PRIVACY NOTICE PURSUANT TO THE ARTT. 13 AND 14 OF EU REGULATION NO. 679/2016 – GDPR
PRIVACY NOTICE PURSUANT TO THE ART. 13 OF ITALIAN D.LGS. NO. 196/2003
Pursuant to the articles 13 and 14 of the European Regulation over Personal Data Protections, GDPR (ref. Reg. EU 679/2016) and pursuant to the art. 13 of the interim Italian Legislative Decree no. 196/2003 (Privacy Code), CSF Inox S.p.A., acting as Data Controller, issues the following Notice concerning the processing of personal data collected through browsing of this web site. The Notice shall be applied only to this web site and it is not deemed applicable to other web sites eventually visited by the user through links. The Data Controller shall not be deemed responsible for third party web sites.
The Data Controller is CSF Inox S.p.A. Strada per Bibbiano, 7 – 42027 Montecchio Emilia (Reggio Emilia) – Italy – mail: firstname.lastname@example.org – PEC: email@example.com – P.Iva 01338270356 – REA RE 177498 – 3.120.000 € i.v.
LOCATION OF PROCESSING
The processing related to this web site shall take place within the Data Controller’s headquarter and it shall be only processed by personnel assigned of the processing or providers responsible for Internet and hosting/housing services of this web site, otherwise by any person responsible for non-routine maintenance operations who are under the direct control of the Data Controller.
TYPES OF DATA PROCESSING
Web browser data
Information system and software operating this web site collect some personal data during their operations, whose submission is implicit over the use of internet protocols. These data are not collected to be associated with identifiable natural persons, although by their nature this data may enable to identify users through processing or grouping with data owned by third parties.
Within this category of data are included IP addresses, domain names of computers (DNS) connected to the website, URI (Uniform Resource Identifier) addresses, time of the request, the method used to submit the request to the server, the size of the file received as a reply, the numeric code indicating the reply state given by the server (success, error, etc.) and other parameters related to the operating system and to the software environment of the user. These data are only used to retrieve anonymous statistic information related to the use of website and to verify its correctly operation and they are deleted immediately after their processing.
The data may be used to ascertain any responsibility in the event of hypothetical cyberoffences to the detriment of the web site, notwithstanding such event, the data will not be saved for more than 7 days at present.
Data deliberately provided by the user
Voluntary and explicit e-mail sending to the addresses provided within this web site and form webs or the registration forms of newsletters within the web site implies to acquire the sender address necessary to reply to any request, as well as other personal data. Summary notices are provided within the web site pages dedicated for collecting data (form webs).
Personal data provided by the user in a voluntary fashion shall be processed for the following purposes, until the consent is revoked:
· Browsing the web site;
· Request of contacts through sending requested information;
· Provision of ordered goods or services and fulfilment of contractual obligations;
· Fulfilment of legal and regulatory requirements;
· Bookkeeping, invoicing, credit management and other administrative-accounting activities. For the purposes of applying data protection regulatory requirements, processings for administrative and accounting purposes are those related to the fulfilment of organizational, administrative, financing and accounting activities regardless of the nature of processed personal data. In particular, internal organizational activities, contractual obligations to discharge and noticing activities pursue these purposes.
· Sending newsletters or periodic communications by e-mail in the event the user has explicitly requested the service through the dedicated form web;
· Any activity related to the relationship in place.
METHOD OF PROCESSING
Personal data are processed by automated tools for the strictly necessary time to achieve the purpose for which they have been collected. Specific security measures shall be followed to prevent any data breach, illicit uses or unauthorized accesses.
SCOPE OF COMMUNICATION AND DISSEMINATION
Processed data shall not be disseminated, sold or exchanged with third party subjects without an explicit consent. The scope of data communication is solely limited to competent
subjects for the fulfilment of contractual and legal requirements. Therefore, these data might be communicated to third parties that belong to the following categories:
· Information system service providers;
· Servicing or consulting firms;
· Public authorities or public bodies for the fulfilment of legal and regulatory requirements.
· Companies within CSF Inox S.p.A. and/or companies’ member of CSF Inox S.p.A.
Group network or private subjects directly involved in provision of the service or legitimately authorized to be informed of the data in accordance with the law.
In any case, data that are deemed necessary and relevant in accordance with the processing purposes for which they were collected.
VOLUNTARY PROVISION OF DATA
Except for matters specified for navigation data, the user may freely provide personal data required by the web forms on the website or to request the transmission of the newsletters, information material, commercial offers or any other communication. The denial to provide such data may imply our inability to provide the requested services.
EXPORTING DATA TO NON-EU COUNTRIES
Collected data shall not be exported to Non-EU countries.
Personal data collected for the aforementioned purposes shall be stored within our company for the necessary period of pertaining activities (or activities defined by the web-form pages
), afterwards they shall be destroyed (oblivion right) or, if necessary, provided on an anonymous basis (pseudonominization) for statistical purposes.
As far as personal data collected for administrative-accounting purposes, the retention period shall comply related law requirements, at the end of which, data shall be destroyed (oblivion right) or, if necessary, provided on an anonymous basis (pseudonominization) for statistical purposes.
DENIAL OF CONSENT
Consents given on different web-forms aimed to collect personal data may be revoked in accordance with the articles 7 p.3 and 17 p.1 lett b). The denial may be exercised communicating with our Data Controller to the addresses listed in the next paragraph.
RIGHTS OF DATA SUBJECTS
As far as the aforementioned processing is concerned, data subjects can exercise the rights pursuant to the articles no. 15, 16, 17, 18 and 19 of the GDPR EU no. 679/16 (rights to access, rectification, erasure, restriction to the use and notification in the event of rectification/erasure/restriction by the Data Controller).
As far as the aforementioned processing is concerned, data subjects can exercise the rights pursuant to the article no.7 of the Italian D.Lgs. 196/2003, within the limits and conditions of articles no. 8, 9 and 10 of the mentioned legislative decree.
The exercise of your right can be made by e-mail to the address firstname.lastname@example.org or via mailbox to the company’s headquarter address.
CSF Inox S.p.A. – Strada per Bibbiano, 7 – 42027 Montecchio Emilia (Reggio Emilia) – Italy
CONTACTS OF OUR DATA CONTROLLER:
CSF Inox S.p.A. Acting as Legal Representative CSF Inox S.p.A., autonomous “Personal Data Controller”
CSF Inox S.p.A. Acting as “Personal Data Processor
CSF Inox S.p.A. Acting as “Data Protection Officer” (DPO) of CSF Inox S.p.A.
The Data Controller retains the right to amend, update or delete parts of this notice at its discretion and any time. Data subjects are required to check any amendments. In order to facilitate the check, this was amended on May 3rd, 2018