any case not beyond 15 years from collection. Personal data will not be disclosed or transferred to a third country unless explicitly authorized by the Data Subject.
Data will only be communicated to recipients if they are involved and instrumental in achieving the purposes described in point 3. Therefore, personal data collected and processed may be:
made available to the Data Controller’s Collaborators, as Data Processors or persons authorized to process personal data;
disclosed to third parties, individuals or legal entities, public administrations, professionals, law enforcement, government agencies, regulatory bodies, courts or other public authorities as permitted by law;
shared with commercial partners (only with prior consent of the Data Subject if not directly involved in the stated purposes);
transferred to another Data Controller, if necessary, in accordance with the GDPR, including regarding the right to data portability;
A list of data processors is available at the Data Controller’s registered office.
INTERACTION WITH SOCIAL NETWORKS: By using the buttons possibly present on our website(s), the Data Subject allows sharing of site content on social networks via plug-ins (e.g., Facebook "Like" button). In this case, your device’s IP address may be sent to and processed by the social media provider.
(The legal basis for the use of such technologies is Article 6 para. 1 letter f of the GDPR, as they are used to enhance the visibility of our website.)
We inform you that as a Data Subject, you are entitled to all the rights provided by Articles 15 to 22, including:
The right to obtain confirmation from the controller as to whether or not personal data concerning you is being processed, and if so, to access the personal data and the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing, or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, and, at least in such cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing.
The existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning you or to object to such processing, including the right to data portability; to obtain the erasure of personal data without undue delay under Article 17 ("right to be forgotten").
If processing is based on Article 6(1)(a) or Article 9(2)(a), you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
The right to lodge a complaint with a supervisory authority;
To obtain from the controller a copy of the personal data undergoing processing, provided it does not adversely affect the rights and freedoms of others; for additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the request is made by electronic means, and unless otherwise requested, the information shall be provided in a commonly used electronic format;
The above information will be provided:
within a reasonable time from obtaining the personal data, but no later than one month, considering the specific circumstances under which the data is processed;
if the personal data is intended for communication with the data subject, at the latest at the time of the first communication; or if intended for disclosure to another recipient, no later than the time of the first disclosure.
All rights under the GDPR may be exercised by making a request, even informally, to the Data Controller, who will respond appropriately without delay.