1.     PRIVACY POLICY

Privacy policy and cookie policy pursuant to Article 13 of the EU General Data Protection Regulation 2016/679 (GDPR) Krisztina Harosi, with registered office in Cà Morelli 72/A- 23100 SONDRIO – ITALY (here in after referred to as the ‘Data Controller’) is constantly committed to protecting the online privacy of its users.

A)    Source of personal data and Data Controller

This document has been drawn up in accordance with Article 13 of EU Regulation 2016/679 (hereinafter: ‘Regulation’) in order to allow you to learn about our privacy policy. It describes the general methods of processing the personal data of website users and cookies, and how your personal information is managed when you use our website www.krisztinaharosi.it (hereinafter referred to as the ‘Website’). The information and data you provide or otherwise acquired in the context of using the Data Controller’s services – such as newsletters, etc., direct contacts or contact forms, hereinafter referred to as ‘Services’ – will be processed in compliance with the provisions of the Regulation and the confidentiality obligations that inspire the Data Controller’s activities. In accordance with the provisions of the Regulation, the processing carried out by the Data Controller will be based on the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimisation, accuracy, integrity and confidentiality. The data controller for the processing carried out through the Website is Krisztina Harosi, with registered office in Cà Morelli 72/A- 23100 SONDRIO, as defined above, to whom you may write for any information regarding the processing of personal data. This policy is provided only for this Website and not for other websites that may be consulted by the user via links. Please refer to any specific sections of the Website where you can find specific policies and any requests for consent for individual processing operations.

B)     Data types

Following your browsing of the Website, we inform you that the Data Controller will process personal data (Art. 4(1) of the Regulation), hereinafter referred to as ‘Personal Data’. In particular, the Personal Data processed through the Website are as follows: 

1.     Browsing data

During normal operation, the IT systems and software procedures used to operate the Website acquire some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the Website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. etc.) and other parameters relating to the user’s operating system and IT environment. This data is used solely to obtain anonymous statistical information on the use of the Website and to check its correct functioning (see the paragraph on cookies below), to identify anomalies and/or abuses, and is deleted immediately after processing. The data could be used by the competent authorities to ascertain responsibility in the event of hypothetical computer crimes against the Website.

2.     Data provided voluntarily by the data subject

Apart from what has been specified for navigation data, the user is free to provide personal data contained in any request forms on the website (e.g. to activate newsletters, free registration, purchases, etc.). Failure to provide such data may make it impossible to provide the service. In these cases, only the information necessary for the service will be requested. The personal data that can be voluntarily provided on the website is that which is entered in the contact forms and newsletter subscription forms and for downloading digital resources. This includes:

  • First name
  • Surname
  • Office
  • Email

When using certain Services on the Website, the Personal Data of third parties that you have sent to the Data Controller may be processed. In such cases, you act as an independent data controller, assuming all legal obligations and responsibilities. In this regard, you grant the broadest indemnity with respect to any dispute, claim, request for compensation for damage from processing, etc. that may be received by the Data Controller from third parties whose Personal Data has been processed through your use of the Site’s functions in violation of applicable personal data protection regulations. In any case, if you provide or otherwise process Personal Data of third parties when using the Website, you hereby guarantee – assuming all related responsibility – that this particular case of processing is based on an appropriate legal basis pursuant to Article 6 of the Regulation, which legitimises the processing of the information in question.

C)     Purpose of processing and legal bases

The processing of personal data that we intend to carry out, with your specific consent where necessary, has the following purposes:

  • Enable the provision of the Website Services;

The legal basis for processing is the implementation of pre-contractual measures taken at the request of the data subject (Article 6(1)(b) of the Regulation) as processing is necessary for the provision of the Service. The provision of Personal Data for these purposes is optional, but failure to provide such data would make it impossible to activate the Services provided by the Website

D)    Recipients of personal data

Your Personal Data may be shared, for the purposes mentioned above, with:

  • persons authorised by the Data Controller to process Personal Data necessary to perform activities strictly related to the provision of the Services, who have committed themselves to confidentiality or have an adequate legal obligation of confidentiality (e.g. employees and system administrators).
  • third parties who may be involved in the management of the Website and who typically act as Data Processors.
  • persons, entities or authorities to whom it is mandatory to disclose your Personal Data pursuant to legal provisions or orders from the authorities.

E)     Transfers of personal data

Some of your Personal Data is shared with Recipients who may be located outside the European Economic Area. The Data Controller ensures that the processing of your Personal Data by these Recipients is carried out in compliance with the Regulation. Indeed, transfers may be based on an adequacy decision, on Standard Contractual Clauses approved by the European Commission or on another suitable legal basis.

F)     Your privacy rights pursuant to Articles 15 et seq. of the Regulation

Pursuant to Articles 15 et seq. of the Regulation, you have the right to request from the Data Controller at any time access to your Personal Data, the rectification or erasure of the same, or to object to its processing. You have the right to request the restriction of processing in the cases provided for in Article 18 of the Regulation, as well as to obtain your data in a structured, commonly used and machine-readable format in the cases provided for in Article 20 of the Regulation. Requests should be sent in writing to the Data Controller at the following address: info@krisztinaharosi.it  

G)    Communication and dissemination of personal data

The Data Controller uses an external hosting service provider, called Aruba.it, which acts as an ‘external data processor’ based on a written appointment. Therefore, your personal data communicated in the manner described above (DATA PROVIDED VOLUNTARILY BY DATA SUBJECTS and BROWSING DATA) will be stored at the headquarters of the company that owns the servers hosting this Website. Your data will be communicated exclusively to the parties responsible for performing the services necessary for the proper management of the professional relationship, with a guarantee of protection of the rights of the data subject, appropriately appointed as data processors, or to parties to whom the communication of your data is required by law or regulation. In particular, your data may be disclosed to: individuals, entities or authorities to whom the disclosure of your personal data is mandatory under the provisions of law or regulations; individuals, companies or professional firms that provide assistance and advice to the Data Controller in accounting, administrative, tax and fiscal matters. The complete list of data processors is available upon request by sending an email to the data controller. Your personal data will not be disclosed.

H)     Changes

This privacy policy has been in force since 25 May 2018. The Data Controller reserves the right to modify or simply update its content, in part or in full, including due to changes in the applicable legislation. The Data Controller will inform you of such changes as soon as they are introduced, and they will be binding as soon as they are published on the Website. The Data Controller therefore invites you to visit this section regularly to take note of the most recent and updated version of the privacy policy so that you are always up to date on the data collected and the use made of it by the Data Controller.

I)     Data storage location

The Data is processed at the Data Controller’s operational headquarters. For further information, please contact the Data Controller.

L)    Times

The Data is processed for the time necessary to perform the service requested by the User, or required for the purposes described in this document, and the User may always request the interruption of the Processing or the deletion of the Data.

2.     COOKIE POLICY

Definitions, characteristics and application of the legislation

Cookies are small text files that websites visited by the user send and store on their computer or mobile device, to be then retransmitted to the same websites on the next visit. Thanks to cookies, a website remembers the user’s actions and preferences (such as login details, chosen language, font size, other display settings, etc.) so that they do not have to be re-entered when the user returns to visit that website or navigates from one page to another. Cookies are therefore used to perform computer authentication, session monitoring and storage of information regarding the activities of users who access a site and may also contain a unique identification code that allows the user’s navigation within the site to be tracked for statistical or advertising purposes. While browsing a site, the user may also receive cookies on their computer from sites or web servers other than the one they are visiting (so-called “third-party” cookies). Some operations could not be performed without the use of cookies, which in certain cases are therefore technically necessary for the website to function. There are various types of cookies, depending on their characteristics and functions, and these can remain on the user’s computer for different periods of time: so-called session cookies, which are automatically deleted when the browser is closed; so-called persistent cookies, which remain on the user’s device until a pre-set expiry date. Under current Italian legislation, the user’s express consent is not always required for the use of cookies. In particular, “technical cookies” do not require such consent, i.e., those used for the sole purpose of transmitting a communication over an electronic communications network, or to the extent strictly necessary to provide a service explicitly requested by the user. In other words, these are cookies that are essential for the functioning of the website or necessary to perform activities requested by the user. Among the technical cookies, which do not require express consent for their use, the Italian Data Protection Authority (see Provision Identification of simplified procedures for the disclosure and acquisition of consent for the use of cookies of May 8, 2014, and subsequent clarifications, hereinafter referred to as the “Provision”) also includes:

  • “analytics cookies” where used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site itself,
  • navigation or session cookies (for authentication),
  • functionality cookies, which allow the user to navigate according to a series of selected criteria (for example, language, products selected for purchase) in order to improve the service provided to the user.

For “profiling cookies,” on the other hand, i.e., those aimed at creating user profiles and used to send advertising messages in line with the preferences expressed by the user while browsing the web, the user’s prior consent is required.

Types of cookies used by the Website

On this website, we have classified the cookies we use according to their type of use, as follows:

  • NECESSARY COOKIES
  • PREFERENCE COOKIES
  • STATISTICAL COOKIES
  • MARKETING COOKIES
  • OTHER UNCLASSIFIED COOKIES