Information sheet on the processing of personal data pursuant to article 13 of the EU Regulation 2016/679
Why are we providing this information?
Pursuant to EU Regulation 2016/679 (hereinafter “Regulation”), the content of this information sheet describes the processing methods for personal data that the website acquires during browsing or are conferred directly by the user. This information does not concern other websites, pages or online services that can be reached via hypertext links that may be published on the websites but refer to resources external to the domain www.lbservizi.it
Who is the Data Controller?
The Data Controller is L.B. SERVIZI PER LE AZIENDE SRL with registered offices in Via Gabriele Paleotti, 43 – 00168 Rome (RM), VAT no. 06261440728 (hereinafter “Data Controller”). The processing of personal data is carried out inside the Data Controller’s business structure. The user that provides their own personal data can contact the Data Controller, to exercise their rights, at the following address:
The Data Controller, also in the person of the appointed DPO (Data Protection Officer), must respond to the user’s requests without any unjustified delay and/or within one month at the latest.
What is the legal basis of processing?
It is only correct that we spend a few clear, simple words to explain the meaning of “legal basis”.
Personal data cannot be used by anyone other than the legitimate owner. However, there are cases in which the system allows the processing of data by other subjects, such as, for example, when the user/browser decided to request information on our website and contacts us via the specific section, also entering their data. This data will then be used to fulfil the specific request.
After reading the information section, the user is free to provide their personal data as requested on the forms. This data is required to provide the requested service, therefore, if such data is not provided, the requested service cannot be fulfilled, and the relative opportunities cannot be used.
The legal basis is therefore the reason that the system states as being legitimate to allow the personal data to be processed.
The data controller processes the user’s personal data, if one of the following conditions exists:
- The user provides their consent for one or more purposes as specified; processing is necessary to fulfil a legal obligation that the data controller is subject to;
- Processing is necessary to pursue the data controller’s or third parties’ legitimate interest.
- The user can, however, ask the data controller to explain the tangible legal basis for each processing, using the afore-stated contact methods.
Which data are processed and using which methods?
The data we collect is processed in full observance of the data protection law and only for the purposes stated in this information section, pursuing the logic and methods aimed at guaranteeing confidentiality, integrity and availability of the information communicated by users.
The user’s data is collected to allow the website to provide its services for the following purposes:
- Contacting the user;
- Managing and sending messages to email addresses;
The types of personal data used for the above services are:
- Browsing data
Over the course of its normal work, the computer systems and software procedures used for the operation of this website acquire some personal data, which is necessary for the use of internet communication protocols.
It is information that is not collected to be associated with identified data subjects, but by its very nature may allow users to be identified through processing and association with data held by third parties.
This category includes: IP addresses and domain names of users’ computers that connect to the website, URI (Uniform Resource Identified) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the state of the response given by the server (successful, error, etc) and other parameters regarding the operating system and the User’s computer environment.
This data is only used for the purpose of obtaining anonymous statistical information about the use of the website and to check its correct working order. Access log data with IP addresses are stored on the server hosting the website for 3 (three) months.
The webserver log data may be used, in cases provide for by law, to ascertain responsibility in the event of hypothetical cyber crimes against the website.
The system hosting the website are protected by a firewall system and are replicated to guarantee correct storage and availability.
The Google Analytics tracking code is installed on the website. The data is recorded by Google Analytics, and is stored on the Google servers for a standard period of 26 (twenty-six) months.
Data provided voluntarily by the user.
The discretionary, explicit or voluntary sending of an email address to this website brings about the subsequent acquisition of the sender’s address, required to respond to the requests, and also other personal data included in the letter.
No data sent to email addresses or sent on forms is save on the servers where the website resides. This data is stored on servers available to LB servizi per le aziende srl, located in Italy, at the company datacenter and at an external datacenter. Specific summarised information may be progressively provided or viewed on the website pages, for particular on demand services and in the relative fields for collecting the data.
Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which the data has been collected. Specific safety measures are observed to prevent the loss of data, illegal, incorrect use or unauthorised access.
The subjects to whom the personal data refers have the right to obtain confirmation of data existence at any time, and to learn of the content and origin, check the correctness of the data and request integration or updating, or rectification (art. 18 of Regulation), by using the contacts as previously provided.
Pursuant to the same article, the subject can request erasure, transformation to anonymous form or blocking of data processed in violation of the law, and to object, in all cases, for legitimate reasons, to data processing based on the rights listed below.
Details regarding the processing of the Users’ Personal Information
By filling out the forms on the website with their own data, the use is consenting to their use to answer requests for information. I.e. By ticking the specific box, or by sending, the user provides consent to processing of the data entered, to fulfil the relative request.
Can the data be transferred outside the EU?
In the event that personal data is transferred outside the European Union, for technical operational purposes and to guarantee a high level of service continuity, the Data Controller guarantees that said transfer will take place by guaranteeing no prejudice to the level of individuals’ protection, guaranteed by current legislation and in particular by the EU Regulation 2016/679.
Who are the data communicated to?
Personal data provided may be communicated to suitably appointed recipients who will process the data as data processors and/or as appointees.
The Data Controller does not communicated any of the data subjects’ information to third parties without their consent, except where required by law. It is in all cases forbidden to disclose the processed personal data. The full list of data processors, their joint Data Controllers and the subjects appointed to process personal data may be requested by sending a specific request to one of the two email addresses provided or by contacting the data controller using ordinary methods.
What are the rights of a subject using the website?
In virtue of the principle of transparency, the user who has provided their data has the right to:
a) obtain revocation of the consent provided;
b) obtain confirmation from the Data Controller of the existence or not of their personal data;
c) obtain communication of the data in a clear, intelligible format;
d) obtain the indication:
- updating, rectification and/or integration, if required, of the data provided;
- Erasure, conversion to anonymous form or blocking of data processing in a violation of law, including data that it is not necessary to store for the purpose for which the data was collected or subsequently processed;
- Obtain a declaration that data updating, rectification and erasure operations, as already set out in the points above, have been made known, including content, to those subjects that the data has been communicated too, except for the case in which said fulfilment has been impossible or requires a clearly disproportionate use of means compared to the protected right.
- Obtain limitation of processing on the data provided;
- Lodge a complaint with the national data protection authority.
The deadline for answering the user for all exercisable rights is 1 (one) month, extendable to 3 (three) months in the event of particular complexity. The Data Controller must however provide the user with a response in writing, within 1 (one) month, even if issuing a denial, in a concise, transparent and easily accessible manner, using simple, clear language.
Exercising rights may involve a cost to the user of contributing to charges related to the Data Controller’s difficulties to follow up the requests in relation to the resources available.
These rights can be limited by an EU or national law or regulation, when exercising said rights may cause an actual, tangible prejudice.
Integrations, updates and amendments to the current information
The Data Controller reserves the right to amend, add to or update this information in observance of the applicable law or provisions adopted by the Data Protection Authority in its role as a Control Authority.