We wish to inform you that the European Regulation 2016/679 (hereinafter General Data Protection Regulation or GDPR) establishes rules concerning the protection of individuals with regard to the processing of personal data, as well as regulations concerning the free movement of such data aimed at protecting the fundamental rights and freedoms of individuals, in particular the right to the protection of personal data.
The free movement of personal data within the EU shall be neither restricted nor prohibited for reasons relating to the protection of individuals with regard to personal data processing. Pursuant to the aforesaid GDPR, we therefore specify that “personal data” refers to any information that directly or indirectly regards you as the data subject, with particular reference to any identifier such as name, an identification number, data relating to location, an online identifier or one or more characteristic identifying elements of you from a physical, physiological, genetic, psychological, economic, cultural or social perspective.
The site's administrative methods are described in relation to the processing of users’ personal data, concerning those who consult the site and have access to the member's area. This disclosure paper is given pursuant to Article 13 of the GDPR, relating to those who interact with the web services of HEARTITALY SRLS, accessible electronically at:
This disclosure paper is provided exclusively for sites related to HEARTITALY SRLS and not for other websites that may be consulted by the User through relative links. Following consultation of this site, data relating to identified or identifiable persons may be processed. The purpose of this disclosure paper is to identify certain minimum requirements for the collection of personal online data, and, in particular, the methods, retention duration and nature of such information that the data controllers shall provide to users when they browse web pages, regardless of the User's reasons for doing so.
The Data Controller’s identity and contact details, also reported in the header, are as follows:
Address: Via Carlo Alberto Dalla Chiesa, 2 - 63066 Grottammare (AP) - Italy
e-mail: firstname.lastname@example.org - Telephone: +39 0735 737 911.
The Data Protection Officer for personal data is Mr. Gambella Renato and he can be reached at the following email address:
Data processing related to this site’s web services takes place at the aforesaid Data Controller's offices and is exclusively handled by staff authorised to the processing, or by staff in charge of occasional maintenance operations. No data deriving from the web service is communicated or disseminated. Personal data provided by users who enquire about the sending of material regarding a requested service (or even for information purposes only) are used to follow up the User's enquiries and can be communicated to third parties provided that such parties are necessary, involved and functional to satisfy the aforementioned demands.
The collection and processing of the User's personal data shall be in compliance with the general principles of necessity, correctness, relevance and non-excessively, as regulated by the site’s conditions of use, and specifically, data processing shall take place for:
- A. replying to questions and providing information requested by the User (optional, explicit and voluntary sending of emails to the addresses indicated on this website entails the subsequent acquisition of the sender's address, necessary to reply to such requests, as well as any other personal data included in the message):
- 1. to contact the User about the services provided by HEARTITALY SRLS or by its commercial partners (estate agencies or individuals);
- 2. regarding User enquiries into real estate, such data will be forwarded to the advertiser (real estate agency with a sales mandate or property’s owner).
- 3. user support via instant messaging services that involves the non-mandatory transmission of personal data to continue to use the service.
- B. the acquisition of CVs, both on paper and in electronic format, spontaneously sent by candidates interested in collaborating with HEARTITALY SRLS from the "Work with us" section;
- C. the registration to events organised or coordinated by HEARTITALY SRLS, of training or other, also via the User's compilation of specific forms on the site's pages, or accessible from links to external sites (for which specific valid policies are present), and the consequent issue of the relative certificates of attendance or of another nature;
- D. to allow the User to access, through their registration and creation of an own User profile, the member's area for the provision of services, products and any other kind of request and the subsequent and autonomous management of their User profile from a control panel including the placement of offers;
- E. the "NEWSLETTER" service that the User is entitled to sign up for. If the User’s personal data has been provided by registering to the aforementioned service, the same will be used for the sole purpose of sending the newsletter and shall not be disclosed to third parties;
- F. specifically regarding the necessary and indispensable processing of operative, managerial, accounting and other matters, certain data shall be used for the registration and communications as required by law;
- G. verification of the customer's level of satisfaction with regard to the services provided and any other kind of request, through personal interviews, telephone calls or by sending emails or text messages;
- H. subject to the “data subject's consent“1, through traditional contact methods (ordinary mail or via a telephone operator) and automated (email, text messages) for purposes:
- 1. functional to commercial/promotional activities such as commercial communications, sales, sending advertising material or for carrying out market research on the services offered (by way of example and not exhaustively: updates on initiatives, offers and promotions relating to services and products referable to activities of HEARTITALY SRLS and third parties with whom it collaborates, including online programmes and promotions aimed at rewarding or retaining potential customers);
Data processing is lawful given that at least one of these foreseen conditions applies:
- According to Article 6, Paragraph 1, Letters b), c) and f)
- a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
- b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps following the request of the data subject prior to entering into a contract;
- c) processing is necessary for compliance with a legal obligation to which the controller is subject;
- f) processing is necessary for the pursuit of the legitimate interest of the data controller (for example, the prevention of fraud or abuse of our website: it may be considered as a legitimate interest to process personal data for direct marketing purposes (such as highlighted in point no. 47 of the GDPR) or by third parties, provided that the interests or the fundamental rights and freedoms of the data subjects who request the protection of personal data do not prevail, in particular if the data subject is a minor.
Communication to the identified recipients shall occur only if they are involved in and functional to achieve the purposes referred to in paragraph 3 herein, therefore collected and processed personal data may be:
- a) used anonymously for statistical purposes;
- b) made available to the Data Controller's Collaborators, such as Data Protection Officers or persons authorised to process personal data;
- c) communicated to third parties, individuals or companies, public administrations, professionals, law enforcement agencies, government agencies, regulatory bodies, courts or other public authorities authorised by the law;
- d) communicated to commercial partners, only in the case of prior and explicit consent of the User.
- e) if necessary, transferred to another Data Controller in accordance with the provisions of the GDPR, including with regard to the right to data portability;
The list of personal Data Protection Officers is available at the Data Controller's headquarters.
No particular categories of personal data are managed (those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, data concerning health or sexual life or sexual orientation of the person), nor data referable to minors. The personal data processed is exclusively that necessary and functional for the correct achievement of the purposes indicated in point 3, herein.
The data provided for the purposes referred to in point 3 herein, shall be kept:
- For administrative/accounting purposes: for the period prescribed by tax and civil law;
- For marketing purposes and sending newsletters: up to the revocation of consent, until the exercise of the right of opposition and in any case not longer than fifteen years from the initial collection date.
Personal data shall not be disseminated and shall be destroyed when we no longer needed or under no obligation to conserve it.
During their normal operation, the computer systems and software procedures used for operating this website shall acquire certain personal data, whose transmission is implicit in the use of internet communication protocols.
This data category includes IP addresses (for verifying the user's authenticity and for security purposes), or domain names, of the computers used by users to connect to the website, URI (Uniform Resource Identifier) addresses of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the server response status (successful, error etc.), and other parameters pertaining to the user's operating system, and IT platform. This data is solely used to compile anonymous statistics on website use and to ascertain its correct functioning. This data could be used to verify liability in the event of any cyber-crimes committed against the website: currently, except for this possibility, data concerning web contacts are not kept for more than seven days.
Personal data, subject-matter of the processing shall be processed:
- manually and/or electronically and shall be stored in appropriate paper and/or electronic archives. The paper and electronic documentation shall be correctly maintained and protected for as long as necessary for processing, using appropriate security measures, so as to minimise the risk of destruction, loss, or unauthorised access or any processing not in accordance with the purposes of collection;
- There is no automated decision-making process and no profiling is carried out.
These so-called cookies used are small files stored on the hard disk of the User’s computer and are used to provide services and/or information. Most cookies are "session cookies" and are then deleted from the hard disk at the end of the session (when you log off or close the browser). These can be embedded in some of the site’s pages in order to analyse access to web pages, customise their services, contents and advertising messages, measure the effectiveness of promotions and ensure trust and security.
These so-called session cookies used on this site avoid using other computer techniques which may jeopardise the confidentiality of users’ navigation data and do not allow the acquisition of identificative User's personal data.
Besides what is specified for browsing, the user is free to provide their personal data requested through special forms relating to services, products and any other kind of request that the site administrator, or their business partners, can offer.
Failure to provide such data may render it impossible to obtain a response to any requests or use the services or products that the site administrator, or its commercial partners, can provide.
registration in the member's area (mandatory data) involves the automatic acquisition of data, such as:
- time, date, page views and permanence on the site;
- IP protocol and internet domain;
- search engine (if applicable) used to reach the site;
- User's operating system and type of browser.
Failure to provide this data may render it impossible to authenticate oneself in the member's area.
We hereby inform you that, as a data subject, you have all the rights foreseen by Articles 15, 16, 17, 18, 20, 21 and 22 of the GDPR, among which:
- The data subject has the right to obtain confirmation from the data controller on whether the processing of personal data is ongoing and in this case, to obtain access to such personal data and the following information: a) the purpose of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular, whether recipients are in other countries or belong to international organisations; d) where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period; e) the right of the data subject to request the data controller to rectify or delete personal data or to limit or oppose the processing of the same; f) the right to lodge a complaint with a supervisory authority; g) if the data is not collected from the data subject, all information available on their origin; (h) in the existence of an automated decision-making process, including profiling referred to in Article 22, Paragraphs 1 and 4 and, at least in such cases, significant information on the logical reasoning applied, and the importance and expected consequences of such processing for the data subject.
- the existence of the data subject's right to request the data controller to access personal data and to correct or delete the same or limit or to oppose its processing, in addition to the right to data portability, including all available information on its origin; to obtain, moreover, the cancellation of their personal data without unjustified delay pursuant to Article 17 (“right to deletion”).
- where processing is based on Article 6, Paragraph 1, Letter a) or Article 9, Paragraph 2, Letter a), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent prior to such withdrawal;
- The right to lodge a complaint with a supervisory authority;
- to receive a copy of the personal data being processed from the data controller, as long as this does not damage the rights and freedoms of others; in case of further copies requested by the data subject, the data controller may charge a reasonable contribution fee based on administrative costs. Should the data subject make the request by electronic means, and unless otherwise requested, this information shall be provided in a commonly used electronic form;
The aforementioned information shall be provided:
- a reasonable period after obtaining the personal data, but at the latest within one month, having regard to the specific circumstances in which the personal data is processed;
- in the event that the personal data is intended for communication with the data subject, at the latest at the time of the first communication to the data subject; or if communication to another recipient is envisaged, no later than the first communication of personal data.
All rights of the data subject provided for under the GDPR can be exercised by an informal request to the Data Controller, also via a Data Processing Officer, and to whom an appropriate feedback shall be provided forthwith.
(Last update on 30/12/2022)