Information note pursuant to Article 13 of EU Regulation 2016/679 – Article 13 of Legislative Decree 196/2003 (Personal Data Protection Code) and subsequent amendments.

Last updated May 2018.

In application of the European Regulation n. 679 of 2016 of Legislative Decree no. 196 of 2003 relative to the protection of personal data. You are informed that the Data Controller is Alberto Mazzanti (hereinafter referred to as “the Owner”).

Personal data is processed in full compliance with EU Regulation 679/2016 and Legislative Decree 196/2003 and subsequent amendments.

The data provided by you (hereinafter referred to as the “Interested Party”) will be used only to comply with your requests and may be disclosed to third parties only if this is necessary for this purpose, or with your explicit consent.

The data will be processed by personnel appointed by the Data Controller with procedures, technical and IT tools suitable for protecting the confidentiality and security of the data of the Data Subject and consists in their collection, registration, organization, storage, consultation, processing, modification , selection, extraction, comparison, use, interconnection, blocking, communication, diffusion, cancellation, destruction of the same including the combination of two or more of the aforementioned activities.

The data will be kept for the time strictly necessary to provide the interested party with the services requested and will in any case be eliminated following a request from the interested party, without prejudice to further conservation obligations required by law. The data of the interested party will not be disclosed.

As part of his activity and for the purposes indicated above, the Data Controller may use services rendered by third parties that operate on behalf of the Data Controller and according to his instructions, as data processors. These are suppliers, commercial and production partners, intermediaries, technical consultants and other similar subjects who collaborate with our organization to fulfill the contractual commitments with you; subjects that provide a service strictly and necessarily connected to the activity of the Data Controller, such as tax consultants, banks, freight forwarders, insurance companies, public and private bodies, also in relation to inspections or checks; subjects that can access the data according to legal provisions.

The data may also be communicated to all those persons authorized by law to collect them (eg provincial companies for health services, financial administration, etc.)

The interested party may request a complete and updated list of the persons appointed as data controllers by contacting the contact indicated below.

Rights of the interested party

Right of access (art. 15 GDPR). Right of the data subject to obtain access to his data and to complain to the supervisory authority.

Right of rectification (art. 16 GDPR). Right of the interested party to obtain from the Data Controller the rectification of inaccurate personal data concerning him.

Right to cancellation (right to oblivion) ​​(art. 17 GDPR). The interested party has the right to obtain from the Data Controller the deletion of personal data concerning him without unjustified delay.

Right to treatment limitation (art. 18 GDPR). Right of the interested party to obtain a limitation of the processing of the data.

Notification obligation (art. 19 GDPR). The Data Controller notifies each of the recipients to whom the personal data have been transmitted of any adjustments or cancellations or limitations of the processing carried out in accordance with the articles 16; 17; 18.

Right to data portability (art. 20 GDPR). The interested party has the right to receive the personal data concerning him provided to the Owner and has the right to transmit such data to another holder of treatment without impediment by the Owner.

Right to the opposition (art. 21 GDPR). Data subject’s right to object to the processing of his personal data.

Profiling (art. 22 GDPR). The interested party has the right not to be subjected to a decision based solely on automated processing, including profiling or significantly affecting a person.

The Data Controller is: Alberto Mazzanti.

Art. 7 – Right of access to personal data and other rights

1. The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet recorded, and their communication in intelligible form.

2. The interested party has the right to obtain the indication:
a) the origin of personal data;
b) the purposes and methods of processing;
c) the logic applied in the case of processing carried out with the aid of electronic instruments;
d) of the identification data concerning the data controller, data processors and the representative designated pursuant to Article 5, paragraph 2;
e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or appointees.

3. The interested party has the right to obtain:
a) updating, rectification or, when interested, integration of data;
b) the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data which does not need to be kept for the purposes for which the data was collected or subsequently processed;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the event that such fulfillment occurs it proves impossible or involves a manifestly disproportionate use of resources with respect to the protected right.

4. The interested party has the right to object, in whole or in part:
a) for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of the collection;
b) to the processing of personal data concerning him for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication.

The person responsible for the protection of personal data is: Alberto Mazzanti

Owner and Manager of the processing of personal data
According to the art. 28 of Legislative Decree 196/2003:
The Data Controller of personal data: Alberto Mazzanti
The person in charge of processing personal data: Alberto Mazzanti
Registered office: Via Vittorio Veneto, 7
Email: info@upbologna.it
Domain: www.upbologna.it

Links to other sites

The sites to which we redirect, including (but not limited to) secondary sites and third-party service providers, may have a different privacy policy than the one presented here. We take no responsibility for the privacy policies of the linked sites and therefore we encourage you to learn about them.

Children

We do not intend to collect personal information from anyone under the age of 16. If you are under 16, you should not make an online booking or request information, but ask a parent to do it for you.

Questions or concerns

At any time, you believe that the Data Controller has not followed the aforementioned policy, we invite you to notify us by sending an email to info@upbologna.it and we will try to do our best to identify and resolve any problem. You can also write to Alberto Mazzanti, Via Vittorio Veneto 7, 40131, Bologna.

Changes to this online privacy policy
We may change this Privacy Statement from time to time to cope with regulatory changes, business needs or to meet the requirements of our visitors, guests, market partners and service providers. Updated versions will be published on our website, together with the update dates, to inform you of the latest privacy policy update.