Information pursuant to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (GDPR) on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Pursuant to Article 13 of EU Regulation no. 679/2016, we wish to communicate the following:
DATA SUBJECT TO PROCESSING AND METHODS OF THEIR COLLECTION
The data being processed consist essentially of personal data, such as name, e-mail address, any accounts on social networks, address, date and place of birth, tax code or VAT number, driving licence and identity card, etc. .
These data are necessary for the performance of existing or future contractual relationships with the undersigned company, hereinafter also referred to as "Supplier".
The personal data in our possession are collected because you voluntarily provide them electronically when registering and accessing the site.
The Supplier does not directly manage the infrastructures on which personal data are stored in the context of the provision of its IT services, but through service contracts with third parties.
The data will therefore be stored on servers managed by other parties (both for production, development and backup) for the entire duration of the contract in relation to the Service offered, any requests for assistance on the website, access credentials and other data present therein.
The data will not be processed and will only be kept until the end of the relationship between the parties. YOUR DATA WILL NEVER BE SCANNED OR ANALYZED except by system administrators or persons in charge for technical purposes related to security or at the explicit request of public security authorities.
The personal data collected, freely communicated by you and acquired as a result of the activities carried out by the Supplier, will be processed in a lawful and correct manner for the purposes of using the website managed by the Supplier and to comply with all legal requirements on the subject.
The data processed (common, sensitive, personal) are updated, relevant, complete and not excessive in relation to the purposes listed above for which they are collected and subsequently processed. In this regard, it should be noted that sensitive data means: "any personal data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organisations of a religious, philosophical, political or trade-unionist character, as well as personal data concerning health and sex life".
The data itself will be processed, in compliance with the necessary security and confidentiality, through the following methods: collection of the data of the person concerned at the time of the first access, collected and recorded for specific, explicit and legitimate purposes and used in further processing operations in terms compatible with these purposes; these processing operations are carried out with the help of electronic and automated tools (data collection by telematics).
Personal data are therefore processed in accordance with the following principles:
lawfulness, correctness and transparency;
minimisation, accuracy, integrity and confidentiality;
limitation of storage;
empowerment of staff;
purpose limitation and quality.
Data processing is carried out at the Supplier's operational headquarters, using electronic, computerised and telematic tools.
Specific security measures have been implemented to protect the data stored on any medium and guarantee its confidentiality. Data processing is carried out exclusively by personnel who have been trained in this regard and who have been specifically appointed for this purpose by the Data Controller. Particular attention is paid to sensitive data of which the Supplier may become aware, committing to ensure the highest possible confidentiality. All data are therefore hosted on servers with specific technology and configurations to ensure maximum security.
The legal basis for the processing of personal data is based on the relationship of providing the service offered free of charge by the Supplier on his website.
Risk monitoring is carried out regularly and improvement measures are subsequently implemented in order to reduce the probability of a given risk occurring. The controls are:
preventive: preparation of the IT system in order to reduce risks;
investigative: continuous analysis of the state of the IT system through auditing and forensic analysis;
maintenance of the system at the right balance point, following new requests and/or new technologies;
management of minor system changes;
patching, upgrading software and hardware systems and updating supplier relationships;
servers are protected with anti-intrusion systems and firewalls. Access is regulated by means of digital certificates and credentials, guaranteeing an adequate level of security; where necessary, servers and network equipment have been equipped with their own security system in order to prevent access and violation.
All Supplier's services and PCs are configured with a customised authentication system.
The PCs entrusted to the Supplier's management are also configured according to criteria that aim to maximise the protection of the data they handle. In particular, a local firewall, a distributed antivirus system, automatic access blocking in the event of inactivity and centralised IP assignment based on the Mac Address are configured.
Each user must obviously be aware that their behaviour could reduce the effectiveness of the security measures, and this is their responsibility:
using elementary or insecure passwords
communicating to unauthorised persons their credentials for accessing the services or the configuration of the services
using unsecured or misconfigured software;
using the services on computers or devices that are not protected against viruses and malware;
and other actions of various kinds.
The legitimate interests pursued by the Data Controller in the processing of data is the need to respect and honour the contractual obligations entered into between the parties. Pursuant to Art. 6, the lawfulness of the processing is based on the manifestly expressed consent of the data subject.
COMPULSORY OR OPTIONAL NATURE OF PROVIDING DATA AND CONSEQUENCES OF A REFUSAL TO ANSWER
The nature of the provision of data by the user is mandatory so that the Data Controller can provide the services requested.
Your data may be communicated following inspections or audits (if requested), to all inspection bodies responsible for audits and controls relating to the regularity of legal obligations.
Your data may also be communicated to companies/professional firms that provide assistance, advice or collaboration to the data controller in accounting, administrative, fiscal, legal, tax and financial matters, to public administrations for the performance of institutional functions within the limits established by law or regulations.
Apart from these hypotheses, users' personal data will not be disclosed.
The disclosure of data to third parties is therefore excluded.
The data collected and processed are not transferred to companies or other entities outside the European Union without verification that the recipient has complied with these Regulations.
Personal data will be stored for as long as strictly necessary or as long as required by law, or as long as necessary to fulfil the purposes of the processing.
The owner of the data processing is charmescorts.com
The person in charge of the data processing is charmescorts.com, who is responsible for responding to the interested party in case of exercise of rights.
The interested party may at any time exercise the rights reserved to him/her, as provided for in art. 7, and contact the person in charge at the structure's headquarters.
The interested party has the right at any time to access his/her own data and to obtain confirmation of the existence or not of personal data concerning him/her, even if not yet recorded, and their communication in an intelligible form.
The interested party has the right to obtain information about:
- the origin of the personal data
- of the purposes and methods of the processing, in order to obtain further information on the purposes of the processing, on the data that are being processed
- the logic applied in the event of processing carried out with the aid of electronic instruments;
- the identification data concerning the data controller, the data processor and the representative designated pursuant to Section 5(2);
- of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State's territory, data processor(s) or person(s) in charge of the processing.
(a) the updating or, when of interest, the integration of the data, as well as to have his/her data corrected if they are inaccurate;
b) the cancellation, if compatible with the legitimate interests of the Data Controller, the transformation into an anonymous form or the blocking, if justified, of data processed in breach of the law, including data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed;
c) certification to the effect that the operations as per letters a. and b. above have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
The interested party has the right to oppose in whole or in part:
1) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
2) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
The interested party shall have the right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal, and shall have the right to lodge a complaint with a supervisory authority.
Any interested party may at any time assert these rights by sending a written request (e-mail) to [email protected]. We inform you that, after contacting the data controller, you will be able to lodge a further complaint with the national supervisory authority, in Italy the Authority for the Protection of Personal Data by writing [email protected] or [email protected].
The Supplier undertakes to promptly inform the interested parties of any personal data breach.
The data subject shall have the right to receive personal data concerning him/her in a structured, commonly used and machine-readable format. Each request shall be assessed individually.
This notice may be updated in the future. Should the changes be significant, we will notify you directly at the contact address provided by you.