PRIVACY POLICY FOR HOT SPOT WI-FI USERS

PRIVACY POLICY FOR HOT SPOT WI-FI USERS

This privacy policy is provided pursuant to art. 13 of Regulation (EU) 2016/679 on the protection of personal data for those who use the WI-FI service provided by Faloria S.p.A. (hereinafter Faloria) through the Hotspots installed at its facilities. Pursuant to EU Regulation 2016/679 (hereinafter the “Regulation” or “GDPR”), this privacy policy describes the methods of processing the data subject’s network traffic when using the Wi-Fi service at the Faloria facilities. The service allows customers, consultants and visitors, as well as all employees of Faloria S.p.A., access to the internet through the use of company or personal devices such as for example laptop PCs, smartphones, PDAs, etc., equipped with WI-FI.

  1. DATA CONTROLLER
    The data controller is Faloria S.p.A. with registered office in Via Ria de Zeto 10, 32043 Cortina d’Ampezzo (BL). E-mail: info@faloriacristallo.it; Pec: faloria@legalmail.it
  2. D.P.O. (Data Protection Officer)

The Data Protection Officer is Avv. Veronica Dei Rossi, e-mail: veronica.dei.rossi@totalconn.com

  1. CATEGORIES OF DATA

Access to the WI-FI service is allowed only to users after initial registration and login required during connection. The data requested during registration are: e-mail address, necessary to receive access credentials; mobile phone number – as an alternative to the email address – required to receive access credentials; name and surname (optional). Faloria employees – all in possession of domain credentials – are not required to register or add additional data.

Furthermore, the system implicitly collects some user data as necessary for the function of the system itself. By way of example, some categories of data that could be recorded are mentioned: IP addresses or the names of the devices used; identifier of the user who logged in; addresses in URI (Uniform Resource Identifier) notation of the requested resources; connection start and end times; method used in submitting the request to the server; other parameters relating to the operating system and the IT environment of the device.

  1. PURPOSES AND LEGAL BASIS OF DATA PROCESSING

Data processing is carried out by the Data Controller to allow interested parties to connect to the WiFi network and therefore to use the related internet connection services available at the Faloria S.p.A. facilities.

The processing of data therefore has as its legal basis the execution of a contract or pre-contractual measures (pursuant to article 6 paragraph 1 letter b of the GDPR), as well as the fulfillment of legal obligations (pursuant to the Article 6 paragraph 1 letter c of the GDPR).

Personal data will be subject to processing operations in compliance with the aforementioned legislation and the confidentiality obligations which inspire the activity of the Data Controller. The data will be processed both with IT tools and on paper and on any other type of suitable medium, in compliance with the appropriate security measures pursuant to art. 5 par. 1 letter F of the GDPR.

  1. SCOPE OF DATA COMMUNICATION AND CATEGORIES OF RECIPIENTS

Faloria may communicate the data to subjects it uses to carry out organizational and/or technical support activities, IT services and/or in any case for the execution of tasks that are strictly necessary, functional or connected to the provision of the WiFi service and to the pursuit of the purposes referred to in this information. Where necessary, these subjects have been specifically appointed by the Data Controller as Managers pursuant to article 28, GDPR, and have received specific instructions from the Data Controller to ensure compliance with the GDPR and data protection. Furthermore, the Data Controller may communicate the data to the subjects to whom the communication is due by virtue of legal obligations (e.g., judicial and/or police authorities for the purpose of ascertaining any crimes). The latter subjects will carry out their respective processing activities as independent data controllers. In no case will the data be disseminated.

  1. DATA RETENTION POLICY

Personal data for accessing the service and traffic data relating to Internet browsing are kept for the period strictly necessary for the execution of the contractual relationship for the supply of the service; storage beyond the time strictly necessary as defined above will be carried out only for any compliance with legal obligations or a specific request by the competent judicial authority in the context of an investigative activity.

  1. RIGHTS OF THE INTERESTED PARTIES

The user has the right (see articles 15 -22 of the GDPR) to ask Faloria S.p.A. to access its personal data and to correct them if they are inaccurate, to delete them or limit their processing if the conditions are met, as well as to obtain the portability of the data provided only if subject to an automated processing based on consent or contract, as well as to oppose the processing for reasons related to their particular situation and, in any case, for direct marketing. Furthermore, the user has the right to revoke the consent given for processing purposes that request it, without prejudice to the lawfulness of the processing carried out until the moment of revocation. The user has the right to lodge a complaint with the supervisory authority (The Italian Data Protection Authority).

  1. NATURE OF DATA SUPPLY

The interested party is free to provide their personal data for the purposes indicated in this information, but failure to provide them will make it impossible to access the requested service and therefore to use the Wi-Fi network.

  1. MODE OF THE DATA PROCESSING

The processing of data is carried out by duly authorized subjects, in order to guarantee security and confidentiality, using suitable IT and telematic tools and means, adopting technical and administrative security measures aimed at reducing the risk of loss, incorrect use, unauthorized access authorized, disclosure and tampering with data. The personal data processed are not transferred to non-EU third countries and are not subject to profiling.