Pursuant to art. 13 Reg. UE 16/679 (General Data Protection Regulation - GDPR) this page describes the methods for processing personal data of users who visit the website www.luggagedeposit.com.
The Data Controller of personal data is Capital Luggage Deposit s.r.l. (VAT number: 14285941002), with registered office in Rome, via De 'Nari n. 10 - cap: 00186, registered in the Rome Register of Companies, no. 1509752, in the person of the legal representative p.t., pec: email@example.com.
By "processing" of personal data, we mean any operation or set of operations performed on personal data (collection, registration, organization, structuring, preservation, adaptation, modification, extraction, consultation, use, communication by transmission, diffusion, comparison, interconnection , limitation, cancellation and destruction).
Following consultation of the contents of this website, data relating to identified or identifiable natural persons may be processed, such as those communicated by you in the context of the interactive services of the website and those relating to the social network profiles referred to, as better specified further, in this information. We also collect anonymous data and information on, for example, the type of browser you use, your geographical location, the date and time of access to the website, your consumption habits and your preferences for products and services. Furthermore, during the course of their operation, the computer systems and the software procedures of the site's operation acquire some browsing data, the transmission of which is implicit in the use of internet communication protocols, among which IP addresses are included, the domain name of the computer used by the user to connect to the site, the addresses in URI / URL (Uniform Resource Identifier / locator) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the file size obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and to the computer environment used by the user.
The processing of data provided by you will be carried out according to the principles of lawfulness and correctness through the use of tools and procedures suitable to ensure the security and confidentiality, it can be done either through our website or through electronic tools and also with the paper support.
The processing of personal data provided by you will be solely aimed at the activity of completion of the services requested by you and to contact you in case of need. To send communications regarding the requested service, Capital Luggage Deposit s.r.l. it may also collect and use the information received from this website and from your social network profiles, which can be reached by clicking the relevant icons on the site.
The processing of your personal data will take place for the aforementioned purposes, pursuant to art. 6, lett. b) GDPR, for the execution of the deposit contract of which you are a part. Capital Luggage Deposit s.r.l., will request your consent to the processing of personal data only in the "contact us" section. This consent may be revoked at any time by express request to be sent to the following email address: firstname.lastname@example.org.
The communication of personal data relating to a minor subject of fourteen years must be carried out or authorized by those who exercise parental responsibility on the minor himself.
The acquired data reside on the web server of Register.it S.p.A. located in Italy and on company cloud (Dropbox) that guarantees an adequate level of protection of personal data through compliance with the regulations of the EU-US Shield.
For the pursuit of the purposes described and within the limits strictly necessary for the performance of the tasks entrusted to them, Capital Luggage Deposit s.r.l. transfers the personal data collected through this website and the social media profiles to subjects based in Italy and abroad, belonging to the following categories:
- Subjects authorized to process the data by the Data Controller;
- Data processor authorized to process the data by the Data Controller;
- Subjects who can access data under national or European legislation;
- Subjects who need access to data for auxiliary purposes to the relationship with the data controller;
- Consultants and suppliers of the Data Controller.
The duration of data retention is linked to the fulfillment of the aforementioned purposes of the processing and to the requirements of any legal protection, in consideration of the related prescription terms.
Pursuant to articles 15 and ss. of Reg. UE 16/679 You are given the opportunity to exercise specific rights, in particular:
- right to information and access to personal data (Article 15),
- right to rectify and update personal data (Article 16),
- right to delete personal data (Article 17),
- right to limitation of treatment (Article 18),
- right to the portability of personal data (Article 20),
- the right to object to the processing (article 21) also for marketing purposes.
- Data controller: the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria applicable to its designation may be established by Union or Member State law;
- Data Processor: the natural or legal person, public authority, service or other body that processes personal data on behalf of the Data Controller;
- Authorized subject: the employee who, on behalf of the Data Controller, processes and uses personal data on the basis of the instructions received from the Data Controller or the Data Processor;
- Interested: the natural person to whom the personal data being processed refers, which can exercise the rights granted by the GDPR;
- Recipients: the natural or legal person, public authority, service or other body that receives personal data, whether it is a third party or not. However, public authorities that may receive disclosure of personal data in the context of a specific investigation in accordance with Union or Member State law are not considered to be recipients; the processing of such data by these public authorities complies with the applicable data protection rules according to the purposes of the processing;
- Third: the natural or legal person, public authority, service or other body other than the Interested, the Data Controller, the Data processor and the subjects authorized to process personal data under the authority direct of Data Controller;
- Personal data: any information concerning an identified or identifiable natural person («Interested»); identifies the natural person who can be identified, directly or indirectly, with particular reference to an identifier such as, the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity (ex. image), physiological, genetic, psychic, economic, cultural or social;
- Particular data: personal data referring to categories of sensitive information, such as those concerning racial or ethnic origin, political opinions, religious or philosophical convictions, union membership, genetic and biometric data aimed at identifying unambiguously a natural person, data relating to health, life and / or sexual orientation of the person, data relating to criminal convictions and offenses;
- Profiling: any form of automated processing of personal data consisting of the use of such personal data to assess certain personal aspects relating to a natural person, in particular to analyze or predict aspects of professional performance, the economic situation, health, personal preferences, interests, reliability, behavior, location or movement of said physical person;
- Consent: any manifestation of free will, specific, informed and unequivocal of the interested party, with which he expresses his assent, through a declaration or unequivocal positive action, that the personal data concerning him / her are object of data processed;
- Violation of personal data: the security breach that involves accidental or unlawful destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed;
- Supervisory Authority: the independent public authority established in a Member State pursuant Article 51 GDPR, concerned by the processing of personal data because: the Data Controller or the Data Processor is established in the territory of the Member State of this supervisory authority. In Italy, this Authority is represented by the Privacy Guarantor, an independent administrative authority established by Law no. 675/96.