Information document pursuant to article 13 Regulation EU 2016/679 (GDPR)
In compliance with the provisions of Regulation EU 2016/679 (European Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data) we provide you with the necessary information regarding the processing of personal data carried out through this website. The information is not valid for other websites that may be consulted through links on the owner’s domain websites, which is not responsible in any way for the Third Parties’ websites. This information is provided pursuant to article 13 of Regulation EU 2016/679 and is also inspired by the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, on Cookies as well as the provisions of the Provision of the Guarantor Authority for the protection of personal data of 8th May 2014 on cookies and subsequent amendments.
Controller is VARIATI S.P.A., with registered office in 20863, Concorezzo (MB), Via Monte Rosa no. 49/51, in the person of its pro-tempore legal representative (hereinafter, the “Controller”).
Controller’s contact details: telephone number: 039 611581; email address: firstname.lastname@example.org;
The Controller may appoint other persons, internal to the company, duly authorised and trained to carry out processing operations under the authority of the Controller, pursuant to article 29 of Regulation EU 2016/679.
Processing operations may also be carried out on behalf of the Controller by external parties, duly appointed as Processors, pursuant to the article 28 of Regulation EU 2016/679. A complete and up-to-date list of the Processors is available at the registered office of the Controller, at the contacts indicated above.
2. PROCESSED DATA
Personal Data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (e.g. name, surname, date of birth, address, e-mail address, telephone number, etc.).
The computer systems and software procedures used to operate this website acquire some Personal Data during their normal operation, whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Data Subjects, but by its nature could allow users to be identified through elaboration and association with data held by Third Parties. This category of data includes IP addresses or the domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
These data are used only for the purpose of obtaining anonymous statistical information on the use of the site and to check that it is functioning correctly, and are deleted immediately after elaboration.
The user Personal Data may be processed in additional ways and for additional purposes related to website maintenance.
Data provided voluntarily by the user
The optional and voluntary sending of Personal Data (e.g. through the sending of e-mail messages to the addresses indicated on this site or through the filling in of registration or information request forms on this site) entails the acquisition and processing by the Controller of the data voluntarily provided by users through the filling in of registration forms or any further Personal Data included in the communication, including name, surname, telephone number, e-mail address and any further data provided in order to receive the information requested, e.g. filling in of the data collection form “Contact Area” etc.
3. PURPOSE AND LEGAL BASE OF THE PROCESSING – WHETHER THE PROVISION OF DATA IS COMPULSORY OR OPTIONAL
Personal Data voluntarily provided will be processed in accordance with Regulation EU 2016/679 for the following purposes:
- with reference to Navigation Data, to obtain anonymous statistical information on the use of the site and to check its correct functioning.
- Legal base: legitimate interest Article 6 (f) and Recital 47: Processing is necessary for pursuing the legitimate interest of the Controller or of a Third Party, provided that the interests or the fundamental rights and freedoms of the Data Subject which require the protection of Personal Data are not overridden, having regard to the reasonable expectations of the Data Subject based on his or her relationship with the Controller. Activities strictly necessary for the operation of the site and the provision of the navigation service on the platform
- Provision’s Nature: with the exception of what is specified for Navigation Data (which are necessary in order to allow navigation of the website), the user is free to provide Personal Data.
- by user’s request, sending the information and/or services requested by the user by filling in the information and/or contact forms.
- Legal base on which the Processing is based is the need to perform pre-contractual and contractual obligations to which you are party, as well as the need to comply with legal obligations.
- Provision of your Personal Data for this purpose is optional. However, in the absence of this provision, it will not be possible for VARIATI S.P.A. to process requests sent via the website.
- communicate commercial information to you via our newsletter, or allow you to participate in customer satisfaction surveys and market research for product improvement. These communications will be sent by email or telephone, including by automated means (SMS, social network messaging systems, newsletters) and traditional means (telephone and paper mail).
- Legal Base: your explicit Consent to the data Processing for this purpose. If you have given your Consent, you may revoke it at any time by clicking on the unsuscribe button contained in the emails or newsletters you receive or by writing an email to email@example.com;
- Provision of your Personal Data for this purpose is optional. If you do not wish to provide your data, it will not be possible for the Controller to keep you constantly updated on offers and promotions reserved for its customers, or to use the data for market research and statistical and customer satisfaction analyses.
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS
Personal Data provided may be communicated to:
– service providers for the management of the information system used by the holder and of the telecommunications networks (including e-mail and the website);
– agencies, studies or companies in the context of assistance and consultancy relationships for the purposes described above;
– competent authorities to fulfil legal obligations and/or provisions of public bodies, upon request.
The subjects belonging to the above categories act as Processors, or operate completely independently as separate Controllers. The list of Processors is constantly updated and available at the Controller’s head office and at the contacts listed above.
5. TRANSFER OF DATA TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANISATION AND GUARANTEES
The Personal Data provided will not be disseminated and will not be transferred to non-EU countries.
If there is a need to transfer the Personal Data to third countries, the Controller undertakes to:
- ensure that the country to which the Personal Data will be sent guarantees an adequate level of protection, as required by article 45 GDPR; or
- use the Standard Contractual Clauses for the Personal Data protecion approved by the European Commission for the transfer of Personal Data outside the EEA pursuant to article 46.2 GDPR.
Data Subject may obtain information on the guarantees provided by the Controller for the transfer of Personal Data by contacting the Controller at the contacts listed above.
6. DATA RETENTION PERIOD OR CRITERIA FOR DETERMINING THE PERIOD
The Processing will be carried out automatically and manually, using methods and tools designed to ensure maximum security and confidentiality, by specially appointed persons.
In accordance with the provisions of article 5 (1) (e) of Regulation EU 2016/679, the Personal Data collected will be kept in a form which permits identification of the Data Subjects for a period of time not exceeding the fulfilment of the purposes for which the Personal Data are processed.
The length of time that Personal Data provided is stored depends on the purpose of the Processing carried out:
- purposes related to technical navigation data for the correct functioning of the website: storage only for the relevant session, after which the data are deleted;
- purposes of responding to requests for information/documents/contacts (12 months);
- commercial communication purposes (c) – until revocation of Consent (or opt-out).
7. RIGHTS OF DATA SUBJECTS
You may assert your rights as expressed in articles 15, 16, 17, 18, 19, 20, 21, 22 of Regulation EU 2016/679, towards to the Controller, by writing an email to: firstname.lastname@example.org; you have the right, at any time, to obtain from the Controller the access to your Personal Data and to request information about the purposes, the categories of Personal Data processed, the Recipients to whom the Personal Data will be disclosed, with particular reference to Recipients in third countries, the data retention period of your Personal Data or, where this is not possible, the criteria for its definition; the existence of an automated decision-making process, including profiling. You have the right to rectify, erase your Personal Data or restrict their Processing. Where the Processing is based on article 6 (1) (a) you have the right to withdraw your Consent at any time without prejudice to the lawfulness of the Processing based on the Consent given before the withdrawal. You have the right to be informed of the existence of adequate safeguards regarding the transfer of your data to a third country or international organisation pursuant to article 46 of Regulation EU 2016/679. You have the right to the portability of your Personal Data in which case the Controller will provide you with your Personal Data, in a structured, commonly used and machine-readable format, and the right to transmit such data to another Controller. In addition, you have the right to object at any time, on grounds relating to your particular situation, to the Processing of your Personal Data pursuant to article 6 (1) (e) or (f), including profiling on the basis of these provisions. You have the right not to be subject to a decision based only on automated processing, including profiling, which produces legal effects or significantly affects you in a similar way. Without prejudice to any other administrative or judicial remedy, in the event that you consider that the Processing of your Personal Data violates Regulation EU 2016/679, you have the right to lodge a complaint with the Privacy Guarantor (https://www.garanteprivacy.it), or to bring the appropriate legal proceedings.
The website and the Products offered therein by VARIATI S.P.A. are in no way intended for minors of 18 years of age, and therefore the Controller does not collect and/or process Personal Data referring to persons of minor age. However, if Personal Data relating to minors are entered on the website, VARIATI S.P.A. will arrange for them to be deleted.
Update date: 19th April 2022