Information notice pursuant to Art. 13 Regulation (EU) 2016/679 (GDPR)
WHY THIS INFORMATION
Pursuant to Regulation (EU) 2016/679 (hereinafter, “GDPR”), this page describes how we process your personal data. This information is provided pursuant to Art. 13 GDPR. The information is not applicable to other third-party websites that may be consulted via links on this website, for which no liability is accepted.
Personal data processed
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (C26, C27, C30).
Contractor / User data
Computer systems and procedures software preceded to the operation of this site, acquire, during their normal exercise, some personal data whose transmission is implicit using Internet communication protocols. This category includes: IP addresses, URI/URL (Uniform Resource Identifier/Locator), time of request, type of request, outgoing packet size, server status of response (received, error, etc.) and other parameters related to the operating system
Data provided by data subject
The optional, explicit and voluntary dispatching of messages to contact-addresses, as well as compilation and forwarding of forms, involves the acquisition of sender’s personal data necessary to reply, as well as all the personal data included in messages themselves.
Detailed notices related to specific services or processing are available on specific pages of the site.
The Data Controller is GALIMBERTI LEONARDO E FIGLI S.N.C., with registered office in Via Luigi Rho n. 103, 20821, Meda (MB), in person of its pro-tempore legal representative. The Data Controller’s contacts are: phone +39 0362 73674, e-mail email@example.com.
PURPOSE OF PROCESSING
DATA RETENTION PERIOD
NATURE OF PROVISION
Navigation on this website.
The data required to use the web services are also processed in order to
• obtaining statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);
• checking the proper functioning of the services offered.
The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, considering the reasonable expectations of the data subject and the activities strictly necessary for the operation of the site and navigation itself (C47)
Art. 6, par. 1 lett. f) GDPR
For the duration of the browsing session
The provision of data is necessary for browsing the website
In addition to navigation, personal data will be processed for:
FINALITÀ DEL TRATTAMENTO
PERIODO DI CONSERVAZIONE
NATURA DEL CONFERIMENTO
A) CONTACTS, sending contact requests, information
The processing is necessary for the execution of a contract to which the data subject is party or for the execution of pre-contractual measures taken at the request of the data subject (C44)
Art. 6 par. 1 lett. b) GDPR
The provision of data is necessary.
If you do not provide your necessary personal data, the Data Controller will not be able to contact you for sending the requests information.
B) HANDLING OF YOUR REQUESTS and requests from other data subjects, pursuant to Artt. 15 et seq. GDPR (data subject’s rights)
The processing is necessary for compliance with a legal obligation to which the Data Controller is subject (C45)
Art. 6 par. 1 lett. c) GDPR
5 years from the closing of the application, except for litigation
The provision of personal data is necessary, as it is indispensable to be able to fulfil legal obligations.
The personal data will be communicated, also on the basis of the purposes contained in specific areas, to subjects who will process the data as autonomous Data Controllers, or Data Processors (art. 28 GDPR) and processed by natural persons (art. 29 GDPR) who act under the authority of the Data Controller and Data Processors on the basis of specific instructions given regarding the purposes and methods of processing, for specific purposes according to the area of reference. The data will be communicated to recipients belonging to the following categories:
The list of data processors is available by writing to the Data Controller at the contacts indicated above.
The personal data will not be transferred to non-EEA countries.
The personal data will be subject to traditional, manual, electronic and automated processing. Please note that no fully automated decision-making processes are carried out.
You may assert your rights as expressed in Artt. 15 et seq. GDPR, by contacting the Data Controller at the contacts listed above. You have the right, at any time, to request access to your personal data (Art. 15), rectification (Art. 16), deletion of the same (Art. 17), restriction of processing (Art. 18). The Data Controller shall inform (Art. 19) each of the recipients to whom the personal data have been transmitted of any rectification or erasure or restriction of processing carried out. The Data Controller shall inform the data subject of these recipients if the data subject so requests. In the cases provided for, you have the right to the portability of your data (Art. 20), in which case they will be provided to you in a structured, commonly used and machine-readable format. You have the right to object (Art. 21), at any time, to the processing of your data based on legitimate interest by writing to the contact details above with the subject “objection”.
In the event that he/she considers that the processing of personal data carried out by the Data Controller is in breach of the provisions of Regulation (EU) 2016/679, the data subject has the right to lodge a complaint with the Supervisory Authority, in particular in the Member State where he/she normally resides or works or in the place where the alleged breach of the Regulation occurred (Garante Privacy https://www.garanteprivacy.it/), or to take appropriate legal action.
The Data Controller reserves the right to amend, update, add or remove parts of this information notice. In order to facilitate the verification and modification of the text, the information notice will contain the date of update.
Date of update: 8th February 2023