Privacy Policy - Website user information

As required by current legislation (art. 13 General Data Protection Regulation, hereinafter also GDPR), SO.GE.A.AL. S.p.A., the legal representative pro tempore, (hereinafter also referred to as "Owner" or the "Company") provides users of the website www.aeroportodialghero.it (hereinafter, the “website”), the information related to the processing of their data.

DATA CONTROLLER
The Data Controller is SO.GE.A.AL. S.p.A., with a registered office in Regione Nuraghe Biancu, 07041 Alghero (SS), P. IVA 01635090903. The company can be contacted via email at privacy@sogeaal.it or by phone at +39.079.935011

DATA PROTECTION OFFICER (DPO) CONTACT

The Data Controller has appointed the Data Protection Officer. They can be contacted at dpo@sogeaal.it

WHAT DATA IS PROCESSED?

The data processed is navigation data and data provided spontaneously by the user.

Data provided directly by the user

This category includes all personal data provided by the user on an optional basis (for example, when requesting information by calling the numbers indicated on the website or writing to e-mail addresses on the website).

Navigation data

The computer systems and software procedures for this website's operation, during regular operation acquires some personal data whose transmission is implicit in the use of internet communication protocols.

This collected information is not to be associated with users, however through processing and association with data held by third parties, users could be identified.

This category of data includes IP addresses or domain names of computers that connect to the website, the addresses in notation URI (Uniform Resource Identifier) of requested resources, time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters regarding the user’s operating system and the computer environment.

Information acquired through cookies and other tracking systems

The website uses cookies and other similar systems (pixels) to acquire information related to the user's navigation. The specifications are contained in the cookie policy that can be consulted at any time from the website footer.

WHAT ARE THE PURPOSES AND LEGAL BASIS OF THE PROCESSING?

Data provided directly by the user: purposes and legal basis

Personal data provided by the user in contacting the Data Controller is only used to process requests and use the services you have joined.
Therefore, the legal basis for processing such data is the execution of pre-contractual, contractual measures and legal obligations.
If necessary, the data can also be used against the owner's legitimate interest to ensure the security and proper functioning of its systems, to carry out defensive activities or assert or defend its right in court.
The user may provide their data through the forms present on the website and in the areas dedicated to certain services, where specific information is reported, the user must read and understand the information before providing personal data.

Navigation data: purposes and legal basis

Navigation data is used to keep track of requests made for website security purposes and to check its proper functionality and could be used to ascertain responsibility in any computer crimes against the website.
The legal basis and legal obligation for processing such data is in the legitimate interest of the Data Controller.

Information acquired through cookies and other tracking systems

The information acquired through cookies or similar technical tools is used for purposes related to the website's proper functioning. The legal basis and legal obligation for processing such data is in the legitimate interest of the Data Controller. The information acquired through cookies or similar non-technical tools is used to monitor navigation and for profiling purposes. The specifications relating to these methods are reported in the cookie policy that can be consulted at any time from the footer of the site.
The legal basis for non-technical cookies is consent, which can be revoked at any time.

HOW IS DATA COLLECTED

The data collected is processed with IT tools that guarantee adequate security measures to prevent data loss, illicit or incorrect use and unauthorised access.

Data transfer abroad

Per l’hosting, la ricezione delle richieste tramite email e per ulteriori servizi indicati specificamente nelle informative presenti sul sito il titolare utilizza strumenti di terze parti che comportano un trasferimento di dati all’estero nel rispetto delle necessarie garanzie (clausole contrattuali standard).

Data storage period

The data provided directly by the interested party is stored for the period necessary to process the requests and then deleted, subject to security needs (which may require further storage).

According to legal obligations, the navigation data of users who access the website are acquired and stored for 30 days. The IP addresses obtained during the compilation of the forms on the website are kept for the time established to store the user's data through these forms, for which reference is made to the specific information.

Regarding Google Analytics and other services that use cookies and similar tools, please refer to what is stated in the cookie policy.

WHAT HAPPENS IF THE DATA IS NOT PROVIDED?

Except for the navigation data necessary to follow the computer and telematic protocols, users' provision of data through the various methods made available is free and optional. However, failure to provide data will make it impossible to respond to requests made and the use of services of interest.

DATA ACCESS

The data will be processed by the Data Controller and authorized personnel.

The data will be known by the companies that the owner uses to provide hosting services and support and maintenance of the systems used and by the consultants who manage litigation and legal assistance in the case of any disputes for which you would need their involvement. The competent authorities may also know the data in case of specific requests to which the Data Controller is required, by law, to follow up.

Those who operate as independent controllers do so because it is required by law or necessary to fulfil the obligations arising from contractual relationships or the holder's legitimate interest in maintaining the security of the computer systems and security conduct through legal counsel. However, the communication is limited to only categories of data whose transmission is necessary for the performance of the activities and purposes pursued.

The interested party may request a list of external subjects who carry out their activity as data processors from the Data Controller.

WHAT ARE THE RIGHTS OF THOSE CONCERNED?

The law recognises that the interested party has the right to ask the Data Controller for access to personal data, the rectification or cancellation of data, the limitation or opposition to the processing of their data, as well as the right to data portability.

The interested party may assert their rights at any time, without formalities, by contacting the Data Controller or the Data Protection Officer through the contact information listed on this website. The Data Controller will respond within 30 days of receiving the request, as required by current legislation.

It should be noted that you have the right to oppose the processing of marketing data.

  • The right of access, i.e. the right to obtain from the Data Controller the users confirmation as to the processing of personal data, to obtain access to the personal data and the following information: (a) for the purposes of the processing; b) for the categories of personal data concerned; c) for the recipients or categories of recipients to whom the personal data has been or will be communicated, in particular for recipients of third countries or international organisations; d) when possible, the retention period of the personal data provided or, if not possible, the criteria used to determine such period; e) for the right to request from the Data Controller the rectification or erasure of personal data or restriction of processing of personal data concerning the user or to oppose the users processing; f) for the right to file a complaint with a supervisory authority; g) should all available information on their origin not be collected from the data subject h) for the existence of an automated decision-making process including profiling and, in those cases, meaningful information on the logic used, as well as the importance and the consequences expected of such processing for the data subject. Where personal data is transferred to a third country or an international organisation, the data subject has the right to be informed of adequate safeguards relating to the transfer.
  • The right of amendment i.e. is the right to obtain from the Data Controller the rectification of inaccurate personal data without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, by providing an additional statement.
  • The right of erasure, i.e. the right to obtain from the Data Controller the cancellation of personal data concerning you without undue delay if: a) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the subject revokes the consent on which the processing is based and if there is no other legal basis for the processing; c) the subject opposes to the processing carried out because it is necessary for the performance of a task in the public interest or in the case of official authorities vested in the owner or for the purposes of the legitimate interest and there is no legitimate reason prevailing to proceed with the processing, or opposes to the processing for direct marketing purposes; d) the personal data has been unlawfully processed; e) the personal data must be deleted in order to fulfil a legal obligation under union or member state law to which the controller is subject; f) the personal data has been collected in relation to the provision of information society services to minors. However, the request for cancellation cannot be accepted if the processing is necessary: a) to exercise the right to freedom of expression and information; b) for the fulfilment of a legal obligation that requires processing provided by EU law or of the member state which is subject to the holder of the treatment or for the performance of a task carried out in the public interest or in the case of public authority vested in the holder of the processing; c) for reasons of public interest in the field of public health; d) for archiving purposes in the public interest, scientific research, historical, or statistical purposes, to the extent that the cancellation risks makes it impossible or seriously undermines the achievement of the objectives of that processing; e) for the assessment, exercise or defence rights in court.
  • The right of limitation, i.e. the right to obtain processed data, except for storage, only with the consent of the data subject or for the assessment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of important public interests of a union or of a member state, if: a) the interested party disputes the accuracy of the personal data, for the period needed by the Data Controller to verify the accuracy of such personal data; b) the processing is unlawful and the data subject objects to the erasure of personal data and instead requests that its use be limited; c) the Data Controller should no longer need this data for the purposes of processing, the personal data is necessary for the data subject to ascertain, exercise or defend a right in court; d) the interested party has opposed the treatment because it is necessary for the performance of a task for public interest or in the exercise of official authority vested in the owner or for the purposes of the legitimate interests of the holder of the treatment or of a third party, pending the verification on the possible prevalence of the legitimate reasons of the holder of the treatment compared to those of the data subject.
  • The right to the portability, i.e. the right to receive in a structured format, in common use and readable by automatic devices, personal data provided to the Data Controller. The Data Controller has the right to transmit data to another Data Controller without impediments from part of the holder who has supplied them, as well as the right to obtain the direct transmission of personal data by one Data Controller to another, if technically feasible, in cases where such processing is based on consent or on a contractual basis the processing is carried out by automated means. These rights shall be without prejudice for the right to erasure.
  • The right to object, i.e. the right of the interested party to oppose at any time, for reasons connected to their particular situation, to the processing of their personal data carried out because it is necessary for the performance of a task for public interest or in the exercise of official authority vested in the owner or for the purposes of the legitimate interests of the holder of the treatment or of third parties. Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data carried out for these purposes, including profiling related to direct marketing.

The interested party is then informed, and if they consider that the processing of their personal data occurs in violation of the provisions of the RGDP, they have the right to file a complaint with the guarantor, as provided for by art. 77 of the regulation itself or to appeal to the appropriate courts (art. 79 of the regulation).

ADDITIONAL INFORMATION
Regarding cookies and similar tools used by the website, please refer to the cookie policy, which can be accessed from the website's footer.
This privacy policy was updated on 22/12/2020