This section contains information about the management of the website of ‘ENTE PALIO DELLA CITTA’ DI
FERRARA A.P.S.’, with reference to the processing of the data of users who consult it. The Policy only
concerns ‘ENTE PALIO DELLA CITTA’ DI FERRARA A.P.S’ and does not apply to other websites possibly
consulted by link.
This website does not expressly address underage users. However, if the user is under the age of 14,
pursuant to paragraph 1 of Article 2-quinquies of the amended Legislative Decree 30 June 2003, n. 196,
must legitimize the consent, where required, through the authorization of the parents or legal guardian.
This Policy is pursuant to Article 13 of the European General Data Protection Regulation 2016/679
(hereinafter ‘GDPR’), on the protection of natural persons with regard to the processing of personal data
and on the free movement of such data (and repealing Directive 95/46/EC), for those who interact with
‘ENTE PALIO DELLA CITTA’ DI FERRARA A.P.S’.
The purpose of this document is to provide information about the nature and the management of the
information relating to users / data subjects that the Data Controller collects and manages from the time of
connection to the website, regardless of the purpose of the connection itself, according to Italian and
European legislation. This Policy may be updated periodically and without prior notice to you to reflect
changes in data practices and legislation, so the user is therefore invited to periodically check this page.
PERSONAL DATA PROCESSING
Data Controller means the natural or legal person, public authority, agency or other body which, alone or
jointly with others, determines the purposes and means of the processing of personal data; where the
purposes and means of such processing are determined by Union or Member State law, the controller or
the specific criteria for its nomination may be provided for by Union or Member State law.
‘ENTE PALIO DELLA CITTA’ DI FERRARA A.P.S.’ is the Data Controller: Corso Porta Reno n. 11 (Clock Tower)
– 44121 Ferrara (FE) Italy – Tax Code 93005440388 and VAT Number 00891910382. For any request of
clarification or exercise of rights of the user / data subject, it will be possible to contact the Data Controller
at the following email address: firstname.lastname@example.org
PROCESSED DATA AND DATA PROCESSING PURPOSES
The Data Controller processes the following categories of personal data while browsing the website and
using the related functions:
a) information and data relating to browsing the website (e.g. information about the pages and sections of
the website visited, the user’s activities on the website, the time spent on individual pages and sections of
the website, etc.);
b) information and data relating to the devices used by the user to browse the website and use its functions
(e.g. IP address, browser used, type of device used, data relating to the geographical position, information
from cookies or similar tools);
c) personal data and information required to manage communications, if the user intends to interact with
the Data Controller through the contact forms (Contact Us and Press Material Request) on the website or
by writing to the e-mail contacts specified by the Data Controller;
d) in case of use by the user to the possibilities of interaction between the contents of the website and the
user’s profiles on social networks (eg. through Facebook, Instagram, YouTube buttons), data and
information will also be processed relating to these profiles.
The personal data referred to in categories a) and b) are automatically collected by the Data Controller
while the user is browsing the website; personal data belonging to other categories are provided directly
and voluntarily by the user himself.
CONSEQUENCES OF FAILURE TO PROVIDE DATA
The processing of personal data referred to in categories a) and b) of the previous section is necessary for
the Data Controller in order to guarantee the user the best possible browsing experience and to provide all
the functions of the website. However, it is possible to limit the processing of such personal data by using
functions made available by the website or by the device or browser or application. In this case, browsing
the website may be limited and some functions may be inaccessible.
The processing of personal data referred to in categories c) and d) of the previous section is necessary to
allow user interactions with the Data Controller: the user therefore has no obligation to provide such data;
failure to provide them will only result in the inability to receive feedback from the Data Controller or to
access a specific function.
DATA PROVIDED VOLUNTARILY BY THE USER
The voluntary and explicit interaction with this website, in particular through the contact forms, involves
the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other
personal data included in the message.
LEGAL BASIS AND LAWFULNESS OF THE PROGESSING
The processing of personal data, where necessary as it is functional to allow consultation of the ‘ENTE
PALIO FERRARA’ website, does not require the user’s consent. The personal data provided by users who
submit information requests are used for the only purpose of responding to the request or performing a
requested service. Where necessary with respect to the specific purposes, in compliance with current
legislation, the specific consent of the user to the processing of data would be requested and collected.
METHODS OF DATA PROCESSING AND STORAGE PERIOD
Personal data will be processed in computerized and telematic mode for purposes strictly necessary for
browsing the ‘ENTE PALIO FERRARA’ website, as well as for purposes connected or instrumental to the
consultation itself. In addition, the data collected by the website may be used for any further purpose of
managing the contact and the request for information on the activities of the Data Controller. However, the
data transmitted will not in any way be alienated or transferred, for any reason, to third parties, except
with the prior and express consent of the data subject.
Processed data will be kept for the period strictly necessary to achieve the purposes expressed or up to any
request for cancellation or withdraw of consent, where applicable, by the user (always without prejudice to
the regulatory obligations imposed on the Data Controller). Specific security measures are adopted and
observed to prevent data breach, illicit or incorrect use and unauthorized access.
Computer systems and software procedures used to operate this website acquire, during their normal
operation, some personal data; the transmission of these data is implicit in the use of internet
This category of data includes the IP addresses or domain names of the computers used by users who
connect to the website, the addresses in the Uniform Resource Identifier (URI) notation of the requested
resources, the time of the request, the method used to submit the request to the server, the size of the file
obtained in response, the numerical code indicating the status of the response given by the server
(successful, error, etc.) and other parameters relating to the operating system and the user’s IT
environment. These informations are not collected to be associated with identified data subjects, but,
through processing and association with data held by third parties, they could allow the user to be
These data are processed in order to obtain anonymous statistical information on the use of the website, as
well as to check its correct functioning, and are deleted immediately after processing. The data could be
used for security purposes (for example, blocking attempts to damage the site, or ascertaining
responsibility in case of computer crimes against the website) and will therefore be kept for the time
strictly necessary to achieve this purpose.
PLACE OF DATA PROCESSING
Data processing connected to the web services of this website takes place at the aforementioned
registered office of Data Controller, as well as by any external subjects authorized to carry out
management, maintenance and assistance operations or in any case involved in the organization of the
Data Controller (such as third party technical service providers, hosting providers, IT companies,
communication agencies). No data deriving from the web service is normally disclosed to third parties.
DATA TRANSFER OUTSIDE THE EUROPEAN UNION
This website may share some of the data collected with services located outside the European Union area
(for example WordPress – Google – YouTube – Facebook – Instagram etc. through social plugins and the
Google Analytics service). The transfer is authorized and strictly regulated by CHAPTER V of the GDPR, so no
further consent is required. The Data Controller undertakes not to transfer data to third countries that do
not comply with the conditions set out in the GDPR.
DATA SUBJECT RIGHTS
Pursuant to Article 77 of the GDPR, the user / data subject has the right to lodge a complaint with the
Guarantor for the Protection of Personal Data, as the Supervisory Authority in Italy
(www.garanteprivacy.it). Pursuant to the purposes of the GDPR, the data subject is recognized the
following rights, if applicable.
Article 7 – Right to withdraw the consent
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent
shall not affect the lawfulness of processing based on consent before its withdrawal.
Article 15 – Right of access by the data subject
The data subject shall have the right to obtain from the Controller confirmation as to whether or not
personal data concerning him or her are being processed, and, where that is the case, access to the
personal data and the information about processing.
Article 16 – Right to rectification
The data subject shall have the right to obtain from the Controller without undue delay the rectification of
inaccurate personal data concerning him or her.
Article 17 – Right to erasure (‘right to be forgotten’)
The data subject shall have the right to obtain from the Controller the erasure of personal data concerning
him or her without undue delay and the Controller shall have the obligation to erase personal data without
undue delay where one of the GDPR grounds applies.
Art. 18 – Right to restriction of processing
The data subject shall have the right to obtain from the Controller restriction of processing in specific
Article 20 – Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she
has provided to a Controller, in a structured, commonly used and machine-readable format and have the
right to transmit those data to another Controller.
Article 21 – Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any
time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6,
paragraph 1), including profiling based on those provisions.
Article 22 – Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing,
including profiling, which produces legal effects concerning him or her or similarly significantly affects him
Requests can be addressed to the Data Controller without formalities or, alternatively, using the model
provided by the Supervisory Authority (available on the website www.garanteprivacy.it), by sending a
registered letter with return receipt to the registered office or an email at the following address:
Any actions taken under Articles 15 to 22 shall be provided free of charge. Where requests from a data
subject are manifestly unfounded or excessive, in particular because of their repetitive character, the
Controller may either charge a reasonable fee taking into account the administrative costs of providing the
information or communication or taking the action requested, or refuse to act on the request.
This Policy may be updated periodically and without prior notice to you to reflect changes in data practices
and legislation, so the user is therefore invited to periodically check this page. This document was
controlled on September 01, 2021 to be compliant with current regulatory provisions, in particular with EU
Regulation 2016/679 – GDPR.