Form: IS – Date Updated 09/2022
Dear Data Subject,
This information describes how the website is managed with reference to the processing of the personal data of users who consult it, as well as the processing practices of the data transmitted by the interested party to the Data Controller through this website. In compliance with art. 13 (for data collected from the Data Subject) and 14 (for data not collected from the Data Subject) of EU Regulation 2016/679 (GDPR), the following information is provided to the Users of this Website, which refer exclusively to the processing carried out through this Website itself and not through other websites that may be visited by clicking on links therein, for which it is suggested to refer to the relative privacy policies provided by their respective Data Controllers. This Site and any services offered through the Site are reserved for individuals who are eighteen years or over. The Data Controller does not collect personal data relating to minors. Upon request from these Users, the Data Controller will promptly delete all personal data involuntarily collected.
1. Data Controller
The Data Processor is EDG SRL with registered office in Via Gaffarello, 75 - 35010 Borgoricco (PD) and operational office in Via Grandi 12, 30036 Santa Maria di Sala (VE), Tax code and VAT no.: 05252830285 (hereinafter referred to as the "Processor"). The Data Controller reserves the right to appoint a web agency or consultancy as Data Processor to process the managed personal data for the purposes of technical assistance, maintenance, technical management and similar for this Website. The details of that web agency or consultancy may be requested at the addresses mentioned above. The Data Controller and the Data Processor process the data of Users also thanks to their internal Data Processors, specifically designated with instructions to authorised to process. The Data Protection Officer (DPO) can be contacted as follows: telephone +39 348 3165267, e-mail: firstname.lastname@example.org.
2. Category of data processed and sources of origin
Sources: browsing, other websites, cookies and similar; user; public sources.
We may primarily process browsing data, as well as cookies.
We may also process data voluntarily provided by the user, for example through the contact form or the sending of a communication by e-mail, including common personal data (identification, personal data, billing and similar) and exceptionally particular data pursuant to art. 9 GDPR or penalties pursuant to art. 10 GDPR to the strictest extent necessary by the request for information received and with the prior consent of the interested party. Data may come from automated sources or from voluntary sources, as well as from public sources. For example, they may come from user browsing, which may bring information about previous consultations of other sites, including in particular cookies and other similar technologies. The data may also be voluntarily provided by the user or by subjects related to him/her. Other data may come from public sources, such as those processed in the field of research and from corporate surveys, public database searches and similar.
3. Purposes of data processing
The personal data of the Users on the Website, as described above, will be processed in the ways and in the forms prescribed by the GDPR, for the performance of the Website's own functions, with particular, but not exclusive, reference to the collection procedures described therein, data, contact form, any registration process/access to the reserved area, subscription to the newsletter and the like. In particular, the personal data provided to the Data Controller will be processed for the following purposes:
4. Legal basis for data processing
The processing of personal data is based on the fulfilment of contractual or pre-contractual obligations inherent to the request made by the User (for example, requests for information about the services carried out by the Data Controller, requests for a quote, etc.), as well as, where necessary, on consent by freely and consciously filling in the appropriate information fields in the form dedicated to the collection and provision of data and checking the appropriate checkbox where required. It should be noted that the compilation of specific fields provided in the form for the request for information is inherent to the request itself and that therefore this involves the fulfilment of a pre-contractual or contractual obligation, depending on the context. Consent may be required at a later date for the processing of further data. In any case, processing is also based on legitimate interest, including the right to information, so please refer to the following paragraph.
5. Legitimate interest of the Data Controller
The processing of personal data is also based on the legitimate interest of the Data Controller, such as the exercise of his rights in the context of the information society, the performance of the contractual service and the implementation of direct marketing operations.
6. Mandatory nature of the provision of data
The provision of data relating to the browsing of Users, for the purposes indicated above, depends on the degree of privacy that the User has enabled or disabled through his/her browser. In some cases, disabling could compromise the browsing on this Website. For certain forms of this Website, the provision of navigation data and/or the use of technical cookies is mandatory for the proper functioning of the Website.
The provision of some personal data is in any case necessary for the structure of the Website and its procedures. Any request for other optional data will be preceded by a special approval check-box. The provision of all other data is optional, in accordance with the type of information that the User wishes to provide to the Website.
Without prejudice to the above, for example, the provision of the e-mail account is necessary to be able to respond to the request made through contact forms, as well as other mandatory data indicated therein with an asterisk. All other details are optional.
Failure to provide the data necessary for the requested action (for example, the e-mail account via a form for requesting information by this means) makes it impossible for the Data Controller to process the request.
PROVISIONS APPLICABLE TO ALL PROCESSING
In any case, even if the data subject has given consent to authorise the Data Controller to pursue all the purposes mentioned in the points above, he/she will remain free at any time to revoke it.
We inform you specifically and separately, as required by Article 21 of the Regulation, that the data subject has the right to oppose at any time the processing of their personal data for such purposes and that if the person opposes the processing for direct marketing purposes, personal data will no longer be able to be processed for these ends.
7. Potential recipients of personal data
The data may be communicated to associated, subsidiary and affiliated companies of the Data Controller, as well as to consultants, or also to third parties who operate, also in the name and on account of the Data Controller, for the performance of the services related to the purposes indicated in this statement, both intra-EU and extra-EU (in the latter case, it will be exclusively those subjects adhering to the Privacy Shield protocol).
In any case, the data may be communicated to Data Processors, as well as to persons authorised to process and duly instructed, always within the scope of the purposes of the processing.
8. Retention period
The data provided by the Data Subject will be retained until the express revocation by the Data Subject, even by action on their browser, cleaning of cookies, express request or expressed in any other way. The navigation data will be stored, in compliance with the principle of proportionality, in a form that allows the identification of the Data Subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.
Cases in which it is necessary to keep the data for a further period of time to defend or enforce a right or to comply with any legal obligations or orders of the Authorities are excluded from the above terms are.
9. Rights of data subjects
Each Data Subject shall have the right to access, rectify, delete (be forgotten), limit, receive the notification in the event of rectification, deletion or limitation, portability, opposition and not to be the subject of an automated individual decision, including profiling, pursuant to the Articles 15 to 22 of GDPR. These rights may be exercised in the forms and terms referred to in Article 12 of the GDPR, by written communication sent to the Data Controller (see point 10).
The Data Controller will respond as soon as possible and in any case within 1 month from receipt of the request.
10. Right to withdraw consent (Method of exercising rights)
You can withdraw your consent, where applicable, at any time and/or exercise your rights by sending:
- a registered letter with return receipt to the Undersigned (see the address indicated on the letterhead);
- an email to the address email@example.com
Each Data Subject has the right to lodge a complaint pursuant to Art. 77 et seq. of the GDPR with a supervisory authority, which for the Italian State is identified as the Data Protection Authority. The forms, methods and terms for proposing complaints are provided for and governed by the national legislation in force. The complaint does not prejudice the administrative and jurisdictional actions, which for the Italian State may alternatively propose to the same the Data Protection Authority or to the competent Court.
The personal data provided through navigation on this website and the possible completion of the forms published therein may be subject to profiling by third-party providers through third-party cookies.
Profiling allows these third-party providers, autonomous Data Processors of their respective personal data processing for profiling purposes, other than the Data Processor of this website, to assess certain personal aspects of the Data Subject relating in particular to their preferences, interests, tastes with reference to the pages consulted and the activities carried out, in order to allow these autonomous and different Data Processors to offer the Data Subject a more specific service targeted to their needs.
13. Data Controller, D.P.O. (R.P.D.), Appointees and Data Processors
Below we provide you with some information that needs to be brought to your attention, not only to comply with legal obligations, but also because transparency and fairness towards stakeholders is a fundamental part of our business.
Data Controller. The Data Processor of your personal data is EDG S.r.l. on behalf of which Company is Mr Luigi Enzo De Gaspari, who is responsible to you for the lawful and correct use of your personal data and whom you may contact for any information or request as follows: telephone +39 041 5739911, email: firstname.lastname@example.org.
DPO (Data Protection Officer). You can also contact the Data Protection Officer to obtain information and forward requests about your data or to report inefficiencies or any issues encountered. The Data Controller has appointed Mr Nicola Ghinello, who can be contacted as follows: telephone +39 348 3165267, email: email@example.com.
Appointees/Authorised Persons. The updated list of the appointees/Authorised persons and the staff involved in data processing is kept at the Data Controller's registered offices.
Data controllers. For the sake of brevity, the detailed list of these figures is available at our office and is at your disposal.
14. Social media plug-ins
15. Links to third-party sites
From this site it is possible to connect through appropriate links to other third-party websites. The Data Controller declines any responsibility regarding the possible management of personal data by third-party sites and in order to manage the authentication credentials provided by third parties.
The Data Controller
GRS Srl is happy to receive comments on this privacy notice.
Please contact us at: firstname.lastname@example.org