1. Identification of the Controller, Data Protection Officer, and Responsible Parties

The data controller is Mr. Gianluca Perdisci, located at Via Giosuè Carducci, 4, 09017 Sant’Antioco (SU), Italy.
Email: luca@escursionibarcacarloforte.it

 

2. Consent Notice

Where required by EU Regulation 2016/679, user consent will be requested before processing personal data. If the user provides personal data of third parties, the user must ensure that the communication of such data to the Controller and the subsequent processing for the purposes specified in this Privacy Policy comply with EU Regulation 2016/679 and applicable law.

 

3. Types of Data Processed

Browsing or consulting the Site generally does not involve the collection or processing of the user’s personal data, except for browsing data and cookies as specified below. In addition to the so-called “navigation data” (see below), personal data voluntarily provided by the user when interacting with the Site’s features or requesting the services offered on the Site may be processed.

In compliance with the Privacy Code, the Controller may also collect the user’s personal data from third parties during the course of its activities.

 

4. Cookies and Navigation Data

The Site uses cookies. By using the Site, the user consents to the use of cookies in accordance with this Privacy Policy. Cookies are small files stored on the user’s computer hard drive.

There are two main categories of cookies: technical cookies and profiling cookies.

• Technical cookies are necessary for the proper functioning of a website and to allow user navigation. Without them, the user may be unable to correctly view pages or use certain services.

• Profiling cookies are used to create user profiles to send advertising messages in line with the preferences expressed by the user while browsing.

Cookies can also be classified as:

• Session cookies, which are deleted immediately when the browser is closed;

• Persistent cookies, which remain in the browser for a defined period and are used, for example, to recognize the device accessing the site and facilitate authentication;

• First-party cookies, generated and managed directly by the site owner;

• Third-party cookies, generated and managed by parties other than the site owner.

 

5. Cookies Used on the Site

The Site uses the following types of cookies:

a. First-party, session, and persistent cookies necessary for site navigation, internal security, and system administration;
b. Third-party, session, and persistent cookies required for the user to access multimedia elements on the Site, such as images and videos;
c. Third-party, persistent cookies used to send statistical information to Google Analytics, allowing the Controller to perform statistical analyses of Site visits. These cookies are used solely for statistical purposes and collect aggregated information. Google Analytics sets a pair of cookies—one persistent and one session-based (expiring upon browser closure)—recording the start and end times of the visit. Users can prevent Google from tracking data by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=en
d. Third-party, persistent cookies used to include social network buttons (Facebook, Twitter, Google+) on the Site. By selecting these buttons, the user may share Site content on their personal social network pages.

The Site may contain links to other websites (“third-party sites”). The IT Controller does not access or control cookies, web beacons, or other tracking technologies used by third-party sites accessible via the Site; nor does the Controller control the content or materials published or obtained through third-party sites, and expressly disclaims responsibility for such instances. Users should consult the privacy policies of third-party sites accessed through the Site and verify the applicable data processing conditions. This Privacy Policy applies solely to the Site as defined above.

 

6. How to Disable Cookies in Browsers

Users may manage cookies directly through their browser settings. However, deleting cookies may remove preferences set for the Site, so it is advisable to periodically review this page to recheck preferences.

For further information and support, users may visit the help page specific to their web browser: Internet Explorer, Firefox, Safari, Chrome, Opera.

 

7. Retention of Personal Data

Personal data are stored and processed using IT systems owned by the Controller or managed by third-party service providers. For more details, see the “Scope of Personal Data Accessibility” section below. Data are processed exclusively by specifically authorized personnel, including those performing extraordinary maintenance.

Personal data are retained for the duration of the contract and, after its termination, for legal obligations of the Controller, including claims for potential complaints, in compliance with applicable law, and will then be deleted or anonymized.

If consent has been given for the processing of data for direct marketing purposes after contract termination, data will be processed until consent is withdrawn.

 

8. Purposes and Methods of Data Processing

The Controller may process ordinary and sensitive personal data of users for the following purposes: use of services and features offered on the Site, handling user requests and reports, sending newsletters, processing applications received via the Site, etc.

Additionally, with the user’s specific and optional consent, the Controller may process personal data for marketing purposes, i.e., sending promotional materials and/or commercial communications related to the Controller’s services, via traditional means (postal mail, telephone calls with operators, etc.) or automated means (internet communications, fax, email, SMS, mobile apps, social network accounts, automated operator calls, etc.).

Data are processed both in paper and electronic form and entered into the company information system in full compliance with EU Regulation 2016/679, including security and confidentiality measures, following the principles of fairness and lawfulness. Data are stored only for as long as necessary to achieve the purposes for which they are processed, and for the entire period the user chooses to remain registered on the Site.

 

9. Security and Data Quality

The Controller undertakes to protect users’ personal data and complies with applicable security regulations to prevent data loss, unauthorized access, or illegal use. Information systems and software are configured to minimize the use of personal and identifiable data, which are processed solely for specific purposes.

Personal data are stored on secure servers in restricted-access locations. Users are encouraged to help maintain accurate data by communicating any changes to contact information, qualifications, etc.

 

10. Scope of Data Communication and Access

User personal data may be shared with:

• Entities legally authorized to access such data;

• Collaborators and employees within their assigned duties;

• Individuals or organizations, public or private, when necessary or functional for the Controller’s activities, in the ways and for the purposes described above.

 

11. Nature of Data Provision

Provision of certain personal data by the user is mandatory to allow the Controller to manage communications or requests and respond to the user. Mandatory data are marked with an asterisk [*]; failure to provide these data prevents the Controller from processing the request.

Other data collection is optional; failure to provide optional data has no consequences. Consent for marketing purposes is also optional; refusal does not affect services. Marketing consent covers communications via both automated and traditional channels as described above.

 

12. RIGHTS OF THE DATA SUBJECT

12.1 Right of Access and Rectification (Articles 15-16 EU Regulation 2016/679)

The Data Subject has the right to obtain confirmation from the Controller of whether their personal data are being processed and, if so, to access such data, including:

a. the purposes of processing;
b. the categories of personal data involved;
c. recipients or categories of recipients, particularly in third countries or international organizations;
d. retention periods or criteria for determining them;
e. the right to request correction, deletion, limitation, or opposition to processing;
f. the right to lodge a complaint with a supervisory authority;
g. existence of automated decision-making, including profiling, with meaningful information about logic, significance, and consequences for the Data Subject.

12.2 Right to Erasure (“Right to be Forgotten”) – Article 17

The Data Subject may request the deletion of personal data without undue delay, and the Controller must delete data if:

a. Data are no longer necessary for the purposes collected;
b. Consent is withdrawn and no other legal basis exists;
c. The Data Subject objects to processing and no overriding legitimate reason exists;
d. Data were processed unlawfully;
e. Deletion is required by law;
f. Data relate to services offered to minors (Art. 8.1 EU Regulation 2016/679).

12.3 Right to Restriction of Processing – Article 18

The Data Subject may request restriction when:

a. Accuracy of data is contested;
b. Processing is unlawful, and the Data Subject opposes deletion;
c. Data are no longer necessary, but needed by the Data Subject for legal purposes;
d. The Data Subject has objected under Article 21, pending verification of legitimate grounds.

12.4 Right to Data Portability – Article 20

The Data Subject may receive personal data in a structured, commonly used, machine-readable format and transfer them to another Controller without obstruction.

 

13. Withdrawal of Consent

The Data Subject may withdraw consent by sending a registered letter to:

Gianluca Perdisci
Via Giosuè Carducci 4, 09017 Sant’Antioco (SU), Italy
Include a copy of your ID and the text: <<Withdrawal of consent for the processing of all my personal data>>

Alternatively, consent may be withdrawn via email: luca@escursionibarcacarloforte.it

After withdrawal, personal data will be removed from records as soon as possible.

For further information or to exercise your rights (see section 7), a registered letter or email may be sent. Identity verification may be required before providing or modifying any information.