Form: IS – Update Date 01/2023
Articles 13 and 14 EUROPEAN REGULATION No. 2016/679
Legislative Decree 2003/196, as amended by Legislative Decree 2018/101
Dear Data subject,
This notice outlines our site management procedures with regard to the processing of personal data of users who visit it, as well as the data processing practises through this web site. In compliance with Articles 13 (concerning data collected from the data subject) and 14 (concerning data not collected from the data subject) of Regulation (EU) 2016/679 (hereinafter GDPR), we shall provide to the Users of this Web site, the following information, which relate solely to the processing carried out through this Web site, and not through any other web sites visited by means of links from this, for which it is recommended to read the related notices provided by the respective Data Controllers. This Web site and any services provided through the Web site shall be intended for individuals 18 years old and over. The Data Controller, therefore, shall not process personal data concerning individuals below 18 years old. The Data Controller shall erase, at the request of such Users, all personal data unintentionally collected without delay.
1. Data Controller
The Data Controller is Idrobase Group Srl, with registered office in Via dell’Industria 25, 35010 Borgoricco (PD), tax code and VAT number 04604140287, (hereinafter “Data Controller”). The Data Controller shall reserve the right to appoint, as Data Processor of personal data handled for the purposes of technical assistance, maintenance, technical management and alike of this Web site, a web agency or consultant, which or whose details may be disclosed following a request to the above address. The Data Controller and Data Processor shall process Users’ data, also thanks to their internal Appointees, specifically designated with instructions and authorised to the processing.The Data Protection Officer (DPO) may be contacted by the following means: phone +39 348 3165267, e-mail: firstname.lastname@example.org.
2. Categories of data processed and sources of origin
• Browsing data (in the course of normal operation, the IT systems and software procedures employed to run this site, acquire certain personal data, which transmission is implicit in the use of Internet communication protocols. This data category includes: the IP address, type of browser used, operating system, domain name and website addresses from which access or exit has been made, information on pages visited by users within the web site, access time, permanence on the same page, analysis of internal path and other parameters relating to the operating system and the user’s computer environment. Such technical/IT data shall be collected and used solely in an aggregated and anonymous manner. Such data shall be processed with the purpose of permitting and controlling a proper use of this site, as well as obtaining anonymised statistics on the use of the web site thereof, and they shall be immediately erased after processing.)
• Data voluntarily provided by the user, inter alia:
o Common data (identification data, personal details, billing data and alike)
o Only exceptionally special data (Article 9 GDPR)
o Only exceptionally criminal data (Article 10 GDPR)
Sources: browsing, other sites, cookies and alike; user; public sources.
We may process, first of all, browsing data, as well as cookies.
We may also process data voluntarily provided by users, such as via the contact form or a communication sent via e-mail, notably common personal data (identification data, personal details, billing data and alike), and exceptionally, special data pursuant to Article 9 GDPR or criminal data pursuant to Article 10 GDPR, within the strict limits required by the information request received and prior consent of the data subject.
Data may come from automatic sources or voluntary sources, as well as public sources. For example, they may come from the user’s browsing, which could carry information relating to previous visits of other web sites, including in particular cookies and other similar technology. Data may also be voluntarily provided by users or entities related to them. Other data may come from public sources, such as those processed in research and arising from analysis, public databases and alike.
3. Purposes of the processing
Personal data of Web site Users, as outlined above, shall be subject to processing with the modalities and in the forms laid down in GDPR to perform the Web site features, including but not limited to browsing the pages and procedures described therein, concerning data collection, the contact form, any registration process / access to the reserved area, newsletter subscription and alike. Specifically, personal data provided to the Data Controller shall be processed to fulfil the following purposes:
• respond to Users’ specific requests addressed to the Data Controller by means of the Web site and its means of communication (contact form, information request forms and alike);
• communications of an informative nature relating to services of the Data Controller thereof, following information requests by means of e-mail messages or filling in the contact form and other means of communication;
• any registration to events organised by the Data Controller and other connected activities (such as checks on participation, alerts relating to any updates or changes to events, etc.);
• other accessory purposes or related to those outlined above and, in any event, pertaining to the Web site activities.
4. Legal basis of the processing
The processing of personal data shall be based on the fulfilment of contractual or pre-contractual obligations associated with the requests made by Users (such as information requests concerning the services provided by the Data Controller, quote requests, etc.), as well as, where appropriate, on consent by free and informed filling in the appropriate information fields on the form for data collection and provision, and, where applicable, ticking the specific checkbox.
It should be noted that, filling in the appropriate fields on information request forms is inherent to the request thereof, and, therefore, this shall entail, according to the context, the fulfilment of a pre-contractual or contractual obligation. Consent may be requested later on for the processing of additional data.
There shall be a specific privacy notice wherever necessary (notice other than this).
In any event, processing shall also be based on the legitimate interest, including the right to information, therefore, please refer to the following section.
5. Legitimate interest of the Data Controller
The processing of personal data shall also be based on the legitimate interest of the Data Controller, such as the exercise of its rights in the context of information society, the performance of its contractual obligations and the implementation of direct marketing operations (in the modalities, by the means and in the terms provided for in the legislation).
6. Obligation of the provision
The provision of data relating to Users’ browsing, for the aforementioned purposes, shall depend on the privacy level that Users have enabled or disabled through their browser. In certain cases, disabling may affect browsing on this Web site. As regards as certain modules of this Web site, the provision of browsing data and/or use of technical cookies shall be required for the proper functioning of the Site thereof.
In any event, the provision of certain of your data shall be necessary for the same structure of the Web site and its procedures. Any request of other optional data shall instead be preceded by an appropriate check for approval. The provision of all the other data shall be optional, according to the type of information that Users intend to provide to the Web site.
Without prejudice to the above, for example, the provision of the e-mail account shall be necessary in order to respond to the request made via contact forms, as well as other required data marked with an asterisk therein. The other data are optional.
Failure to provide the necessary data for the action requested (such as regarding the e-mail account via information request forms by this mean), shall result in the inability to process the request by the Data Controller.
APPLICABLE PROVISIONS TO ALL PROCESSING
In any event, even when the data subject has given consent to authorise the Data Controller, to pursue all purposes mentioned in the above sections, the data subject shall be, in any event, free to revoke it at any time.
We inform you, specifically and separately, as required under Article 21 of the Regulation, that the data subject shall have the right to object, at any time, to processing of personal data, concerning him or her, carried out for the aforementioned purposes and, where the data subject objects to processing, personal data shall no longer be processed for such purposes.
7. Any recipients of the personal data
Data may be disclosed to companies related to, connected to or controlled by the Data Controller, as well as consultants, or also third parties, who operate, also in the name and on behalf of the Data Controller, to process the services connected to the purposes referred to in this notice, both within the EU and outside the EU (in this latter case, they shall only be entities adhering to the existing legislation).
In any event, data may be disclosed to Data Processors, as well as persons authorised to the processing and duly instructed, always for the purposes of the processing.
For the sake of brevity, the detailed list of such entities is available at our registered office.
Your personal data shall not be, disseminated and transferred to third countries or international organisations, disclosed to third parties except for legal and contractual obligations (it should be noted that, also the disclosure of data to the other company of the group, and precisely ALBA SRL, shall pertain to contractual obligations, being the activities of this essential for the fulfilment/performance of what requested by you).
8. Period of storage
The data voluntarily provided by the data subject shall be stored until express withdrawal by the data subject, including by means of any action on his or her browser, clearing cookies, express request or otherwise. Browsing data shall be stored, in compliance with the principle of proportionality, in a form which permits the identification of the Data subject for no longer than is necessary for the purposes for which they are collected or processed thereafter.
Where it is necessary storing data for a longer period, to protect or enforce a right, or for the fulfilment of any legal obligations or orders by the Authorities, the terms set out above shall not apply.
9. Rights of the data subject
Each data subject shall have the right to access, rectification, erasure (be forgotten), restriction, receive the notification in the event of rectification, erasure or restriction, portability, object and not to be subject to automated decision-making, including profiling, pursuant to Articles 15 to 22 of GDPR. Such rights can be exercised in the forms and terms referred to in Article 12 GDPR, by written notice sent to the Data Controller (see section 10).
The Data Controller shall properly and timely respond to the request and, in any event, within the period of 1 month of receipt of request.
10. Right to withdraw consent (Modalities for the exercise of the rights)
You can withdraw your consent, where applicable, at any time, and/or exercise your rights, by sending:
- an express request by registered letter with return receipt to the undersigned (see the address in the letterhead);
- an e-mail to: email@example.com.
Each data subject shall have the right to lodge a complaint with a supervisory authority, pursuant to Article 77 et seq. of the GDPR, which for the Italian State is the Italian Data Protection Authority. Methods, modalities and terms for the submission of complaints are provided for and governed by the existing national legislation. The complaint is without prejudice to administrative and jurisdictional actions, which for the Italian State may be brought to the same Authority or the competent Court.
Personal data provided during browsing on this web site and any filling in the forms published therein, may be subject to profiling by third-party providers through third-party cookies.
Profiling enables such third-party providers, independent Data Controllers of the respective processing of personal data for profiling purposes, other than the Data Controller of this web site, to evaluate certain personal aspects of the Data subject, in particular relating to his or her preferences, interests, tastes as regards as the pages visited and activities carried out, in order to enable such independent and different Data Controllers to provide the Data subject with a more specific and targeted service to his or her needs.
13. Data Controller, D.P.O., Appointees/Authorised, Data Processors
Please find herewith below certain information that must be brought to your attention, not only to comply with legal obligations, but also because transparency and fairness towards data subjects are a fundamental part of our business.
Data Controller. The Data Controller of your personal data is Idrobase Group Srl, responsible to you for the legitimate and proper use thereof, and whom you may contact for any information or request to the following details: phone +39 049 9335903, e-mail: firstname.lastname@example.org.
D.P.O. (Data Protection Officer).You may also contact the Data Protection Officer to receive information and submit requests regarding your data, or report disservices or any problem you may have encountered. The Data Controller has appointed Mr. Nicola Ghinello as Data Protection Officer, whom you may contact to the following details: phone +39 348 3165267, e-mail: email@example.com.
Appointees/Authorised. The updated list of appointees/authorised in charge of the processing is available at the registered office of the Data Controller.
For the sake of brevity, the detailed list of such entities is available at our registered office.
14. Social media plug-ins
This site may contain plug-ins of certain social media (such as Facebook). Social plug-ins are special tools, which allow to incorporate social network features directly within the site (such as the Facebook’s "like" feature) and are marked by the logo of the respective social platform. When you visit a page of this site and interact with the plug-in (such as by clicking on the "like" button) or decide to leave a comment, the corresponding information is directly transmitted by your browser to the social network platform (Facebook in this instance) and stored by this. For information on purposes, types and modalities of collection, processing, use and storage of the personal data by the social network platforms, as well as how to exercise your rights, please refer to the social network privacy policies.
15. Links to third-party sites
From this site, it is possible to connect to other third-party web sites through dedicated links. The Data Controller disclaims any liability in relation to any management of personal data by third-party web sites and management of authentication credentials provided by third parties.
Idrobase Group Srl
To contact us
Idrobase Group Srl is pleased to receive comments regarding this privacy notice.
Please contact us at the following e-mail address: firstname.lastname@example.org.