Privacy and Cookies Policy
Privacy and Cookies Policy
INFORMATION NOTICE PURSUANT TO ARTICLE 13 OF LEGISLATIVE DECREE 30.6.2003 NO. 196 AND GDPR – EU REGULATION 2016/679 ON PRIVACY.
Object of the Information Notice
The purpose of this Information Notice is the processing of personal data of users visiting the website www.goldenharmonywellness.com. The Information is provided pursuant to art. 13 of Legislative Decree no. 196/2003 (Personal Data Protection Code), the Order of the Guarantor for the Protection of Personal Data of 8 May 2014, no. 229, and the new GDPR, i.e. the EU Regulation 2016/679 on Privacy. The Information is provided only for the website www.goldenharmonywellness.com and not for other websites that may be consulted by the user via links on the aforementioned site over which the Data Controller has no control and assumes no responsibility. The Data Controller is not responsible for the processing of personal data carried out independently by these sites. In this regard, the user is invited to read the privacy notices provided by each site.
Controller’s name and address
Controller for the purposes of the General Data Protection Regulation (GDPR) is Mirko Beccaceci, (email: info@goldenharmonywellness.com) whom any user may contact in order to exercise his or her rights under Article 7 of Legislative Decree No. 196/2003 and the EU Privacy Regulation 2016/679. Any interested person may, at any time, directly contact our data protection officer with all questions and suggestions regarding data protection.
Name and address of the data protection officer
The data protection officer for www.goldenharmonywellness.com is Mirko Beccaceci, e-mail: info@goldenharmonywellness.com
Navigation data
The computer systems and software procedures used to operate Goldenharmonywellness.com acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with specific users, but by its very nature could, through processing and association with other data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. Anonymously collected data and information are statistically analysed in order to increase the data protection and data security of our company and to guarantee an optimal level of protection for the personal data processed. The anonymous data in the server log files are stored separately from all personal data provided by a data subject. The data could be used to ascertain liability in the event of hypothetical computer crimes against the site.
Disclaimer
The Material and contents presented on the site have been carefully screened and analysed, and have been prepared with the maximum care. However, errors, inaccuracies and omissions are possible. Goldenharmonywellness.com disclaims any liability, direct or indirect, towards users and in general towards any third party, for errors, omissions, delays, inaccuracies that may be present on the site, for damages (direct, indirect, consequential, punishable and sanctionable) resulting from the aforementioned contents. This Site may contain links to other Internet sites; these are not under the control of Goldenharmonywellness.com and you acknowledge that Goldenharmonywellness.com is not responsible for the accuracy, copyright compliance, legality, morality or any other aspect of the content of such sites. The inclusion of any link does not imply endorsement or approval of any site by Goldenharmonywellness.com or the existence of any association between Goldenharmonywellness.com and the operators of such site.
Routine deletion and blocking of personal data
The controller processes and stores the personal data of the data subject only for the period necessary to achieve the archiving purpose, or insofar as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject. If the archiving purpose is not applicable or if a retention period prescribed by the European legislator or another competent legislator expires, the personal data is regularly blocked or deleted in accordance with legal requirements.
Contact possibilities via the website
Our website contains information that enables quick electronic contact with our company, as well as direct communication with us, which also includes a general address for so-called e-mail (info@goldenharmonywellness.com). If a data subject contacts us by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. These personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purpose of processing or contacting the data subject. There is no transfer of these personal data to third parties.
Use of cookies
In order to make the site work more efficiently and to enable certain functionalities, our website makes use of cookies. When you visit the site a small amount of information is placed on your device, small text files called “cookies”, which are saved in the directory of your web browser. There are various types of cookies. Below are the types of cookies that may be used on the site with a description of the purpose of their use. The Owner through the site directly installs only technical and analytical cookies aimed at optimising the operation of the site. The Owner’s site makes use of “Google AdSense”, which involves the installation of profiling cookies, as illustrated below.
Profiling cookies
Google installs visitor profiling cookies through the site, which are used for the purpose of displaying ‘personalised’ advertising banners according to the preferences and interests expressed by the user in online activities and navigation.
Technical cookies
Cookies of this type are necessary for the proper functioning of certain areas of the site. Cookies in this category include both persistent cookies and session cookies. Without these cookies, the site or certain portions of it may not function properly. Therefore, they are always used, regardless of the user’s preferences. Cookies in this category are always sent from the Owner’s domain.
Profiling cookies
Google installs visitor profiling cookies through the site, which are used for the purpose of displaying ‘personalised’ advertising banners according to the preferences and interests expressed by the user in online activities and navigation.
Technical cookies
Analytical cookies
Cookies of this type are used to collect information on the use of the site. The Owner uses this information for statistical analysis, to improve the site and simplify its use, as well as to monitor its correct functioning. This type of cookie collects information in an anonymous form on users’ activity on the site and on how they arrived at the Site and the pages they visited. Cookies in this category are sent from the site itself or from domains of the following third parties.
Third Party Cookies
Through the site other parties other than the Owner and completely independent from it (“Third Parties”) may install cookies. The Third Parties’ cookies are installed directly by the Third Parties, they are not read by the Owner who therefore has limited knowledge and control over said cookies, the data processed and the methods of processing by the Third Parties. Such cookies may include profiling cookies, which are defined as cookies (“aimed at creating profiles relating to the user that are used in order to send advertising messages in line with the preferences expressed by the user when surfing the web”) Below we indicate the Third Parties that may install cookies through the site, specifying the links of each Third Party to the pages containing their respective privacy protection rules. All users are invited to go to the websites of third parties to view their cookies, with the express warning that if the user does not do so and continues to browse the site, unless the user has disabled cookies according to the instructions below, the third parties will automatically install their respective cookies. Furthermore, it is possible for the user to change cookie preferences at any time. You can also disable cookies from your browser at any time, but this may prevent you from using certain parts of the site. Most browsers are configured to accept, control or possibly disable cookies through their settings.
Conveyed through Google AdSense (click here)
Youtube (click here)
How to disable cookies
The Owner reminds the User that it is possible to change cookie preferences at any time. It is also possible to disable cookies from the browser at any time, but this operation may prevent the User from using certain parts of the Site. You may object to the recording of persistent cookies on your hard disk by configuring your browser to disable cookies. Most browsers are configured to accept, control or possibly disable cookies through their settings. Below is the path to follow to manage cookies from the following browsers: Internet Explorer: how to manage cookies (click here) Safari: how to manage cookies (click here) Chrome: how to manage cookies (click here) Firefox: how to manage cookies (click here) For more information on cookies and to manage your preferences on third party cookies please also visit the following links: http://www.youronlinechoices.com/it/le-tue-scelte
Rights of the data subject
a) Right to confirmation
Every data subject has the right conferred by the European legislator to obtain from the controller confirmation as to whether or not personal data concerning him or her exist. If a data subject wishes to avail himself/herself of this right of confirmation, he/she may, at any time, contact the data controller of our website.
b) Right of access
Every data subject has the right conferred by the European legislator to obtain from the controller, free of charge, information on his stored personal data at any time and a copy of that information. Furthermore, European directives and regulations grant the data subject access to the following information
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the expected period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller the rectification or erasure of personal data, or the restriction of the processing of personal data relating to the data subject, or to object to such processing
the existence of the right to lodge a complaint with the supervisory authority;
where personal data are not collected from the data subject, any information available on their source;
the existence of automated decision-making processes, including profiling, as referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and expected consequences of such processing for the data subject.
Furthermore, the data subject has the right to obtain information on the transfer of personal data to a third country or international organisation. In such a case, the data subject has the right to be informed of the appropriate safeguards relating to the transfer. If a data subject wishes to make use of this right of access, he or she may, at any time, contact the personal data controller of our website.
c) Right of rectification
Every data subject has the right conferred by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him/her. Taking into account the purposes of the processing, the data subject has the right to complete incomplete personal data, including by submitting a supplementary declaration. If a data subject wishes to exercise this right of rectification, he or she may, at any time, contact the personal data controller of our website.
d) Right to erasure (right to be forgotten)
Every data subject shall have the right conferred by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall be obliged to erase the personal data without undue delay if one of the following grounds applies, provided that the processing is not necessary:
Personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
The data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) of the GDPR, or Article 9(2)(a) of the GDPR, and where there is no other lawful basis for the processing.
The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there is no legitimate ground for the processing or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
Personal data has been processed unlawfully.
Personal data must be erased in order to comply with a legal obligation in Union or Member State law to which the controller is subject. Personal data has been collected in connection with the provision of information society services as referred to in Article 8(1) of the GDPR.
If one of the aforementioned grounds applies and the data subject wishes to request the erasure of personal data stored by our website, he or she may, at any time, contact the data controller of our website, who shall promptly ensure that the erasure request is complied with immediately. Where the controller has disclosed personal data to the public and is obliged under Article 17(1) to erase the personal data, the controller shall, taking into account available technology and the costs of implementation, take reasonable steps, including technical measures, to inform other controllers of personal data that the data subject has requested the erasure by such controllers of any links, copies or replications of such personal data, to the extent that processing is not required. The personal data controller of our site will take the necessary measures in individual cases.
e) Right to restriction of processing
Every data subject has the right, granted by the European legislator, to obtain from the controller the restriction of processing if one of the following conditions applies:
The accuracy of the personal data is contested by the data subject, for a period allowing the controller to verify the accuracy of the personal data. The processing is unlawful and the data subject objects to the deletion of the personal data and instead requests the restriction of its use. The controller no longer needs the personal data for the purposes of the processing, but is required by the data subject for the establishment, exercise or defence of legal claims. The data subject has objected to the processing pursuant to Article 21(1) of the GDPR pending verification that the legitimate grounds of the controller outweigh those of the data subject. If one of the above conditions is met and the data subject wishes to request the restriction of the processing of personal data stored by our website, he or she may at any time contact the Data Protection Officer, who will arrange the restriction of the processing.
f) Right to data portability
Every data subject has the right, recognised by the European legislator, to receive personal data concerning him or her that has been provided to a controller in a structured, commonly used and machine-readable format. He or she has the right to transmit such data to another controller without hindrance to the controller to whom the personal data were provided, provided that the processing is based on the consent referred to in Article 6(1)(a) of the GDPR or point (a) of Article 9(2) of the GDPR, or a contract within the meaning of Article 6(1)(b) of the GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, in exercising his or her right to data portability under Article 20(1) of the GDPR, the data subject has the right to transmit personal data directly from one controller to another, where technically feasible and in doing so not adversely affect the rights and freedoms of others. To assert the right to data portability, the data subject may at any time contact the data controller of our website.
g) Right to object
Every data subject has the right, recognised by the European legislator, to object, on grounds relating to his or her particular situation, at any time, to the processing of personal data concerning him or her, which is based on point (e) or (f) ) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions. The website will no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. If our website processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing. This applies to profiling insofar as it is related to such direct marketing. If the data subject submits personal data to www.goldenharmonywellness.com for processing for direct marketing purposes, www.goldenharmonywellness.com will no longer process the personal data for these purposes. In addition, the data subject shall have the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her for scientific or historical research purposes, or statistical purposes pursuant to Article 89 ( 1) of the GDPR, unless the processing is necessary for the performance of an activity carried out for reasons of public interest. To exercise the right to object, the data subject may contact the Data Protection Officer of www.goldenharmonywellness.com. In addition, the data subject is free in the context of the use of information society services and, by way of derogation from Directive 2002/58/EC, to make use of his or her right to object by automated means using the technical specifications.
h) Automated individual decision-making, including profiling
Every data subject has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her, or significantly affects him or her, provided that the decision (1) is not necessary for entering into or performing a contract between the data subject and a data controller or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down appropriate measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent. If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is based on the data subject’s explicit consent, our website implements suitable measures to safeguard the data subject’s rights and freedoms and the data subject’s legitimate interests, at least the right to obtain human intervention on the part of the data controller, to express his or her point of view and to contest the decision. If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact the data controller of our website.
i) Right to withdraw data protection consent
Every data subject has the right, granted by the European legislator, to withdraw their consent to the processing of their personal data at any time. If the data subject wishes to exercise his or her right to withdraw consent, he or she may, at any time, contact the Data Protection Officer of our website.
Data protection for applications and application procedures
The data controller collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing may also be carried out electronically. This is the case, in particular, if an applicant sends the corresponding application documents by e-mail or via a web form on the website to the controller. If the controller concludes an employment contract with an applicant, the data sent will be stored for the purpose of processing the employment relationship in accordance with legal requirements. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted two months after the notification of the rejection decision, provided that no other legitimate interest of the controller is against the deletion. Another legitimate interest in this relationship is e.g. a burden of proof in a procedure under the General Equal Treatment Act (AGG).
Data protection provisions concerning the application and use of Facebook
On this website, the controller has integrated components of the company Facebook. Facebook is a social network. A social network is a place for social encounters on the Internet, an online community, which usually enables users to communicate with each other and interact in a virtual space. A social network can act as a platform for exchanging opinions and experiences or allow the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos and network through friend requests. The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a person lives outside the USA or Canada, the controller is Facebook IrelandLtd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. With each call to one of the individual pages of this website, which is operated by the controller and in which a Facebook component (Facebook plug-in) is integrated, the web browser on the computer system of the person concerned is automatically prompted to download the display of the corresponding Facebook component. An overview of all Facebook plug-ins can be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is aware of which specific sub-site of our website was visited by the person concerned. If the person concerned is logged into Facebook at the same time, Facebook records each call to our website by the person concerned – and for the entire duration of his or her stay on our website – which specific sub-site of our website the person concerned visited. This information is collected via the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the “Like” button, or if the data subject submits a comment, Facebook matches this information with the data subject’s personal Facebook account and stores the personal data. Facebook always receives information about a visit to our website by the data subject via the Facebook component, every time the data subject logs on to Facebook at the same time during the call-up period to our website. This occurs regardless of whether the data subject has clicked on the Facebook component or not. If such a transmission of information to Facebook is undesirable for the data subject, then it is possible that this will prevent him/her from logging out of his/her Facebook account before a call to our website is made. The data protection guideline published by Facebook, available at https://facebook.com/about/privacy/, provides information on the collection, processing and use of personal data by Facebook. In addition, it explains the setting options offered by Facebook to protect the privacy of the data subject. In addition, various configuration options are available to enable the deletion of data transmission to Facebook. These applications can be used by the data subject to delete a data transmission to Facebook.
Data protection provisions concerning the application and use of Google AdSense.
On this website, the controller has integrated Google AdSense. Google AdSense is an online service that enables the placement of advertisements on third-party sites. Google AdSense is based on an algorithm that selects advertisements displayed on third-party sites to match the content of the respective third-party site. Google AdSense allows for interest-based targeting of Internet users, which is implemented by generating individual user profiles. The operating company of the Google AdSense component is AlphabetInc., 1600 AmphitheatrePkwy, Mountain View, CA 94043-1351, USA. The purpose of the Google AdSense component is the integration of advertisements on our website. Google AdSense places a cookie on the data subject’s computer system. The definition of a cookie is explained above. By setting a cookie, AlphabetInc. is enabled to analyse the use of our website. Each time you call up one of the individual pages of this website, which is operated by the controller and in which a Google AdSense component is integrated, the Internet browser on the information technology system of the person concerned will automatically send data via the Google AdSense component for the purpose of online advertising and commission settlement to AlphabetInc. . In the course of this technical procedure, the company AlphabetInc. acquires knowledge of personal data, such as the IP address of the data subject, which serves Alphabet Inc., among other things, to understand the origin of visitors and clicks and subsequently create commission agreements. The data subject may, as mentioned above, prevent the setting of cookies via our website at any time by means of a corresponding adjustment to the web browser used, and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent AlphabetInc. from setting a cookie on the data subject’s computer system. Furthermore, cookies already in use by AlphabetInc. can be deleted at any time via a web browser or other software programs. In addition, Google AdSense also uses so-called tracking pixels. A tracking pixel is a thumbnail graphic embedded in web pages to enable the recording of a log file and an analysis of the log files through which a statistical analysis can be performed. On the basis of the embedded tracking pixels, AlphabetInc. is able to determine whether and when a website was opened by a data subject and which links were clicked by the data subject. Tracking pixels serve, among other things, to analyse the flow of visitors to a website. Through Google AdSense, personal data and information, which also includes the IP address and is necessary for the collection and accounting of the displayed advertisements, is transmitted to AlphabetInc. in the United States of America. This personal data will be stored and processed in the United States of America. The AlphabetInc. may disclose the personal data collected through this technical procedure to third parties. Google AdSense is further explained under the following link https://www.google.com/intl/it/adsense/start/
Data protection provisions concerning the application and use of Google Analytics (with anonymiser function)
On this website, the controller has integrated the Google Analytics component (with anonymizer function). Google Analytics is a web analysis service. Web analytics is the collection, collation and analysis of data on the behaviour of visitors to websites. A web analysis service collects, among other things, data on which website a person came from (so-called referrer), which sub pages were visited, or how often and for what duration a sub page was viewed. Web data analysis is mainly used to optimise a website and to perform a cost-benefit analysis of Internet advertising. The operator of the Google Analytics component is Google Inc., 1600 AmphitheatrePkwy, Mountain View, CA 94043-1351, USA. For web analysis via Google Analytics, the controller uses the application ‘_gat. _anonymizeIp’. With this application, the IP address of the Internet connection of the person concerned is shortened by Google and made anonymous when accessing our websites from a Member State of the European Union or another State party to the Agreement on the European Economic Area. The purpose of the Google Analytics component is to analyse traffic on our website. Google uses the collected data and information, among other things, to evaluate the use of our website and to provide online reports, which show the activities on our websites and to provide other services related to the use of our website for us. Google Analytics places a cookie on the data subject’s computer system. The definition of a cookie is explained above. By setting a cookie, Google is enabled to analyse the use of our website. Each time a call is made to an individual page of this website, which is operated by the controller and in which a Google Analytics component has been integrated, the Internet browser on the computer system of the person concerned will automatically send data via the Google Analytics component for the purpose of online advertising and commission settlement to Google. In the course of this technical procedure, Google acquires knowledge of personal information, such as the IP address of the data subject, which provides Google with, among other things, an understanding of the origin of visitors and clicks and subsequently the creation of commission settlements. The cookie is used to store personal information, such as access time, the location from which the access was made and the frequency of visits to our website by the person concerned. With each visit to our website, this personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer this personal data collected through the technical procedure to third parties. The data subject may, as stated above, prevent the setting of cookies via our website at any time by means of a corresponding adjustment to the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would prevent Google Analytics from setting a cookie on the data subject’s computer system. (In addition, cookies already in use by Google Analytics can be deleted at any time via a web browser or other software program. In addition, the data subject has the opportunity to object to the collection of data that is generated by Google Analytics, which is linked to the use of this website, as well as the processing of this data by Google and the possibility of precluding them . For this purpose, the person concerned must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on indicates to Google Analytics via a JavaScript that data and information on page visits may not be transmitted to Google Analytics. The installation of browser add-ons is considered an objection by Google. If the data subject’s computer system is subsequently deleted, formatted or newly installed, the data subject must reinstall the browser add-ons in order to disable Google Analytics. If the browser add-on has been uninstalled by the data subject or any other person who is attributable to the data subject or is disabled, the browser add-ons can be reinstalled or reactivated. Further information and the applicable data protection provisions of Google can be found at https://www.google.com/intl/it/policies/privacy/ and at https://www.google.com/analytics/terms/it.html Google Analytics is further explained under the following link https://www.google.com/analytics/
Data protection provisions concerning the application and use of Twitter
On this website, the controller has integrated Twitter components. Twitter is a publicly accessible multilingual microblogging service on which users can publish and disseminate so-called ‘tweets’, i.e. short messages, which are limited to 140 characters. These short messages are available to everyone, including those who are not connected to Twitter. Tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. In addition, Twitter allows you to address a large audience via hashtags, links or retweets. The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES. With each call to an individual page of this website, which is operated by the controller and on which a Twitter component (Twitter button) has been integrated, the Internet browser on the computer system of the person concerned is automatically requested to download a display of the corresponding Twitter component. Further information on Twitter buttons can be found at https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter gains knowledge of which specific subpage of our website was visited by the person concerned. The purpose of the integration of the Twitter component is the retransmission of the contents of this website to enable our users to present this website to the digital world and increase the number of visitors. If the person concerned is logged in at the same time on Twitter, Twitter records every call to our website by the person concerned and for the entire duration of his or her stay on our website, which was subject to a specific subpage of our website. visited by the person concerned. This information is collected via the Twitter component and associated with the respective Twitter account of the person concerned. If the data subject clicks one of the integrated Twitter buttons on our website, Twitter assigns this information to the personal Twitter user account of the data subject and stores the personal data. Twitter receives information via the Twitter component that the data subject has visited our website, provided that the data subject is logged into Twitter at the time of the call to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is undesirable for the person concerned, this may prevent them from logging out of their Twitter account before a call to our website is made. The applicable data protection provisions of Twitter can be accessed at https://twitter.com/privacy?lang=it.
Data protection provisions relating to the application and use of YouTube
On this website, the controller has integrated YouTube components. YouTube is a video portal on the Internet that allows video publishers to set up video clips and other users to watch, review and comment on them free of charge. YouTube allows you to publish all kinds of videos, so you can access both full films and TV broadcasts, as well as music videos, trailers and user-made videos via the Internet portal. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. YouTube, LLC is a subsidiary of Google Inc., 1600 AmphitheatrePkwy, Mountain View, CA 94043-1351, UNITED STATES. With each call to an individual page of this website, which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the computer system of the person concerned is automatically requested to download a display of the corresponding YouTube component. Further information about YouTube can be obtained under https://www.youtube.com/intl/it/yt/about/ In the course of this technical procedure, YouTube and Google acquire knowledge of the specific subpage of our website visited by the data subject. If the data subject has logged onto YouTube, YouTube recognises with each call to a subpage containing a YouTube video which specific subpage of our website was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject. YouTube and Google will receive information via the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged into YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such transmission of this information to YouTube and Google is undesirable for the data subject, delivery may be prevented if the data subject logs out of their YouTube account before a call to our website is made. YouTube’s data protection provisions, available at https://support.google.com/youtube/answer/2801895?hl=it provide information on the collection, processing and use of personal data by YouTube and Google.
Legal Basis for Processing
Article 6 (1). The GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, such as when the processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6 (1) lit. b GDPR. The same applies to processing operations that are necessary for the execution of pre-contractual measures, such as in the case of requests relating to our products or services. Our company is subject to the legal obligation to process personal data, e.g. for the fulfilment of tax obligations, the processing is based on Art. 6 (1) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor was injured on our premises and their name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Article 6 (1) GDPR. Finally, processing operations could be based on Article 6 (1) lit. f GDPR. This legal basis is used for processing operations that are not covered by any of the above-mentioned legal grounds, if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where those interests are outweighed by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data. Such processing operations are particularly permissible because they were expressly mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2, GDPR).
Period of retention of personal data
The criteria used to determine the retention period for personal data are the respective statutory retention periods. After the expiry of this period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment of the contract or the commencement of a contract.
Provision of personal data as a legal or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide personal data; Possible consequences of not providing personal data
We clarify that the provision of personal data is in part required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information about the contractual partner). Sometimes it may be necessary to enter into a contract that the data subject provides personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company enters into a contract with him or her. Failure to provide personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is supplied by the data subject, the data subject must contact the Data Protection Officer. He or she will be able to clarify to the data subject whether the provision of personal data is required by law or by the contract or is necessary for the conclusion of the contract, whether there is an obligation to provide personal data, and the consequences of not providing personal data.
Existence of automated decision-making processes
As a responsible company, we do not use automated decision-making or profiling.
