As required by the European Union Regulation no. 679/2016 (hereafter “Regulation”), and specifically by Article 13, below are the legally required information related to the processing of personal data provided to the user (“Data Subject”).

Data Controller

The person who will process your Personal Data and thus will act as the Data Controller in accordance with the Regulation, Article 4(7), “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” is:

Simona Cupelli (hereafter “Data Controller”), residing in Porto Sant’Elpidio at Via Adige n. 46 (FM) Tax ID: CPLSMN65A48I324N

As per Article 38 of the Regulation, “Data subjects may contact the Data Protection Officer with all questions and requests regarding the processing of their personal data and to exercise their rights under this Regulation.” If you wish to exercise your rights as provided by the Regulation, you may freely contact the DPO:

Via email: lacasadiadua@gmail.com and/or Via mail: Simona Cupelli, Via Adige, 46 – 63821 Porto Sant’Elpidio (FM) Via phone: +39 3491866186.

At any time, you can consult the “Privacy” section of the Website where you will find all updated information regarding:

The use and Processing of your Personal Data Contacts and communication channels made available to all Data Subjects by the Data Controller.

Purposes of processing

The Data Controller needs to collect some of your Personal Data, as indicated in the respective forms, to enable:

The use of contact forms for sending information, and/or subscribing to the newsletter service

The websites of the Data Controller for which this Notice is issued are:

lacasadiadua.com

The Processing of your Personal Data by the Data Controller will allow you to:

Access your profile Participate in web-based initiatives Receive newsletters Request/send information Access and use other services offered within the web pages you are browsing or the services to which you have registered;

The Processing of your Personal Data will, therefore, be based on what you have accepted in the terms of participation in the Websites. Data marked with an “*” are mandatory to allow the Data Controller to carry out the Processing activities for the above purposes. The lack of even one of the marked data will prevent the Processing of your Personal Data and, therefore, finalize your registration on the Websites and/or benefit from the services provided by them for which the provision of Personal Data is required. The Personal Data required for the purposes of Processing will be those indicated in the registration and/or contact form and include, but are not limited to: name, surname, date of birth, domicile/residence address, email address, landline and/or mobile phone numbers, tax code, gender. In case of access to the Websites using your social profile, where provided, the collection of your Personal Data will be performed by the Data Controller from third parties, namely the social network manager used. In this case, you will be able to view this Notice within the Privacy section of each of the Sites.

The Data Controller, together with the Joint Controllers, upon your express, free, and unequivocal consent pursuant to Article 6(1)(a) of the Regulation, may ask you, in addition to the above data, for additional Personal Data such as, by way of example but not limited to, data relating to tastes, preferences, habits, needs, and consumer choices, for the following purposes:

Direct marketing purposes: promotional and/or marketing activities: promotion of products, services, sold and/or provided by the Data Controller and/or the Joint Controllers based on their legitimate interest in pursuing their corporate object, as provided by Article 6(1)(f) of the Regulation and further clarified in Recital 47, where it is “considered a legitimate interest to process personal data for direct marketing purposes”. This will also be possible following evaluations made by the Joint Controllers regarding the possible and likely predominance of your interests, rights, and fundamental freedoms requiring the protection of Personal Data over their legitimate interest in sending direct marketing communications.

The contact methods for the above purposes may be both automated (email, SMS, MMS, fax, automated calls) and traditional (calls with an operator, postal mail). You can, at any time and as further specified below, revoke your consent, even partially. Regarding the use of your telephone contacts, we remind you that direct marketing activities by the Data Controller and/or Joint Controllers will be carried out after verification with the Opposition Register as established by D.P.R. 7 September 2010, n. 178, and subsequent amendments.

Recipients

Your Personal Data may be communicated to specific subjects considered recipients of such Personal Data. Article 4(9) of the Regulation defines a “recipient” of Personal Data as “a natural or legal person, public authority, agency, or another body that receives communication of personal data, whether a third party or not” (hereinafter “Recipients”). Therefore, concerning the Processing activities necessary to pursue the purposes outlined in this Notice, the following Recipients may process your Personal Data:

Third parties: according to Article 4(8) of the Regulation, “a natural or legal person, public authority, agency or another body which processes personal data on behalf of the controller” (hereinafter “Processor”); Individuals, employees, and/or collaborators as defined by Article 4(10) of the Regulation, “persons authorized to process personal data under the direct authority of the controller or processor” (hereinafter “Authorized Persons”). Public authorities: where required by law according to Article 4(9) of the Regulation, “public authorities that may receive communication of Personal Data within the framework of a specific investigation in accordance with the law of the Union or of Member States are not considered recipients”.

Data Retention Period and Criteria Used

To determine this period, as defined in Article 5(1)(e) of the Regulation which states “Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by the Regulation to safeguard the rights and freedoms of the data subject”.

Following this principle, your Personal Data will be processed by the Data Controller only as necessary to achieve the purposes described in this notice. Specifically, your Personal Data will be processed for a period of time equal to the minimum necessary, as indicated by Recital 39 of the Regulation, i.e., until the termination of the contractual relationships existing between you and the Data Controller, except for a further retention period that may be imposed by law as also provided by Recital 65 of the Regulation.

Rights of the Data Subject

As provided by Article 15 of the Regulation, the rights of the data subject that can be exercised at any time with the Data Controller and/or Joint Data Controllers are listed below:

Right of Access: You have the right, under Article 15(1) of the Regulation, to obtain from the Data Controller confirmation as to whether or not your Personal Data is being processed, and if so, to gain access to such Personal Data and the following information:

• The purposes of the processing;
• The categories of Personal Data concerned;
• The recipients or categories of recipient to whom your Personal Data have been or will be disclosed, particularly recipients in third countries or international organizations;
• Where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
• The existence of the right of the Data Subject to request from the Data Controller rectification or erasure of Personal Data or restriction of processing of Personal Data concerning the Data Subject or to object to such processing;
• The right to lodge a complaint with a supervisory authority;
• Where the Personal Data are not collected from the Data Subject, any available information as to their source;
• The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the Regulation and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.

All the information indicated here can be found within this Notice, in the Privacy section of each of the Websites.

Right to Rectification:

You can obtain, in accordance with Article 16 of the Regulation, the rectification of inaccurate Personal Data concerning you. Considering the purposes of the processing, you also have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

Right to Erasure:

You can obtain, under Article 17(1) of the Regulation, the erasure of your Personal Data without undue delay, and the Data Controller has the obligation to erase your Personal Data, should one of the following grounds apply:

• The Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• The Data Subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
• The Data Subject objects to the processing pursuant to Article 21(1) or (2) of the Regulation and there are no overriding legitimate grounds for the processing;
• The Personal Data have been unlawfully processed;
• The Personal Data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.

As provided by Article 17(3) of the Regulation, the Data Controller is entitled, in some cases, not to proceed with the erasure of your Personal Data:

• For exercising the right of freedom of expression and information;
• For compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
• For reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i), and Article 9(3);
• For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• For the establishment, exercise, or defense of legal claims.

Right to Restriction of Processing:

You can obtain restriction of processing, according to Article 18 of the Regulation, if one of the following applies:

• The accuracy of the Personal Data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the Personal Data;
• The processing is unlawful, and the Data Subject opposes the erasure of the Personal Data and requests the restriction of their use instead;
• The Data Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise, or defense of legal claims;
• The Data Subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the Data Controller override those of the Data Subject.

If processing has been restricted, such Personal Data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Right to Data Portability:

Under Article 20(1) of the Regulation, you have the right to receive your personal data, which you have provided to a data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance. It is the data subject’s responsibility to provide all the accurate details of the new data controller to whom you intend to transfer your personal data, and the written authorization.

Right to Object:

Pursuant to Article 21(2) of the Regulation and Recital 70, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you under Article 6(1)(e) or (f), including profiling based on those provisions.

Right to Lodge a Complaint with a Supervisory Authority:

You have the right, notwithstanding your right to appeal to any other administrative or judicial body, to lodge a complaint with the competent Data Protection Authority if you believe that the processing of your data is in violation of the Regulation and/or applicable law.

To exercise all your rights as identified above, you simply need to contact the Data Controller and/or Joint Data Controllers in the following ways:

• By writing to Simona Cupelli, Via Adige, 46 – 63821 Porto Sant’Elpidio (FM)
• Sending an email to lacasadiadua@gmail.com, for the attention of Simona Cupelli
• By calling the phone number +39 3491866186 and asking for the privacy manager

Withdrawal of Consent:

As provided by the Regulation, if you have given your consent for the processing of your personal data for one or more purposes for which it was requested, you can, at any time, completely or partially withdraw your consent without affecting the lawfulness of processing based on consent before its withdrawal. You just need to contact the Data Controller and/or Joint Data Controllers and/or DPO using the contact channels reported within this Notice. Moreover, for simplicity, in the case of advertising emails that are no longer of your interest, you can simply click on the unsubscribe link provided at the bottom of those emails to no longer receive any communication, even through additional contact channels for which your consent had been obtained (SMS, MMS, paper mail, fax, phone calls).

Countries Where Data Will Be Processed

Your personal data will be processed by the Data Controller and/or Joint Data Controllers within the territory of the European Union. Should it become necessary for technical and/or operational reasons to rely on entities located outside the European Union, under Article 28 of the Regulation, such entities will be appointed as Processors, and the transfer of Personal Data to these entities will be regulated in accordance with Chapter V of the Regulation. All necessary precautions will be taken to ensure the full protection of your personal data, basing such transfer on:

• Adequacy decisions for third countries recipients issued by the European Commission;
• Adequate safeguards provided by the third party recipient pursuant to Article 46 of the Regulation;
• The adoption of binding corporate rules

In any case, you may request more details from the Data Controller and/or Joint Data Controllers.

Cookie Policy

This site collects anonymous statistical data on navigation, through cookies installed by authorized third parties, respecting the privacy of your personal data and in accordance with the laws.

Cookie Notice

With this document, pursuant to Articles 13 and 122 of Legislative Decree 196/2003 (“privacy code”), as well as based on the provisions of the General Measure of the Privacy Guarantor of 8 May 2014, Simona Cupelli, the data controller, provides users of the site www.lacasadiadua.com with some information related to the cookies used.

What Are Cookies

A “cookie” is a small text file created on the user’s computer when they access a particular site, with the aim of storing and carrying information. Cookies are sent from a web server (which is the computer on which the visited website is running) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the latter’s computer; they are then sent back to the website upon subsequent visits.

Purpose of Cookies

Technical Cookies allow the storage of the user’s preferences and are necessary to optimize and improve website navigation. For example, they facilitate certain procedures when making online purchases, when logging into areas with restricted access, or when a website automatically recognizes the language usually used.

Analytic Cookies are used to collect information, in aggregated form, on the number of users connecting to the site and how they interact within it, thus allowing the generation of general statistics on the service and its usage.

Profiling Cookies are used to monitor and profile users during navigation, studying their web browsing habits or consumption (what they buy, what they read, etc.), with the aim of sending “profiled” promotional messages based on the searches performed and the data collected. Finally, Third-Party Cookies come from other sites and are contained in various elements hosted on the page itself, such as advertising banners, social sharing icons, images, videos, etc.

For more information on the types of cookies used by this site:

Technical Cookies

The site www.lacasadiadua.com uses technical cookies, for which, pursuant to Art. 122 of the privacy code and the Provision of the Privacy Guarantor of May 8, 2014, no consent from the user is required. As mentioned, this type of cookie is necessary for saving user preferences and optimizing website navigation.

Third-Party Cookies

The installation of Cookies and other tracking systems operated by third parties through the services used within this site is not directly controlled by the Controller. Therefore, any specific reference to Cookies and tracking systems installed by third parties is to be considered indicative. To obtain complete information on these Cookies and their deactivation, it is advisable for the user to consult the privacy policy of any third-party services listed in this document.

Services Provided by Google (Google Inc.)

Types of cookies used: https://www.google.it/intl/it/policies/technologies/types/ Privacy Policy: http://www.google.com/intl/it/policies/privacy/ Cookie Management: http://www.google.it/intl/it/policies/technologies/managing/

Google Maps Widget

Google Maps is a map visualization service managed by Google Inc. that allows this site to integrate such content within its pages. Personal data collected: Cookies and Usage Data. Processing location: USA

Google Analytics

This is a web analysis service provided by Google Inc. that uses cookies deposited on the user’s computer to enable aggregate statistical analyses regarding the use of the visited website.

Use of Cookies: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage Privacy Information: http://www.google.com/intl/en/analytics/privacyoverview.html Disabling cookies via browser plug-in: https://tools.google.com/dlpage/gaoptout

Social Network Buttons and Widgets

Social buttons allow users browsing to interact with social platforms (e.g., Facebook and Twitter) directly from the website. The interactions and information acquired by this site are in any case subject to the user’s privacy settings related to each social network. Therefore, users are invited to view the information of the specific platforms used, listed below:

• Facebook (Facebook Inc.)
• Twitter (Twitter Inc.)
• LinkedIn (LinkedIn Ireland Unlimited Company)

Disabling Cookies via Browser Settings

Notwithstanding the above regarding strictly necessary technical cookies for navigation, users can delete other cookies through the functionality provided by the Controller via this information or directly through their own browser. Each browser has different procedures for managing settings. Below are the procedures for the most commonly used browsers.

To manage cookies in various browsers, here’s a summary of the steps for Chrome, Mozilla Firefox, Internet Explorer, and Safari:

Chrome:

1. Open Chrome Browser.
2. Click on the menu in the toolbar beside the URL input window.
3. Select “Settings.”
4. Click on “Show advanced settings.”
5. In the “Privacy” section, click on the “Content settings” button.
6. In the “Cookies” section, you can change the following settings:
   • Allow data to be saved locally.
   • Keep local data only until you quit your browser.
   • Block sites from setting cookies.
   • Block third-party cookies and site data.
   • Manage exceptions for some websites.
   • Delete one or all cookies.

For more information, visit Google Support.

Mozilla Firefox:

1. Open Mozilla Firefox Browser.
2. Click on the menu in the toolbar beside the URL input window for navigation.
3. Select “Options.”
4. Select the “Privacy” panel.
5. Click on “Show advanced settings.”
6. In the “Privacy” section, click on the “Content settings” button.
7. In the “Tracking” section, you can change the following settings:
   • Tell sites that I do not want to be tracked.
   • Tell sites that I want to be tracked.
   • Do not tell sites anything about my tracking preferences.
8. In the “History” section, by enabling “Use custom settings for history,” you can choose to accept third-party cookies (always, from most visited or never) and keep them for a specified period.
9. Remove individual cookies stored.

For more information, visit Mozilla Support.

Internet Explorer:

1. Open Internet Explorer.
2. Click on the “Tools” button and choose “Internet Options.”
3. Click on the “Privacy” tab and in the “Settings” section adjust the slider according to the desired action for cookies:
   • Block all cookies.
   • Allow all cookies.
   • Select which sites to obtain cookies from: move the cursor to an intermediate position so as not to block or allow all cookies, then press on “Sites,” in the “Website Address” box enter a website and then press “Block” or “Allow.”

For more information, visit Windows Support.

Safari:

1. Open Safari Browser.
2. Click on Safari, select “Preferences” and press “Privacy.”
3. In the “Block Cookies” section specify how Safari should accept cookies from websites.
4. To see which sites have stored cookies, click on “Details.”

For more information, visit Apple Support.

Disabling third-party cookies is also possible through the methods made available directly by the third-party company responsible for processing, as indicated in the “third-party cookies” section.

Consent:

By continuing to navigate on this site, clicking on the links within it, or simply scrolling down the page, the user automatically accepts the use of cookies.

Rights of the Data Subject:

The data subject can assert their rights at any time, by contacting the data controller via sending an email to lacasadiadua@gmail.com, to confirm the existence of their data at the data controller, know their content and origin, verify their accuracy or request their integration, deletion, update, correction, anonymization, or blocking of personal data processed in violation of the law, as well as oppose their processing for legitimate reasons.