In compliance of Article 13 of (EU) Regulation 2016/679

Canaletto srl welcomes you to the website (the „Site“) and, with this document (the „Policy“), wishes to inform you about the purposes and methods of processing your data personal data and your rights as an interested party.

This Policy contains a description of all the treatments carried out by the Canaletto srl through the Site. The purpose of the treatment pursued from time to time will depend on the service requested by you.

  1. Who is the Owner of the treatments

The Owner is Canaletto srl P.I./C.F. 03768270138, with registered office via Napo Torriani 19/C, 22100 Como – Italy, in the person of its pro tempore legal representative.

You can contact the Owner to exercise your rights, indicated in point 5 below, as well as to receive any information on the processing of your personal data, by writing to:

  1. What personal data we process
  1. Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.

  1. Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site and the compilation of the „formats“ (masks) entails the subsequent acquisition of the e-mail address, necessary to respond to requests, and any other personal data spontaneously communicated to the Owner.

Unless you communicate further personal data for the management of your request, for the purposes indicated in this Policy, the Owner processes the following personal data:

• personal data: name, surname, address, telephone number, e-mail and other contact details;

• data of the company you belong to and the position held, provided by you to the Owner;

• data provided by you through your communications with the Owner.

For the purposes of managing your request, the Owner may also process particular categories of personal data, such as data suitable for revealing membership of trade unions (taking up positions, request for deductions for trade union membership fees), membership of political parties, religious beliefs (should you request to adhere to certain religious holidays), as well as the state of health.

Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.

  1. Cookies

Through the Site, the Owner will also process your personal data through the use of cookies.

For these treatments, the Owner invites you to view the Cookie Policy at this link.

  1. Purpose of the processing and legal basis

This point contains a description of the possible processing purposes pursued by the Owner depending on the service requested by you.

  1. Requests made through the Site

Your personal data may be processed by the Owner to satisfy your requests made by writing to one of the e-mail addresses available on the Site or by filling in the forms on the Site.

Failure to provide the requested data will make it impossible for the Owner to execute your request.

The legal basis of the processing is the need to execute your request, in compliance with Article 6, paragraph 1, letter b), GDPR. Therefore, it is not necessary to acquire your prior consent to the processing.

For the purposes of managing your request, the Owner may also process particular categories of personal data communicated by you to the Owner. For the processing of these particular categories of personal data, the Owner requires your explicit consent.

The data collected for this purpose will be processed for the time strictly necessary to satisfy your request and subsequently stored for 10 years after the request has been processed.

  1. Regulatory compliance

For the purposes of managing your requests, the Owner may also process the personal data you have provided for the fulfillment of related regulatory obligations required by national or EU laws and/or regulations.

In this case, the legal basis of the processing is the need to fulfill a legal obligation, in compliance with Article 6, paragraph 1, letter c), GDPR. Therefore, it is not necessary to acquire your prior consent to the processing.

Your personal data processed for the time necessary to comply with regulatory obligations and, subsequently, exclusively stored for 10 years in compliance with the limitation period provided for by the Italian Civil Code.

  1. Site Management

Your personal data described in the previous points 2.1 and 2.3 will also be processed by the Owner to manage the Site, carry out anonymous statistical analysis on the use of the site to check its correct functioning and/or to ascertain responsibility in case of hypothetical computer crimes to the detriment of the Site.

In any case, these data are processed anonymously and are deleted immediately after processing.

The legal basis of the processing is the legitimate interest of the Owner to ensure the correct use of the Site and to prevent any possible IT crime, in compliance with Article 6, paragraph 1, letter f), GDPR. Therefore, it will not be necessary to acquire your consent.

Your personal data will be made anonymous immediately and in any case deleted at the end of your browsing session. However, if information crimes are ascertained, your personal data will be kept for the time necessary to manage the dispute.

  1. Commercial communications and newsletters

Should you wish to be updated on the latest news of the products and services offered by Canaletto srl. it is possible to join our marketing initiatives by allowing the Owner to send you the newsletter and further commercial communications concerning the products and services of Canaletto srl.

The legal basis for sending commercial communications and the newsletter is your express consent, which the Owner requests from you on all pages of the website where it is possible to subscribe to this service, in compliance with Article 6, paragraph 1, letter a), GDPR.

Your personal data will be processed until you decide to withdraw your consent or object to the processing.

Right to object to direct marketing activities

We inform you that, at any time, you have the right to object to direct marketing activities, by contacting the Owner at one of the contacts indicated in point 1 of this Policy or by clicking on the appropriate link in each communication invites from the Owner.

  1. Consequences of a refusal to provide personal data

The provision of your personal data is optional and does not affect your ability to browse the Site. However, the provision of data is a necessary requirement for the management of the requests you make from time to time. Therefore, failure to provide the requested data will make it impossible for the Owner to offer you the specific service requested.

5. How your personal data will be processed

The processing of your personal data will take place, in compliance with the provisions of the GDPR, by means of paper, IT and telematic tools, with logic strictly related to the purposes indicated and, in any case, with methods suitable for guaranteeing security and confidentiality in accordance with the provisions set out from article 32 GDPR.

  1. To which subjects your personal data may be disclosed and who can learn about them

For the pursuit of the purposes described in point 3 above, your personal data will be known by the employees, assimilated staff and collaborators of the Owner, who will operate as persons authorized to process personal data.

Furthermore, your personal data will be processed by third parties belonging to the following categories:

  1. subjects which, for various reasons, the Owner uses for the execution of the service;
  1. subjects that provide services for the management of the computer system and for the storage of the personal data processed;
  1. subjects who provide legal and / or tax advice;
  1. supervisory and control authorities and bodies.

The subjects belonging to the categories listed above operate, in some cases, in total autonomy as separate Owners, in other cases, as data processors specifically appointed by the owner in compliance with Article 28 of the GDPR.

The complete and updated list of the subjects to whom your personal data may be disclosed can be requested by writing to the email address

The personal data processed by the Owner will also be transferred to outside the European Union for archiving purposes. In any case, the Owner assures you that your personal data will be transferred to third countries on the basis of an adequacy decision of the European Commission, in compliance with article 45 of the GDPR, in the presence of standard contractual clauses pursuant to article 46 of the GDPR, or in the presence of one of the exceptions specifically provided for by article 49 of the GDPR.

Your personal data is not subject to disclosure.

7. What rights you have as an interested party

In relation to the treatments described in this Policy, as an interested party you may, under the conditions provided for by the GDPR, exercise the rights enshrined in articles 15 to 21 of the GDPR and, in particular, the following rights:

right of access – article 15 GDPR: the right to obtain confirmation as to whether or not personal data concerning you are being processed and, in this case, to obtain access to your personal data – including a copy of the same – and communication, among others, of the following information:

  1. purpose of the treatment
  1. categories of personal data processed
  1. recipients to whom these have been or will be communicated
  1. data retention period or the criteria used
  1. rights of the data subject (rectification, cancellation of personal data, limitation of processing and right to object to processing
  1. right to lodge a complaint
  1. right to receive information on the origin of my personal data if they have not been collected from the interested party
  1. the existence of an automated decision-making process, including profiling;

right of rectification – Article 16 of the GDPR: right to obtain, without undue delay, the correction of inaccurate personal data concerning you and/or the integration of incomplete personal data;

right to cancellation (right to be forgotten) – Article 17 GDPR: right to obtain, without undue delay, the cancellation of personal data concerning you, when:

  1. the data is no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  1. You have withdrawn your consent and there is no other legal basis for the processing;
  1. You have successfully opposed the processing of your personal data;
  1. the data has been unlawfully processed,
  1. the data must be deleted to fulfill a legal obligation;
  1. the personal data was collected in relation to the information society service offer referred to in Article 8, paragraph 1, GDPR.

The right to cancellation does not apply to the extent that the processing is necessary for the fulfillment of a legal obligation or for the performance of a task carried out in public interest or for the ascertainment, exercise or defense of a right in court;

right to limitation of treatment – article 18 GDPR: right to obtain limitation of treatment, when:

  1. the interested party disputes the accuracy of the personal data;
  2. the processing is unlawful and the interested party opposes the deletion of personal data and instead requests that its use be limited
  3. personal data are necessary for the interested party to ascertain, exercise or defend a right in court;
  4. the interested party opposed the processing, as indicated below, pending verification of the possible prevalence of the legitimate reasons of the Owner with respect to those of the interested party;

right to data portability – article 20 GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Owner and the right to transmit them to another controller without impediments, if the processing is based on consent and is carried out by automated means. Furthermore, the right to obtain that your personal data be transmitted directly from the Owner to another Owner if this is technically feasible;

right to object – article 21 GDPR: right to object, at any time, to the processing of personal data concerning you based on the condition of legitimacy of the legitimate interest, including profiling, unless there are legitimate reasons for the Owner to continue processing which prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or defense of a right in court;

• right to withdraw the consent given;

The above rights may be exercised against the Owner by contacting the references indicated in point 1 above.

The Owner will take charge of your request and provide you, without undue delay and, in any case, at the latest within one month from receiving of the same, information relating to the action taken regarding your request.

The exercise of your rights as an interested party is free under Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Owner may charge you a reasonable fee, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request.

Finally, we inform you that the Owner may request further information necessary to confirm your identity.