Pursuant to article 13 of Regulation (EU) 2016/679 (“the Regulation” or “GDPR”), we wish to inform users about the methods used to process the personal data of people who interact with our website at www.casillogroup.it and the purposes of this processing.
This notice does not apply to other websites that may be viewed using links included in the domain of the data controller, who is not to be considered in any way responsible for third party websites
Casillo Partecipazioni s.p.a.
Via Sant'Elia z.i. - 70033 - Corato - Italy
P. IVA: 05287570724
Cod. Fisc.: 05287570724
Types of data collected
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using this Website.
If the User refuses to provide them, it may be impossible for this Website to provide the Service. Where this Website indicates some Data as being optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or its operation.
The User takes responsibility for the Personal Data of third parties obtained, published or shared through this Website and guarantees that he/she has the right to communicate or disseminate them, freeing the Owner from any liability towards third parties.
Details about the processing of Personal Data
Viewing content from external platforms
Data processing methods
The processing will be carried out with manual, IT and data communication tools in compliance with the rules in force and the principles of fairness, lawfulness, transparency, relevance, completeness, non-excessiveness and accuracy, and with organisational and processing systems strictly related to the purposes pursued and in any case in order to guarantee the security, integrity and confidentiality of the data processed, in compliance with the organisational, physical and logical measures allowed by the provisions in force.
Data retention period
In compliance with the provisions of article 5(1)(e) of Regulation (EU) 2016/679, the personal data collected will be stored in a form that allows the data subjects to be identified for a period of time not exceeding the achievement of the purposes for which the personal data are processed. The period for which the personal data provided is retained depends on the purpose of the processing:
once this term has elapsed, the data will be deleted or made anonymous, unless their further retention is necessary to fulfil any contractual obligations that have arisen, any legal obligations or any orders issued by Public Authorities and/or Supervisory Bodies.
Nature of the provision of data
Users are free to provide their Personal Data or not. Failure to provide the data may make it impossible to obtain what is requested or to use the Data Controller’s web services.
Data recipients or categories of recipients
In order to pursue the ends described, or if it is essential or required by law or by authorities with the power to impose it, the Data Controller reserves the right to communicate the data to recipients in the following categories:
- providers of IT maintenance or similar services;
- providers of services needed to manage the information system used by the Data Controller and the telecommunications networks, including e-mail and website management;
- Authorities and supervisory and control bodies and, in general, organisations, whether public or private, that perform public duties (e.g.: Prefecture, Police Headquarters, Judicial Authority, subject to the conditions established by the applicable legislation being fulfilled);
- other group companies to which the Data Controller belongs, or in any case parent companies, subsidiaries or associates, pursuant to article 2359 of the Italian Civil Code;
- professional firms or companies in the context of assistance and consultancy relationships;
- the data may also be made known to the Data Controller's staff, including interns, temporary workers, consultants, employees of companies outside the Data Controller, all specifically authorized for processing, for the purpose of their work.
Transfer of data abroad
The Users’ data will not be transferred to non-EU countries
The Users’ data will not be disseminated.
Rights of the data subject
Articles 15, 16, 17, 18, 20, 21 of the GDPR give the data subject the right to exercise specific rights in respect of the Data Controller.
In particular, as the data subject, the User may, under the conditions provided for by the GDPR, exercise the following rights:
- right of access: the right to obtain confirmation as to whether or not personal data concerning them are being processed and, if so, to gain access to their personal data, including a copy of the same;
- right of rectification: the right to obtain the rectification of inaccurate personal data regarding them and/or the addition of incomplete personal data;
- right of deletion (right to be forgotten): the right to obtain the deletion of personal data concerning them if they are no longer necessary for the purposes pursued by the Data Controller, in case of withdrawal of consent (and there is no other legal basis for the processing) or objection to the processing, in the event of unlawful processing, or if there is a legal obligation to delete it.
- The right to deletion does not apply if processing is necessary for the purpose of fulfilling a legal obligation or performing a task carried out in the public interest or asserting, exercising or defending a right in court;
- right to restriction of processing: the right to restrict processing, when: a) the data subject disputes the accuracy of personal data; b) the processing is unlawful and the data subject objects to the personal data being processed and instead requests that its use be restricted; c) the personal data are necessary for the interested party to assert, exercise or defend a right in court;
- right to data portability: the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning them and provided to the Data Controller and the right to transmit them to another controller without impediments, if the processing is based on consent and is carried out by automated means;
- right to object: the right to object, at any time, to the processing if the personal data are processed for purposes other than those for which one has consented to the processing.
Pursuant to article 77 of the Regulation, the User is granted the right to lodge a complaint with a supervisory authority, in particular in the Member State in which they usually reside or work, or in the place where the alleged violation has occurred, which in Italy corresponds to the Autorità Garante per la Protezione dei dati personali, the contact details of which can be found at www.garanteprivacy.it.
Furthermore, the GDPR entitles the User to revoke the consent given at any time and with the same ease with which it was granted.
Exercising one's rights as a data subject is free of charge pursuant to Article 12 of the GDPR. However, in the event of manifestly unfounded or excessive requests, particularly if made repeatedly, the Data Controller may charge a reasonable fee to cover the administrative costs incurred in handling the request, or refuse to fulfil the request.
Users can exercise their rights by contacting the Data Controller by e-mail or letter sent by recorded delivery to the addresses in this notice.
Latest update: 20/06/2019