1. WHO PROCESSES YOUR PERSONAL DATA?
The data controller is Van Berkel Internarional S.r.l. with registered office at Oggiona con Santo Stefano (VA), Via Ugo Foscolo n. 22 (Italy), V.A.T. no. 08688960965 and can be contacted at the following e-mail address: firstname.lastname@example.org (hereinafter, the “Company” or the “Data Controller”).
Recipients of your personal data
Your personal data could be communicated to:
1. persons authorized by the Data Controller that are committed to/ or under an appropriate statutory obligation of confidentiality;
2. subjects delegated and/or appointed by the Data Controller to carry out activities related to the purposes specified below (including technical maintenance interventions on the systems) rightly appointed as data processor;
3. persons, companies or professional firms that provide assistance to the Data Controller, appointed, where necessary, as data processor;
4. subjects, bodies or authorities to whom the communication of your personal data is mandatory pursuant to the provisions of law or orders of the competent authorities;
5. third parties involved in the performance of activities strictly related or linked to the conclusion and/or execution of extraordinary transaction;
6. other group company.
Your personal data could be transferred outside the European Economic Area in compliance with art. 44 ff GDPR.
2. PERSONAL DATA PROCESSED
Personal data provided on a voluntary basis
• Website’s registration: Users can register on the Website providing the Company with the following information: name, surname, e-mail address and password.
• Purchase on the Website: Users are entitled to purchase Company’s products and goods on the Website providing the following information: delivery address, fiscal code, telephone number.
• “Contact us” section: Users can provide the Company with personal data filling the form included in the section “Contact us” on the Website. In this regard, user on a voluntary base can provide the Company with the following personal data: name, e-mail address, telephone number.
• Newsletter subscription: Users can keep up on Company’s new products and / or services, as well as receive offers and promotions providing the Company with its e-mail address.
Third parties’ personal data
Please note that if You provide us with information related to third parties You shall be sure that such third parties have been prior and properly informed about the method and purposes of the processing herein shown.
Please consider that with regard to such cases, You act as an independent data controller and you bear full responsibility and obligation provided by law.
Personal data relating to persons under the age of 16
Please note that if you are not 16 years old, you are not entitled to provide us with any personal data and, in any case, we are not responsible for your false statements. If we become aware of your false statements, we will immediately delete any personal data acquired.
Data related to or arising from the use of the Website
Please note that we collect the following data by means of the services that You use:
· Technical data: IP addresses or domain names of the devices used by the users to connect to the Website, the URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received as a reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters regarding your operating system and device environment. This data is used exclusively for the purposes of obtaining (anonymous) statistics on the use and proper functioning of the Website to control its correct functioning, and such information is deleted immediately after processing. These personal data may also be used to ascertain any liability in cases of alleged computer crimes against the Website or against third parties and they will be deleted after 7 days.
· Personal data collected through cookie or similar technologies: for further information please see Cookie” section.
Cookie: definitions, features and applicable law
Cookie are small text files sent/read by websites on your devices, which are then transmitted back to those websites during the next visit. Thanks to cookies websites remember your actions and preferences (such as login data, the default language, font sizes, additional display settings, etc.) so that they do not need to specify them again on the next visit or during browsing activities.
Cookies are used to perform IT authentications, session monitoring, and to store information about the activities of users who access a website, and may also contain a unique identifier that allows for monitoring of user experiences on the site for statistical or advertising purposes.
There are indeed various types of cookies, depending on their features and functions, and these may stay on user device for different periods of time: so-called session cookies, which are automatically deleted when you close your browser; and so-called persistent cookies, which remain on your device until a pre-established date.
Please consider that the Italian Data Protection Authority (i.e. Garante per la protezione dei dati personali) has issued a decision (Decision Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies - 8 may 2014 and following clarifications, hereinafter the “Decision”) according to which the technical cookies that do not require explicit consent also include:
• The “analytics cookies” insofar as they are used directly by the website manager to collect aggregate information on the number of visitors and the pattern of visits to the website;
• The browsing or session cookies (for logging purposes);
• The functional cookies, which allow users to navigate as a function of certain pre-determined criteria such as language or products to be purchased so as to improve the quality of service;
• “Profiling cookies” are aimed at creating user profiles and they are used to send ads messages in line with the preferences shown by the user during navigation. For these cookies the user shall express explicit consent.
Many social networks have developed "social plug-in modules", which website operators can integrate into their websites. This allows social networks users to share content with their "friends" (and propose other related features such as posting comments). The Website may include one or more of these social plug-in modules. These plug-ins store and access cookies on the user's computer, allowing social networks to identify their members when they interact with these plug-in. Please note that the aforementioned social plug-in modules can also be used by social networks to provide services that go beyond what is strictly necessary, for example for behavioral advertising. Users should explicitly request these services. You can check the cookie settings on your social media platform.
3. PURPOSES OF THE PROCESSING
The personal data provided through the Website will be processed for the following purposes:
a) Ensuring your registration to the Website’s personal area;
b) Performing the activities necessary to conclude, manage and execute the purchase agreement of Company’s products and goods on the Website;
c) For purposes strictly related and/or necessary to satisfy your requests made, from time to time, through the Website via email, filling the form “Contact us” or through the communication channel implemented by the Company;
d) ensuring compliance with legal obligations, regulations and European regulations;
e) ascertain, exercise or defend a right in judicial proceedings or whenever the judicial authorities exercise their jurisdictional functions;
f) forward promotional communications in compliance with the "Guidelines on Marketing and against Spam - 4 July 2013 " issued by the Italian Data Protection Authority (i.e. the Italian Garante per la protezione dei dati personali), if you express your consent to receive information concerning promotional activities, including market research, of the Data Controller. The Company informs you that such activities can be exercised, as required by current regulations, by means of paper mail, operator-assisted calls ("traditional methods") , e-mail, texting, push notifications and use of social networks ("automated methods") (“direct marketing”);
g) customer segmentation to improve the service provided;
h) Forward direct offer of products or services similar to the ones already purchased by the user (“soft spamming”) with limited reference to the email address that You provided in the context of purchasing of a service or product on the Website;
i) Carrying out statistical survey;
j) Allowing the Data Controller to conclude a potential merger, transfer of assets, transfer of company or branch of company by disclosing and transferring your personal data to the third party involved;
The legal basis of processing for purposes as per 3 (a), (b), (c) is the necessity to perform a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract according to art. 6 (1) (b) GDPR. The performance of such activity does not require your consent.
The legal basis of the processing for purpose as per 3 (d) is the necessity to comply with a legal obligation to which the Data Controller is subject according to art. 6 (1) (c) GDPR.
The legal basis of the processing for the purposes 3(e), (g) and (j) is the legitimate interests pursued by the Data Controller according to art. 6 (1) (f) GDPR.
The legal basis of the processing for the purposes 3 (f) is your consent according to art. 6 (1) (a) GDPR. Failure to give your consent does not affect the Website’ use. The consent is freely given and you have the right to withdraw your consent at any time through an email to the Data Controller to email@example.com.
The processing of your personal data for the purpose 3 (h) is based on the legitimate interest of the Data Controller according to art. 130 of the Italian Legislative Decree no. 196/2003 which does not require consent. Please consider that you may at any time request not to receive such communications by using the "Unsubscribe" link put at the bottom of each communication.
Please consider that the processing for the purpose 3 (i) does not comprise personal data processing.
4. RETENTION PERIOD
With reference to the processing carried out for the purposes as per 3 (a) Your personal data will be deleted if you do not access your personal area for a period of 36 months.
With reference to the processing carried out for the purposes as per 3 (b) your personal data are processed, without prejudice to the legal obligations to which the Company is subject, beyond the time allowed by Italian law to protect its interests from possible complaints.
With reference to the processing carried out for the purposes as per 3 (c), your personal data will be proceed for the period strictly necessary to fulfill your request except for the need to fulfill legal obligations or protect the Data Controller legitimate interests.
With reference to the processing carried out for the purposes as per 3 (d), your personal data will be processed for the period strictly necessary to allow the Data Controller to fulfill the legal obligations to which the Company is subject.
With reference to the processing carried out for the purposes as per 3 (e) and (j), your personal data will be processed for the period strictly necessary to allow the Data Controller to verify, exercise or defend a right before a court or whenever the authorities exercise their jurisdictional functions and / or carry out any extraordinary transactions involving the Company and related activities.
With reference to the processing carried out for the purposes as per 3 (f) your personal data will be stored until you withdraw your consent. In any case, the Company is entitled to keep the personal data for the period of time provided for and permitted by Italian law to protect its interests.
With reference to the processing carried out for the purposes as per 3 (h), your personal data will be stored until you oppose to this processing using the "unsubscribe" link that you can find at the bottom of each communication forwarded via e-mail.
5. EXERCISE OF YOUR RIGHTS
Withdraw of your consent
You can withdraw at any time your consent sending an e-mail to the Data Controller: firstname.lastname@example.org.
Your consent is free and the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Exercise of your rights
You have the right, at any time, to request to the Data Controller access to, rectification, erasure, to object to relevant processing activity. According to art. 18 GDPR you are entitled to ask for restriction of the processing concerning your personal data or and to receive in a structured, commonly used and machine-readable format the personal data concerning you, in accordance with art. 20 GDPR.
Requests to exercise your rights must be sent to the following address: email@example.com.
In any case, pursuant to the Applicable Law, you have the right to lodge a complaint with the relevant supervisory authority (the Italian “Garante per la protezione dei dati”) if you believe that the processing of your Personal Data is against the applicable law.
6. HOW IS THE SECURITY OF YOUR PERSONAL DATA ENSURED?
The processing of your personal data by the parties referred to in paragraph 1 above, is performed in accordance with the provisions of the current applicable law. In particular, in order to ensure the security of your personal data, the Data Controller has implemented adequate technical and organizational measures to guarantee an adequate level of security to the risk, taking into account the state of the art and the implementation costs, as well as the nature, object, context and purpose of the processing, as well as the risk of various probabilities and severity for the rights and freedoms of individuals.