Informativa Protezione Dati Personali relativa al trattamento dei dati personali ai sensi degli artt. 13 e 14 Personal Data Protection Notice concerning the processing of personal data pursuant to Articles 13 and 14 of EU Regulation 2016/679 (GDPR)
In compliance with the obligations deriving from the General Data Protection Regulation no. 2016/679 (GDPR), in particular articles 13 and 14, and national legislation, we respect and protect the confidentiality of the data subjects (visitors and users), making every possible and proportionate effort not to infringe their rights.
1. Treatment subjects
The data controller of personal data in accordance with the laws in force is: ARS Engineering S.R.L.U., with registered office in Via F.lli Giovannini 3, Rovereto (38068) TN, contactable at the email firstname.lastname@example.org or at the specified address.
2. Types of data collected
Il presente sito raccoglie dati direttamente dagli interessati, in due This site collects data directly from interested parties in two ways:
Data collected in an automated way
During the Users’ navigation, the following information may be collected and stored in the server (hosting) log files, in some cases also in the site’s database:
- Internet Protocol (IP) address;
- browser type;
- parameters of the device used to connect to the site;
- name of the Internet Service Provider (ISP);
- date and time of the visit;
- the visitor’s source (referral) and exit web pages;
- possibly the number of clicks.
This data is used for statistical and analysis purposes, in aggregate form only. None of this information is related to the physical person-user of the site, and do not allow in any way their identification. The IP address is used solely for security purposes and is not cross-referenced with any other data.
In addition, the site may collect additional data, including user navigation data, for advertising purposes. This data does not include your name, address, email address or telephone number, and is used to provide you with personalised advertisements about products and services. For more information about these services, please read the information provided by the third-party companies, which also provides options to disable the collection of information by these companies.
Data provided voluntarily
The site may collect other data in case of voluntary use of services by Users, such as comment services, communication (contact forms, sending newsletters).
Such data, used exclusively for the provision of the requested service, may be as follows:
- name and surname,
- date and place of birth,
- email address,
- identity document,
- VAT number and/or tax code,
- payment methods and bank details.
The User exonerates the Data Controller from any responsibility regarding possible violations of the law, guaranteeing that they have the right to communicate or disseminate the data. It is up to the User to verify that he/she has the permissions and rights to enter personal data of third parties or content protected by national and international regulations (e.g. copyright).
I servizi forniThe services provided by the site are generally not aimed at individuals under 16 years of age, and we therefore do not knowingly record their data.
Methods of data processing
The processing of personal data is carried out mainly using computer and telematic tools in compliance with the regulations in force and in particular with the principles of correctness, lawfulness, transparency, pertinence, completeness and not excess, accuracy and with logics of organization and processing strictly related to the purposes pursued and in any case so as to ensure a high level of security, integrity and confidentiality of data processed, in compliance with the organizational, physical and logical measures and in accordance with the provisions of art. 32 of the European Regulation 2016/679 (GDPR) as well as industry practices.
The company does not carry out profiling of its users’ data.
3. Purposes of processing
Data is used for the purposes for which it was collected, unless it is reasonably possible to use it for compatible purposes under applicable laws.
Provision of the service
The data is used primarily for the execution of business relationships and the provision and organisational management of services requested by Users, as well as for the fulfilment of related legal obligations and the protection of contractual rights.
Data is used in an exclusively aggregated and anonymous form in order to verify the correct functioning of the site, to improve the online shop and the platform. None of this information is related to the natural person concerned (user or site visitor), and it does not allow them to be identified in any way.
The data is processed in order to protect the security of the site (spam filters, firewalls, virus detection), users and their information, and to prevent or unmask fraud or abuse (e.g. SPAM) to the detriment of the website. They are recorded automatically and may possibly also include personal data (IP address) that could be used, in accordance with the laws in force, to block attempts to damage the site itself or to cause damage to other users, or in any case harmful or criminal activities. Such data are never used to identify or profile the User and are deleted periodically.
The data are used, subject to consent, to keep Users informed of the services on activities, events, promotions and offers promoted by the Owner.
Data is processed to handle orders, provide products and services, manage product and service warranties, process payments, communicate with Users about orders, products, services and promotional offers, update records and generally manage User accounts, display content such as wish lists and customer reviews, and recommend products and services that may be of interest to Users.
The data may be communicated to third parties who perform functions necessary or instrumental to the operation of the service (e.g. companies that manage the information system and the website), and to
allow third parties to carry out technical, logistical and other activities on our behalf.
The Data Controller uses suppliers to carry out certain activities, such as fulfilling orders, delivering packages, sending traditional mail, analysing data, providing marketing assistance, making credit card payments and providing customer services.
Suppliers only have access to personal data that is necessary to perform their tasks, they undertake not to use the data for any other purpose, and they are obliged to process personal data in accordance with applicable laws.
4. Legal basis of the processing
The data relating to the performance of economic activities and those functional or instrumental to the performance of economic activities (supply of services and shopping) are processed on the basis of the fulfilment of contractual and pre-contractual obligations. Refusal to provide such data precludes the execution of the contract and exposes the person concerned to possible liability for breach of contract.
The data for tax compliance and bookkeeping, which are necessary in order to use the services provided against payment, and for invoicing purposes, are processed in accordance with legal obligations. Refusal to provide such data prevents the fulfilment of the obligation and possibly also exposes the person concerned to penalties provided for by the legal system.
Marketing/advertising data are processed on the basis of user consent. Consent is given by means of the banner at the bottom of the page, with which visitors/users consent to the processing of their personal data in relation to the methods and purposes described below, including possible disclosure to third parties if necessary for the provision of a service, or by means of communication or service request forms (e.g. newsletters) that collect further specific consents with respect to the purpose of the service.
The provision of data and therefore consent to the collection and processing of data is optional, the User may deny consent, and may revoke consent already provided at any time (via the banner at the bottom of the page or the browser settings for cookies, or the Contact Us link). However, denial of consent may result in the inability to provide certain services and your browsing experience on the site would be impaired.
Data for the security of the site and company assets and for prevention of abuse and SPAM, as well as data for the analysis of site traffic (statistics) in aggregate form, are processed on the basis of the legitimate interest of the Data Controller in the security of the site and user information. The processing of data for commercial communications relating to products and/or services similar to those already purchased and/or subscribed to by the user (soft spam) is also based on the legitimate interest of the Data Controller.
5. Place of processing
The data collected by the site are processed at the Data Controller’s premises, and at the web hosting datacenter. The web hosting, Servereasy, which is responsible for data processing by processing the data on behalf of the Data Controller, is located in the European Economic Area and acts in accordance with European standards.
6. Period of data retention
The data is kept for the time necessary in relation to the purposes for which it was collected, and in any case no longer than the time prescribed by law. In the absence of rules or practices that provide for different retention periods, the data will be used, balancing the interests of the owner and the rights of the interested parties, for an appropriate time in relation to the interest expressed by the interested party and kept for the minimum period necessary in accordance with the indications contained in the sector regulations. The data may be processed for further periods if the processing is necessary to defend or enforce a right or by order of the authorities.
The data collected are processed for the following periods:
- finalità di fornitura serviz
- service provision purposes: data is kept until the expiry of the contract, some data is kept until the end of the period for legal protection;
- shopping purposes: data are kept until the warranty period expires;
- sending newsletters and related purposes: until the user unsubscribes via the link in each email;
- data necessary for tax, accounting, fiscal and anti-money laundering purposes: they are kept until the assessments relating to the corresponding tax period are defined, therefore for at least 10 years (art. 2220 c.c.) and more if the relevant year is not yet prescribed for tax purposes.
7. Recipients of the data
The data collected will not be transferred, but may be communicated to third parties who provide services or otherwise process data on behalf of the Data Controller, such as: suppliers of IT and functional services for the site; suppliers of outsourcing or cloud computing services; suppliers of payment or credit services; professionals or consultants. Third parties process the User’s data exclusively for the purposes indicated in this information notice and in compliance with the provisions of the applicable legislation.
Other third parties who act as autonomous data controllers may become aware of the User’s data, using the data also for purposes different and additional to those of this site. For example:
- Facebook, Google (Youtube), and in general social networks that use the data conveyed through the social social plugins also for advertising and marketing purposes (e.g. fan pages);
- other third-party service providers acting as autonomous data controllers.
The independent data controllers are bound by European and national regulations on the protection of personal data, and are personally liable for them in full autonomy.
By consenting to the use of the services indicated, by means of the banner at the bottom of the page or by means of the appropriate forms or boxes, the User expressly consents to the communication of the data to the autonomous and joint data controllers for the purposes indicated in this information notice and in their respective information notices.
The data may be provided to judicial and administrative authorities in the event of a legitimate request or to public bodies or agencies in cases provided for by law (e.g. tax data).
7.1 Transfers outside the EU/EEA
Some of the data processed may be shared with services located outside the European Union and the EEA (European Economic Area). In particular:
- Facebook (social plugin, advertising services);
- Microsoft-LinkedIn (social plugin);
The transfer is authorised on the basis of specific decisions of the European Union and the Data Protection Authority. In cases where there are no adequacy decisions by the European Commission, the Data Controller shall endeavour to ensure that adequate safeguards are adopted by signing standard contractual clauses approved by the EU Commission with the foreign company receiving the data. These clauses guarantee a level of data protection corresponding to that set out in European legislation.
8. Security measures
We process the data of visitors and users lawfully and fairly and take appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of data. We strive to protect the security of your personal data when sending them, for example by using Secure Sockets Layer (SSL) software, which encrypts information in transit. The processing is carried out using computer and/or telematic tools, with organisational methods and logic strictly related to the purposes indicated. Moreover, a business continuity plan is in place to ensure the recovery of data, and therefore the availability of the service, in a short time.
However, it is essential that the User adopts appropriate protection measures to safeguard the credentials for accessing the service, thus avoiding unauthorised access.
10 – Diritti degli interessati
You may exercise the following rights at any time:
- The right to access your data and to know its origin, purpose and period of storage, details of the Data Controller and of the entities to whom the data has been disclosed, whether the data is transferred to a third country and information on the safeguards for the transfer;
- the right to obtain a copy of the data provided within reason;
- to revoke at any time the consent given without the need to give reasons, but without prejudice to the processing carried out up to that moment;
- the right to update or correct your data;
- the right to object in whole or in part to the processing carried out on the basis of the legitimate interests of the data controller, unless there is a legitimate reason to continue the processing, such as the exercise of rights in a court of law;
- the right to object to the processing of your personal data for marketing or commercial communication purposes;
- the right to request deletion of your data (even after revocation of consent), if it is no longer necessary for the purposes of the data controller, in case of revocation of consent, objection to processing, processing in breach of the law, or if there is a legal obligation to delete;
- the right to restriction, i.e. to obtain the blocking of processing in the event of a breach of the lawfulness requirements, but also if the data subject requests the rectification of the data (pending rectification) or objects to their processing (pending the decision of the controller), in which case the data will not be processed except for the purpose of storing them
- the right to data portability, i.e. in cases of processing based on consent or contractual necessity, the right to receive or transmit to another designated data controller, at the sole cost of any support, your data provided to the Controller, in a structured, machine-readable form and in a format commonly used by an electronic device;
- the right to lodge a complaint with the Supervisory Authority (Garante Privacy – link to the Garante’s page http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524 );
- the right to know about the existence of an automated decision-making process, including profiling, and meaningful information about the logic used, as well as the importance and expected consequences of such processing for you.
In order to exercise your rights, you may be required to provide documentation that identifies you (copy of an identity document), to certify the legitimacy of the request and to prevent the data from falling into the wrong hands. The deadline for responding to requests is 30 days, which may be extended by another 30 days in special cases.
Requests should be forwarded to the Data Controller.
The possible entry into force of new industry regulations or practices, as well as the updating of services to the user, may require changes to the terms and conditions described in this Policy. It is therefore possible that this document may change over time.
We encourage you to periodically review this page.