INTRODUCTION AND REFERENCE LEGISLATION
This information is provided only for this Internet site of which Indal Srl is the Data Controller and not for any other related web sites linked to within this site.
The data controller for data collected through the web site is Indal Srl with registered office in Via Felice Cavallotti 282 – 25018 Montichiari (BS) – ITALY.
The complete list of designated Data Processors is available upon request at the data controller’s main offices.
PRINCIPLES RELATING TO THE PROCESSING OF PERSONAL DATA
The user’s personal data shall be collected, stored, processed and transmitted in compliance with the criteria established by Indal Srl and with all data protection laws and regulations from time to time in force.
The principles governing the processing of personal information are:
(1) The user’s personal data shall be processed lawfully and fairly;
(2) The user’s personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
(3) The user’s personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are collected;
(4) The user’s personal data shall be accurate and, where necessary, kept up to date to the best of our skill;
(5) The user’s personal data shall be protected against unauthorised or unlawful processing, using appropriate technical or organisational measures;
(6) The user’s personal data collected shall be kept for no longer than is necessary for the purposes for which the personal data were collected.
TYPE OF DATA COLLECTED
The web site may collect several categories of information when the user accesses or used the Web Site:
“Personal data” means any information that directly identifies the user or is considered as a “personal identifier” pursuant to the legislation from time to time in force. Personal Data collected by this web site, directly or through third parties, include: Cookies, Usage data, Name, Surname, Email.
The discretionary, explicit and voluntary sending of e-mail messages to the addresses mentioned in this site entails the acquisition of the sender’s address, which is necessary in order to satisfy any requests for services and/or information.
Except with specific request or invite in special forms or site areas, we ask users not to send us, nor disseminate, sensitive personal information through the Web Site or in any other way. Should we ask or encourage the user to provide sensitive personal information, we would require the user’s explicit consent thereto.
DATA PROCESSING PURPOSES
We collect, store and process your personal data for the purpose of providing you with the services offered through our website, or for the fulfilment of legal obligations.
The personal data collected will be used exclusively for the following purposes:
- For the effective management of the Site and the services offered through it;
- To contact users directly (for example, by e-mail) as a result of requests received through the website;
- For the collection of applications.
In addition, computer systems and software procedures used to operate this website may automatically record, during their normal operation, some personal data whose transmission is implicit in the communication protocols of the Internet.
Similar information, such as device type and identifier, may be collected if you access the Website using a mobile device.
This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.
Such data include IP addresses or user computer and terminal domain names.
Such data are used exclusively to obtain anonymous and aggregated information on site use and to check the correct operation of the site, and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical and possible computer crimes against the site.
Failure by the User to provide certain Personal Data may prevent this website from providing its services.
The User assumes responsibility for any form of improper processing of Third Party Personal Data contained in this website, releasing the Data Controller from any liability towards Third Parties.
PROVISION OF PERSONAL DATA
Apart from what specifically detailed for navigation data, you are free to decide whether to provide any personal data requested in the various forms for information requests.
METHODS AND PLACE OF PROCESSING AND SECURITY OF COLLECTED DATA
The Data Controller shall process the Users’ Personal Data adopting appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of the Personal Data.
The use of your personal data will take place with the support of paper, computer or telematic means for the purposes indicated below, for the time strictly necessary to achieve the purposes for which they were collected, or, where possible, until the time when the data controller should receive a request from you to delete the data whose consent to the processing is optional and not required.
The collected data will be handled only by authorized personnel. All employees who access your data are Persons in charge of processing, according to the provisions of the current legislation. In addition to the Data Controller, in some cases, special categories of persons involved in the management of the site (administrative, commercial, marketing and legal staff, system administrators) or external parties (such as third-party technical service providers, couriers, hosting providers, computer companies, communication agencies) may have access to the Data and be also appointed, if necessary, as Data Processors by the Data Controller.
The collected data may be updated periodically with information acquired in the course of dealings with the site.
We use commercially reasonable technical and organizational measures and controls to protect your Personal data from loss, misuse, and unauthorized access. Unfortunately, data that are transmitted or usable over the Internet cannot be 100% secure. Accordingly, while we protect all Personal Data, we cannot guarantee or warrant that such Personal Data will be fully protected from unlawful use by hackers or from other harmful criminal activities or in the event of hardware or software failure of your computer or telecommunications network. The data controller will inform you if he becomes aware of a breach of security with regard to identifying personal data (as defined and provided for in so-called “Data Breach” episodes, in accordance with the applicable law) in our possession.
If you choose to provide us with your email address for any reason, you expressly agree to receive electronic notices in the event of a breach of security.
Your personal data will be stored in secure databases on our servers, or on the servers of our trusted providers acting as data processors, and will be processed mainly by automated means.
Your personal data are, in any case, processed in compliance with the data privacy provisions contained in the Code, in the Regulation and in the Provisions issued by the Data Protection Authority.
The Data are processed for the time necessary for the performance of the service requested by the User, or for the purposes of this document, and the User may at any time request the interruption of the Processing or the erasure of the Data pursuant to Articles 17 and 18 of the Regulation.
PROVISION OF PERSONAL DATA
Without prejudice for any notice given in compliance with a legal obligation, regulation or EU legislation, your data may be disclosed:
- a) to natural and/or legal persons that we use in the execution of our services and for related activities;
- b) subjects delegated by us and/or appointed by us to carry out professional and technical maintenance activities (including maintenance of network equipment and electronic communication networks of websites where the data are published).
In any case, the mentioned subjects will receive only the data that are necessary and relevant to the processing purposes they are responsible for as Processors/third-parties in charge of processing, appointed by the Data Controller as required by the current legislation.
Personal data will therefore not be disseminated.
The Data Controller collaborates with law enforcement agencies and other public bodies and public authorities to ensure that its users respect the law and the rights of other users and third parties, including their intellectual property rights. Therefore, your personal data may be communicated, without limitation, to public entities, in the event that this is necessary for purposes of defence, state security, prevention, detection or repression of crimes, in compliance with the rules governing this matter.
Such public entities shall have the right to request and obtain your personal data even if it is necessary or appropriate for investigations or controls relating to the commission of fraud, computer fraud, infringement of intellectual property rights, acts of computer piracy or other illegal activities, which could expose us or our users to legal, civil or criminal liability.
DATA SUBJECTS’ RIGHTS AND EXERCISE OF SAID RIGHTS
In compliance with the regulations from time to time in force, the data subject can request, at any time:
- Confirmation as to whether or not personal data concerning him or her are being processed;
- To know the content and origin, the purposes and methods of treatment;
- The logic involved in processing activities performed with the aid of electronic instruments;
- The identification details of the data controller, data processors and subjects or categories of subjects to whom his or her personal data may be communicated.
In addition, the data subject is entitled to obtain:
- The updating, rectification, integration, portability of existing data;
- The erasure, anonymisation or interruption of data processing performed in violation of the law;
- To object, in any case, for legitimate reasons, to the processing of data relevant to the purpose of collection.
- To object to the processing of data for commercial purposes.
In accordance with the Regulation, the data subjects also have the right to lodge a complaint with a supervisory authority.
To exercise their rights, data subjects may contact the Data Controller: Indal Srl with registered office in Via Felice Cavallotti 282 – 25018 Montichiari (BS) – ITALY – Mail: firstname.lastname@example.org – T. +39 030 9650345 – F. +39 030 9658709
However, please be advised that, due to technical constraints and the backup of your systems, your Personal data may continue to reside in our systems or part thereof for a certain period of time, even after erasure.
The data controller reserves the right to refuse requests for access or erasure of Personal Data if the requested disclosure or erasure is not permitted by law.
To protect against unlawful access requests, we reserve the right to request sufficient information to verify the identity of the requesting party before granting access or making corrections.