INFORMATION ON THE PROTECTION OF PERSONAL DATA PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679)
INDUSTRIE GENERALI S.p.A., with registered office at Via Milano, 201– 21017 Samarate (VA), Tel +39 0331 226233 – email email@example.com, in its capacity as Data Controller (hereinafter, the “Company” or the “Controller”), provides the following information common to the processing of personal data carried out within the context of its institutional website, accessible by electronic means from the address: www.industriegenerali.it (hereinafter, the “Site”).
In this regard, it should be noted that the information is provided only for the Site and not for other websites that may be consulted via hypertext links or widgets (e.g., social networks) published on the Site, but referring to resources outside the Controller’s domain or to the processing that may result from the voluntary sending of messages
1. Categories of data subjects and personal data processed
The Data Controller processes the personal data of natural persons (identified or identifiable) who visit and consult the Site or who voluntarily interact with the Data Controller (hereinafter the “Users”).
The following personal data is processed:
- Browsing data: in the course of their normal activity, the computer systems and software procedures used to operate the Site acquire some personal data whose transmission is implicit in the use of internet communication protocols. This category of data includes: the IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters relating to the users’ operating system and computer environment;
- Data communicated: the optional, explicit and voluntary sending of messages by completing and forwarding forms on the Site and/or to the Company’s contact addresses or to institutional profiles/pages on social media (where this possibility is provided) involves acquiring the User’s contact details necessary to respond, plus all additional and any personal data included in the registration form or in the communications. Specific notices will be published on the Site pages displaying the form or prepared to provide certain services.
2. Purpose of the processing and legal bases
The Data Controller processes the Personal Data collected in the context of the Site for the purposes and under the legal bases indicated in the following table:
|What are the PURPOSES of the processing?||What are the LEGAL BASES for the processing?|
|1)||Fulfilment of a legal obligation related to civil, tax and administrative provisions, Community legislation, rules, codes or procedures approved by authorities and other competent institutions, and to respond to requests by the competent administrative or judicial authority and, more generally, by public entities in compliance with legal formalities.||Fulfilment of a legal obligation to which the Data Controller is subject.|
|2)||To assert and defend its rights, including through out-of-court initiatives and third parties, and to prevent and detect fraudulent activities or misuse of the Site (for potentially criminal purposes, such as identity theft, cybercrime, etc.).||Pursuit of the Data Controller’s legitimate interest.|
|3)||To allow Users to access the Site and browse optimally, and to manage requests received through the Site.||Execution of pre-contractual measures adopted at the User’s request.|
|4)||Limited to the browsing data of Users under para. 1 point a), for the purposes of security of the Data Controller’s systems and to obtain statistical information on the use of the Site (such as the Site’s most frequently visited pages, the average time spent on each page), as well as to control and administer the operation of the Site and improve the services provided.||Pursuit of the Data Controller’s legitimate interest.|
|5)||To manage the contact section of the site and therefore respond to any user requests submitted by completing the appropriate form or sending communications to the Data Controller’s email address||Execution of pre-contractual measures adopted at the User’s request.|
3. obligatory nature of providing the requested data and consequences of non-provision
Except as specified for browsing data (and, in the specific policy, for cookie management), the user is free to provide their Personal Data (through forms – on the pages that allow it – or in other ways to the Data Controller’s contact details) in order to send requests for information or receive commercial communications.
The data requested to book the services offered is necessary to provide the related services. Refusal to provide such data could therefore make it impossible to manage the relationship and deliver the requested service.
4. Method of processing
The Personal Data will be processed by means of both manual and automated computer tools, exclusively by authorised and specially instructed parties.
5. Recipients/categories of recipients of personal data
For the purposes indicated in this notice:
Users’ Personal Data may be disclosed:
- to those authorised to process it by the Data Controller (employees or collaborators);
- to the Data Controller’s third-party service providers (including IT service providers, hosting providers, web editors, as well as companies or entities that provide legal and insurance services), who will operate as data processors where appropriate;
- to third-party companies and professionals appointed to assert the Data Controller’s rights, interests and claims arising from the relationship with Users;
- to state administrations, judicial or administrative authorities, public and private bodies, including after inspections and verifications;
- to parties who can access the data by virtue of the provisions of law or secondary/Community legislation.
Only the category of recipients is indicated, as it is subject to continuous updating. To view the updated list of recipients, Users may contact the Data Controller directly by writing to the contact details indicated in para. 9 of this notice.
6. Personal data retention periods
The Data Controller will keep the Personal Data for the time strictly necessary for the purpose for which it was collected. Specifically, the Data Controller will keep:
- Users’ browsing data (indicated in para. 1 a) for the duration of the browsing session and in any case no longer than seven days, except in the case of system malfunctions, in which case it will be kept until the problem is resolved;
- the data communicated by Users (indicated in para. 1 b):
- Personal Data communicated by completing the forms on the website: for the time necessary to process the relevant request;
- Personal Data which needs to be processed in relation to legal obligations: for the legal duration;
and in any case, for the purposes indicated in para. 2, no. 2, at most for the limitation period of the relevant actions increased as a precaution by six months, in order to ensure the Company’s right of defence regarding future possible disputes in judicial or administrative proceedings.
In all cases, after the respective terms have elapsed, all Personal Data will be deleted or anonymised. It is understood that the terms indicated may be extended in cases where retention for a further period is required on the occasion of any disputes, requests by the competent authorities or in accordance with the applicable legislation.
7. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR AN INTERNATIONAL ORGANISATION
Within the scope of the above purposes, it is possible that your data will be transferred to EU Member States.
If the circumstances arise, Users may exercise the following rights vis-à-vis the Data Controller:
- Right of access: allows Users to obtain confirmation from the Data Controller as to whether or not Personal Data concerning them is being processed and, if so, to obtain access to their Personal Data;
- Right to rectification: allows Users to have inaccurate/incomplete Personal Data rectified/supplemented;
- Right to erasure: allows Users to have their Personal Data erased in the cases provided for by law;
- Right to restrict processing: allows Users – in the cases provided for by Article 18, paragraph 1 of the GDPR – to obtain restriction (i.e. the marking of Personal Data stored with the aim of restricting its future processing) of the processing of their Personal Data;
- Right to data portability: allows Users – in cases where the processing is carried out by automated means on the legal basis of the contract or consent – to receive the Personal Data concerning them in a structured, commonly used and machine-readable format, limited to the data provided to the Data Controller, and likewise the right to transmit such data to another data controller.
Furthermore, Users have the right::
- to object to the processing of their Personal Data for the purposes indicated in paragraph 2;
- if they believe that the Personal Data referable to them through this Site is processed in violation of GDPR provisions, to lodge a complaint, pursuant to Article 77 of the GDPR, with the national supervisory authority of the EU Member State where the Data Subject has their habitual residence or place of work or where the alleged violation of their right occurred (if this is Italy, the entity to contact is the Italian Data Protection Authority) or to take legal action (Article 79 of the GDPR).
To exercise all these rights, the data subject can submit a specific request by contacting the Data Controller in the following ways:
- by post c/o INDUSTRIE GENERALI S.p.A. to the address Via Milano, 201– 21017 Samarate (VA);
- by sending an email to the ordinary email address e-mail firstname.lastname@example.org.
This privacy notice was updated on 01/06/2022
The Company reserves the right to amend part or all of this notice or update its content, for example as a result of changes to the applicable law. Therefore, the Company asks the User to regularly check the notice so as to be aware of the latest updated version and always be informed of the collection method and use of Personal Data.