Privacy policy
Types of Data Processed and Purposes of Processing
Introduction
The Regulation (EU) 679/2016 (General Data Protection Regulation – GDPR) defines “personal data” as any information concerning an identified or identifiable natural person (“data subject”).
“Processing,” according to the same GDPR, refers to any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure, or destruction.
The following information describes the methods and purposes of processing personal data of users who access and use the website www.pesaventodario.it (hereinafter referred to as the “Site”).
The information is provided only for this Site.
Data controller
The Data Controller is Pesavento Dario S.r.l. (VAT number…) based in Montecchio Precalcino (Vicenza), via Sante Segato 15 – tel. +390445 334438 email info@pesaventodario.it.
Types of data processed and purposes of processing
The processing operations are carried out with reference only to the personal data necessary for the use of the Site and its functionalities. The types of data subject to processing include, in particular:
-. Navigation data: the IT systems and software procedures used for the operation of the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These are information that is not collected to be associated with identified subjects, but which by their very nature could, through processing and associations with data held by third parties, allow for the identification of users. In any case, the information collected for the purpose here in question is not aimed at identifying you, but could be suitable for doing so in the event of the commission of unlawful acts;
Legal basis: legitimate interest, art. 6.1.f) GDPR. For potential customers only, pre-contractual and contractual measures, art. 6.1.b) GDPR.
-. The data voluntarily provided by the user, namely the email address and any other personal data possibly contained in the emails sent to the address indicated on the Site and collected in the specific form of the ‘contacts’ section, in order to carry out the processing activities necessary to respond to the user’s requests. Sending a contact email necessarily involves the processing of the personal data contained therein (name, surname, subject, contact details).
The above communications are read by the employees of the Company, as they are work tools. Therefore, they do not have the nature of private and personal correspondence. Of course, they are protected by confidentiality obligations and are not disclosed to third parties except for reasons related to the fulfillment of the requests of the interested party, or to comply with legitimate orders from the Authority, legal obligations, or for the exercise of the defense rights of the Data Controller.
Legal basis: pre-contractual and contractual measures, art. 6.1.b) GDPR
The data provided by the user will not be used for profiling or direct marketing activities.
No collection or processing of special data as indicated in Article 9 of the GDPR is foreseen.
Methods of treatment
The processing will be carried out using predominantly electronic tools, by collaborators authorized for this purpose, who operate according to the instructions provided by the Data Controller, with logic strictly related to the indicated purposes and, in any case, in a manner that ensures the security and confidentiality of the processed data. Specific security measures are adopted to minimize the risks of destruction or loss, even accidental, of the data being processed, unauthorized access, or processing that is not permitted or is not compliant with the purposes indicated in this notice.
Data retention period
The data subject to processing will be kept for a period of time not exceeding that necessary to achieve the purposes for which it was collected or subsequently processed. In particular, the data provided through the sending of emails will be retained for the time necessary to manage the correspondence or to protect any rights in court. The Data Controller will, after the expiration of the retention periods according to the specified criteria, take measures aimed at the deletion or anonymization of data that do not need to be retained for specific regulatory obligations.
Categories of recipients
The personal data of the interested party, even in the context of the assigned task, may be communicated to data processors, independent data controllers, or authorized subjects, such as:
– hosting providers, cloud services, email service providers (for the purposes of website publication and management of the email/Pec service).
– accountants, experts in general, legal professionals (within the limits of fulfilling legal obligations or contractual requests);
– public entities (within the limits of fulfilling legal obligations). For example, this may include: judicial authorities, independent authorities, conciliation/mediation bodies, the Revenue Agency, etc.
– employees and collaborators of the Owner specifically authorized, within the scope of their respective duties.
Except for the cases mentioned above, personal data will not be communicated, disseminated, transferred, or otherwise shared with third parties for illegal purposes or unrelated to the purposes of collection, and in any case, without providing suitable information to the data subjects and obtaining their consent, where required by law.
Transfer abroad
Personal data will not be transferred abroad, to countries or international organizations outside the European Union that do not guarantee an adequate level of protection, recognized pursuant to Article 45 of the GDPR, based on an adequacy decision by the EU Commission. In the event that it becomes necessary for the provision of services on the Site, the transfer of personal data to countries or international organizations outside the EU, for which the Commission has not adopted any adequacy decision pursuant to Article 45 of the GDPR, will only take place in the presence of adequate safeguards provided by the recipient country or organization, pursuant to Article 46 of the GDPR, and provided that the data subjects have enforceable rights and effective remedies.
Rights of the Data Subject
The rights of the data subject include the right to access their personal data, to request rectification, updating, and deletion or limitation if the data is incomplete, incorrect, or collected in violation of the law, as well as the right to object to processing for legitimate reasons or to obtain data portability.
The data subject, in particular, under Articles 15-22 of Regulation (EU) 679/2016, has the right to obtain confirmation of the existence or non-existence of personal data concerning them, even if not yet recorded, and to receive their communication in an intelligible form.
The Data Subject also has the right to obtain information regarding:
a) the purposes and methods of processing;
b) the logic applied in the case of processing carried out with the aid of electronic tools;
c) the identifying details of the Data Controller, the Processor, and the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it as authorized to process.
the Data Subject has the right to obtain:
1. the updating, rectification, or integration of their data;
2. the deletion, transformation into anonymous form, or blocking of data processed in violation of the law, including those that do not need to be retained in relation to the purposes of processing;
3. the limitation of processing when one of the cases referred to in Article 18 of the GDPR occurs;
4. The certification that the operations referred to in letters a), b), and c) have been brought to the attention of those to whom the data has been communicated or disclosed, except in cases where such fulfillment proves impossible or entails the use of means that are manifestly disproportionate to the protected right;
5. the transmission of data concerning him/her, provided to the Data Controller and processed based on the consent given by the data subject for one or more specific purposes, in a structured format that is commonly used and readable by an automated device. Pursuant to Article 20 of the GDPR, the data subject also has the right to transmit such data to another Data Controller without hindrance and, if technically feasible, to obtain the direct transmission of personal data from one Data Controller to another.
6. if the processing is based on consent, the revocation of their consent at any time (according to Article 7, paragraph 3 of the GDPR).
the Data Subject has the right to object, in whole or in part:
1. for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of the collection;
2. to automated decision-making processes that significantly affect them..
Without prejudice to any other administrative or judicial remedy, the interested party has the right to lodge a complaint and/or report to a supervisory authority, specifically in the Member State where they usually reside, work, or where the alleged violation occurred.
Esercizio dei diritti
The rights mentioned above are exercised by making a request to the Data Controller, either directly or through an authorized representative, orally or by sending an email to the address info@pesaventodario.it. The request is made freely and without formalities by the interested party, who has the right to receive an appropriate response within a reasonable time frame, depending on the circumstances of the case.
The data subject may make use, for the exercise of their rights, of bodies, organizations, or associations that are non-profit, whose statutory objectives are of public interest and that are active in the field of protecting the rights and freedoms of data subjects concerning the protection of personal data, granting, for this purpose, an appropriate mandate. The data subject may also be assisted by a trusted person.
It is possible to receive more information about the purposes and methods of processing personal data by writing to the email address info@pesaventodario.it, indicating ‘Privacy’ in the subject line.
To understand their rights, file a complaint, and stay updated on regulations regarding the protection of individuals in relation to the processing of personal data, the interested party can contact the Data Protection Authority by visiting the website at http://www.garanteprivacy.it/.
Cookie Policy
To consult the Cookie Policy, click on the following link.
