Privacy policy

PRIVACY POLICY pursuant to EU Regulation No. 679/2016 (“GDPR”) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018

The Consorzio Industriale Nord Est Sardegna (C.I.P.N.E.S.) - Gallura, as the data controller pursuant to Legislative Decree 196/2003 and subsequent amendments – Code regarding the protection of personal data (“Privacy Code”) – and EU Regulation 679/2016 applicable from May 25, 2018 – General Data Protection Regulation (“GDPR”) (hereinafter the Privacy Code and GDPR are collectively referred to as “Applicable Law”) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.

CIPNES Gallura recognizes the importance of protecting personal data and emphasizes its commitment and attention regarding the privacy of visitors to the website www.insulasardinia.com.

Before providing any personal data, CIPNES Gallura invites you to carefully read this privacy policy (hereinafter the “Policy”), as it contains important information on the protection of personal data and the security measures adopted to ensure confidentiality in full compliance with the Applicable Law.

This Policy covers data collection activities—both online and offline—through various channels, such as websites, in particular www.insulasardinia.com ("Site"), apps, social networks, and, more generally, all collection activities which explicitly refer to this Privacy Policy.

This Policy is provided pursuant to Article 13 of Legislative Decree No. 196/2003, the so-called Code regarding the protection of personal data (“Privacy Code”) and Article 13 of EU Regulation 679/2016 (“GDPR”) to all those who visit the Site and/or interact with CIPNES Gallura’s web services accessible through the Site.

CIPNES Gallura may periodically modify, supplement, or update this Policy, also considering possible changes in the applicable legislation or provisions issued by the Data Protection Authority. CIPNES Gallura informs you that the processing of your personal data will be carried out according to the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality. Your personal data will therefore be processed in accordance with the legislative provisions of the Applicable Law and confidentiality obligations therein.

DATA CONTROLLER

Following the consultation of this website, data relating to identified or identifiable persons may be processed. The “Controller” of such data is CIPNES Gallura.

The Controller is responsible for:

• managing the website https://insulasardinia.com/ (e.g., Site operation, cookies, e-commerce)

CIPNES Gallura has appointed a Data Protection Officer (“DPO”) available at protocollo@pec.cipnes.it for any information regarding the processing of personal data by CIPNES Gallura, including the list of persons responsible for data processing.

PERSONAL DATA SUBJECT TO PROCESSING

“Personal Data” means any information relating to an identified or identifiable natural person, in particular an identifier such as name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, mental, economic, cultural, or social identity of that person.

The Controller may independently collect, for its own business purposes, certain categories of personal data concerning you, in particular:

• Contact Data – name, surname, address, phone number, email address, and any other data voluntarily provided on the Site https://insulasardinia.com for online orders or registration.

• Payment Data – information relating to purchases you have made and related payments will be processed only as necessary for periodic payments and if you have not opted out by changing your settings in “My Account” of the Site, under “Payment Methods,” saved for future purchases.

Data relating to the credit card holder entered after order confirmation, in a protected and secure mode, are sent and processed exclusively via https://www.paypal.com/it/home for the following purposes: order completion and support; transaction execution; legal obligations; operational needs; management of collections and payments. For more information on processing your personal data, refer to the PayPal privacy section.

• Website usage – information about how you use the Site, open or forward our communications, including information collected through cookies (see our cookie policy for details).

• Data provided by third parties (e.g., postal services, couriers, data entry companies) – all Personal Data that CIPNES Gallura receives from other sources to provide its services.

• Automatically collected data – navigation data and/or so-called “cookies.”

The IT systems and software procedures responsible for the Site operation acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These are generally not collected to be associated with identified individuals but could, by their nature, allow identification through processing and association with data held by third parties. This category includes IP addresses, domain names of user computers, URI (Uniform Resource Identifier) of requested resources, request times, methods used to submit the request to the server, file size obtained in response, numerical server response codes (success, error, etc.), and other parameters related to the user’s operating system and IT environment. These data are mainly used to obtain statistical information on Site use and to check correct functioning. They may also be used to verify responsibility in case of potential cybercrime against the Site.

PURPOSES, LEGAL BASIS, AND MANDATORY OR OPTIONAL NATURE OF PROCESSING

Data are processed exclusively for the purposes for which they are collected, as described below:

A) Order fulfillment

1. Execution of purchase orders through the Site and related management activities (e.g., customer communications, inquiries, payment management); including compliance with legal obligations, including prize event regulations, if you participate.

2. Managing the user account if registered to access Site services.

3. Enabling subscription to specific services such as newsletters, market research, or statistical analysis, with your consent.

B) Site Registration
CIPNES Gallura may process contact data to complete registration and grant access to your Personal Area for:
(i) downloading documents related to services purchased;
(ii) other requests submitted via the Site.

C) Account Management
For service provision, marketing activities, and compliance with fiscal and legal obligations, CIPNES Gallura may collect: name, surname, company name (if applicable), tax code, VAT number (if applicable), address, city, postal code, province, phone numbers, and email addresses. Data will be retained for service delivery and promotional activities for 2 years after contract termination and 10 years for fiscal/legal purposes.

D) Marketing Activities
Your contact data may be used for marketing and advertising (including personalized, with your consent), via automated contact (email, SMS, push notifications, etc.) or market research. Consent can be withdrawn at any time.

F) Profiling Activities
Data may be used for profiling (e.g., preferences, purchase habits, geographic area, Site usage) to improve services/products or provide personalized commercial communications, if consented. Consent can be revoked at any time.

G) Legal defense
Your data may be processed to protect the Controller’s rights or pursue claims.

DATA STORAGE AND SECURITY

CIPNES Gallura uses adequate security measures to protect integrity and accessibility of Personal Data. Data are stored on protected servers (or securely archived copies) or those of service providers adhering to security standards.

Data retention periods:
a. Orders: 10 years
b. Account management: 24 months
c. Product promotions: 24 months
d. Marketing: 24 months
e. Profiling: 12 months
f. Legal defense: 10 years
g. Service improvement: 12 months

DATA SHARING

Data may be shared only for purposes outlined above with:

• Consultants, legal or accounting advisors

• Payment service providers

• Technical maintenance providers

• Authorities as required by law

• Authorized personnel for service delivery

• Couriers and shipping agents

• Banks for payment processing

Data are never publicly disclosed. The full list of data processors can be requested via protocollo@pec.cipnes.it.

TRANSFER TO NON-EU COUNTRIES

Data may be transferred to countries outside the EU/EEA. Adequate safeguards will be ensured, including Standard Contractual Clauses, Codes of Conduct, or Binding Corporate Rules. Countries like Canada and Switzerland are recognized as providing equivalent protection.

DATA SUBJECT RIGHTS

Under Articles 7 of the Privacy Code and Articles 15 et seq. of the GDPR, you have the right to:

1. Confirm the existence of personal data;

2. Access, update, rectify, delete, anonymize, or block data;

3. Object to data processing for marketing or profiling.

Right of objection requests: protocollo@pec.cipnes.it

Complaints can also be filed with the Data Protection Authority: garante@gpdp.it, PEC: protocollo@pec.gpdp.it.

REVISION CLAUSE

CIPNES Gallura may modify or update this Policy at any time. Changes take effect upon publication on www.insulasardinia.com. Please visit the Privacy section to check the latest version.