This section provides a view of the processing of the personal data in question in a prevalent manner with respect to the competences and legal obligations relating to the website www.bookkarate.com.
With the entry into force of the art. 13 Legislative Decree 30.06.2003 n. 196 (hereinafter, “Privacy Code”) and the EU Regulation n. 2016/679 (hereinafter, “GDPR”), Massimo Braglia informs you that the data collected through this website www.bookkarate.com (hereinafter referred to as the Site), will be processed in compliance with the aforementioned legislation, furthermore this treatment will be based on the principles of lawfulness and transparency, to to protect the privacy, freedom and rights of all visitors and users.
Responsibilities related to the processing – Owner
Massimo Braglia Via Catellani, 13 – 41012 Carpi (MO) Italy, e-mail: firstname.lastname@example.org, is the data controller (hereinafter the owner).
Standards applicable to treatment
The Data Controller has adopted various security measures and a code of conduct pertaining to the legislation, for the protection of personal data acquired through the Site (or of other origin but attributable to the same purposes), against the risk of loss, accidental or intentional diffusion, abuse or alteration, applying where possible all the provisions contained in articles 32-34 of the Privacy Code and art. 32 GDPR; using standard data encryption technologies through the HTTPS protocol, as well as strict internal procedures for storing, modifying and issuing access credentials (administrative backend) to the data. The aforementioned provisions and standards have also been applied in cases where data transfer outside the EU (third countries) is envisaged, to protect the rights of the data subjects.
Type of data processed
During user visit sessions, with the storage of cookies in the browser used, some data is collected in an automated, aggregated and anonymous way, some for a minimum duration relative to the duration of the session, others for a maximum duration of 26 months. Some data could be:
- Browser used
- Type of device used
- Date, time and duration of the visit
- Address of the page (s) visited
- IP address (anonymized)
- Name of the network of origin
- IP address in the clear (for security reasons to protect the data itself – Access to the owner only) *
*: The user’s IP address, collected and kept in clear text is the only relevant personal data that could, if crossed with other data, allow the identification of a natural person.
The following types of cookies are present on this site:
The cookies of this category include both persistent cookies and session cookies, which make it possible to distinguish between connected users and prevent a service from being delivered to the wrong user and therefore are a consequence of an express user request, and are also used for security of the site and of the users themselves. Without these cookies, the site or parts of it may not work properly. Cookies in this category are always sent from our domain, and consent is not required for them.
Cookies in this category are used to collect information on the correct use of the site and on user behavior for statistical analysis purposes, to improve the site and simplify its use. This type of cookie collects information anonymously about user activity on the site and how they arrived at the site and the pages visited. Cookies in this category are sent from the site itself or from third-party domains.
This site also acts as an intermediary for third-party cookies, used to provide additional services and features to visitors and to improve the use of the site itself, such as the buttons for social media. Profiling cookies may be used, ie cookies used by third parties in order to collect information on user behavior and interests in order to provide personalized advertising.
Purpose (IP): the sole purpose of this collection (IP addresses below only IP) is the legitimate defense against attacks, intrusion attempts in the administrative backend of the Site, hacking of any kind, and any type of violation, such as to represent a danger also for the data of the users that are stored or that can be illegally seized at the time of voluntary entry.
Storage location (IP): these data are stored exclusively on the web server where the CMS (Content Management System) is located, either Joomla or WordPress, within the borders of the EU (Netherlands), with the ISP that performs hosting activities for the Website of the Data Controller.
Only in particular situations, which involve a risk for data security and for the Site, or in circumstances such as forcing the Data Controller to exhibit due to legal disputes or legal obligations, such data may be transferred to the Data Controller systems or communicated to the Authorities for the investigation of the case.
Method of collection (IP): the data is collected automatically, aggregated and anonymous. In addition to the IP address, they can include the date and time, the type of browser and device and other minor specifications, which in any case do not allow the identification of an individual.
Right to cancellation: already the art. 7 – Legislative Decree 196/2003 and now the art. 17 of the GDPR, guarantees the interested party the right to request the existence of his / her data (art. 15 GDPR) and the possible cancellation based on one of the foreseen reasons.
the Data Controller declares not to use in any way such data for marketing or statistical purposes, or for any other purpose other than that of legitimate defense for security reasons.
If the visitor / user of the Site is against this practice, it is his free choice to refuse to browse / use the Website www.bookkarate.com.
Access to data (in general)
The data can be made accessible to:
- appointees and / or managers.
- To “third” companies. Based on the terms and conditions of the contract, established with these, the data collected are not disseminated, shared, or used in any other way that does not comply with the legislation in force and the contractual agreements established. The data processing methods, in addition to the aforementioned contractual agreements, are established by the operational settings provided by the same third-party companies, and configured in such a way as to comply with the regulations in force. In case of violation of the aforementioned provisions, or false declarations, on the part of such “third-party companies”, the Owner will in no way be held responsible for them in relation to the users / visitors of the Site.
The “third-party companies” involved are:
- MKW Web Agency via Piacenza 9, 41012 Carpi (MO) Italy, as a web master in charge of the management of the Site. Access to the IP addresses mentioned above is expressly forbidden to those following a specific letter of appointment.
- the Internet Service Provider (ISP), owner of the infrastructure that physically hosts the Site and the services connected to it for its management, such as e-mail management, is Siteground Spain S.L. Calle de Prim 19, 28004 Madrid Spain. The web and email servers are located in the Netherlands.
- The company that provides statistical and marketing tools for the Site is Google LLC (“Google”), based in 1600 Amphitheater Parkway, Mountain View, CA 94043, United States.
- The company that provides the cookie management plugin is Cybot A / S Havnegade 39 1058 Copenhagen Denmark and servers located in Ireland
Other “third-party companies” or their partners could be:
- Facebook Inc. or Facebook Ireland Limited, for products like Facebook, Messenger, Instagram, WhatsApp, based in Menlo Park, USA and resp. Ireland.
- YouTube, G + and Google Maps trademarks of Google LLC (“Google”), based in 1600 Amphitheater Parkway, Mountain View, CA 94043, United States.
- Various companies that supply “plugins” (program modules), designed to perform specific functions within the site, will be listed precisely and only if they are collecting data.
Other data collection methods
On a voluntary basis, and / or through the contact form, and then via e-mail, to the address email@example.com the users / visitors of the Site can send messages after entering their data, by way of example but not exhaustive :
- First name,
- business name,
- Consent to the processing of data
this is equivalent to freely providing such data which will be stored and managed in compliance with the regulations in force. The acquisition of data, as well as any other personal data entered on an optional and intentional basis in the message, is necessary to respond to requests. In case of entering sensitive data, these will be deleted and will not be kept. The storage of data sent through this mode, is variable based on the relationships that may occur between the Owner and the user, it is therefore not predictable in itself.
The data collected may be communicated and / or disclosed to third parties only if necessary, in the cases provided for by law, in case of need for the signing of contracts and in cases for instrumental purposes the conduct of the activity itself to:
- External parties, professionals or service companies for administration and business management that work for our bill;
- Hardware and software company for maintenance operations performed on our computers;
- Banking Institutions for the management of receipts and payments deriving from normal activities in the context of an existing employment relationship;
- Possible debt collection and credit insurance companies;
- Private individuals or public bodies, exclusively for compliance with legal obligations;
- Third-party companies that own the technologies applied through cookies, to carry out:
– system functions, necessary for the correct navigation of the Site,
– activity of statistics on visits, to improve the “yield” of the pages of the Site,
– marketing activities to optimize its offer on services / products.
- Web agency for site management and maintenance.
Data life cycle
Data acquired through cookies and purpose.
When a user reaches a page of the Site, the cookie-banner is presented to manage the consent or deny the use of the cookies themselves on the browser of the user / visitor. With the exception of those Necessary, with limited duration to the session of the visit and then destroyed, the user can refuse or accept the storage of cookies in his browser, from which the execution or not of software designed to acquire data automatically, aggregated and anonymous.
Some of these collected in this way are transferred to hardware located in Italy, others in the United States and stored according to regulations, for a maximum period of 26 months. After this period, they are overwritten, which is tantamount to destroying them.
In the period in which they remain available for consultation, they can be used to measure the level of satisfaction and “surrender” of the pages of the Site, allow checks on the popularity, relevance and positioning of the Site based on its contents and level of ” preference ”granted by visitors.
In addition to this, they allow to verify the validity of the contents inserted, with respect to the searches carried out by visitors on search engines, and based on the results, to optimize some elements in the case.
There may be “widgets” (program GUI) or links / functions that refer to third parties, such as not exhaustive, Facebook, Messenger, Instagram, WhatsApp, Pinterest, G +, YouTube, Vimeo, etc. The collection and management through these, falls in the cases of “other third-party companies”.
Data acquired through contact form
The filling of the text boxes of the form can be used freely by the user / visitor. There are some boxes required and indicated by an asterisk, referring to the data necessary to provide the requested service, in case of failure to complete even one of these, it will not be possible to use the form. The data sent transit on different mail servers to then arrive on the mail server which is located in Italy and from there made available for consultation and archiving also on the owner’s hardware. In both locations, the data is managed and stored according to regulations. The duration is not predictable and depends on the commercial relationships that can be established between the user and the owner.
Data acquired through site registration
If there is a restricted area, with access to private / confidential pages of the Site, the user will have to perform a registration procedure to access it, and will be required to send some data necessary for the identification of the person or subject, subsequently he may access it, following a login procedure by entering your username and password. This data will be stored on the ISP’s web server that hosts the Site and is located in Italy, and will be managed by the Data Controller via computer, a copy of these data may be stored on the Data Controller hardware in compliance with the law and for security reasons.
Data acquired through opinion polls
In the event that surveys are carried out in order to know the opinions of the users interviewed, about various topics, the data collected will be stored on the ISP’s web server that hosts the Site and is located in Italy, and will be managed by the Data Controller via computer, a copy of these data may be stored on the owner’s hardware in compliance with the law and for security reasons.
Data acquired through newsletter subscription
In case of sending newsletters or e-mail marketing, the flow of data will be identical to that relating to the management of e-mails. On the Website there will be an optional subscription banner for the newsletter for which only a Name and E-mail address are required.
For each registration received, the Owner uses a validation system of the e-mail address, in which a request for explicit consent will be sent as acceptance of the receipt of the newsletter. Only when such validation and consent are received will the Data Controller send the newsletters. These may be periodic or dependent on the presence / organization of events and therefore be used as an invitation to participate in them.
The procedure for unsubscribing / canceling the service is always indicated on each newsletter and on the Website, which can be done by entering the registered e-mail address, if not already present, and confirming with a click.
There may be a last e-mail sent to the user confirming the cancellation, or a simple video message.
With regard to e-mail marketing, the GDPR expects that a relationship already exists between the Owner and the user, which is therefore a customer or is in the service, therefore consent is not required for existing customers. Only if there is a justified reason for direct e-mail marketing, therefore sending without prior consent, this is admissible after entering a clear and functional opposition procedure to the processing of user / recipient data for marketing purposes .
Data support resources
The Owner uses an IT infrastructure (hardware and software) that is constantly monitored and always up to date: devices, operating systems, antivirus, firewall, anti-malware, antispam, etc. Moreover, in all operational contexts, it uses procedures to reduce or if possible completely exclude the cyber risk (cyber risk): interruptions, unwanted accesses, data loss, infections of various kinds, brute force attacks, hacker attacks, etc.
The site uses the standard encryption protocol for HTTPS data and is protected by firewall software. Monitoring is constant, thanks to alarm reception procedures, with a high level of responsiveness.
The CMS used, which can be Joomla or WordPress, is always updated to the latest version, as are the add-ons – plugins.
System data and some collected data are hosted within the ITP’s IT infrastructure and use LAMP servers (Linux, Apache, MySQL, Php), as well as proprietary software for online management supported by cPanel as a graphical interface for web hosting.
All data collected through cookies are collected in an automated, anonymous and aggregate form and according to the Terms and conditions set by the Data Controller with third parties, which in any case, prohibit the dissemination / sharing with other entities or products of the same.
Purpose of the processing
The data collected is limited to those “Necessary” to allow an effective navigation of the Site itself, “Statistics” to help the owner of the Website to understand how visitors interact with it, collecting and transmitting information anonymously, finally, those of “Marketing” which are used to monitor visitors on websites. The intent is to display relevant and engaging ads for the individual user or visitor and therefore those of greater value to publishers and third-party advertisers in the common meaning, but on this site they are not used or shared to profile users, nor display relevant ads to their interests.
Legal bases that legitimize the processing
The consent to the processing of data by the data subject implies the recognition of legitimate intent on the part of the Data Controller to communicate its offer for products and / or services relating to the activity carried out, and for the continuity of the same, such processing is considered essential.
It is essential for the purpose of acquiring contacts for new customers, consolidating and developing existing relationships with existing customers, for the execution of a contract or to provide information that can be object of evaluation of the services offered by the Data Controller to the data subject.
It is essential to protect the data of the same concerned for security reasons, for compliance with the regulations in force, and in cases where they should be required for legal obligations.
Processing is necessary for the purposes of legitimate interests pursued by the Data Controller or by a third party, where they do not violate the rights and freedoms of the data subject who has the right to the protection of these and in particular, in cases where the data subject is a minor.
The Site and the services present are not aimed at children under the age of 16. The Data Controller is not responsible for the collection of data sent intentionally or collected and related to people of this age. If these are present, the Data Controller will provide for their immediate removal upon explicit request.
The data collected are adequate, relevant and limited to what is necessary in relation to the purposes for which they were processed.
On this Site we have chosen to use the minimum number of cookies and related functions, introduce new ones and modify existing ones, relevant for the purposes of the need to run it. In addition, those that did not respond or were superfluous with respect to compliance with the law were limited and eliminated.
The cookies on the site are of three types and also defined as:
Required. Management of cookies for the functions required by the law
Statistics. Navigation management for site optimization
Marketing. Navigation analysis to optimize the site
At this link www.aboutcookies.org you can find more information about cookies, including how you can understand what cookies have set on your device, and how you can manage and delete them.
The data is accurate and kept up to date
In compliance with art. 5.1 d) of the GDPR, the personal data managed on this Site are not shared, nor disclosed to third parties, except for data residing on web and email servers in Italy to which, for terms and conditions established with third party companies, only the Owner has access. In case of violation of these provisions, or in cases where there is a legal obligation to access, the Data Controller cannot be held guilty.
As far as possible, the Data Controller will keep the data up to date, with procedures, tools and all possible initiatives for this to happen. In consideration of the purposes of the same, these will be made available for cancellation or rectification without delay.