Privacy Policy
This Privacy Policy is provided pursuant to Article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “Regulation”), to all users who browse and, more generally, interact with the services provided through the website visitmontaltomarche.it of the Authority.
This Policy explains the purposes and methods by which the Data Controller may collect and process personal data, the categories of data processed, the rights of data subjects, and how such rights may be exercised.
This Policy applies exclusively to the website visitmontaltomarche.it of the Authority. The Data Controller assumes no responsibility for other websites that may be consulted through hyperlinks on the site. Data processing is carried out using electronic tools.
Users of the Authority’s website are invited to read this Privacy Policy before providing any personal information.
Data Controller
Municipality of Montalto delle Marche
Registered office: Viale dei Tigli no. 39, 63068 Montalto delle Marche (AP) – Italy
Tel.: +39 0736 828015
Email: comune@comune.montaltodellemarche.ap.it
PEC: com.montalto.ap@emarche.it
Data Protection Officer (DPO)
The Data Protection Officer is:
Grafiche E. Gaspari S.r.l.
Email: privacy@gaspari.it – privacy@egaspari.net
Types of Data Processed
Browsing Data
The IT systems and software procedures used to operate the website visitmontaltomarche.it, during their normal operation, acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. These data are not collected to be associated with identified data subjects, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category includes:
-
Technical cookies
-
Browser used (only in the case of website usage)
These data are used solely to obtain anonymous statistical information on website usage and to ensure its proper functioning, and are deleted immediately after processing.
Data Voluntarily Provided by the User
Without prejudice to the above regarding browsing data, the Authority may acquire personal data voluntarily provided by the user in order to submit requests, subscribe to newsletters, or generally make use of the services offered.
This category includes:
-
Personal identification data: name, surname, tax code
-
Contact details (residential address, geographic location, email address, telephone number)
-
Data voluntarily provided by the user
-
Data required for the submission of online applications as provided for by laws or regulations of the Authority
The processing of data provided by the user will be carried out in compliance with the purposes and methods set out in this Privacy Policy.
Third-Party Cookies
This category includes features developed by third parties and integrated into the website pages, but not directly managed by the Authority.
The website may integrate services provided by third parties (e.g. video streaming services, social media sharing). No personal data are transferred to third parties prior to the use of such services. For information regarding the processing of personal data carried out by the operators of social media platforms and video streaming services, users are referred to the respective privacy policies of those third parties.
Processing Methods
The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data, as detailed in the section “Technical and Organizational Security Measures for Data Protection”.
Data processing is carried out using electronic and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated.
Processing is carried out by personnel directly employed by the Data Controller and/or by natural or legal persons specifically appointed as authorized processors or data processors.
Legal Basis and Purpose of Processing for the Provision of Requested Services
The data referred to in the section “Data Voluntarily Provided by the User” are processed exclusively to respond to requests and provide the services the user intends to use.
Where the lawfulness of processing is based on the user’s consent, such consent is obtained through a positive action by which the data subject freely, specifically, knowingly, and unequivocally indicates acceptance of the processing of personal data relating to them.
Unless otherwise specified, all requested data are necessary for the performance of the requested service.
Where a service indicates that certain data are optional, users may choose not to provide such data without any consequences on the availability or functionality of the service.
Users who have doubts as to which data are mandatory are encouraged to contact the Data Controller.
Any use of geolocation tools by the user, unless otherwise specified, is intended solely to provide the requested service and the additional purposes described in this document.
In any case, user location tracking is not provided; geolocation features are activated exclusively to populate the “address” field in forms where required.
The user assumes responsibility for any personal data of third parties obtained, published, or shared through the services provided by the Data Controller and guarantees having the right to communicate or disseminate such data, releasing the Data Controller from any liability towards third parties.
Data Subjects
The recipients of the processing are all users of the website or services made available through it, in accordance with applicable laws and Regulation (EU) 2016/679.
Data Retention Period
Data are processed and stored for the time required to fulfill the purposes for which they were collected. In particular:
-
Personal data collected for compliance with legal or regulatory obligations are retained until such obligations have been fulfilled, within the time limits set by the relevant legislation.
-
Data processed on the basis of the user’s informed consent are retained for a maximum period of two years, unless consent is withdrawn earlier. The data subject has the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
At the end of the retention period, personal data are deleted. After this period, the rights of access, deletion, rectification, and data portability can no longer be exercised.
Data Communication and Transfer
The data provided will not be disclosed or shared with third parties, except for parties authorized by law or competent authorities, and for external parties involved by the Data Controller in the performance of activities instrumental or ancillary to the services offered (such as software providers, web applications, and data storage services), appointed as data processors.
No transfer of data outside the European Economic Area is envisaged.
For further information, data subjects may contact the Data Controller.
Data Processors
The Data Controller has appointed Sistema 3 srl, with registered office at Via Giovan Battista Velluti no. 96, 62100 Macerata (MC), as Data Processor pursuant to Article 28 of Regulation (EU) 2016/679.
The supplier, in its role as Data Processor, has committed to comply with Article 28 of Regulation (EU) 2016/679 and with the instructions provided by the Data Controller.
The Data Processor may engage digital partners as sub-processors (such as website developers). Such parties are subject, through contractual agreements or other legal acts, to the same data protection obligations and adequate technical and organizational measures required by the Regulation.
Rights of Data Subjects
In accordance with applicable European and national data protection laws, data subjects have the right to:
-
obtain confirmation as to whether personal data concerning them exist and access such data;
-
request communication and/or transfer of their data to another data controller;
-
request rectification or updating of inaccurate or incomplete personal data;
-
request deletion and/or restriction of processing of personal data that are no longer necessary for the stated purposes or once the retention period has expired.
In particular, data subjects are entitled to the rights set out in Articles:
-
15 – Right of access
-
16 – Right to rectification
-
17 – Right to erasure
-
18 – Right to restriction of processing
-
20 – Right to data portability
These rights may be exercised by contacting the Data Controller using the details provided above, or by contacting the Data Protection Officer.
Data subjects also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
Technical and Organizational Security Measures for Data Protection
The website provider has adopted appropriate technical and organizational security measures pursuant to Article 32 of the GDPR, ensuring:
-
ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
-
the ability to restore availability and access to personal data promptly in the event of a physical or technical incident;
-
regular testing, verification, and evaluation of the effectiveness of security measures, also based on risk assessments.
Amendments to This Privacy Policy
The Data Controller reserves the right to modify this Privacy Policy at any time by notifying users through this platform.
Where changes concern processing activities based on user consent, the Data Controller will obtain renewed consent where required.
Use of Personal Data for Legal Defense or Upon Request by Authorities
The Data Controller may use users’ personal data in legal proceedings or preparatory phases thereof to defend against misuse of the website or related services.
Users acknowledge that the Data Controller may be required to disclose personal data upon request by public authorities.
Specific Privacy Notices
Upon request, the Data Controller may provide additional and contextual privacy notices relating to specific services, in addition to the information contained in this Policy.
System Log Registration for Technical Support and Maintenance
To ensure proper functioning and maintenance, the website and related third-party services may record system logs documenting interactions, which may include personal data such as the user’s IP address.