Triestespresso Expo
Privacy


WEBSITE DATA PRIVACY POLICY TEMPLATE
Information pursuant to and in accordance with Articles 13 and 14 of the GDPR - General Data Protection Regulation - EU Regulation 2016/679 and Legislative Decree No. 196/2003 updated by Legislative Decree No. 101/2018.
(European Data Protection Regulation)


The Data Controller is Aries - Società consortile a r.l. of the Chamber of Commerce Venezia Giulia.

  • Registered office in Trieste at Piazza della Borsa 14, 34121 Trieste (TS)
  • Branch office in Gorizia in via Francesco Crispi 10, 34170 Gorizia (GO)
Mail: patrizia.andolfatto@ariestrieste.it

Data Protection Officer / Data Protection Officer
Aries - Società consortile a r.l. of the Chamber of Commerce Venezia Giulia has appointed as DPO/DPO the lawyer Paolo Visintin.
Mail: dpo@vg.camcom.it
Privacy
1) Introduction
Aries – a limited liability consortium company of the Venice Giulia Chamber of Commerce
Piazza della Borsa 14, 34121 Trieste
takes the privacy of users very seriously and is committed to protecting it. This privacy policy (“Privacy Policy”) describes the personal data processing activities carried out through the website http://www.triestespresso.com/ and the related commitments undertaken by the Company.

Aries may process the user’s personal data when the user visits the Website and uses the services and features available on it.
In the sections of the Website where the user’s personal data are collected, a specific privacy notice pursuant to Articles 13 and 15 of Regulation (EU) 2016/679 is normally published. Where required by Regulation (EU) 2016/679, the user’s consent will be requested before proceeding with the processing of their personal data.
If the user provides personal data relating to third parties, the user must ensure that the communication of such data to Aries and the subsequent processing for the purposes specified in the applicable privacy notice comply with Regulation (EU) 2016/679 and with the applicable legislation.

2) Identification details of the Data Controller, Data Processor and DPO
The Data Controller is:
Aries – Società consortile a r.l. della Camera di Commercio Venezia Giulia,
Piazza della Borsa 14, 34121 Trieste
The Data Processor is Dr. Patrizia Andolfatto, email: patrizia.andolfatto@ariestrieste.it
The Data Protection Officer (DPO) is Dr. Paolo Visintin, email: dpo@ariestrieste.it

3) Types of data processed
Visiting and browsing the Website do not generally involve the collection or processing of the user’s personal data, except for browsing data and cookies as specified below. In addition to the so-called “browsing data”, personal data voluntarily provided by the user may be processed when the user interacts with the features of the Website or requests to use the services offered on the Website.
In compliance with the Privacy Code, the Company may also collect the user’s personal data from third parties in the course of carrying out its activities.

4) Cookies and browsing data
The Website uses “cookies”. By using the Website, the user consents to the use of cookies in accordance with this Privacy Policy. Cookies are small files stored on the user’s computer hard drive. There are two main categories of cookies: technical cookies and profiling cookies.
Technical cookies are necessary for the proper functioning of a website and to enable user navigation. Profiling cookies are used to create user profiles in order to send advertising messages in line with the preferences expressed by the user while browsing.
Cookies may also be classified as:
  • “Session” cookies, which are deleted immediately when the browser is closed;
  • “Persistent” cookies, which remain stored in the browser for a specific period of time. These are used, for example, to recognize the device connecting to a website, facilitating user authentication procedures;
  • “First-party” cookies, generated and managed directly by the operator of the website the user is browsing;
  • “Third-party” cookies, generated and managed by parties other than the operator of the website the user is browsing.






5) Cookies used on the Website

The Website uses the following types of cookies:
  1. Technical cookies, which are necessary for the operation of the Website and are not persistent;

  1. Google Analytics tracking cookies, integrated with IP address anonymization, through which Aries carries out statistical analyses of access to and visits to the Website.
The cookies used pursue exclusively statistical purposes and collect information in aggregated form. Through a pair of cookies—one persistent and one session cookie (which expires when the browser is closed)—Google Analytics also stores a record of the start time of the visit to the Website and the exit time.

Users may prevent Google from detecting data generated by cookies and from subsequently processing such data by downloading and installing the browser plug-in available at the following address:
http://tools.google.com/dlpage/gaoptout?hl=it

The Website may contain links to other websites (so-called third-party websites). Aries does not access or control cookies, web beacons, or other user-tracking technologies that may be used by third-party websites which the user may access through the Website. The Company does not carry out any control over the content and materials published by or obtained through third-party websites, nor over the related methods of processing users’ personal data, and expressly disclaims any liability in this regard.
Users are required to review the privacy policies of third-party websites accessed through the Website and to inform themselves about the applicable conditions for the processing of their personal data. This Privacy Policy applies solely to the Website as defined above.

6) How to disable cookies in browsers
There are several ways to manage cookies and other tracking technologies. By changing your browser settings, you can accept or reject cookies or decide to receive a warning message before accepting a cookie from the websites you visit.
Please note that completely disabling cookies in your browser may prevent you from using all of our interactive features.
If you use multiple computers in different locations, please ensure that each browser is set according to your preferences. You may delete all cookies installed in your browser’s cookie folder.

Each browser provides different procedures for managing settings. Click on one of the links below to obtain specific instructions:
  • Microsoft Windows Explorer
  • Google Chrome
  • Mozilla Firefox
  • Apple Safari
If you do not use any of the browsers listed above, please select “cookies” in the relevant section of your browser’s help menu to find out where your cookie folder is located.




7) Retention of personal data
Personal data are stored and processed through the Company’s own IT systems, managed directly by the Company or by third-party technical service providers.

8) Purposes, legal basis and methods of data processing
Aries may process the user’s common and sensitive personal data for the following purposes: use by users of the services and features available on the Website; management of requests and reports submitted by users; sending of newsletters; management of applications submitted through the Website, etc.
Furthermore, subject to the user’s additional and specific optional consent, the Company may process personal data for marketing purposes, i.e. to send promotional material and/or commercial communications relating to the Company’s services to the contact details provided by the user, both through traditional means and/or methods of contact (such as postal mail, telephone calls with an operator, etc.) and automated means (such as internet communications, fax, e-mail, SMS, applications for mobile devices such as smartphones and tablets – so-called apps –, social network accounts – e.g. via Facebook or Twitter –, automated operator calls, etc.).
Personal data are processed both in paper and electronic form and entered into the Company’s information system in full compliance with Regulation (EU) 2016/679, including with regard to security and confidentiality requirements, and in accordance with the principles of fairness and lawfulness of processing. In compliance with Regulation (EU) 2016/679, data are stored and retained at the Company’s premises.
The legal basis for processing is contractual, based on consent, or derived from statutory obligations provided by law.

9) Security and quality of personal data
Aries is committed to protecting the security of users’ personal data and complies with the security requirements set out in the applicable legislation in order to prevent data loss, unlawful or improper use of data, and unauthorized access thereto, with particular reference to the Technical Regulations concerning minimum security measures.
In addition, the information systems and software programs used by the Company are configured so as to minimize the use of personal and identifying data; such data are processed solely for the achievement of the specific purposes pursued from time to time. The Company adopts multiple advanced security technologies and procedures designed to enhance the protection of users’ personal data; for example, personal data are stored on secure servers located in access-protected and controlled facilities.






10) Scope of data disclosure and access
The user’s personal data may be disclosed to:
  • all subjects to whom the right of access to such data is granted by virtue of legal or regulatory provisions;
  • the Company’s collaborators and employees, within the scope of their respective duties;
  • all natural and/or legal persons, public and/or private entities, where such disclosure is necessary or instrumental to the performance of the Company’s activities and in the manner and for the purposes outlined above.

11) Nature of the provision of personal data
The provision of certain personal data by the user is mandatory in order to enable the Company to manage communications, handle requests submitted by the user, or to contact the user in order to follow up on such requests. These data are marked with an asterisk [*]; in such cases, the provision of the data is mandatory in order for the Company to process the request, which otherwise cannot be fulfilled.
Conversely, the collection of data not marked with an asterisk is optional, and failure to provide such data will have no consequences for the user.
The provision of personal data by the user for marketing purposes, as specified in the section “Purposes and methods of processing”, is optional, and refusal to provide such data will have no consequences. Consent given for marketing purposes shall be deemed to extend to the sending of communications through both automated and traditional contact methods, as exemplified above.

12) Data subject’s rights

12.1 Articles 15 (right of access) and 16 (right to rectification) of Regulation (EU) 2016/679
The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the data subject’s right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.







12.2 Right under Article 17 of Regulation (EU) 2016/679 – Right to erasure
(“right to be forgotten”)

The data subject has the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of Regulation (EU) 2016/679.

12.3 Right under Article 18 – Right to restriction of processing
The data subject has the right to obtain from the data controller restriction of processing where one of the following applies:
a) the data subject contests the accuracy of the personal data, for a period enabling the data controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) of Regulation (EU) 2016/679, pending the verification whether the legitimate grounds of the data controller override those of the data subject.


12.4 Right under Article 20 – Right to data portability
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a data controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another data controller without hindrance from the data controller.

13) Withdrawal of consent to processing
The data subject has the right to withdraw consent to the processing of his or her personal data by sending a registered letter with return receipt to the following address:
Aries – Società consortile a r.l. della Camera di Commercio Venezia Giulia,
Piazza della Borsa 14, 34121 Trieste
The letter must be accompanied by a copy of the data subject’s identity document and include the following wording:
“withdrawal of consent to the processing of all my personal data”.
Upon completion of this procedure, the personal data will be removed from the Company’s records as soon as possible, unless otherwise required by law.
If the data subject wishes to obtain further information on the processing of his or her personal data, or to exercise the rights referred to in the previous sections, he or she may send a registered letter with return receipt to the address indicated above.
Before providing or amending any information, it may be necessary to verify the data subject’s identity and to ask him or her to answer certain questions.
A response will be provided as soon as possible.