Sothra cares about the protection of the personal data of the individuals with whom it interacts, aware that they constitute the personal and confidential heritage of each individual, allowing them to exercise their fundamental rights and freedoms. Considering privacy as a fundamental value, Sothra constantly works to process information concerning individuals with correctness, lawfulness, and transparency, always protecting their privacy and their rights in compliance with the General Regulation on the Protection of Personal Data EU 2016/679 [GDPR] and Legislative Decree 196/2003 [Privacy Code] and other applicable provisions on the protection of personal data
For this reason, Sothra is committed to safeguarding and protecting the personal data of the people with whom it comes into contact on a daily basis (members, employees and collaborators, customers and suppliers and third parties in general, collectively identified as Interested pursuant to art. 4 of the GDPR).
The information is reported below[1] to the Interested Parties, pursuant to art. 13 GDPR, relating to the processing of personal data of users who, through internet browsing, consult and use the services offered by the site.
1. Data controller
The data controller is the Social Promotion Association “Puglia 360” with registered office in Calimera (LE) 73021, via Costantini n. 4.
You can contact the Owner at the following addresses:
- by writing to the registered office at the address above
- by sending an email to:sothrainfo@gmail.com,
2. Purpose of the processing
The Data Controller processes the personal data of Users for the following purposes:
- allow navigation on the site through the use of technical navigation cookies, and therefore the data will be processed anonymously.
- manage requests made by Users – by filling out the appropriate form and spontaneously sending their personal and contact details – with reference to the purchase of the products made;
- manage requests made by Users - by filling out the appropriate form and spontaneously sending their personal and contact details - with reference to booking guided tours and tastings of the products made.
3. Types of data processed
The processing relating to the purposes specified above generally includes the management of common personal data. In particular:
- with regard to the personal data referred to in the letter a) of paragraph 2, they are related to the technical navigation data that the computer systems and applications dedicated to the functioning of the Website detect, during their normal functioning and whose transmission is implicit in the use of internet navigation protocols. Such data are not associated with directly identifiable Users, are not collected to identify Users nor are they subject to profiling activities. The data collected includes the IP addresses and domain names of the computers used by users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters regarding the operating system and the IT environment used by the User. These data are processed, for the time strictly necessary, for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its regular functioning. The aforementioned browsing data is deleted immediately after processing.
For more information on this, please consult the cookie policy.
- with regard to the personal data referred to in the letters from b) a e) of paragraph 2, they relate to personal data voluntarily provided by Users in order to allow the satisfaction of their requests.
The personal data referred to in the letter d) of paragraph 2 may contain special categories of data pursuant to art. 9 GDPR.
No personal data relating to judicial matters or criminal convictions and offences pursuant to art. 10 GDPR are processed.
4. Nature of the provision of data and consequences of any refusal to provide personal data
The provision of data by users is mandatory for the purposes specified above.
Any refusal to provide the requested personal data may make it impossible to respond to requests made by filling out the contact forms as well as making it impossible to use the services offered by the Website.
5. Legal bases of the processing carried out
For the purposes referred to in point 3, letter a), the legal basis is represented by the legitimate interest of the Data Controller in the effective provision of the Website services, pursuant to the provisions of art. 6 co 1, lett. f) of the GDPR.
For the purposes referred to in point 3, letters b), c) e d), the legal basis is represented by the execution of pre-contractual measures requested by users, pursuant to the provisions of art. 6 co 1, lett. b) of the GDPR.
For the purposes referred to in point 3, letters e), the legal basis is represented by consent, pursuant to the provisions of art. 6 co 1, lett. a) of the GDPR.
6. Retention period
The Users' browsing data are deleted immediately after processing and used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.
The User data, provided spontaneously and related to communications sent by filling in the forms made available on the Website, are processed for the time necessary to perform the requested services, within the scope of the purposes listed above, and in any case stored for a period not exceeding 2 years from the last contact received. The User data contained in any attachments transmitted for collaboration purposes, are stored for a period not exceeding 6 months.
7. Subjects to whom the personal data may be communicated or who may become aware of them in their capacity as managers or persons in charge, and scope of dissemination of the data themselves
Both the navigation data and the data voluntarily provided by the Users will be processed by the Data Controller and by subjects belonging to the Data Controller's organization and authorized to do so. The same data may also be processed by subjects external to the Data Controller's organization (generally IT service providers related to the management and operation of the Website and/or freelancers) in any case linked to the Data Controller by contractual relationships that provide for their appointment as Data Processors pursuant to art. 28 GDPR.
The data will not be communicated to other parties, nor will they be disseminated in any way.
8. Transfer of data abroad
The management and storage of personal data will take place on servers located within the European Union. Currently the servers are located in Italy.
9. User Rights
Users may exercise the rights expressly recognized by Articles 15 and following of the GDPR against the Data Controller, using the contact details of the Data Controller indicated in this Policy. In particular, they may:
- obtain confirmation of the existence or otherwise of personal data concerning them, even if not yet registered, and their communication in an intelligible form;
- obtain the indication: a) of the origin of the personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) of the identification details of the Data Controller, of the Managers appointed pursuant to art. 28 GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as Managers or authorized persons;
- request and obtain – in cases where the legal basis is a contract or consent – that the data be transmitted in a structured and machine-readable format, also for the purpose of communicating such data to a new data controller (so-called right to portability);
- obtain: a) the updating, rectification or, when there is interest, the integration of data; b) the cancellation (so-called right to be forgotten), transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data were communicated or disseminated, except in the case in which such fulfillment proves impossible or involves the use of means manifestly disproportionate to the right protected;
- proceed: a) to oppose, in whole or in part, for legitimate reasons, the processing of personal data provided, even if pertinent to the purpose of the collection; b) to the request to be informed about the existence of a decision-making process aimed at sending advertising material or carrying out market research or commercial communication. once opposition to processing has been received at the address indicated above, the personal data will no longer be processed, except to the extent permitted by applicable laws and regulations;
- limit the processing of data, i.e. allow their processing within the limits of storage, for the establishment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State, in the cases provided for by the GDPR.
Finally, Users have the right to lodge a complaint with the Supervisory Authority, which may be exercised:
- by registered mail with return receipt addressed to the Guarantor for the Protection of Personal Data, Piazza Venezia n. 11 - 00187 Rome;
by e-mail to the address: garante@gpdp.it, or protocollo@pec.gpdp.it; fax to the number: 06/69677.3785.
[1] Processing of personal data means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, pseudonymisation, erasure or destruction.
