Information on the processing of personal data of users consulting the website htmlcrusco.it pursuant to Article 13 of Regulation (EU) 2016/679.
Why this information
Pursuant to Regulation (EU) 2016/679 (hereinafter the "Regulation"), this page describes how the personal data of users consulting and/or interacting with the services of the website (hereinafter simply the "Site") htmlcrusco.it (hereinafter "HTML Crusco" or "Owner") accessible by electronic means at the following addresses: www.htmlcrusco.it or htmlcrusco.it
This information does NOT concern other sites, pages or online services that can be reached through hypertext links that may be published on the sites but refer to resources outside the htmlcrusco.it domain.
This information, provided pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR), is also inspired by Recommendation No. 2/2001, which the European authorities for the protection of personal data, meeting in the Working Party established by Article 29 of Directive No. 95/46/EC, adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the manner, timing and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purposes of the connection.
Data controller, data processor and DPO
The data controller is
- Gabbiati Luca
- S.da Boscotrecase - 85055 Picerno (PZ)
- Partita IVA 01944730769
- E-mail:
This email address is being protected from spambots. You need JavaScript enabled to view it.
Legal basis and purpose of processing
Following consultation of the Site, data relating to identified or identifiable natural persons may be processed.
These personal data, and any changes that the User may communicate in the future to the Data Controller, are collected and processed for purposes relating to contractual obligations and responding to requests for information; in particular:
- Providing services related to the functionality of the Site;
- response to requests received via the Site's "contact us" module or via requests received by e-mail or telephone;
- sending by e-mail communications concerning the information requested, possibly containing promotional material and initiatives relating thereto;
- sending informative and promotional newsletters;
- preparation of quotes;
- supply and delivery of products and services;
- fulfilment of legal accounting, administrative and tax obligations;
- management of correspondence and communications.
Type of data processed
Browsing data
The computer systems and software procedures used to operate the Site acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Site: apart from this possibility, at present the data on web contacts do not persist for more than seven days.
Data supplied voluntarily by the user
The optional, explicit and voluntary sending of messages to the Controller's contact addresses, the messages sent by users by filling in and forwarding the forms on the Site and/or subscribing to the newsletter service, entail the acquisition of the sender's contact data, necessary to reply and to provide the services, as well as all the personal data included in the communications.
The Data Controller will therefore process the personal data that the user provides during interactions with the pages of its Site, for example at the time of a contact request; such data may include identification and contact data (personal details, company name, e-mail address, subject of the request, notes/requests, etc.).
The provision of personal data is a necessary requirement for the provision and subsequent use of the Services requested. Failure to provide certain data (company name, e-mail address, etc.) may therefore make it impossible for the Controller to provide the Services requested.
In this regard, HTML Crusco shall indicate from time to time, also through its own forms on the Site, the data the provision of which is strictly necessary for the use of the Services and the additional data (if any) the provision of which is instead only necessary in order to enrich the user experience within the Services themselves.
Cookies and other tracking systems
Cookies are portions of code installed inside the browser that assist the Controller in providing the service for the purposes described.
To find out which cookies the site uses, see the relevant section Cookie policy
Nature of conferral
Apart from what has been specified for navigation data, the user is free to provide the personal data indicated in the Site contact forms. Failure to provide them may make it impossible to obtain what has been requested.
Treatment modalities
All personal data are processed primarily by electronic means and methods, however, processing by paper means is not excluded.
The data will be kept in a form that allows the identification of the data subjects only for as long as is strictly necessary to achieve the purposes for which the data were originally collected and, in any case, within the limits of the law. Personal data will only be processed for as long as necessary in relation to the purposes described above.
Security measures will be employed to ensure the confidentiality of the data subject to whom such data relate and to prevent undue access by third parties or unauthorised personnel.
Data processing times
The data are processed for the time necessary to carry out the service requested by the user, or required by the purposes described in this document, and the user may always request the interruption of the processing or the deletion of the data.
Concerning the retention time of cookies see the Cookie policy.
Place where data is processed
The processing operations connected to the web services of the Site take place at the Data Controller's residence and in any other place where the parties involved in the processing are located and are carried out only by specifically appointed staff. In particular, all data relating to the Site, as well as the relevant back-up copies, are stored on servers hosted in data centres within the European Union and compliant with current EU regulations.
For further information, please contact the owner.
Disclosure of data to third parties
No data will be disclosed. Where communication to third party suppliers, consultants or partners should be necessary for needs connected to the provision of the Services (following a formal contractual agreement with the User), it will be the responsibility of the Data Controller to appoint them as data processors pursuant to Article 28 of the Regulation, by virtue of their demonstrated capacity, experience and reliability.
Data subjects may ask at any time for the full list of data processors appointed by the Controller from time to time by sending a request to the Controller.
It is understood that users' personal data may be freely disclosed to third parties, such as police forces or other public administrations, whenever this is permitted by law or required by an order or provision of a competent authority. These subjects will process the data as autonomous data controllers.
Rights of data subjects
At any time, the User may exercise, pursuant to Articles 15-22 of GDPR 2016/679, the right to:
- request confirmation of the existence or non-existence of their personal data;
- obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed and, where possible, the storage period;
- obtain rectification and erasure of data;
- obtain limitation of processing;
- obtain portability of data, i.e. receive them from a data controller, in a structured, commonly used and machine-readable format, and transmit them to another data controller without hindrance;
- object to processing at any time and also in the case of processing for direct marketing purposes;
- oppose automated decision-making concerning natural persons, including profiling.
To assert the rights of the data subject and/or to request further information, the User may contact the Data Controller directly at the above-mentioned addresses.
Right to complain
Interested parties who consider that the processing of personal data relating to them carried out through the Site is in breach of the provisions of the Regulation have the right to lodge a complaint with the Garante, as provided for in Article 77 of the Regulation itself, or to take legal action (Article 79 of the Regulation).