Policy

Bnbmilanomalpensa.com respects the privacy of users of its online services and ensures that the data collected will be processed in full compliance with the applicable legislation on the protection of personal data, and in particular with Regulation (EU) 2016/679 (General Regulation on data protection, in force since 25 May 2018, hereinafter "Regulation").

This privacy policy (hereinafter "Information") relates exclusively to the processing of data communicated by the user or otherwise obtained as a result of using the website Bnbmilanomalpensa.com

Data Controller and Data Protection Officer

The data controller is Michela Rampini, based in Busto Arsizio (VA) Via Valsugana n°4

You can apply to request any information regarding the processing of your personal data and exercise the rights referred to in point 7 below), by contacting the data protection officer ("DPO") by writing to the following e-mail address: michelarrampini@pec. it

Categories of data processed, purpose of the processing and nature of the provision of data

Through the bnbmilanomalpensa.com website, the Data Controller collects and processes the following data:

(A) Navigation data: data provided through the use of the site, processed in order to allow the correct functioning of the site itself. In this regard, we invite you to read the Cookie Policy on the site and which regulates this type of data.

(B) Data provided voluntarily by the user: The personal data provided voluntarily by the user for the use of the site's functions (such as registration, management of contracted products/services), are personal data, contact data, data concerning the use of the services/products managed through the site, including statistics data. These data will be processed to (i) recognize the user during the login phase; (ii) provide the user with the services requested and allow him to manage the products/services he uses; (iii) to provide the user with information and advice on using the services. The provision of personal data for this purpose is optional, however failure to provide it could prevent some features of the site.

(C) Additional Purposes: promotional, commercial and marketing: subject to the user's consent, the user's personal data may be used by the Data Controller, both electronically (such as sms, instant messaging, email, etc.) and traditional (such as mail, telephone, fax and/or invoice attachment), also for the following purposes: 1) sending/communicating advertising, informative, promotional material on new products/services of bnbmilanomalpensa.com and/or other subsidiaries / parent companies and/or affiliates to the site, as well as third-party companies; 2) direct sale and/or placement of products/services, concessions and promotions of bnbmilanomalpensa.com and/or other subsidiaries/parent companies and/or connected to the site, as well as third-party companies; 3) verification of the degree of satisfaction with the quality of the product/service provided, studies and statistical and market research.

The consent to the processing of personal data for the purposes referred to in point (C) above is optional and any refusal does not affect the use of the site. The personal data collected will not be disclosed to the public in any way.

Data source and data processing methods

Except for reference to navigation data, regulated by the cookie policy, the personal data collected is provided voluntarily and directly by the user through the use of the site.

The treatment is carried out through automated tools (e.g. using electronic procedures and supports) and/or manually (e.g. on paper support) for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, with the adoption of specific security measures to avoid any violation of personal data, such as loss of data, illicit or incorrect use and unauthorized access.

However, these measures, due to the nature of the online transmission medium, cannot limit or exclude absolutely any risk of unauthorized access or loss of data. To this end, it is advisable to periodically check that the computer is equipped with software devices suitable for the protection of data transmission over the network, both incoming and outgoing (such as updated antivirus systems) and that the Internet service provider has taken suitable measures to the security of data transmission over the network (such as firewalls and spam filters).

Legal basis of the processing and retention period

With the exception of navigation data, with reference to the processing carried out for the purposes of:

(i) use of the site - point 2 (B), the legal basis is based on the consent given by the user during the registration necessary for the use of some services offered by the site itself;

(ii) the treatments carried out for marketing purposes and for the communication of data to third parties - points 2 letter (c) - are based on the respective consents eventually given by the user. The navigation data collected for the purposes referred to in point 2 (a) are kept for a period not exceeding that indicated in the company data retention policy; the Data collected to provide the services connected to the site, as indicated in point 2 (b) above, will be kept for the necessary period of time and for the duration of use of the site itself.

The data collected for the marketing purposes referred to in point 2 will be kept for a period not exceeding that indicated in the company data retention policy.

 

Categories of data recipients

For the aforementioned purposes, the personal data of the user and collected by bnbmilanomalpensa.com may be known by (i) employees and consultants of bnbmilanomalpensa.com, in the context of their job duties, who act as subjects authorized to process and in this sense instructed by the Data Controller; (ii) employees and consultants of parent or subsidiary companies of bnbmilanomalpensa.com or connected to it, as persons authorized and instructed to process; (iii) parent companies/subsidiaries of bnbmilanomalpensa.com or associated companies; (iv) external consultants and third parties (suppliers of technical and technological services, suppliers of services instrumental to the management/maintenance of the site, as well as marketing companies and advertising and market research services.

The categories of subjects referred to in points (iii) and (iv) above act as managers appointed by bnbmilanomalpensa.com.

 

Data transfer abroad

The user's personal data collected by bnbmilanomalpensa.com will be processed mainly in Italy and in any case in countries belonging to the European Union, however some processing activities could be carried out in non-EU countries, however guaranteeing the necessary standards of safety, protection and safeguarding data, as required by national and supranational legislation, such as the adoption of Standard Contractual Clauses approved by the European Commission. To find out the geographical location of the data, it will be possible to contact the Data Protection Officer at the addresses indicated in point 1 above.

 

Rights of interested parties (Article 7 of the Privacy Code and Articles 15, 16, 17, 18, 20 and 21 of the Regulation)

The subjects to whom the personal data refer have the right to access their data at any time, in particular to obtain confirmation of the existence or otherwise of such data and to know its content and origin. They also have the right to verify its accuracy or request its integration, updating, rectification, limitation of treatment, cancellation, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, to their treatment. Furthermore, they have the right to request data portability, to lodge a complaint with the Supervisory Authority and to revoke the consent previously given at any time and to oppose the use of data at any time for the purposes referred to in points 2 letter C) as well as revoke the relative consent, where given. It should be noted that the opposition to the processing relating to the purposes described in point 2 letter C) exercised through automated methods also extends to the traditional ones, without prejudice to the right to exercise this right only partially. These rights can be exercised by writing to the attention of the Data Protection Officer at the addresses indicated in point 1.