Privacy Policy

This is the Privacy Policy page of the website of the Municipality of Nepi, called Nepeasy.it.

This website collects some personal data from its users.

Data Controller

The Data Controller for the personal data collected by this website is the Municipality of Nepi, Tax Code 00088940564, represented by the current legal representative. The registered office of the Municipality of Nepi is located at: Piazza del Comune, 20 – 01036 – Nepi (VT).

Email: segreteria@comune.nepi.vt.it
PEC: comune.nepi.vt@legalmailpa.it

Types of Data Collected

Among the personal data collected by this website, either independently or through third parties, are: certain personal details of the user (name and email).

Detailed information on each type of data collected is provided in the dedicated sections of this Privacy Policy or through specific notices displayed prior to data collection.

Personal data may be freely provided by the user, or, in the case of usage data, automatically collected during use of this website.

Unless otherwise specified, all data requested by this website are mandatory.

If the user refuses to provide them, it may be impossible for this website to deliver the service. Where this website specifies certain data as optional, users are free not to provide such data without consequences to the availability or operation of the service.

Users who have doubts about which data are mandatory are encouraged to contact the Data Controller for clarification.

The use of cookies—or other tracking tools—by this website or by the third-party service providers utilized by it, unless otherwise specified, aims to provide the service requested by the user, in addition to the other purposes described in this document and in the cookie policy, if available.

The user assumes responsibility for the personal data of third parties obtained, published, or shared through this website and warrants that they have the right to communicate or disclose them, thereby releasing the Data Controller from any liability toward third parties.

Methods and Location of Data Processing

Methods of Data Processing

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.

The processing is carried out using IT and/or telematic tools, following organizational procedures and methods strictly related to the purposes outlined.

In addition to the Data Controller, in some cases, other parties involved in the organization of this website (such as administrative, commercial, marketing, legal staff, and system administrators) or external parties (e.g., third-party technical service providers, mail carriers, hosting providers, IT companies, and communication agencies) may have access to the data. These parties may also be appointed, if necessary, as Data Processors by the Data Controller.

The updated list of Data Processors can always be requested from the Data Controller.

Legal Basis for Processing

The Data Controller processes Personal Data relating to the User if one of the following conditions applies:

The User has given consent for one or more specific purposes; Note: In some jurisdictions, the Data Controller may be allowed to process Personal Data without the User’s consent or any of the other legal bases specified below, as long as the User does not object (“opt-out”) to such processing. However, this does not apply where the processing of Personal Data is subject to European data protection legislation.
The processing is necessary for the performance of a contract with the User and/or for any pre-contractual obligations.
The processing is necessary for compliance with a legal obligation to which the Data Controller is subject.
The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

Users may always contact the Data Controller to clarify the specific legal basis that applies to each processing operation and to specify whether the processing is based on the law, required by a contract, or necessary to conclude a contract.

Location of Data Processing

Data is processed at the operational offices of the Data Controller and in any other places where the parties involved in the processing are located. For further information, contact the Data Controller.

The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the location of processing, the User may refer to the section detailing the processing of Personal Data or contact the Data Controller.

Users are entitled to receive information about the legal basis for Data transfer to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries (e.g., the United Nations), as well as about the security measures adopted by the Data Controller to protect their data.

Users may verify if such a transfer takes place by examining the relevant sections of this document or by asking the Data Controller directly.

Retention Period

Data is processed and retained for as long as necessary to fulfill the purposes for which it was collected.

Specifically:

Personal Data collected for purposes related to the performance of a contract between the Controller and the User will be retained until the contract has been fully executed.
Personal Data collected for purposes linked to the Controller’s legitimate interest will be retained until such interest has been satisfied. Users may obtain further information regarding the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller directly.

When processing is based on the User’s consent, the Controller may retain Personal Data for a longer period until the consent is withdrawn. Additionally, the Controller may be required to retain Personal Data for a longer duration to comply with legal obligations or upon order of an authority.

Once the retention period expires, Personal Data will be deleted. Therefore, after the expiration of this period, the rights of access, erasure, rectification, and data portability can no longer be exercised.

Purpose of Data Collection

User data is collected to allow the Data Controller to provide its services, fulfill legal obligations, respond to enforcement requests, protect its own rights and interests (or those of Users or third parties), detect malicious or fraudulent activities, and for the following purposes: Contacting the User. Allowing the User to view content from external platforms (e.g., YouTube videos). Managing contacts and sending messages (e.g., through contact forms available on the website)

To obtain detailed information about the purposes of processing and the Personal Data processed for each purpose, the User may refer to the section “Details on the Processing of Personal Data.”

Details on the Processing of Personal Data

Personal Data are collected for the following purposes and using the following services:

Contacting the user

Contact form. By filling in the contact form with their personal data, the user consents to their use for responding to requests for information, quotations, or any other nature indicated in the form header.

Personal Data processed: name, email, and any other types of personal data voluntarily provided by the user in the “message” field.

Displaying content from external platforms

This type of service allows content hosted on external platforms to be displayed directly on the pages of this website and to interact with it. However, this service may still collect data on web traffic related to the pages where the service is installed, even if users do not interact with it.

Information on How to Disable Interest-Based Ads

In addition to any opt-out options provided by the services listed in this document, users can make use of the information available on YourOnlineChoices (EU), The Network Advertising Initiative (USA) e Digital Advertising Alliance (USA), DAAC (Canada), DDAI (Japan) or other similar services.

These services allow users to manage tracking preferences for most advertising tools. Therefore, the controller recommends that users use these resources in addition to the information provided in this document.

Users can also disable certain advertising features through their device settings, such as advertising settings for mobile phones or general ad settings.

This site does not use any tracking tools or advertising tools.

User Rights

Users may exercise certain rights concerning the data processed by the data controller. Specifically, the user has the right to:

Withdraw consent at any time. The user can withdraw consent previously given for the processing of their personal data.
Object to the processing of their data. The user can object to the processing of their data when it is based on a legal basis other than consent. Further details on the right to object are provided in the section below.
Access their data. The user has the right to obtain information about the data processed by the controller, certain aspects of the processing, and to receive a copy of the data being processed.
Verify and request rectification. The user can verify the accuracy of their data and request updates or corrections.
Obtain the restriction of processing. When certain conditions apply, the user can request the restriction of the processing of their data. In this case, the controller will not process the data for any purpose other than their storage.
Request the deletion or removal of their personal data. When certain conditions apply, the user can request the deletion of their data by the controller.
Receive their data or transfer it to another controller. The user has the right to receive their data in a structured, commonly used, and machine-readable format, and, when technically feasible, to transfer it without obstacles to another controller. This provision applies when the data is processed by automated means and the processing is based on the user’s consent, a contract to which the user is a party, or related contractual measures.
File a complaint. The user can file a complaint with the competent data protection authority or take legal action.

Details on the Right to Object

When personal data is processed in the public interest, in the exercise of public powers vested in the controller, or to pursue a legitimate interest of the controller, users have the right to object to the processing for reasons related to their particular situation.

It is pointed out to users that, if their data is processed for direct marketing purposes, they can object to the processing without providing any justification. To find out if the controller processes data for direct marketing purposes, users can refer to the relevant sections of this document.

How to Exercise the Rights

To exercise the user’s rights, users can send a request to the contact details of the controller indicated in this document. Requests are free of charge and will be processed by the controller as soon as possible, in any case, within one month.

Further Information on Processing

Defense in Legal Proceedings

The user’s personal data may be used by the data controller in legal proceedings or in the preparatory stages of such proceedings, to defend against abuses in the use of this site or its related services by the user.

The user acknowledges that the data controller may be required to disclose data by order of public authorities.

Specific Notices

Upon the user’s request, in addition to the information contained in this privacy policy, this site may provide the user with additional and contextual notices regarding specific services or the collection and processing of personal data.

System Logs and Maintenance

For operational and maintenance reasons, this site and any third-party services it uses may collect system logs, which are files that record interactions and may also contain personal data, such as the user’s IP address.

Information Not Contained in This Policy

Further information regarding the processing of personal data may be requested at any time from the data controller using the contact details provided earlier.

Response to “Do Not Track” Requests

This site does not support “Do Not Track” requests. To determine if any third-party services used support them, the user is encouraged to consult their respective privacy policies.

Changes to This Privacy Policy

The data controller reserves the right to make changes to this privacy policy at any time by notifying users on this page and, if possible, on this site, as well as, when technically and legally feasible, sending a notification to users through one of the contact details they have provided. Therefore, users are encouraged to regularly consult this page, referring to the date of the last modification indicated at the bottom.

If the changes involve processing based on consent, the data controller will collect the user’s consent again, if necessary.

Definitions and Legal References

Personal Data (or Data)

Personal data refers to any information that, directly or indirectly, even in connection with any other information, including a personal identification number, makes a natural person identified or identifiable.

Usage Data

These are the information collected automatically through this site (also by third-party applications integrated into this site), including: IP addresses or domain names of computers used by the user connecting to this site, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to send the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), the country of origin, the browser and operating system characteristics used by the visitor, various temporal characteristics of the visit (e.g., the time spent on each page), and details regarding the navigation path within the site, with particular reference to the sequence of pages viewed, the parameters related to the operating system, and the user’s computing environment.

User

The individual who uses this site, which, unless otherwise specified, coincides with the data subject.

Data Subject

The natural person to whom the personal data refers.

Data Processor (or Processor)

The natural or legal person, public authority, service, or other body that processes personal data on behalf of the data controller, as outlined in this privacy policy.

Data Controller (or Controller)

The natural or legal person, public authority, service, or other body that, alone or together with others, determines the purposes and means of processing personal data and the tools adopted, including the security measures related to the operation and enjoyment of this site. The data controller, unless otherwise specified, is the owner of this site.

This Application

The hardware or software tool through which users’ personal data is collected and processed.

Service

The service provided by this site as defined in the relevant terms (if present) on this site/application.

European Union (or EU)

Unless otherwise specified, any reference to the European Union contained in this document refers to all current member states of the European Union and the European Economic Area.

Cookies

Cookies are tracking tools that consist of small pieces of data stored within the user’s browser. For more information, we encourage you to view our cookie policy.

Tracking Tool

A tracking tool refers to any technology – e.g., cookies, unique identifiers, web beacons, embedded scripts, e-tags, and fingerprinting – that allows tracking users, such as by collecting or saving information on the user’s device.

Legal References

This privacy policy is drafted based on multiple legal frameworks, including Articles 13 and 14 of Regulation (EU) 2016/679. Unless otherwise specified, this privacy policy applies exclusively to this website.

Last update: 28 February 2024