Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA of “cattolicawelcome.it”
Pursuant to Articles 13 and 14 of the EU Regulation 2016/679 – “GDPR”

WHO WE ARE
DATA CONTROLLER:
Headquarters: Comune di Cattolica – Piazza Roosevelt 7 – Cattolica
Certified email: protocollo@comunecattolica.legalmailpa.it
Website: www.cattolica.net

DATA PROTECTION OFFICER
dpo@morolabs.it

WHAT IS THE PURPOSE OF THE TREATMENT?

In compliance with Regulation (EU) 2016/679 “GDPR” relating to the processing of personal data and their free circulation and with Legislative Decree 196/2003 and subsequent amendments “Code regarding the protection of personal data”, we inform you, as the “data subject”, on the methods of use of your personal data by the Municipality of Cattolica, so as to guarantee correct, lawful and transparent processing in compliance with the principles placed to protect your personal rights and freedoms. The data processing is aimed at carrying out the following activities:

  1. promotion of the territory and cultural tourist activities organized in the city of Cattolica through the “cattolicawelcome.it” platform with which holidaymakers or visitors can acquire information or, where available, make use of concessions and discounts, for example for participation in events communicated from time to time through the platform itself; this activity includes related contractual, administrative, fiscal and accounting purposes as well as the statistics of use of the platform and the evaluation of the quality of the services provided, the management of complaints and, finally, the response to requests for information forwarded or otherwise required by law.
  2. promotional purposes, following membership through registration to the “cattolicawelcome.it” community through automated contact methods (e.g., text messages, e-mail, instant messaging) and traditional methods (e.g., telephone calls with an operator and traditional mail) for send advertising material, newsletters, communications relating to further events organized by the Data Controller also in the future.

If the need arises to pursue further purposes of processing your data, which have not been indicated in this information, we will inform you in advance about the new processing methods.

 

ON WHAT LEGAL BASIS DO WE PROCESS THE DATA? 

The legal bases vary depending on the objectives pursued indicated above, therefore, in reference to the points indicated above, respectively:

  1. pursuant to art. 6 GDPR, letter. e) the processing is necessary for the execution of a task of public interest or connected to the exercise of public powers vested in the data controller.
  2. pursuant to art. 6 GDPR letter. a) the data subject has expressed consent to the processing of their personal data and pursuant to art. 6 GDPR, letter. b) and c) the processing is necessary for the execution of a contract of which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the same, as well as to fulfil the legal obligations to which the data controller is subject.

WHO DO WE COLLECT THE DATA FROM?

We always collect personal data directly from data subject, during the registration phases via the forms available on the web.

 

WHICH CATEGORIES OF DATA DO WE PROCESS?

For the processing activities indicated above, only common personal data are required, such as identification, personal details, residence and contact details. The provision of personal data is a necessary requirement to be able to use our services, so any refusal to provide them, in whole or in part, may make it impossible to use the service itself. For processing connected to the purposes referred to in letter b), the provision of data is optional and always revocable by submitting a specific request to the Data Controller.

 

Web browsing data

Internet communication protocols provide for the implicit transmission of some personal data, acquired by the IT systems and software platforms used for the operation of the websites and application platforms of the Municipality of Cattolica. These are:

  • IP addresses or domain names of computers and terminals used by visitors.
  • addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources.
  • day and time of the request, method used to submit the request to the server.
  • size of the file obtained in response.
  • numerical code indicating the status of the response given by the server (successful, error, etc.).
  • other parameters relating to the operating system and the user’s IT environment.

Furthermore, the processing of such data which occurs automatically for the sole purpose of verifying the correct functioning of the services provided, as well as for IT security reasons, allows us to:

  • check the correct functioning of the systems and platforms as well as the above services offered.
  • carry out statistical reports on the use and performance of the services offered (most visited pages, visitors by time slot or day, geographical areas of origin, etc.).

The data relating to navigation have a retention time of less than seven days (unless there is a need for the judicial authorities to ascertain crimes).

 

Data communicated by the user

In general, the websites or application platforms of the Municipality of Cattolica include the possibility of direct interaction with the staff dedicated to the services provided or involved in managing the platforms, for example via e-mail. Except for services conditional on registration on the platforms, where failure to communicate inhibits the possibility of accessing the services, the sending of personal data is optional, explicit, and voluntary.

Compiling and submitting the booking or support request forms, registering on the platform or, where applicable, authentication with SPID/CIE entail the acquisition of the sender’s contact details as well as the contents included in the communications respectively for the booking or reply to functionality. In some cases, a so-called “progressive” information is provided where a short information is indicated which illustrates the specific processing methods carried out to provide certain services with a reference to a complete information.

 

Cookies and other tracking systems

In compliance with the municipal administration’s policy on the protection of personal data, NO cookies, calls to third parties or other tracking systems are used, which can be used by the Municipality of Cattolica or by third parties for the profiling of visitors to the Platform; only technical or session cookies are used (therefore not persistent), limited to what is necessary for safe and efficient navigation. Statistical analyses of users’ browsing are carried out in a completely anonymous way if only technical or more personalized cookies are selected, also in order to provide a better user experience if the other options available in the cookie banner and relating to preferences are also accepted, statistics and marketing; some activities functional to the improvement of services are carried out with only pseudonymized data, so as not to trace back to individual visitors or users of the Platform. The following information is collected:

  • visitor’s IP address (with anonymization of the fourth octet of the calling IP address in the case of selection of only technical cookies).
  • operating system and the type of browser used by the visitor.
  • type of device (PC, smartphone, etc.) used by the visitor.

 

Processing of personal data carried out by the social media used by the Municipality of Cattolica

The policy of the Municipality of Cattolica limits the use of social media only to dissemination, awareness and information activities related to topics of interest and the services provided. In relation to the processing of personal data carried out by the managers of the individual social media platforms used by the Municipality of Cattolica, or by their own staff, please refer to the information provided through the privacy policies published on the respective platforms. The processing of personal data carried out in these areas is aimed exclusively at interactions with users (comments, public posts, etc.), in compliance with the regulations on the protection of personal data.

 

Service / 

Activities

Personal data acquired

Legal basis /

condition of lawfulness

consultation of the contents of the website or platforms.

IP address of origin

legitimate interest of the Data Controller to carry out processing relating to the purposes of protecting company assets and IT security.

requests for contact and/or sending information material.

name, e-mail, telephone contacts

fulfilment of the services related to the request for registration, information and contact and/or sending information material, contract.

Subscribe to the newsletter.

name, email

consent given by the interested party prior to the processing itself and freely revocable at any time.

promotional activities on Services/Products like those acquired by the data subject (Recital 47 – GDPR)

name, e-mail, telephone contacts

Unless objected by the data subject and without specific consent, the Data Controller may use the contact details communicated by the interested party for the purpose of proposing direct sales of its own Services/Products like those previously acquired by the data subject.

commercial promotion activities on Services/ Products different from those acquired by the data subject

name, e-mail, telephone contacts

Consent of the interested party given before the start of the processing.

management of the contractual relationship

personal data and references

fulfilment of the services connected to the contractual relationship and compliance with legal obligations.

 

TO WHOM DO WE COMMUNICATE PERSONAL DATA? 

The data are processed at the registered and operational headquarters of the Data Controller and in any other place where the parties involved in the processing can be located. Your personal data may be communicated to public bodies and institutions in charge, in order to comply with the obligations established by laws and regulations, as well as to companies that will provide the goods or services requested by the interested party and which will manage the personal data as independent data controllers, starting from the necessary validity checks; as well as they may be communicated to external companies that carry out outsourced activities on our behalf, in their capacity as data processor. These data processors are previously accredited by us and authorized to process the data exclusively for the specific purposes, including the correct management of the contractual relationship established between the parties.

 

HOW DO WE PROCESS DATA?

Your personal data will be processed by the Municipality of Cattolica using digital systems. Only personnel authorized by the Data Controller will be able to access your data to carry out processing or system maintenance operations. We adopt all technical and organizational measures useful to avoid problems of unauthorized access, disclosure, modification, or destruction.

These measures have been reported within our privacy management system, which allows us to maintain constant protection monitoring of the data processed, as well as continuous adaptation of procedures based on the evolving of the organization. 

No automated decision-making processes, including profiling, are carried out.

 

ARE THE DATA TRANSFERRED TO NON-EU COUNTRIES?

Your data will not be transferred to countries not belonging to the European Union and/or with personal data protection regulations not aligned with the EU Regulation 2016/679, in compliance with the articles 44 et seq. GDPR; furthermore, they will not be subject to any dissemination or communication by us to unauthorized third parties or for purposes other than those reported in this information.

 

HOW LONG DO WE KEEP THE DATA?

The data collected for purposes related to the execution of a contract between the Data Controller Owner and the user (Data subject) will be retained until the execution of this contract and the related obligations are completed. Personal data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until such interest is satisfied. When the processing is based on the user’s consent, the Data Controller may retain personal data for longer, until such consent is revoked. Furthermore, the Data Controller may be obliged to retain the data for a longer period in compliance with a legal obligation or by order of an authority. At the end of the retention period, the personal data will be deleted.

 

WHAT ARE YOUR RIGHTS?

 The Data subject has the right to ask the Data Controller for access to personal data and the rectification or cancellation of the same or the limitation of the processing that concerns him or to oppose their processing, in addition to the right to data portability, pursuant to of the GDPR and, therefore, at any time you can request a digital copy of the same or automatic transfer to other companies. In the cases provided for, you can also oppose or revoke the consent given, within the limits set by the articles 23 GDPR, 2-undecies and 2-duodecies Italian D.lgs. 196/2003. 

The Data subject has the right to lodge a complaint before the Italian “Garante per la protezione dei dati personali” or other supervisory authority. To exercise these rights or to obtain information on their content, we invite you to send a request via email to the address of the Data Protection Officer indicated above.

 

UPDATES

The Information is the tool provided for by the Regulation to apply the principle of transparency and facilitate you (data subject) in managing the information we process, and which concerns you. In case of important changes or variations in the processing purposes, you will be given prior notice through institutional communication tools.