Information to be provided in accordance with article 13 – EU General Data Protection Regulation 2016/679 (GDPR)
Karabà s.r.l. (below also “Karabà”), with the registered office in Via della Fonte di Fauno 15 – 00153 Rome, informs visitors to its site www.karaba.net that it is the Controller of all personal data processed on its website.
Identification and contact details of the Controller
Business name: Karabà s.r.l.
Registered office: Via della Fonte di Fauno 15 – 00153 Roma
Vat number and registration number in the business register of Rome: 15920761002
Certified E-mail: firstname.lastname@example.org
Compliance with laws for the protection of personal data
The website www.karaba.net is compliant with the legislation here listed:
- Directive 2002/58/EC (ePrivacy or Cookie Law)
- EU General Data Protection Regulation 2016/679 (GDPR)
- Italian Legislative Decree number 193/2006 (“Privacy code” as modified by Legislative Decree number 101/2018), in particular article 122
- Provision of Privacy Guarantor n° 229 of 8 May 2014
Definition of “cookie” or “tracking tools”
Cookies are small text files that are saved on terminals (computer, tablet, smartphone) of the user visiting the site.
Cookies maximise the browsing of the users, gathering and memorizing specific information.
Distinction is made between first party cookies, those installed directly by the sites visited by the users and third party cookies installed indirectly by sites or web servers different from those visited.
For some specific purposes (e.g. marketing) the installation of cookies requires the consent of the users, which can be withdrawn at any time by those users.
Cookies may be eliminated, deactivated or blocked using the settings of the browser as is specified in the paragraph “Cookie Management”.
Types of Cookies used
The site www.karaba.net uses only technical cookies i.e. those with the sole purpose of “sending a message on an electronic communication network, or provision of necessary information specifically requested by the subscriber or user about a service to enable the delivery of such service” (article 122, paragraph 1 , Privacy Code). Use of this type of cookie does not require consent.
Technical cookies on a site are to enhance browsing and functionality i.e. they guarantee and assist the efficient functioning of the website and normal browsing functions (e.g. saving the session, browsing preferences, remembering certain criteria such as preferred language, managing traffic flow etc.).
Analytical cookies are also installed (attributable, in the present case, to technical cookies) to gather information in aggregate form on the visiting users in order to measure traffic on the website, plan and maximise performance. Analytical cookies in certain cases can also be used without obtaining the consent of the user. To be considered in this way, analytical cookies must have the sole purpose of gathering aggregate statistics and the resulting data may not be intermingled with other data coming from different sites or applications. The Data Controller uses Google Analytics, a web analysis service developed by Google, which permits the measurement and analysis of browsing on web pages. Google Analytics meets the conditions required by current law concerning the waiver of the request for consent.
For further information users are invited to consult Google’s cookie informative for Google Analytics using the following link: http://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.
With reference to third party cookies, i.e. those not installed by the site owner, note the use of the “Like buttons”, widgets and social plugins for Facebook and Instagram. In this way, cookies are sent to and from all the sites managed by third parties. The processing of information gathered by “third parties” is regulated by their informative, please refer to them. The data controller bears no responsibility regarding this type of cookies.
The controller does not utilize profiling cookies, i.e. those “to create visitor profiles which may be used to send out advertising messages concerning similar choices previously made while browsing on the internet” (Cookie Law). For this type of cookie, the specific consent of the user is required.
Duration of cookies
Cookies of the site may be “session” or “persistent”. The session cookies will be removed at the end of the browsing session, the persistent cookies remain even after the close of the browser and are used to retain information (e.g. user name and password) so that they do not have to be re-typed.
Purpose of cookies
Cookies used on the site have the sole purpose to complete login on the site, monitor the session and memorize technical information specific to the user in order to better the fruition of the site itself.
Management of cookies
It is possible to deactivate, block or eliminate cookies using the operating device on the browser settings.
The following are the links containing instructions for cookie management for the most frequently used browsers:
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=it
- Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
- Safari: https://support.apple.com/it-it/HT201265
- Microsoft Internet Explorer: https://support.microsoft.com/it-it/topic/eliminare-e-gestire-i-cookie-168dab11-0753-043d-7c16-ede5947fc64d
- Microsoft Edge: https://support.microsoft.com/it-it/microsoft-edge/eliminare-i-cookie-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
Rights of the data subject
In accordance with article 13 GDPR (Information to be provided where personal data are collected from the data subject) and with reference to articles 15-22 GDPR, the data subject is informed that he:
- has the right to ask the Controller with a specific request addressed to email@example.com, for access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability;
- has the right to lodge a complaint with a supervisory authority (in Italy you can follow the procedure and guidelines published on the official website of the Authority at www.garanteprivacy.it.
The exercise of the data subject’s rights (articles 15-22 GDPR) has no restriction and is free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested or refuse to act on the request.
Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information is be provided in a commonly used electronic form.
The request will be processed according to the terms of article 12, paragraph 3 GDPR (one month from the request, with the possibility of an extension for up to 3 months).
Regarding the right to data portability, the Controller informs the data subject that where the conditions set out in article 20 GDPR are met, there is the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller, if technically feasible.
The following is an overview of the other rights of data subject:
right of access: right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data; possibility to request a copy of the personal data and information according to article 15 GDPR;
right of rectification: right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and to have incomplete personal data completed;
right of erasure (right to be forgotten): right to obtain from the controller the erasure of personal data concerning him or her without undue, in cases regulated by the law and with specific limitations (article 17 GDPR);
right to restriction of processing: right to obtain from the controller restriction of processing in particular cases as stipulated in article 18 GDPR;
right to object: right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her; the controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
right not to be subject to a decision based solely on automated processing, including profiling: right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, except in cases in which the automated decision is necessary to conclude or carry out a contract between the data subject and a data controller, is in accordance with the law, in respect of precautionary measures, is based on the explicit consent of the data subject.
The data subject, as mentioned above, has the right to lodge a complaint with a supervisory authority. In Italy the data subject shall follow the procedures and indications published on the official website of “Garante Privacy” (https://www.garanteprivacy.it).
Last Update: June 14, 2021.