Privacy Policy

The privacy notice is a general obligation that must be fulfilled before, or at the latest at the moment of, the direct collection of personal data. In the case of personal data not collected directly from the data subject, the notice must be provided within a reasonable period, or at the time of the communication (not the registration) of the data (to third parties or to the data subject). Pursuant to the General Data Protection Regulation (GDPR – Reg.(EU)2016/679), the undersigned organization, as data controller, provides the following information:

SOURCES AND CATEGORIES OF PERSONAL DATA

The personal data held by the organization are collected directly from the data subjects. This website also collects sensitive data, understood as data revealing racial or ethnic origin, religious, philosophical, or other beliefs, political opinions, membership in unions, associations or organizations of religious, philosophical, political, or union nature, health status, and sexual life.

Browsing Data

The IT systems and software procedures supporting the website’s operation acquire, during normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. These are information not collected to be associated with identified individuals, but which, by their nature, could, through processing and association with data held by third parties, allow identification of users. This category includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the server’s response status (success, error, etc.), and other parameters relating to the user’s operating system and IT environment. These data are used solely to obtain anonymous statistical information on site usage and to verify correct functioning and are deleted immediately after processing. Data may be used to determine responsibility in case of hypothetical cybercrimes against the site.

Profiling Data

No profiling data regarding the habits or consumer choices of the data subject are directly collected. However, it is possible that such information is acquired by autonomous or separate entities through links or by embedding third-party elements. See the section on third-party cookies for details.

Cookies

Like other websites, this site stores cookies on the user’s browser for the transmission of personal information and to enhance their experience. Cookies are small text strings sent to the user’s device (usually the browser) by the websites visited, sometimes with long persistence, and are then retransmitted to the same websites on the next visit. As explained below, it is possible to choose whether and which cookies to accept. Refusing cookies may affect the ability to perform some transactions on the site, the accuracy and suitability of some personalized content, or the ability to recognize the user between visits. If no choice is made, default settings will be applied, and all cookies will be activated; however, decisions can be communicated or modified at any time.

Technical Cookies

Specifically, session cookies are used, which are not permanently stored on the user’s computer and disappear when the browser is closed. Their use is strictly limited to transmitting session identifiers (random numbers generated by the server) necessary for safe and efficient site navigation. These cookies do not allow the collection of personally identifiable information. Analytics cookies are also used to understand how visitors interact with site content, collecting information (geographic and web origin, technology used, language, entry, visited and exit pages, time spent, etc.) and generating site usage statistics without identifying individual visitors. These are considered technical cookies for which consent is not required, and the opt-out mechanism applies. Technical cookies are not shared with third parties as they are necessary or useful for the site’s operation; they are handled only by qualified personnel, administrators, or system managers.

Third-Party Cookies

The site also incorporates cookies and other elements (tags, pixels, etc.) from third parties (autonomous and for which the data controller is not responsible) that may perform profiling activities. Refer to the respective websites for further information:

https://www.google.com/policies/technologies/cookie/
https://www.facebook.com/about/privacy/cookie
http://www.addthis.com/privacy

Data Provided Voluntarily by the User

The optional, explicit, and voluntary submission of emails to addresses indicated on the website results in the acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the email. Similarly, voluntarily submitting forms on the website containing data about the data subject involves processing to fulfill pre-contractual obligations or execute requested services. Such form information may include personal data, contact details, phone numbers, and email addresses of the data subject and identified third parties associated with the website user. Specific summary notices will be progressively provided or displayed on website pages dedicated to particular services upon request.

Payments and Donations

The payment system requires sharing some data with the bank providing the service (Paypal, Banca Sella, etc.). Required data are freely provided by the data subject: some (Name, Surname, Email) are essential; others are optional (notes, reason, etc.). Consent is required to publish the user’s data in the official donor list.

E-commerce

This includes data processed for managing shopping carts, orders, and any registered user profiles, including personal data, addresses, purchase details, notes, and comments. Data may also be processed through delegated third parties (delivery companies, postal services, data entry) for administrative management, participation in loyalty programs, creation of anonymous statistics on purchase behavior, and sending advertising material related to products and offers via email or SMS.

Reservations

Registered users can book appointments for services provided.

Reserved Area

Information (texts, videos, images) uploaded by the user in the reserved area is protected through encryption and authentication systems and is accessible only to authorized users, the data subjects, or intermediaries involved. This information is not disseminated.

PURPOSES AND LEGAL BASES OF PROCESSING

Personal data are used (ref. Art. 6(b) GDPR) to allow site navigation and to execute services or performance requested within the organization’s normal activities. Additionally, personal data may be processed:

• For compliance with legal obligations (Art. 6(c) and 9(b,g,h) GDPR);
• For the establishment, exercise, or defense of legal rights (legitimate interest) (Art. 6(f) and 9(f) GDPR);
• For direct marketing based on the data controller’s legitimate interest (ads, newsletters, logs for cyber-attack prevention), for which the data subject can always refuse consent (Art. 6(f) GDPR);
• For optional purposes requiring explicit consent, such as newsletter subscription, promotional messaging, satisfaction surveys, or sharing data with third parties for marketing (Art. 6(a) GDPR);
• For sensitive data, processing requires explicit consent (Art. 9(a) GDPR);
• For profiling, processing requires consent (Art. 6(a) GDPR).

CONSEQUENCES OF REFUSING TO PROVIDE DATA

Providing personal data is optional but necessary to process essential purposes. If required data are not provided, services cannot be executed, and contractual or legal obligations cannot be fulfilled, potentially causing compliance issues (e.g., accounting, tax, or administrative obligations). For non-essential or sensitive data, refusal or incomplete provision may limit or prevent certain services and benefits. The organization is not liable for penalties or adverse consequences resulting from missing or incomplete data.

DATA PROCESSING METHODS

Data processing for web services is conducted using automated tools strictly for the time necessary to achieve the purposes of collection. Processing occurs on servers in Italy or the EU and is handled by qualified personnel or maintenance/admin staff. Security measures prevent data loss, unauthorized access, and misuse. Encryption, user authentication, and authorization mechanisms are implemented. Data processing includes collection, recording, organization, storage, modification, deletion, and destruction. Personal data are treated according to GDPR Art. 5 principles: lawfully, fairly, for explicit purposes, accurate, complete, relevant, and secure. No automated decision-making (e.g., profiling) is carried out, unless explicitly stated otherwise with detailed logic and consequences.

TRANSFER OUTSIDE THE EU

Processing may occur in non-EU countries when site connections originate from there or where site servers are located, as deemed necessary for the purposes pursued while ensuring adequate safeguards. A list of countries outside the EU to which data are transferred is maintained.

DATA RETENTION PERIOD

Personal data will generally be retained as long as necessary for the processing purposes according to the data category.

CATEGORIES OF RECIPIENTS

Essential data may be communicated to:

• Internal and external data processors and responsible parties performing tasks such as site administration, traffic analysis, email and form management, e-commerce order fulfillment;
• Authorities when required by law.

Data will not be disseminated without legal obligation or anonymization. For third-party cookies and elements, prior consent is required to share data with third parties.

In certain cases, authorities may request information for oversight of personal data processing, which is mandatory.

DATA SUBJECT RIGHTS

At any time, you may exercise your rights (access, rectification, deletion, limitation, portability, objection, no automated decision-making) as provided by GDPR Articles 15–22; submit complaints to the Authority (www.garanteprivacy.it); and revoke consent if processing is based on consent, without affecting the lawfulness of processing before revocation.

Cookie Disabling

Most browsers allow managing and disabling cookies to respect user preferences. Some browsers offer site-by-site rules or incognito mode, which deletes cookies after closing the session. Instructions for major browsers are provided below:

Chrome: https://support.google.com/chrome/answer/95647?hl=it
Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
Internet Explorer 11: http://windows.microsoft.com/it-it/windows-vista/block-or-allow-cookie
Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT

CONTACT INFORMATION

The data controller is Doc Creativity Soc. Coop., located at Via Pirandello 31/B, Verona, Italy. Requests may be sent to: dpo@retedoc.net.