Informational document pursuant to Article 13, Regulation (EU) 2016/679 (GDPR)

WHY THIS INFORMATION

Pursuant to Regulation (EU) 2016/679 (hereinafter “GDPR”), this page describes how personal data are processed.  This information is provided pursuant to Art. 13 of the GDPR. This information does not apply to other third-party websites that may be accessible via links on this website, for which no liability is accepted.

Personal data that can be processed

Personal data: any information relating to an identified, or identifiable, natural person (the “Data Subject”). An identifiable natural person is a person who can be identified, directly or indirectly by reference of an identifier such as: a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (recitals 26, 27, 30 GDPR).

Contractor/user data.

Browsing data

The computer systems and software procedures that operate this website acquire some personal data during normal use, which is transmitted using Internet communication protocols.

This data category includes IP addresses or the domain names of the computers and the terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment.

Data provided voluntarily

If messages are sent voluntarily to the contact addresses indicated on this website and/or the provision of data on forms, the sender’s email address will then be stored together with any other personal data in the email, in order to reply to the request or query.

Information on the processing of personal data through social media platforms

With regard to the processing of personal data by the operators of the social media platforms used by the Data Controller, please refer to the information provided by them in their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of social media platforms in order to manage interactions with users (comments, public posts, etc.) and in compliance with current laws.

Specific policies

Specific policies may be referred to on the pages of the website with respect to particular services or processing of the data provided.

Cookies and other tracking systems. What are they? What are they for?

For cookies and other tracking systems see the cookie policy in the footer of the website and at the following link.

1. WHO IS THE DATA CONTROLLER? HOW CAN IT BE CONTACTED?

The Data Controller is Vismaravetro Srl, with registered office in via Furlanelli, 29 Verano Brianza (MB), in the person of its pro-tempore Legal Representative, who may be contacted for any information by telephone +39 0362992244 or email privacy@vismaravetro.it.

 

2. PURPOSE OF THE PROCESSING, LEGAL BASIS, DATA RETENTION PERIOD AND NATURE OF PROVISION OF THE DATA

PURPOSES OF THE PROCESSING

LEGAL BASIS

PERIOD OF STORAGE

NATURE OF THE PROVISION

A. BROWSING THIS WEBSITE.

The data required for the use of the web services are also processed for the purpose of:

• Gathering statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.).

• Monitoring the proper operation of the services offered.

 

Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data, having regard to the reasonable expectations of the Data Subject and the activities strictly necessary for the operation of the website and the browsing thereof

(Art. 6, para. 1, lett. f and recital 47 of the GDPR).

 

Browsing data are stored for the duration of the browsing session.

 

The provision of data is necessary for browsing the website.

 

A1) Use of cookies and similar technologies.

See the cookie policy in the footer of the website

For necessary non-technical cookies and similar technologies, processing is based on consent to the processing of personal data (Art. 6, para. 1, lett. a and recitals 42 and 43 of the GDPR).

Consent is given through the website's banner and cookie policy

See the cookie policy in the footer of the website

See the cookie policy in the footer of the website

B. NEWSLETTER - DIRECT MARKETING, for sending commercial communications after subscribing to the newsletter, by automated means (email).

The data will be entered in the company’s CRM software. The Data Controller makes use of newsletter and promotional communication sending systems and their reports in order to compare the results of its communication efforts and, where necessary, improve them. Reports enable the Data Controller to know, for example: the number of readers, openers and unique clickers; the devices and operating systems used to read the communication; details on the activities of individual users; details about sent emails, delivered and non-delivered emails, and forwarded emails. The data are used to compare and where necessary, improve the results of our communication efforts.

The processing is based on consent to the processing of personal data (recitals 42 and 43)

Art. 6, para. 1, lett. a of the GDPR

 


 

Until consent is withdrawn

(or opt-out)

Provision is optional.

 

Failure to provide the necessary data will result in the impossibility of receiving direct marketing communications

C. CONTACT/INFORMATION REQUEST AREA - about products, service, contacts, sales network, spare parts, suggestions

Processing is necessary for the performance of pre-contractual measures taken at the request of the Data Subject (Art. 6, para. 1, lett. b and recital 44 of the GDPR).

 

1 year

Required. The data must be provided in order to be able to satisfy the Data Subject’s request

D. HANDLING OF YOUR REQUESTS and requests from other data subjects, pursuant to Art. 15 and following of the GDPR(rights of the Data Subject)

Processing is necessary for compliance with a legal obligation the Controller is subject to (recital 45)

Art. 6, para. 1, lett. c of the GDPR

5 years from the closure of the request, except for litigation

 

The provision of personal data is mandatory, as it is indispensable in order to be able to fulfil legal obligations.

 

E. ONLINE PURCHASES – sale of spare parts / accessories and associated administrative-accounting activities. No registration with the website is required to make a purchase.

processing is necessary for the performance of a contract the Data Subject is a party to or for the accomplishment of pre-contractual measures taken at the Data Subject's request (recital 44) Art. 6, para. 1, lett. b of the GDPR

 

10 years Article 2220 of the Italian Civil Code, without prejudice to contractual and non-contractual issues that may arise and without prejudice to other legal obligations

Provision is necessary.

 

Failure to provide the necessary data will make it impossible to proceed with the order.

4. WHO WILL PERSONAL DATA BE DISCLOSED TO? RECIPIENTS OF THE DATA

Personal data will be disclosed, including on the basis of the purposes envisaged in specific areas, to parties who will process the data as autonomous Data Controllers or Data Processors (Art. 28 of the GDPR) and processed by natural persons (Art. 29 of the GDPR) acting under the authority of the Data Controller and Data Processors on the basis of specific instructions given regarding the purposes and methods of processing, for specific purposes on the basis of the area of reference. The data will be disclosed to recipients belonging to the following categories: - parties that provide services for the management of the Vismaravetro Srl information system and communication networks (including email); - for administrative-accounting purposes, data may be sent to commercial information companies for the assessment of solvency and payment habits and/or to parties for debt collection purposes; - for newsletters/direct marketing, subject to consent, to parties for the management of direct marketing; - competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request

The list of Data Processors is available by writing to privacy@vismaravetro.it or to the other addresses specified above.

5. WILL THE DATA BE TRANSFERRED TO NON-EEA COUNTRIES?

Personal data will not be transferred to countries outside the EEA. Where consent has been given for marketing activities/release of specific categories of cookies, transfer outside the European Union may occur.In such case, the data will be transferred in compliance with Article 44 and following of EU Regulation 2016/679. For information on the guarantees inherent in the transfer of data outside the EEA write to privacy@vismaravetro.it.

6. IS THERE AN AUTOMATED PROCESS?

Personal data will be subject to traditional manual, electronic and automated processing. Note that there are no fully automated decision-making processes.

7. WHAT ARE YOUR RIGHTS? HOW CAN YOU EXERCISE THEM?

You may assert your rights as expressed in Art. 15 and following of the GDPR by contacting the Data Controller at privacy@vismaravetro.it or at the above contacts. You have the right at any time to ask for access to your personal data (Art. 15), as well as to rectify (Art. 16), erase (Art. 17), and restrict the processing of your data (Art. 18). The Data Controller shall notify (Art. 19) each recipient to whom personal data has been disclosed of any amendment or deletion of personal data or restriction of processing carried out. The Controller shall notify the Data Subject about these recipients if the Data Subject requests it. Where relevant, you have the right to the portability of your data (Art. 20), and in such case they will be provided to you in a structured, commonly used and machine-readable format. You have the right to object (Art. 21) at any time to the processing of your data based on a legitimate interest, and in cases where the legal basis is consent, you have the right to withdraw the consent given without prejudice to the lawfulness of the processing based on the consent given before withdrawal.

If you wish to stop receiving automated direct marketing communications (email), please send an email to privacy@vismaravetro.it with the subject line “Unsubscribe from automated processing” or use our automatic unsubscribe systems provided for emails only (opt-out). 

Data Subjects who consider that the processing of personal data by the Controller is in breach of the provisions of Regulation (EU) 2016/679 have the right to lodge a complaint with the Supervisory Authority, specifically in the Member State where they normally reside or work or in the place where the alleged breach of the Regulation occurred (Privacy Authority https://www.garanteprivacy.it/), or to take appropriate legal action.

8. CHANGES TO THE POLICY

The Data Controller reserves the right to change, update or remove parts of this privacy policy. In order to facilitate verification and modification of the text, the policy will specify the date of the update.

Date of update: 18 November 2022

 

Data Controller

Vismaravetro Srl