1. General Information about Data Protection
If you are less than 16 years of age, your consent is only lawful if it is provided or authorised by the person who holds parental responsibility in relation to you.
Anyhow, we wish to provide you with some information about the concept of the processing of personal data, the people who control them, the main processing activities we undertake, and your rights as a user.
2. Definition of personal data and their processing
Personal data are all data which identify or enable the identification of a specific natural person. These are data which allow the data subject to be identified directly (such as name, surname or tax code) or only indirectly (such as profiling cookies). The processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. Identities of the data controller, processor and people in charge of processing
The data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; it is also responsible for security profiles. With regard to this website, the data controller is Sarm Hippique Srl in the person of its acting legal representative, as identified in greater detail above, and for any explanation or to exercise your rights you may contact the data controller at the addresses already provided.
The data processor, on the other hand, is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. With regard to the personal data you contribute during navigation of this website, Sarm Hippique Srl has designated its Web Agency as data processor in the event that it processes your personal data on behalf of the company. In all cases, your company will be processed by the company’s employees who are suitably instructed in the most appropriate safeguards for the data you are contributing to us. For further information about these parties, please contact the addresses already provided.
4. List of main personal data processing activities undertaken further to navigation of this website
1) The data collected via navigation will not be disseminated or transferred to other non-EU countries (the hosting service used by the data controller is located in Italy). However, for the actual provision of the service requested or for legal compliance, some data might be shared with external entities required to perform specific functions on behalf of our company (such as IT consultants and freelance professionals).
In all cases, the data controller undertakes to protect the security of all your personal data by adopting the IT and physical measures necessary to safeguard them. However, it should be pointed out that no security system guarantees this protection with absolute certainty and therefore, except for cases of criminal malpractice by the data controller, Sarm Hippique Srl does not accept responsibility for the actions of third parties who access systems illegally without the necessary authorisations.
3) By compiling the “Contacts” form, the user contributes his personal data (name, surname, email address, telephone number, the message). The contribution of these data is not compulsory, but failure to compile the form will prevent the company from providing two types of services, different and independent of each other:
3.1) the first type of processing is in order to respond to requests for information from the user. The legal basis for the processing is the issue of consent by the user or the performance of precontractual measures. Data are processed using digital and paper systems. Data will be stored for the time necessary for delivery of the information service: after this time, your data will be erased immediately. In all cases, the user may withdraw his consent at any moment. Information may only be requested by users who have passed their sixteenth birthday – users less than sixteen years old must have the prior authorisation of the person who holds parental authority.
4) By contacting the telephone number and email address provided at the bottom of the website, the user contributes his personal data (such as name, surname, telephone number, etc.). The contribution of these data is optional, but the failure to contribute them will prevent the company from fulfilling information requests from the user. These data are processed with digital/paper systems and the duration of the processing ends with the delivery of the information service by the company.
5) Subject to the law governing cookies (which should be referred to for further information), this website does not include an automated decision-making process for the purposes of commercial processing (targeted marketing method which involves the collection and processing of users’ data in order to understand their choices and behaviours, with the aim of subdividing data subjects into “profiles” which are groups which share the same, increasingly specific, behaviours or characteristics).
5. The user’s rights under REG. EU 2016/679
The data subject – meaning the person who contributes his personal data to the data controller – holds the following rights:
- the right of the data subject to ask the data controller for access to the personal data, or to find out which data the data controller processes;
- the right to updating of the data;
- the right to rectification, meaning the right to have his data amended when they have changed;
- the right to supplementation of his data, meaning the right to complete the data with other information supplied by the data subject;
- the right to restrict the processing of his data, meaning to restrict the use of the data by the data controller;
- the right to object to the processing on legitimate grounds;
- the right to the portability of the data, meaning the right to receive all the data in a structured and machine-readable format;
- the right to request erasure of his personal data by the data controller;
- the anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
- to obtain certification to the effect that the updating, rectification supplementation, erasure, blocking and data anonymization operations have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- the right to withdraw the explicit consent provided previously at any moment, without prejudice to the lawfulness of the processing carried out up to that time;
- the right to lodge a claim with the Supervisory Authority in the event of a breach of the law on personal data protection.
For a full description of your rights, please refer to articles 15 – 16 – 17
– 18 – 20 – 21 of Reg. EU 679/2016. Requests can be addressed to the data controller, without formalities at the addresses provided above, or submitted using the form provided by the Italian Supervisory Authority on the website: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.
For any explanations or information or to exercise the rights listed in this policy statement, please contact: email@example.com
Address for registered mail: Via Dell’Industria 12 E, 26010 Chieve (CR), Italy – tel. +39 0373.234507