Privacy Policy - Facebook

INFORMATION ON THE PROCESSING OF PERSONAL DATA

Pursuant to Legislative Decree 196/2003 and Regulation (EU) 2016/679 (hereinafter "GDPR"), the methods of processing of personal data of users who consult the Facebook Page of Gifal Lorenzo Monterisi SRL are described below.
This information does not concern other sites, pages or online services that can be reached via hypertext links that may be published on the page.

DATA CONTROLLER

The data controller is Gifal Lorenzo Monterisi SRL, with registered office in Via Abate Gimma n. 3/B - 70121 Bari (BA), (Email: amministrazione@gifal.it, PEC: gifal@legalmail.it, Tel.: +39 0883506636) (hereinafter “ Data Controller ” or “ Page Administrator ”) .

Joint ownership of the processing
Gifal Lorenzo Monterisi SRL and Facebook Ireland Limited , 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook Ireland ”; jointly the “Parties”) are Joint Controllers (pursuant to art. 26 of the GDPR) for the processing of personal data in events for Page Insights (“Insights Data”).
Please note that the events recorded by Facebook for the creation of Page Insights are exclusively defined by Facebook and cannot be configured, modified or otherwise influenced by Page administrators.
For other processing of personal data in relation to a Page and/or content associated with it for which there is no joint determination of the purposes and means, Facebook Ireland and the Page Administrator remain separate and independent data controllers.

For any further information, please consult:
About Page Insights: https://www.facebook.com/legal/terms/page_controller_addendum and https://www.facebook.com/legal/terms/information_about_page_insights_data .
Data Policy: https://www.facebook.com/policy .

DATA SOURCE AND TYPE OF DATA COLLECTED
- Data communicated by the user
The Data Controller collects personal data voluntarily provided by users when sending a message using the contact addresses on the page, the landline/mobile phone number or the Facebook Messenger application chat .
The optional, explicit and voluntary sending of messages through the designated channels involves the acquisition of the sender's contact data necessary to provide a response, as well as all personal data included in the communications. The data provided will be used with computer and telematic tools for the sole purpose of providing the requested service and, for this reason, will be stored exclusively for the period in which the same will be active.

- Browsing data

The Data Controller collects data relating to the use of the page by users. These may include responses, comments, interactions with published posts.

- Data from Page Insights

Page Insights are aggregate statistics created from certain events (e.g. an action or information about the action ,

person performing the action and the browsers/apps used for it) recorded by Facebook servers when people interact with

the Page and the contents associated with it.

The Page Administrator does not have access to the personal data processed in connection with events, only to aggregated Page Insights. The events used to create Page Insights do not store IP addresses, cookie IDs, or other identifiers associated with individuals or their devices, except for a Facebook user ID for individuals who are logged in to Facebook.
For more information about Page Insights: https://www.facebook.com/legal/terms/information_about_page_insights_data

PURPOSE OF THE PROCESSING

Your personal data may be processed for the following purposes:

1. Contact requests
The processing of the interested party's personal data takes place in order to carry out preliminary and consequent activities for the management of requests for information and contact and/or sending of informative material, as well as for the fulfillment of any other obligation arising ; 2. Protection of the legitimate interests of the Data Controller
The processing of personal data also occurs to manage and control risks related to IT security, prevent possible fraud, insolvency or default, understand the type of actions that users perform on their Pages, as well as to prevent and manage possible disputes or take legal action if necessary.

LEGAL BASIS FOR THE PROCESSING

With reference to the purposes indicated in the previous paragraph, the legal basis of the same is , in relation to the point:
1) execution of pre-contractual measures, relating to the services inherent to requests for information, contact and/or sending of informative material;
2) pursuit of the legitimate interest of the Data Controller.

DATA RECIPIENTS

The personal data processed by the Data Controller are not disclosed, that is, they are not disclosed to unspecified parties, in any possible form, including that of making them available or simply consulting them.

Instead, they may be communicated to workers who work for the Data Controller or to persons authorised to process data as they operate under the authority of the Data Controller. Processing by such persons will take place in consideration of the roles and work tasks performed, taking into account their respective skills and in accordance with the instructions given to them by the Data Controller. They may also be communicated to persons identified as Data Processors pursuant to art. 28 of the Regulation, who will process the data on behalf of the Data Controller.

DATA TRANSFER

Gifal Lorenzo Monterisi SRL does not transfer personal data to third countries or to international organizations.

DATA RETENTION

Unless explicitly requested to remove them, the personal data of the interested party will be retained until they are necessary with respect to the legitimate purposes for which they were collected.
 In the event that a user provides the Owner with personal data that is not requested or not necessary for the purpose of carrying out the requested service, Gifal Lorenzo Monterisi SRL cannot be considered the owner of this data and will proceed to delete it as soon as possible.

The cases in which the rights of the Owner should be asserted in court are reserved. In which case the personal data of the Interested Party, exclusively those necessary for such purposes, will be processed for the time necessary to achieve them.

RIGHTS OF THE INTERESTED PARTY

In relation to the data subject to the processing referred to in this information notice, the interested party is recognized at any time the right to:

  • ask the Data Controller for access to your personal data and information relating to them (art. 15 of the GDPR); the rectification of inaccurate data or the integration of incomplete data (art. 16 of the GDPR); the deletion of personal data concerning you (if one of the conditions indicated in art. 17, par. 1 of the GDPR occurs and in compliance with the exceptions provided for in paragraph 3 of the same article); the limitation of the processing of your personal data (if one of the hypotheses indicated in art. 18, par. 1 of the GDPR occurs);

  • request and obtain from the Data Controller - in cases where the legal basis of the processing is consent and the same is carried out by automated means - your personal data in a structured and machine-readable format, also for the purpose of communicating such data to another data controller (so-called right to portability of personal data - art. 20 of the GDPR);

  • object at any time to the processing of your personal data in the event of particular situations concerning you (art. 21 of the GDPR);

    The specific request is presented by contacting the Owner via email: amministrazione@gifal.it or PEC: gifal@legalmail.it.

    If the interested party believes that the processing of his/her data is in violation of the provisions of the Regulation, he/she can lodge a complaint with a supervisory authority (Italian Data Protection Authority - www.garanteprivacy.it or the Irish Data Protection Commission - https://www.dataprotection.ie ), as provided for by art. 77 of the GDPR, or take legal action (art. 79 of the GDPR).

    In cases of joint processing (Joint Controllership), the lead supervisory authority is the Irish Data Protection Commission (in derogation from Article 55 (2) of the GDPR, where applicable).

    NATURE OF THE PROVISION AND REFUSAL

    In the event that the interested party does not provide his/her data identified as necessary for the purposes of carrying out the requested service, the Data Controller will not be able to proceed with the processing related to the management of the requested services connected to them, nor with the obligations that depend on them.