Privacy Policy – Use of Personal Data
Information on the processing of personal data
Dear user, pursuant to art. 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and the free circulation of such data, the undersigned company GIOBAS snc di Basso G. & C., as the data controller of the data that derive from the interaction with the web services accessible electronically from the address girandolegiobas.com, wishes to inform you about the processing of your personal data and invites you to authorize the processing of your data for the purposes described by voluntarily and freely expressing your consent to the data processing. The information is provided only for the owner’s website and not for other websites that may be consulted by the user via links.
1 – Data Controller
GIOBAS snc di Basso G. & C. – Via Romana 29, 16047 Gattorna (GE) IT – E-mail: [email protected]
2 – Treatment methods
Your data will be processed at the Data Controller’s headquarters in verbal and/or written form, with electronic tools and/or on paper, in the ways and within the limits necessary to pursue the purposes reported, in compliance with the principles set out in art. 5 par.1 of EU Regulation 2016/679, namely:
- Lawfulness, fairness and transparency
- Limitation of purposes
- Minimization of collected data
- Accuracy of data
- Retention limitation
- Integrity and confidentiality
- Owner’s Responsibility.
The treatments carried out concern the following data and purposes:
- Browsing data. The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site, for recording access to the site and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this eventuality, at present the data on web contacts do not persist for more than seven days.
- Personal data provided voluntarily by the user (e.g. name, surname, email address) aimed at satisfying a specific request of the user using the services provided by the website. The provision is optional and voluntary, but necessary to respond to the request and for the user to receive the service. The user is free to provide the personal data reported in the request forms to request the monthly sending or at most every 15 days of the newsletter, information material or other communications of a technical and/or commercial nature (e.g. new products or services, participation in trade fair events). Failure to provide them or incomplete provision may make it impossible to obtain what is requested. Personal data are processed for the time strictly necessary to achieve the purposes for which they were collected or in any case as long as consent exists. The processing will be carried out exclusively by employees assigned and authorized within the scope of their respective functions and in compliance with the instructions received from the Data Controller, always and only for the purposes set out above, to guarantee data security and confidentiality and the protection of your rights. Such data are not subject to transfer to non-EU countries or international organizations. The data may be communicated, as far as they are competent in carrying out tasks on behalf of the Data Controller, to external Data Processors, public and private, natural and/or legal persons. The data processing does not include an automated decision-making process including profiling.
- Personal data (e.g. name, surname, bank details) for the purpose of drafting and concluding sales contracts, for their execution, including the performance of technical-operational and administrative-accounting activities connected and functional to the work activity, in compliance with the contract and legal obligations in tax matters. The provision of data is mandatory for the execution of the contract and for legal obligations, under penalty of the impossibility of carrying out the service and correctly complying with the tax/administrative legislation in force. The processing will be carried out exclusively by employees appointed and authorized within the scope of their respective functions and in compliance with the instructions received from the Data Controller, always and only for the purposes set out above, to guarantee the security of the data and the confidentiality and protection of your rights. The data must or may be communicated, as far as their specific competence in carrying out tasks on behalf of the Data Controller, to public and private entities external to the Data Controller’s structure, including suppliers, collaborators, lawyers, accountants, labor consultants, consultants in general, credit institutions, public bodies and competent offices, who have the authority to request them. Such data are not transferred to non-EU countries or international organizations. The data will be retained for the entire duration of the relationships established and in any case for a period of time not exceeding the achievement of the aforementioned purposes for which they are processed. The accounting/administration data required for tax purposes (accounting records) are retained by law (Civil Code) for at least 10 years from the date of the last registration or until any tax assessments by the competent bodies relating to the corresponding tax period being verified have been concluded (art. 22, paragraph 2, Presidential Decree no. 600/1973). The processing of your data does not include an automated decision-making process including profiling.
3 – Rights of the interested party
The Regulation grants you, as an interested party, the exercise of specific rights, listed in articles 15 to 22. You can therefore ask the data controller:
- access to personal data (art. 15): obtain confirmation of whether or not personal data concerning you are being processed and be able to access it;
- data rectification (art. 16): obtain the rectification of inaccurate data and the integration of incomplete data;
- data deletion – “oblivion” (art. 17);
- the limitation of processing (art. 18);
- data portability (art. 20): receive the data provided to the owner and be able to transmit them without impediments to another owner;
- to object to the processing (art. 21);
- not to be subject to a decision based solely on automated processing which produces legal effects or significantly affects him or her (Article 22).
Furthermore, you are granted the rights to:
- lodge a complaint with the Data Protection Authority;
- revoke your consent at any time, without prejudice to the lawfulness of the processing carried out up to that moment (art. 7, paragraph 3). The right of revocation cannot concern cases in which the processing is necessary to fulfill a legal obligation to which the data controller is subject.
You may exercise the above rights at any time and free of charge by contacting the data controller GIOBAS snc di Basso G. & C. at the email address: [email protected]
In the event of a personal data breach deemed likely to present a high risk to your rights and freedoms, you will be duly notified without undue delay, in accordance with art. 34 of the Regulation.