This document describes the manner by which the site the-barn.it (“Site”) is managed, with reference to the processing of personal data belonging to the users (“User/Users”).
It is an information notice issued in accordance with article 13 of the EU Regulation no. 679/2016 (“GDPR”), for anyone who use the Site and/or communicate with THE BARN SRL.
This information notice is provided only for the Site and not for any other websites viewed by users through the links.
1. The data controller
The data controller is THE BARN SRL with registered office in 20134 Milano (MI), via Giovanni Ventura 6, C.F e P.IVA 12257920962 (“Data Controller”).
2. Types of data processed
2.1 Browsing data
During normal use, the electronic systems and software procedures enabling this Site to operate, acquire certain personal data; transmission of same is implicit in the use of internet communication protocols.
This information is not being collected in order to be associated to well-identified data subjects, but its nature, by means of processing and associations with data held by third parties, could make the users identification possible.
The category of data could be listed as follow: (i) IP addresses or domain names of computers used by users connecting to the Site, (ii) addresses in URI (uniform resource identifier) notation for resources requested, (iii) the time of request, (iv) the method used to submit the request to the server, (v) the dimension of the file obtained in response, (vi) the numerical code indicating the status of the response given by the server (success, error etc) and (vii) other parameters regarding the user’s operating system and the IT environment.
This data is used only to glean anonymous statistical information on the use of the Site and to check that it operates correctly and this data is deleted immediately after processing.
2.2 Registration data
The Data Controller will process the data necessary to the User for the registration, in accordance with article 6(1) let. b) of GDPR.
The registration on the Site involves the aquisition and the process of these data by the Data Controller only for the purposes set up under paragraph 3.
2.4 Data provided by users of their own free will and/or communicated by third parties
The Data Controller will process the information that User may spontaneously provide by sending an email message to the address indicated on the Site. Such information are processed by the Data Controller only for the purposes set up under paragraph 3.
3. Purposes and lawfulness of data processing
The personal data of the Users are processed by the Data Controller in order to:
a) pursue, in accordance with article 6(1) let. f) of GDPR, an its own legitimate interests consisting in ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems;
b) to fulfill the contractual obligations and allow the User to ask for information on the services promoted by the Data Controller on the Site pursuant to article 6(1) let. b) of GDPR;
c) to fulfil the administrative obligations in accordance with article 6(1) let. b) of the GDPR.
4. Consequences of any refusal
The provision of registration data referred to in the previous paragraph 2.2 is necessary for the fulfillment of the contractual and pre-contractual obligations.
Any refusal, would make impossible for the User to proceed with the registration.
The provision of the other data for the purposes referred to in the previous paragraph is optional.
Any refusal, however, would make impossible for the User to communicate with the Data Controller, as well as for the Data Controller to provide a response to Users’ requests and guarantee the security of the Site and the information exchanged on it.
5. Manner of data processing
The personal data is processed through computerized, automated manual systems.
The data processing is carried out by means of operations or series of operations indicated in art. 4, no. 2 of the GDPR, namely: collection, registration, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, block, communication, deletion and destruction of Data
The personal data, moreover, is processed only by those subject appointed to carry out such fulfilments, currently identified and duly educated on the constraints provided by the applicable law, as well as by adopting specific security measures aimed to ensure the protection of your confidentiality and to avoid the loss of data, any unauthorized accesses to the data and any data processing which may be qualified as unlawful or not in compliance with the abovementioned purposes.
6. Communication and transfer of personal data
The personal data collected by the Data Controller through the Site will not be distributed, sold or transferred to third parties, save for those eventualities contemplated by law.
In any case, it remains understood that the Data Controller retains the right to communicate the Users personal data to the companies in charge for carrying out specific services within its activity and/or, in general, in its favor, that will operate as independent data controllers or processors, as well as the right to communicate and/or to distribute the User personal data that, in compliance with the applicable law, the police, the judicial authority, the information and security agencies or other public subjects might ask for purposes related to defense or State security or to preventing, detecting or suppressing crimes.
The personal Data may be transferred to countries within the European Union and to countries outside the European Union for the purposes referred to in paragraph 3 hereto.
In particular, the Data may be stored in the U.S. by suppliers of the Controller to which the Data are transmitted on the basis of the signing of agreements in accordance with art. 28 GDPR with standard contractual terms in accordance with the European Commission’s decision on the protection terms approved by the European Commission or pursuant to an adequacy decision of the European Commission on the level of data protection. The updated list of third party suppliers, operating as data processors pursuant to art. 28 GDPR, is now available by contacting the Controller.
7. Duration of the processing and retention period
The processing will last only for such period of time that is necessary for achieving the purposes mentioned at the previous paragraph 3. The Data Controller will then store your personal data only in compliance with the legal obligations provided by the applicable laws, for administrative purposes and/or to claim or to defend an own right in the case in which a litigation or a pre-litigation procedure arise
8. Data subject’s rights
As per Articles 15 et seq. of GDPR, the user has the right to receive from the Data Controller information on the existence of the processing of his/her personal data, as well as to access his/her own data, to obtain the rectification, integration, updating, erasure or blocking of the data.
Each data subject will also has the right to obtain a copy of his/her data, the limitation of the processing and/or, moreover, to oppose against processing, as well as the right to data portability and to bring a complaint with the competent supervisory authorities under the conditions and within the limits given in the art. 13 of GDPR.
The User has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
In order to exercise the aforementioned rights, it is necessary to write at the following e-mail address email@example.com specifying “Privacy – exercise of the data subject rights” as object.