Privacy Policy

Privacy Policy for the Processing of Personal Data

This Policy is provided in compliance with Article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "Regulation") to all users who access and, more generally, interact with the services provided through the Website and the App of the Entity.

This policy outlines the purposes and methods by which the Data Controller may collect and process your personal data, which categories of data are subject to processing, what rights data subjects have and how they may be exercised.

This policy applies exclusively to the Website and App of the Entity. Therefore, the Data Controller assumes no responsibility regarding any other websites that may be accessed through hyperlinks contained therein. Data processing will be carried out using IT tools.

Users of the Website and App of the Entity are invited to read this policy before providing personal information of any kind.

Data Controller

Comune di Monteleone Di Spoleto

Corso Vittorio Emanuele II, 18 06045 Monteleone di Spoleto (PG)

Electronic invoicing unique code: UFQQO0

IPA code: c_f540

IBAN: IT83F0760103200001078632872

Email: comune.monteleonedispoleto@postacert.umbria.it

PEC: comune.monteleonedispoleto@postacert.umbria.it

Data Protection Officer

The contact details of the Data Protection Officer are available in the Privacy section of the Transparent Administration area.

Categories of Data Processed

Browsing Data

The IT systems and software procedures used to operate the Website and App, in the course of their normal operation, process certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category includes:

• Technical cookies
• Browser used (only in the case of Website use)
• Operating system used (only in the case of App use)
• Device type (only in the case of App use)

These data are used solely to obtain anonymous statistical information on usage and to monitor correct functioning, and are deleted immediately after processing.

Furthermore, the App may request access to device properties, subject to the user's explicit confirmation, which are required for the operation of certain services: geolocation, camera, storage, microphone, push notifications.

However, no data is collected as a result of accessing these properties, other than data voluntarily provided by the user for the use of specific services, as further specified in the following paragraph.

Data Voluntarily Provided by the User

Without prejudice to the above regarding browsing data, the Entity will collect personal data voluntarily provided by the user in order to process requests, for subscription to any newsletters, and in general to provide the services offered.

This category includes:

• Personal identification data: first name, last name, tax identification number
• Contact details (residential address, geographic location, email address, telephone number)
• Data voluntarily provided by the user
• Data required for submitting an online application as provided by a law or regulation of the Entity

The processing of data provided by the user will be carried out in accordance with the purposes and methods set out in this policy.

Third-Party Cookies

This category covers functionalities developed by third parties, integrated within the pages of the website but not directly managed.

The website and app may integrate services offered by third parties (video streaming services, sharing via social networks). No personal data is transferred to third parties prior to the use of such services. For information on the processing of personal data carried out by the managers of the Social Media and video streaming platforms used, please refer to their respective privacy policies.

Methods of Processing

The Data Controller adopts appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data, as further detailed in the section "Technical and Organisational Security Measures for Data Protection."

Processing is carried out using IT and/or electronic tools, with organisational methods and procedures strictly related to the purposes indicated.

Data processing will be carried out by staff directly employed by the Data Controller and/or by natural or legal persons specifically identified by the Controller as authorised processors, duly appointed data processors and their designated staff.

Legal Basis and Purposes of Processing for the Provision of Requested Services

The data referred to in the section "Data Voluntarily Provided by the User" will be processed by the Data Controller solely to respond to requests and to provide the services the user intends to use.

Where the lawfulness of the processing of Personal Data is based on the User's consent, consent is requested through a positive act by which the data subject freely, specifically, informedly and unambiguously expresses their intention to accept the processing of their personal data.

Unless otherwise specified, all Data requested by this App are necessary for the performance of the requested service.

In cases where this Application indicates certain data as optional, Users are free to withhold such data without any consequence on the availability or operation of the Service.

Users who have doubts about which data are mandatory are encouraged to contact the Data Controller.

The use of geographic location tools by the User, unless otherwise specified, is intended to provide the Service requested by the User, in addition to the further purposes described in this document.

In any case, no tracking of the user's position is envisaged, and geolocation features are activated exclusively to populate the "address" field in forms that require it.

The User assumes responsibility for any Personal Data of third parties obtained, published or shared through this App and guarantees having the right to communicate or share them, releasing the Data Controller from any liability towards third parties.

Data Subjects

The recipients of the processing are all users of the Website and App, or of the services made available through them, within the terms of applicable laws and as defined by Regulation (EU) 2016/679.

Retention Period

Data are processed and retained for the time required by the purposes for which they were collected. Therefore:

• Personal Data collected for purposes related to the fulfilment of a legal or regulatory obligation will be retained until such fulfilment is completed, within the timeframes provided by the specific law or regulation.
• Data processed on the basis of the user's informed consent are processed for a maximum of two years, unless consent is withdrawn earlier. The data subject has the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

At the end of the retention period, Personal Data will be deleted. Therefore, upon expiry of that period, the right of access, erasure, rectification and the right to data portability may no longer be exercised.

Communication and Data Transfer

The data provided will not be disclosed or shared with third parties, except for subjects authorised by law or by competent authorities, and for external parties that the Data Controller may engage in the performance of instrumental or ancillary activities related to the services offered, such as providers of software solutions, web applications and storage services (data processors).

No transfer of data outside the European Economic Area is envisaged.

For further details, the data subject may request information from the Data Controller.

Data Processors

The Data Controller has appointed Grafiche E. Gaspari S.r.l., with registered office at Via M. Minghetti 18, Granarolo dell'Emilia, 40057 (BO), as "Data Processor" pursuant to Article 28 of Regulation EU 679/2016.

The provider, on its part and in its capacity as data processor, has undertaken to comply with the provisions of the aforementioned Article 28 of Regulation EU 679/2016 and the instructions given to it by the Data Controller.

The Data Processor makes use of digital partners, sub-processors, such as the producers of the website and app. These are bound, through the conclusion of a contract or other legal instrument signed by the processors themselves, by the same obligations regarding the protection of personal data as those contained in the appointment as Data Processor, with express acknowledgement of sufficient guarantees for the implementation of appropriate technical and organisational measures as required by the Regulation.

Rights of Data Subjects

In accordance with European and national legislation on personal data processing, data subjects have the following rights:

• To request and obtain information about the existence of their data held by the Data Controller and to access such data
• To request the communication of their data and/or its transfer to another controller
• To request and obtain the modification and/or correction of their personal data if they consider it to be inaccurate or incomplete
• To request and obtain the erasure — and/or restriction of processing — of their personal data where such data or information is not necessary — or no longer necessary — for the purposes referred to in the relevant section, or upon expiry of the retention period indicated in the relevant section

In particular, the following rights are recognised under:

• Art. 15 – "Right of access by the data subject"
• Art. 16 – "Right to rectification"
• Art. 17 – "Right to erasure"
• Art. 18 – "Right to restriction of processing"
• Art. 20 – "Right to data portability" of Regulation EU 2016/679, within the limits and conditions provided for by Article 12 of the Regulation itself

These rights may be exercised by writing to the Data Controller using the contact details available in the "Data Controller" section, or by contacting the Data Protection Officer.

You are also informed that, pursuant to current legislation, you may lodge any complaints regarding the processing of your personal data with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

Technical and Organisational Security Measures for Data Protection

The producer of the website and app has implemented appropriate technical and organisational security measures pursuant to Article 32 of the GDPR, capable of ensuring:

• The ability to ensure on an ongoing basis the confidentiality, integrity, availability and resilience of processing systems and services
• The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
• The adoption of procedures for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures implemented to ensure the security of processing, based also on a risk assessment

Changes to This Policy

The Data Controller reserves the right to modify this policy at any time, notifying Users through this platform.

Should the changes concern processing based on the User's consent, the Data Controller will obtain the User's consent again, where necessary.

Use of Personal Data for Legal Defence or at the Request of Authorities

The Data Controller may use the User's Personal Data in legal proceedings or in the preparatory stages of their possible institution, in order to defend against misuse of the website, app or related services by the User.

The User understands that the Data Controller may be required to disclose data at the request of public authorities.

Specific Policies

At the User's request, in addition to the information contained in this privacy policy, the Data Controller may provide the User with additional and contextual information notices regarding data processing arising from specific services.

System Log Registration for Technical Support and Maintenance

To ensure correct operation and maintenance, the website, app and any third-party services connected to them may record system logs, which document interactions and may include personal data such as the User's IP address.