Form.: IS – Date Add. 07/2022
Information on the processing of personal data
Pursuant to Art. n. 13 of the EUROPEAN REGULATION N. 679/2016
This information describes how the website is managed with reference to the processing of the personal data of users who consult it, as well as the processing practices of the data transmitted by the interested party to the Data Controller through this website. In compliance with art. 13 (for data collected from the Data Subject) and 14 (for data not collected from the Data Subject) of EU Regulation 2016/679 (GDPR), the following information is provided to the Users of this Website, which refer exclusively to the processing carried out through this Website itself and not through other websites that may be visited by clicking on links therein, for which it is suggested to refer to the relative privacy policies provided by their respective Data Controllers. This Site and any services offered through the Site are reserved for individuals who are eighteen years or over. The Data Controller does not collect personal data relating to minors. Upon request from these Users, the Data Controller will promptly delete all personal data involuntarily collected.
- Data controller
Data controller GRS srl, registered office in Via Cavalieri di Vittorio Veneto 14 in Martellago (VE) and an operational headquarters in (to which this document refers) in Via Chiesa Campocroce 4 – Building O/1 – 31021 Mogliano Veneto (TV), Tax Code and VAT number 04071710273, (hereinafter "Data Controller"). The Data Controller reserves the right to appoint a web agency or consultancy as Data Processor to process the managed personal data for the purposes of technical assistance, maintenance, technical management and similar for this Website. The details of that web agency or consultancy may be requested at the addresses mentioned above. The Data Controller and the Data Processor process the data of Users also thanks to their internal Data Processors, specifically designated with instructions to authorised to process.
The Data Protection Officer (DPO) can be contacted at the email address: firstname.lastname@example.org
- Category of data processed and sources of origin
- Browsing data (the computer systems and software procedures used to operate this website acquire certain personal data during their normal operation. The transmission of said data is implicit in the use of Internet communication protocols. This category of data includes: the IP addresses, the type of browser used, the operating system, the domain name and the addresses of websites from which it was accessed, information on the pages visited by users within the website, the time of access, the time spent on each single page, the analysis of the internal pathway and other parameters related to the operating system and the user's computer environment. Such technical/IT data are collected and used exclusively in an aggregated and anonymous manner. These data are processed in order to allow and control correct use of this site as well as to obtain anonymous statis.tical information on the use of the same, and are deleted immediately after processing)
- Personal Data voluntarily provided by the user, including:
- Common data (identification data, personal data, billing data and similar)
- Exceptionally particular data (art.9 GDPR)
- Exceptionally criminal data (art. 10 GDPR)
Sources: browsing, other websites, cookies and similar; user; public sources.
We may primarily process browsing data, as well as cookies.
We may also process data voluntarily provided by the user, for example through the contact form or the sending of a communication by e-mail, including common personal data (identification, personal data, billing and similar) and exceptionally particular data pursuant to art. 9 GDPR or penalties pursuant to art. 10 GDPR to the strictest extent necessary by the request for information received and with the prior consent of the interested party.
Data may come from automated sources or from voluntary sources, as well as from public sources. For example, they may come from user browsing, which may bring information about previous consultations of other sites, including in particular cookies and other similar technologies. The data may also be voluntarily provided by the user or by subjects related to him/her. Other data may come from public sources, such as those processed in the field of research and from corporate surveys, public database searches and similar.
- Purposes of data processing
The personal data of the Users on the Website, as described above, will be processed in the ways and in the forms prescribed by the GDPR, for the performance of the Website's own functions, with particular, but not exclusive, reference to the collection procedures described therein, data, contact form, any registration process/access to the reserved area, subscription to the newsletter and the like. In particular, the personal data provided to the Data Controller will be processed for the following purposes:
- to follow up the specific requests made to the Controller by the User through the Website and its communication tools (contact form, request forms and similar);
- for communications of an informative nature relating to the services of the same Data Controller, following a request for information by e-mail, completing the contact form and other communication tools;
- for any registration to events organised by the Data Controller and other related activities (for example, verification of participation, notices relating to any updates or changes to the event, etc.);
- for other accessory purposes or purposes connected to those indicated above and in any case falling within the scope of the Website's activities;
- Legal basis for data processing
The processing of personal data is based on the fulfilment of contractual or pre-contractual obligations inherent to the request made by the User (for example, requests for information about the services carried out by the Data Controller, requests for a quote, etc.), as well as, where necessary, on consent by freely and consciously filling in the appropriate information fields in the form dedicated to the collection and provision of data and checking the appropriate checkbox where required.
It should be noted that the compilation of specific fields provided in the form for the request for information is inherent to the request itself and that therefore this involves the fulfilment of a pre-contractual or contractual obligation, depending on the context. Consent may be required at a later date for the processing of further data.
In any case, processing is also based on legitimate interest, including the right to information, so please refer to the following paragraph.
- Legitimate interest of the Data Controller
The processing of personal data is also based on the legitimate interest of the Data Controller, such as the exercise of their rights in the context of the information society, the execution of the contractual service and the implementation of direct marketing operations (in the manner, with the means and within the times provided for by law).
- Mandatory nature of the provision of data
The provision of data relating to the browsing of Users, for the purposes indicated above, depends on the degree of privacy that the User has enabled or disabled through his/her browser. In some cases, disabling could compromise the browsing on this Website. For certain forms of this Website, the provision of navigation data and/or the use of technical cookies is mandatory for the proper functioning of the Website.
The provision of some personal data is in any case necessary for the structure of the Website and its procedures. Any request for other optional data will be preceded by a special approval check-box. The provision of all other data is optional, in accordance with the type of information that the User wishes to provide to the Website.
Without prejudice to the above, for example, the provision of the e-mail account is necessary to be able to respond to the request made through contact forms, as well as other mandatory data indicated therein with an asterisk. All other details are optional.
Failure to provide the data necessary for the requested action (for example, the e-mail account via a form for requesting information by this means) makes it impossible for the Data Controller to process the request.
PROVISIONS APPLICABLE TO ALL PROCESSING
In any case, even if the data subject has given consent to authorise the Data Controller to pursue all the purposes mentioned in the points above, he/she will remain free at any time to revoke it.
We inform you specifically and separately, as required by Article 21 of the Regulation, that the data subject has the right to oppose at any time the processing of their personal data for such purposes and that if the person opposes the processing for direct marketing purposes, personal data will no longer be able to be processed for these ends.
- Data recipients
The data may be communicated to associated, subsidiary and affiliated companies of the Data Controller, as well as to consultants, or also to third parties who operate, also in the name and on account of the Data Controller, for the performance of the services related to the purposes indicated in this statement, both intra-EU and extra-EU (in the latter case, it will be exclusively those subjects adhering to the Privacy Shield protocol).
In any case, the data may be communicated to Data Processors, as well as to persons authorised to process and duly instructed, always within the scope of the purposes of the processing.
For the sake of brevity, the detailed list of these figures is available at our office and is at your disposal.
- Retention period
The data provided by the Data Subject will be retained until the express revocation by the Data Subject, even by action on their browser, cleaning of cookies, express request or expressed in any other way. The navigation data will be stored, in compliance with the principle of proportionality, in a form that allows the identification of the Data Subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.
Cases in which it is necessary to keep the data for a further period of time to defend or enforce a right or to comply with any legal obligations or orders of the Authorities are excluded from the above terms are.
- Rights of data subjects
Each Data Subject shall have the right to access, rectify, delete (be forgotten), limit, receive the notification in the event of rectification, deletion or limitation, portability, opposition and not to be the subject of an automated individual decision, including profiling, pursuant to the Articles 15 to 22 of GDPR. These rights may be exercised in the forms and terms referred to in Article 12 of the GDPR, by written communication sent to the Data Controller (see point 10).
The Data Controller will respond as soon as possible and in any case within 1 month from receipt of the request.
- Right to withdraw consent (Method of exercising rights)
You can withdraw your consent, where applicable, at any time and/or exercise your rights by sending:
- a registered letter with return receipt to the Undersigned (see the address indicated on the letterhead);
- an email to email@example.com.
Each Data Subject has the right to lodge a complaint pursuant to Art. 77 et seq. of the GDPR with a supervisory authority, which for the Italian State is identified as the Data Protection Authority. The forms, methods and terms for proposing complaints are provided for and governed by the national legislation in force. The complaint does not prejudice the administrative and jurisdictional actions, which for the Italian State may alternatively propose to the same the Data Protection Authority or to the competent Court.
The personal data provided through navigation on this website and the possible completion of the forms published therein may be subject to profiling by third-party providers through third-party cookies.
Profiling allows these third party providers, independent Data Controllers of the respective processing of personal data for profiling purposes, other than the Data Controller of this website, to evaluate certain personal aspects of the Data Subject relating in particular to his/her preferences, interests, tastes with reference to the pages consulted and the activities carried out, in order to allow these autonomous and different Data Controllers to offer the Data Subject a more specific and targeted service to his/her needs.
- Data Controller, D.P.O. (R.P.D.), Appointees and Data Processors
Below we provide you with some information that needs to be brought to your attention, not only to comply with legal obligations, but also because transparency and fairness towards stakeholders is a fundamental part of our business.
Data Controller. The Data Controller of your personal data is GRS Srl, on behalf of which signs Mr Enrico Gallorini, who is responsible to you for the lawful and correct use of your personal data and who can be contacted for any information or request at the following numbers: telephone +39 041 7792658, email: firstname.lastname@example.org.
Data Processor. The Data Controller has appointed Ms Melissa Cogo as Data Processor, who is also responsible to you for the lawful and correct use of your personal data and whom you may contact for any information or request at the following numbers: telephone +39 041 7792658, email: email@example.com.
DPO (Data Protection Officer). You can also contact the Data Protection Officer to obtain information and forward requests about your data or to report inefficiencies or any issues encountered.
The Data Controller has appointed Mr Nicola Ghinello, who can be contacted at the following addresses: telephone +39 348 3165267, email: firstname.lastname@example.org.
Appointees/Authorised Persons. The updated list of the appointees/Authorised persons and the staff involved in data processing is kept at the Data Controller's registered offices.
For the sake of brevity, the detailed list of these figures is available at our office and is at your disposal.
- Social media plug-ins
- Links to third-party sites
From this site it is possible to connect through appropriate links to other third-party websites. The Data Controller declines any responsibility regarding the possible management of personal data by third-party sites and in order to manage the authentication credentials provided by third parties.
We invite you to contact us at the following address: email@example.com.