This page describes how the site manages the processing of personal data of users who consult it.
It is an information notice provided pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”) and the applicable national legislation, to those who interact with the web services of the Mountain Community of Carnia, accessible electronically from the address: www.gopasta.info
The notice is provided only for the site gopasta.info, and not for other external websites consulted by the user using any links present on the site.
The notice is also inspired by Recommendation No. 2/2001 adopted on May 17, 2001, by the European authorities for the protection of personal data, gathered in the Group established by Article 29 of Directive No. 95/46/EC, to identify some minimum requirements for the online collection of personal data, and, in particular, the methods, timing, and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purposes of the connection.
Who processes personal data
The Data Controller, that is the entity that determines the purposes and means of processing personal data, is the Mountain Community of Carnia, located at Via Carnia libera 1944, n. 29 33028 Tolmezzo (UD).
Type of data processed and purposes of processing
Browsing data
The computer systems and software procedures responsible for the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These are information that is not collected to be associated with identified individuals, but which by their very nature could, through processing and associations with data held by third parties, allow for the identification of users. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment. This data is used solely for the purpose of obtaining anonymous statistical information on the use of the site and to monitor its proper functioning and is deleted after processing. The data may be used to ascertain responsibility in the event of hypothetical cyber crimes against the site.
Data voluntarily provided by the user.
The optional, explicit, and voluntary sending of emails to the addresses indicated on this site, including through the completion of specific forms, involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
The collection and processing of personal data voluntarily provided is carried out for the following purposes and based on the respective legal grounds:
| Purpose | Legal basis (art. 6 GDPR) |
|---|---|
| Fulfillment of requests for information on services provided and products/solutions marketed directly by the Mountain Community of Carnia, and the handling of reports of any kind. | User request, by sending a request and/or communication also through the contact form. |
Eventuali e specifiche informative saranno progressivamente riportate o visualizzate nelle pagine del sito predisposte per particolari servizi a richiesta.
Any eventual and specific information will be progressively reported or displayed on the pages of the site prepared for particular services upon request.
The collection and registration of data will take place for determined, explicit, and legitimate purposes and in ways compatible with those purposes, within the processing necessary for the operation of the business activity. Such data will be processed according to the principle of accuracy and, if necessary, appropriately updated, so that they are always relevant, complete, and not excessive in relation to the collection purposes, and that their retention is functional to the time period necessary for the purpose for which they were collected and subsequently processed in accordance with the GDPR and current national legislation. Personal data may be processed with the aid of both paper and electronic tools and in such a way as to ensure security and protect the maximum confidentiality of the data subject. Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access in full compliance with Article 32 of the GDPR and current national legislation.
Cookies, plugins, and interaction services with external platforms
Complete information on the use of cookies and interaction services with external platforms (e.g., social networks) by this site is available at the following link:
Cookie Policy of the www.gopasta.info website: https://www.gopasta.info/cookie-policy-ue/
Nature of data provision
Apart from what is specified for browsing data, providing data by the User is voluntary. Failure to provide data may result in the inability of the Comunità di Montagna della Carnia to fulfill the requested services. Consent, where required for specific purposes, is always optional and, if given, can be revoked at any time by sending a request to the following address: .
Data communication
Without prejudice to communications and disclosures made in compliance with legal obligations, all collected and processed data may be communicated to:
• Subjects to whom it is necessary to communicate data for the execution of a contract to which the Data Subject is a party or for the execution of pre-contractual measures adopted at their request, as well as, in general, for the pursuit of the purposes mentioned in this notice;
• Subjects who carry out processing on behalf of the Data Controller as Data Processors pursuant to Article 28 of the GDPR, such as, by way of example and not limited to: subjects that provide services for the management of the information system and telecommunications networks (including email). The complete and updated list of Data Processors is available, to those entitled, upon request at the Data Controller’s office.
• Subjects authorized to access the data under current legislation and/or to whom data must be communicated in execution of legal obligations. Personal data may be processed by employees and collaborators assigned to the competent offices of the Writer, explicitly authorized to process based on what is established by Article 29 of the GDPR and current national legislation.
Transfers of data abroad
Personal data may be transferred abroad only for the pursuit of the purposes outlined in this notice, or for strictly technical reasons related to the structure of the corporate Information System and/or the application of technical and organizational security measures deemed appropriate by the Data Controller, and exclusively in compliance with Articles 44 et seq. of the GDPR (in the presence of adequacy decisions and/or adequate safeguards, provided that the data subjects have enforceable rights and effective means of redress, or provided that one falls, from time to time, within one of the specific exceptions provided for by the legislation).
Data retention periods:
Data is retained for a period not exceeding the achievement of the purposes indicated in this notice. In particular, the data provided will be stored in our archives according to the following parameters:
• Data voluntarily provided by the user: until the service is fulfilled or based on any deadlines provided by law;
• Data processed for the sending of the newsletter: until a request for cancellation from the service;
• Data processed for informative purposes: 24 months.
In relation to specific prescription periods provided by law, data necessary for the ascertainment, exercise, or defense of a right in judicial proceedings may be subject to longer retention times.
The verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically.
Rights of the data subject
The data subject has the right to obtain, in the cases provided for, access to their personal data and the rectification or deletion of the same or the limitation of processing concerning them or to object to processing (Articles 15 et seq. of the GDPR), by contacting the Data Controller at the following email address: .
Right to Complain
The Data Subject who believes that the processing of personal data is taking place in violation of the provisions of GDPR 2016/679 has the right to lodge a complaint with the supervisory authority of the European Union State in which they habitually reside, work, or where the alleged violation occurred, as provided by Article 77 GDPR 2016/679, or to take appropriate legal action.
For more information, you can contact the Data Controller:
Mountain Community of Carnia
Via Carnia libera 1944, 29 33028 Tolmezzo (UD)
Tel. +39 0433 487711
email:
Last modified: 22/09/2024