Informationon the protection of personal data pursuant to Art. 13 and 14 of Regulation (EU) 2016/679)
CASATI MACCHINE S.r.l., with operational headquarters in Via Tonale, 398, 21050 Marnate (VA), email: firstname.lastname@example.org as Data controller(hereinafter, the “Society” or the “Titular“), provides below the information common to the processing of personal data carried out in the context of its institutional website accessible electronically from the address: www.casatimacchine.com(hereinafter, the “Site”).
In this regard, it should be noted that the information is provided only for the Site and not for other web-sites that may be consulted through hypertext linksor widgets(e.g. social networks) published on the Site but referring to resources outside the Domain of the Owner.
Categories of data subjects and personal data processed
The Data Controller processes the personal data of natural persons (identified or identifiable) who visit and consult the Site or who within the same voluntarily carry out interaction actions with the Data Controller (hereinafter, the “Users“).
The personal data processed are:
- Navigation data: the computer systems and software procedures used to operate the Site acquire, in the course of their normal activity, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes: ip addresses or domain names of computers and terminals used by users, addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the computer environment of the users;
- Data communicated: the optional, explicit and voluntary sending of messages by filling in and forwarding formson the Site and / or to the Company’s contact addresses or to institutional profiles / pages on social media (where this possibility is provided) involves the acquisition of the User’s contact data necessary to respond, as well as all further and possible personal data included in the registration formor in the municipalities actions. Specific information notes will be published on the pages of the Site showing the formor prepared for the provision of certain services. (hereinafter, all, the “Personal Data“).
Purposes of the Processing and legal bases:
The Data Controller processes the Personal Data collected in the context of the Site for the purposes and by virtue of the legal bases indicated in the following table:
||What are the PURPOSES of the processing?
||What are the LEGAL BASES of the processing?
||Fulfillment of a legal obligation related to civil, fiscal and administrative provisions, Community legislation, rules, codes or procedures approved by Authorities and other competent institutions, as well as to follow up requests from the competent administrative or judicial authority and, more generally, from public entities in compliance with legal formalities.
||Fulfillment of a legal obligation to which the Data Controller is subject.
||Assert and defend their rights, also through out-of-court initiatives and also through third parties, as well as prevent and detect fraudulent activities or abuse of the Site (for potentially criminal purposes, such as identity theft, computer crimes, etc.).
||Pursuit of the legitimate interest of the Data Controller.
||To allow Users to access the Site and navigate optimally and manage requests received through the Site.
||Execution of pre-contractual measures adopted at the request of the User.
||Limited to the navigation data of users underpar. 1 point a), for security purposes of the Data Controller’s systems and to obtain statistical information on the use of the Site (such as the most frequently visited pages of the Site, the average time spent on each page), as well as to control and administer the operation of the Site and improve the services provided.
||Pursuit of the legitimate interest of the Data Controller.
Mandatory release of the requested data and consequences of non-release
Except as specified for navigation data (and, in the appropriate policy, for some types of cookies), the user is free to provide their personal data (through forms– on the pages that allow it – or in other ways to the contacts of the Data Controller) for sending requests for information or to receive commercial communications.
It is understood that failure to provide them, even partially, may prevent the Data Controller from carrying out what is requested by the User and communication and marketing activities, as well as the fulfillment of any related obligations.
Personal Data will be processed by means of both manual and automated computer tools exclusively by subjects authorized and specifically instructed to do so.
Recipients/categories of recipients of personal data
For the purposes indicated in paragraph 2:
- Users’ Personal Data may be communicated:
- to those authorized to process the Data Controller (employees or collaborators);
- to third party service providers to the Data Controller (including IT service providers, hosting providers, web editors, as well as companies or subjects that perform services legal, insurance) who will operate, where appropriate, as data processors;
- to third-party companies and professionals appointed to assert the rights, interests, claims of the owner arising from the relationship with the Users;
- to State Administrations, judicial or administrative authorities, public and private bodies, also following inspections and audits;
- to subjects who can access the data by virtue of legal provisions or secondary or community legislation.
Only the category of recipients is indicated, as it is subject to continuous updates. To know the updated list of recipients, Users may contact the Data Controller directly, by writing to the contact details indicated in par. 9 of this information.
Retention periods of personal data
Personal Data will be kept by the Data Controller for the time strictly necessary for the purpose for which they were collected; precisely, the Data Controller will keep:
- the Users’ browsing data (indicated in paragraph 1, letter a) for the duration of the browsing session and in any case no more than seven days, except in the case of malfunctions in the systems, in which case they will be kept until the problem is resolved;
- the data communicated by the Users (indicated in par. 1, letter b):
- for the time necessary to process the relevant request;
- Personal Data whose processing is necessary in relation to legal obligations for the duration of the law;
and in any case, for the purposes indicated in paragraph 2, n. 2, for a maximum period equal to the limitation period of the relevant actions increased by a prudential period of six months, in order to ensure the Right of Defense of the Company with reference to possible future disputes in judicial or administrative proceedings.
In all cases, after the respective terms, all Personal Data will be deleted or made anonymous. It is understood that the terms indicated may be extended in cases where the retention for a subsequent period is required on the occasion of any disputes, requests from the competent authorities or pursuant to applicable legislation.
Transferof personal data to a third country or to an international organization
As a rule, Personal Data are not transferred to third countries.
Users, if the circumstances are met, may at any time and free of charge exercise the following rights against the Data Controller:
- Right of access: allows Users to obtain from the Data Controller confirmation as to whether or not Personal Data concerning them are being processed and, in this case, to obtain access to their personal data;
- Right of rectification: allows Users to obtain the correction / integration of inaccurate / incomplete Personal Data;
- Right to cancellation: allows Users to obtain, in the cases provided for by law, the cancellation of their personal data;
- Right to restriction of processing: allows Users to obtain, in the cases provided for in Article 18, paragraph 1 of the GDPR, the limitation (i.e. the marking of personal data stored with the aim of limiting their processing in the future) of the processing of their personal data;
- Right to data portability: allows Users – in the cases in which the processing is carried out by automated means on the legal basis of the contract or of the consent – to receive in a structured format, commonly used and readable by automatic device, limited to the data provided to the Data Controller, the personal data concerning him and similarly the right to transmit such data to another data controller.
In addition, Users have the right:
- to oppose the processing of their Personal Data for the purposes indicated in paragraph 2. sub2 and n. 4 for reasons, to be explicit, related to their particular situation;
- as well as, if they believe that the processing of Personal Data referred to them carried out through this Site takes place in violation of the provisions of the GDPR, to lodge a complaint with the National Supervisory Authority of the member state of the European Union in which the interested party has his habitual residence or place of work or where the alleged violation of his right has occurred (in the case of this State is Italy, the subject to whom you can contact is the Guarantor Authority for the protection of personal data) or to refer the matter to the appropriate judicial offices (Article 79 of the GDPR).
To exercise all rights or request information, the interested parties may contact the Data Controller: