Details: The data may be communicated:
- to all those entities (including the public authorities) that have access to personal data on legal or administrative grounds;
- to banks and companies that manage the national or international payment circuits via which online payment is made for products purchased on or through the website;
- to companies, consultants or professional persons tasked with the installation, maintenance, updating, general managent and daily running of the hardware and software of the Comune di Firenze or of the company of which the Comune avails itself for the delivery of its services;
- does not entail the activation of an automatic decision-making process;
- the information acquired and the processing modalities adopted shall be relevant and in proportion to the nature of the services provided.
Pursuant to Article 14 in the GDPR 2016/679, we specify the following:
Processing will avail itself chiefly of electronic or in any case automatic means via information technology and telematic tools, on the basis of an organisational and processing rationale strictly related to the purposes of the service and in any case such as to guarantee the security, integrity and confidentiality of the data in compliance with the organisational, physical and logical measures stipulated in the provisions currently in force.
In particular, the minimum appropriate security measures required by the systems security manager shall be implemented.
In the context of the processing purposes illustrated above, the supply of data is compulsory in order for the user to be able to access the services offered in the website and thus his/her own personal area. Registration therefore entails consent to the processing of personal data, and failure to supply that data, or the supply of partial or incorrect data, may result in the user being unable to use the service.
Personal data are stored:
- for no longer than is required to achieve the purposes for which it is processed, saving legal provisions and regulations
You may, at any moment, exercise the right:
- to demand more information regarding the content of this information note;
- to access your personal data;
- to obtain the rectification or cancellation of your personal data or a limitation on the processing concerning it (where provided for by law);
- to oppose processing (where provided for by law);
- to data portability (where provided for by law);
- to withdraw your consent, where provided for: withdrawal does not jeopardise the legality of the processing based on consent supplied prior to withdrawal;
- to appeal to the supervisory authority (Privacy Ombudsman);
- to mandate an entity, organisation or not-for-profit association for the exercise of your rights;
- to sue for damages pursuant to any infringement of the provisions (Article 82).
If the data owner intends to further process personal data for purposes other than those for which the data was originally collected, information shall be provided regarding the different purposes involved along with all other relevant information before any further processing goes ahead, and consent will be sought when and wherever necessary.
You may exercise your rights through direct contact and/or by sending a request, including by e-mail, to: