WEBSITE DATA PRIVACY POLICY updated pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation)

1) Introduction

Cedat 85 srl takes the privacy of users seriously and is committed to respecting it. This privacy policy ("Privacy Policy") describes the personal data processing activities carried out by Cedat85 srl through the website www.cabolo.com and the related commitments undertaken by the Company in this regard. Cedat 85 srl can process users' personal data when they visit the Website and use services and features on the Website. If applicable pursuant to EU Regulation 2016/679, users' consent will be requested before the processing of their personal data. If users submit personal data of third parties, they must ensure that the disclosure of data to Cedat 85 srl and its subsequent processing for the purposes specified in the applicable privacy notice complies with EU Reg. 2016/679 and applicable legislation.

2) Controller, Processor and Privacy Officer Identification details, Cedat85 srl Address: via Poli, 29 – 00187 - Rome Telephone: +39.06.68134164

3) Type of data processed

In addition to the so-called "navigation data" (see below), personal data voluntarily provided by the user may be processed when he/she interacts with the functionalities of the Website or requests to use the services offered on the Website. In compliance with the Privacy Code, Cedat 85 srl may also collect personal data from third parties in the performance of its activities.

4) Cookies and navigation data

Our Website uses cookies. By using the Website, you consent to the use of cookies in accordance with this Privacy Policy. Cookies are small files stored on the hard disk of the user's computer. There are two macro-categories of cookies: technical and profiling. Technical cookies are necessary to ensure proper functioning of a website and allow user navigation. Without them, users may not be able to view the pages correctly or use some services. Profiling cookies are used to create profiles of users and send advertising messages in line with the preferences expressed by them during navigation. Cookies can be further classified as:

- "session" cookies, which are deleted immediately upon closing the navigation browser; _"persistent" cookies, which remain in the browser for a certain period of time. They are used, for instance, to recognise the device that connects to a website, facilitating the authentication operations for the user;

- "first party" cookies, generated and managed directly by the owner of the website visited by users;

- "third-party" cookies, generated and managed by parties other than the owner of the website visited by users.

5) Cookies used on the website

Our Website uses the following types of cookies:

1) first-party, session and persistent cookies, necessary to allow navigation on the Website. They serve purposes of internal security and system administration;

2) third-party, session and persistent cookies, necessary to allow users to benefit from multimedia elements on the Website, such as images and videos;

3) persistent third-party cookies used by the Website to send statistical information to the Google Analytics system, through which Cedat85 srl can perform statistical analysis of accesses/visits to the Website.

Cookies are used exclusively for statistical purposes and they collect information in

4) persistent third-party cookies, used by the Website to include in its pages the link-buttons of some social-networks (Facebook, Twitter and Google+). By selecting one of these buttons, users can publish contents of the Website they are visiting through their private pages on social-networks.

6) Retention of personal data

Personal data are stored and processed through IT systems owned by [Company name] and managed by Cedat 85 srl; for more details, please refer to the section ‘Scope of communication and data access’ below. Data are processed exclusively by specifically authorised personnel, including personnel assigned to carry out extraordinary maintenance operations.

7) Data processing purposes and methods

Cedat85 srl may process users' personal and sensitive personal data for the following purposes: when they use services and features on the Website, to manage requests and reports from their users, to send newsletters, etc. Furthermore, with the additional and optional specific consent of the user, Cedat85 srl may process personal data for marketing purposes, i.e. to send users promotional material and/or commercial communications relating to the Company's services, to the addresses provided, through methods and/or means of contact that can be traditional (such as paper mails, telephone calls with operators, etc.) and automated (such as internet communications, fax, e-mails, text messages, apps for mobile devices as smartphones and tablets, so-called APPS-, social network accounts -e.g. via Facebook or Twitter-, phone calls with auto calling, etc.). Personal data are processed both in paper and electronic form and entered into the Company information system in full compliance with EU Reg. 2016/679, including security and confidentiality profiles, and guided by the principles of fairness and lawfulness of processing. In compliance with EU Reg. 2016/679, data are kept and stored for 5 years.

8) Security and quality of personal data

Cedat85 srl undertakes to protect the safety of users' personal information and complies with the safety provisions of the applicable law in order to avoid data loss, illegitimate or unlawful use of data and unauthorized access to data. Furthermore, the information systems and IT programs used by Cedat 85 srl are set to minimize the use of personal and identification data; these data are processed only for the achievement of the specific purposes pursued in each case. Cedat 85 srl uses multiple advanced security technologies and procedures to promote the protection of users' personal data and, for instance, personal data are stored on secure servers located in places with protected and controlled access. Users can help Cedat 85 srl to update and preserve the integrity of their personal data communicating any modification related to their address, qualification, contact information, etc.

9) Scope of communication and data access

Your personal data may be disclosed to:

• all subjects to whom the right of access to such data is recognized by virtue of regulatory provisions;
• our collaborators, employees, within the scope of their duties;
• all those natural and/or legal, public and/or private persons when the disclosure of data is necessary or functional to the performance of our business, in the manner and for the purposes shown above;

10) Nature of provision of personal data  

The provision of personal data by the user is necessary to allow the Company to manage notifications and user requests or to enable the Company to re-contact users after their requests. This type of data is marked with an asterisk [*] and in this case provision of data is mandatory to allow the Company to follow up on requests which otherwise cannot be processed. Conversely, the collection of other data not marked with an asterisk is optional: failure to provide data will not entail any consequences for the user. As specified in the section 'Data processing purposes and methods', the provision of personal data by users for marketing purposes is optional and the refusal to provide them will not have consequences. The consent granted for marketing purposes extends to the sending of communications carried out using automated and traditional methods and/or means of contact, as exemplified above.

11) Rights of the interested party  

11.1 Article 15 (right of access) and 16 (right of rectification) of EU 2016/679
Data Subjects have the right to obtain from Data Controllers confirmation of whether or not processing of personal data concerning them is in progress, and if so, they have the right to obtain access to those personal data, as well as the following information:  

1. a) the purposes of the processing;
2. b) the categories of personal data concerned;
3. c) recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients are in third countries or international organisations;
4. d) the envisaged retention period of personal data or, if that is not possible, the criteria used to determine that period;
5. e) the existence of the right to request rectification or deletion of personal data from the Data Controller, to request restriction of Data Subject-related personal data, or to object to such processing;
6. f) the right to lodge a complaint with a supervisory authority;
7. h) the existence of an automated decision-making process, including profiling and, at least in such cases, meaningful information on the logic involved, as well as the importance and the expected consequences of such processing for the Data Subject.

11.2 Right pursuant to Article 17 of EU Reg. 2016/679 - right to cancellation ('right to be forgotten') Data Subjects have the right to obtain the deletion of personal data concerning them from the Data Controller without undue delay and Data Controller are obliged to cancel personal data without undue delay, for one of the following reasons:
a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;  

1. b) Data Subjects withdraw consent on which the processing is based, according to Article 6(1), letter a) or Article 9(2), letter a), and where there is no other legal purpose for the processing;
   c) Data Subjects object to the processing pursuant to article 21(1), and there are no overriding legitimate grounds for the processing, or Data Subjects object to the processing pursuant to article 21(2);
2. d) personal data has been unlawfully processed;
3. e) personal data must be erased in compliance with a legal obligation in the European Union or Member State law to which the Controller is subject;
4. f) personal data has been collected in relation to the provision of company services information, as referred to in article 8(1) of EU Reg. 2016/679.

11.3 Right indicated in article 18 Right to limitation of processing

Data Subjects shall have the right to obtain restriction of processing from the Controller where one of the following applies:

1. a) the Data Subject disputes the accuracy of personal data, for the period necessary for the Data Controller to verify the accuracy of those personal data;
2. b) the processing is unlawful and the Data Subject objects to personal data deletion and requests the restriction of their use instead;
3. c) although the Data Controller no longer needs them for the purposes of processing, personal data are necessary for the Data Subject to ascertain, exercise or defend a right in court
4. d) the Data Subject has opposed the processing pursuant to article 21(1) of EU Reg. 2016/679, pending verification on whether the Data Controller’s legitimate reasons prevail over those of the Data Subject.

11.4 Right under article 20 Right to data portability

The interested party shall have the right to receive personal data concerning him/her, which he/she has provided to a Data Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another Data Controller without hindrance from the Data Controller.

12. Withdrawal of consent to processing

The Data Subject may withdraw consent to the processing of his/her personal data by sending a registered letter with return receipt to the following address: Cedat85 srl Piazza Carducci 27/28 - San Vito dei Normanni - 72019 Brindisi with an identity document photocopy and the following text: <withdrawal of consent to the processing of all my personal data>. At the end of this operation, personal data of the Data Subject will be removed from our records as quickly as possible.

If you wish to have more information on the processing of your personal data, or to exercise the rights referred to in paragraph 7 above, you can send a registered letter with return receipt to the following address: Cedat85 srl Piazza Carducci 27/28 - San Vito dei Normanni - 72019 Brindisi

Before we provide you with, or modify, any information, we may need to ask you to answer a few questions to verify your identity. We will reply as soon as possible.