(This information is in accordance with art. 13 D. Lgs. 30 giugno 2003, n. 196 "Codice in materia di protezione dei dati personali" and art. 13 of the EU Regulation GDPR, General Data Protection Regulation- UE 2016/679)
1. HOW DOES THE SERVICE WORKThe Website offers Services, also through API, enabling the Users to:
- Visualize and get information on points of interest that are uploaded and updated by other users;
- Download the point of interest with format csv, xml, gps e garmin;
- Upload and modify points of interest on the map;
- Comment on the Website to interact with other users;
- Share point of interest and other contents on social media through links on the Website;
- Upload elements such as images and links that can be useful as example even if not complete.
2. PURPOSE AND LEGAL BASIS OF THE DATA PROCESSINGUsers' data will be processed only to provide the service. Users' personal data will be processed in order to:
- Provide the User the required services according to what is listed from letter a) to e) and on point 1 of this notice;
- Manage technical features related to the correct Website operation and bug fixing.
Some services are offered only after the User's registration on the Website. The User is not forced to register, but it is necessary if he/she want to have access to some services.
After the registration, the User can upload contents according to what listed in the previous paragraph (letter f). The User will be required to accept the personal data processing notice when uploading contents, however he/she is free to cancel the registration at any time and still be able to use those functions of the Website that are not requiring the registration.
The User can also ask for his/her account removal. After the account removal, the User's personal data will be definitively cancelled or made anonymous.
3. DATA CATEGORIES AND CONSERVATION PERIODIn order to be registered, the User will be asked personal common data, as:
- Uploaded contents (if any)
- User's activity (upload and change of the point of interest, images uploading, links, comments etc.)
The use of the Website and offered Service is also related to the treatment of common personal data, confidential (art. 9/GDPR and art. 26 of the Personal Data Protection Code) and legal (art. 10/GDPR and 27 of the Personal Data Protection Code). These data could be present on the Website after the facultative User's upload of documents, images or links containing these data. Processing of these data is completely facultative and not necessary concerning the purpose of supply of services from the Owner.
It is not suggested to upload documents or other contents with User's personal, confidential or legal data as well as third-party data without any authorization. The Owner can (but is not forced to) completely delete these contents from the Website as well as any other contents violating personal data policy according to art. 15 – 22 of the GDPR.
All submitted data will be stored until consent cancellation (opt-out) or the User's account cancellation that can be done at any time. After the consent cancellation or account removal, the User's personal data will be definitively cancelled or made anonymous, permanently and irreversibly.
The Owner can block, remove and/or delete comments, documents, links or any other User's content that can violate the Website use conditions that are explained here: Terms and Conditions
4. DATA SUBJECT'S RIGHTSAs per what is declared by art. 7 of Personal Data Code and art. 15 to 22 of the GDPR, the Data Subject (User) has the right to:
- Ask the access, correction or cancellation of personal data to the Data Controller (Owner);
- Ask for the data update, when required;
- Ask to change into anonymous or block data that are violating the law, as well as data that don't need to be stored in relation to the reason why they have been gathered or processed;
- Ask to limit the processing of his/her data or to take position against the processing;
- Exercise his/her right of data portability;
- personal data origin;
- purpose and means of data processing;
- what logic has been applied in case of data processing with electronic devices;
- all contacts of the Owner (Data Controller) and/or a third-party (Data Processor) according to art. 5, paragraph 2 of the Data Protection Code;
5. DATA CONTROLLERThe Data Controller is Paolo Pancaldi, email firstname.lastname@example.org.
The Data Subject can exercise his/her rights according to all regulations provided in the GDPR and in the DPA and can request the interruption of his/her data processing to the Data Controller.
6. CHANGES TO THIS DATA PROCESSING NOTICEThe Data Controller has the faculty to make all needed or mandatory changes to this notice at discretion and any time. When changes will be made, all Data Subjects will be informed about the changes made.