Privacy policy
In compliance with national legislation (Italian Legislative Decree No. 196 of June 30, 2003, Personal Data Protection Code, as updated by Legislative Decree 101/2018), EU regulations (European Regulation 2016/679, GDPR), and subsequent amendments, this website respects and protects the privacy of visitors and users, making every reasonable and proportionate effort to avoid infringing users' rights.
This privacy policy applies exclusively to the online activities of this website and is valid for visitors/users of the site.
Its purpose is to provide maximum transparency regarding the information the site collects and how it is used.
DATA COLLECTED
This website collects and processes Personal Data, as defined by the GDPR, either independently or through third parties, or voluntarily provided by the user. These may include:
-
Internet Protocol (IP) address; browser type and device parameters used to connect to the site; name of the Internet Service Provider (ISP); date and time of visit; referring and exit web pages; and, possibly, the number of clicks. Cookies and usage data collected through automated processes.
This information is processed automatically and collected in aggregate and pseudonymized form for the purpose of verifying the proper functioning of the website and for security reasons. Such data is processed based on the legitimate interests of the Data Controller.
For security purposes (spam filters, firewalls, virus detection), automatically recorded data may also include personal data such as the IP address, which could be used, in accordance with applicable laws, to block attempts to damage the site or harm other users, or otherwise harmful or criminal activity. This data is never used for user identification or profiling, but only for the protection of the site and its users. This data is also processed based on the Data Controller’s legitimate interests.
-
Personal and identification data (via the “Contact” section) — voluntarily provided by the user and not necessary for the functioning of the site.
The possible use of cookies or other tracking tools by this website or third-party service providers, unless otherwise stated, is aimed at providing the requested service, as well as for other purposes described in this document and in the Cookie Policy.
The user assumes responsibility for any third-party personal data obtained, published, or shared through this website and guarantees they have the right to communicate or disseminate such data, releasing the Data Controller from any liability towards third parties.
DATA PROCESSING METHODS
The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data.
Processing is carried out using IT and/or digital tools, with organizational methods and logic strictly related to the stated purposes. In some cases, in addition to the Data Controller, other internal staff or external entities (such as third-party technical service providers, hosting providers, IT companies, communication agencies) may have access to the data, and are appointed as Data Processors by the Data Controller.
DATA PROCESSING LOCATION
Data collected by the website is processed by the Data Controller and managed solely by authorized technical personnel or by third-party data processors appointed under Article 28 of EU Regulation 2016/679.
The server hosting the site is located in Italy.
This site may share some collected data with services located outside the European Union, always in compliance with current legislation and under the provisions of Articles 44 et seq. of EU Regulation 2016/679.
DATA RETENTION PERIOD
Personal data is processed and stored for as long as required by the purposes for which it was collected.
Data collected to provide a service requested by the user will be retained until the service is completed. Data collected based on the user’s consent may be retained until that consent is withdrawn.
The Data Controller may also be required to retain personal data for a longer period to comply with legal obligations or by order of an authority.
Once the retention period expires, personal data will be deleted. After this period, rights of access, deletion, rectification, and data portability can no longer be exercised.
PURPOSE OF DATA PROCESSING
User data is collected for the following purposes:
-
To contact the user in response to contact requests.
SECURITY MEASURES
This site processes user data lawfully and correctly, adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of data.
Processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated.
In addition to the Data Controller, the data may be accessed by staff involved in the website’s organization or by external parties (such as third-party technical service providers, hosting providers, IT companies, communication agencies).
USER RIGHTS
With regard to their personal data, the data subject may exercise the rights outlined in Articles 15 et seq. of the GDPR, namely:
-
Right of access (Art. 15) – the right to obtain confirmation from the Data Controller whether or not personal data concerning them is being processed, and to access such data and related information.
-
Right to rectification (Art. 16) – the right to correct inaccurate personal data.
-
Right to erasure (Art. 17) – the right to delete personal data, for example, when consent is withdrawn or the data is no longer necessary. Exceptions apply (e.g., legal obligations or rights defense).
-
Right to object (Art. 21) – the right to object to processing when it is based on legitimate interest or public interest, unless the Data Controller demonstrates overriding legitimate grounds.
-
Right to data portability (Art. 20) – the right to receive personal data in a structured, commonly used, and machine-readable format, if processing is based on consent or contract and data was provided voluntarily.
-
Right to withdraw consent (Art. 7) – the right to withdraw any consent given, without affecting the lawfulness of processing based on consent before withdrawal.
The data subject also has the right to lodge a complaint with the competent Supervisory Authority in the EU Member State of residence, workplace, or where the alleged violation occurred.
All the above rights may be exercised by sending a request to the Data Controller using the contact methods indicated in this notice, specifying the subject of the request, the right they intend to exercise, and attaching a copy of a valid identity document.
DATA CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is the Municipality of Sagrado, with registered office at Via Dante Alighieri, 19 - 34078 Sagrado (GO). You may contact the Controller by writing to the following email address: protocollo@comune.sagrado.go.it
Issued in Sagrado, 04/08/2025