Via Praga 21, 43010 Bianconese di Fontevivo (PR) - Italy
tel. +39 0521 618661 fax +39 0521 615127 firstname.lastname@example.org
DATA PROTECTION STATEMENT
The user is asked to carefully read the following data protection statement in accordance with Articles 13 and 14 (if the personal data have not been obtained from the data subject but from other sources) of the General Data Protection Regulation (GDPR), and subsequent amendments and additions, to fully understand the basis on which personal data are collected, how they are used and stored and to whom they are disclosed, in particular with regard to:
1. ABOUT US
In its capacity as Controller, this communication is made available by:
BERTOCCHI S.r.l., with registered office in 43010 Fontevivo (PR), frazione Bianconese, Via Praga 21, Tax ID no. and VAT reg. no. 01886260346, R.E.A. (Economic and Administrative Business Register) no. PR-185294 (hereinafter also Company).
2. STATUTORY RIGHTS
The law guarantees a series of personal data rights. The Company undertakes to protect personal data and to comply with the data protection laws in force at any time. Further information and suggestions on rights can be obtained from the National personal data protection authority.
The Company may also transfer personal data to suppliers and third-parties that perform some services for it, always in compliance with data processing agreements and, in that case, on the basis of the user's consent. The data will be shared and made accessible to these external service suppliers only to the extent necessary to fulfil the purposes referred to in this statement.
The user can request the list of suppliers and processors currently used by the Company.
3. WHAT PERSONAL DATA ARE COLLECTED AND HOW ARE THEY USED?
What are personal data?
Personal data refers to information that, directly or indirectly, allows the user to be identified as a natural person. “Directly” means, for example, name, surname and address; “indirectly” means when data are processed together with other information.
3.1. Navigation data
During their normal operation, the computer systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that has not been collected to be associated with identified data subjects, but which by its very nature could, through processing and associations with data held by third parties, allow users to be identified. This category of data includes the Internet protocol (IP) addresses or domain names of the computers used by users who connect to the website, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
can entail subsequent acquisition and use of personal data to initiate the necessary purposes. The personal data will in any case be stored for a time that is consistent with the purpose of collection.
3.3 Registration for access to the Spare Parts Catalogue - Website quotation request
The Company collects personal data for the purposes of registration on the website.
3.4 Processing of customer and supplier data
The data are processed to:
3.5 Marketing, promotional and advertising activities
In certain circumstances, personal data may be processed after obtaining the user's consent in order to send marketing communications. In most cases, it is in the Company's legitimate interest to collect and use the personal data, as described above in “What personal data are collected and how are they used?”, so as to provide the user with a service that is as useful as possible and to better understand customers in order to improve marketing activities.
Personal data are processed using manual or computer tools, with adoption of logics strictly related to the purposes and, in any case, in such a way as to ensure the security and confidentiality of the data.
The Company is required by law to carry out requests and provide information free of charge, except in the case where requests are manifestly unfounded or excessive (especially because of their repetitive nature). In such a case, the Company may charge a reasonable fee (taking into account the administrative costs of providing the information or communication, or taking the action requested), or refuse to carry out the request.
Please ponder your request responsibly before sending it. The Company will reply as soon as possible. Generally, a reply will be sent within a month of receiving the request. If more time is required, the Company will contact and inform the user.
This statement is in force from 24 May 2018. The Company reserves the right to change it or just update part or all of its content also because of changes in applicable regulations. The Company invites the data subject to regularly visit this section to take note of the most recent and updated version of the data protection statement so as to always be updated on the Personal Data collected and on the use the Company makes of them.
1) 'personal data' means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2) 'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3) 'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
4) 'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
5) 'recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
6) 'third party' means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
7) 'consent of the data subject' means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
8) 'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
9) 'supervisory authority' means an independent public authority which is established by a Member State pursuant to Article 51;
10) 'supervisory authority concerned' means a supervisory authority which is concerned by the processing of personal data because: a) | the controller or processor is established on the territory of the Member State of that supervisory authority; b) data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or c) a complaint has been lodged with that supervisory authority.