Notice provided pursuant to Article 13 of EU Regulation no. 2016/679 (GDPR)
REASON FOR THE NOTICE
Pursuant to EU Regulation no. 2016/679 (hereinafter, “GDPR”), this page describes the modalities for processing the personal data of users consulting this website. This notice is provided pursuant to Art. 13 of the GDPR. The notice does not apply to any third-party websites reached through any links present on this website, for which we shall not be held liable.
Personal data subject to processing
Personal data: any information regarding an identified or identifiable natural person («data subject»); to be identifiable means that the natural person may be identified, whether directly or indirectly, with specific reference to an identifier such as a name, ID number, location data, an online identifier or one or more characteristics of one’s physical, physiological, genetic, mental, economic, cultural, or social identity (C26, C27, C30 GDPR).
IT systems and software procedures designated for the operation of this website acquire, in their routine course of functioning, certain personal data the transmission of which is intrinsic to internet communication protocols. This information is not collected to be associated with identified data subjects; however, by its very nature, and by means of processing and association with data held by third parties, it may permit a user to be identified. Falling into this category are IP addresses or the domain names of computers utilised by users connecting to the site, URIs (Uniform Resource Identifier) for the requested resources, the time of the request, the method used to submit the request to the server, the dimensions of the file obtained in response thereto, the numeric code identifying the status of the server’s response (success, error, etc.), and other parameters relating to the operating system and the user’s IT environment.
Data disclosed voluntarily by the data subject
The optional, express, and voluntary sending of messages to the addresses listed as contact information on this site and/or the filling out of data-collection forms, implicates the subsequent acquisition of the sender’s address, which is necessary to respond to the requests, as well as any other personal data entered therein.
Cookies. What are cookies? Why are cookies used?
Cookies are small text files which sites the users visit send to the users’ terminals, where they are stored before being sent back to the same site upon the user’s next visit. “Third-party cookies”, on the other hand, are set up by a website other than the one the user is visiting. This is because any site may have elements (images, maps, sounds, specific links to webpages on other domains, etc.) which reside on servers other than the one visited. Cookies are used for different purposes: to carry out electronic identification, session monitoring, storing information on users accessing the servers in specific configurations, memorising user preferences, etc. For more information on the cookies used on this website, please view the Cookies Policy appearing on the footer of the website, and available through the following link.
1. WHO IS THE DATA CONTROLLER? HOW CAN I CONTACT HIM?
The Data Controller is BOMI ITALIA SPA, with registered office in Spino d’Adda (CR), Via Madonna del Bosco 7/A, by and through its designated legal representative. Data Controller contact information, telephone number: +39 0373085000, email: firstname.lastname@example.org
2. HAS A DATA PROTECTION OFFICER BEEN APPOINTED? WHAT IS THEIR CONTACT INFORMATION?
BOMI ITALIA SPA has designated a DPO (Data Protection Officer) in accordance with Art. 37 – 39 GDPR. To contact the DPO: e-mail email@example.com, Phone: +39 0373085000
3. DATA PROCESSING PURPOSES, LEGAL BASIS, RETENTION PERIOD, AND NATURE OF SUBMISSION
NATURE OF THE SUBMISSION
|Navigation on this site.
Data necessary to utilise web services are processed for reasons including:
-obtaining statistical information on the use of services (most viewed pages, number of visitors at different times of day or per day, user geographic provenance, etc.);
-monitoring the proper functioning of offered services;
-determining culpability in instances of cybercrimes involving tampering with the site.
|Processing is necessary to pursue the data-controller or third-party legitimate interest, provided there is no prevailing data-subject interest or right or fundamental liberty requiring personal-data safeguards, given the data-subject’s reasonable expectations, and those operations strictly necessary to allow for site functioning and navigation(Art. 6, par. 1, subpart [f] and Recital 47, GDPR).
Information on such balancing of interests is available upon request.
|Navigation data will be retained until the end of the navigation session, and shall not persist for more than twenty-four hours (except in instances of cybercrime investigations by the authorities).||Submission is required for purposes of site navigation.|
|For information on cookies and equivalent technologies, please review the Cookies Policy in the footer||For any profiling cookies, processing is predicated on consent to personal-data processing (Art. 6, par. 1, subpart [a] and C42, C43 of the GDPR).
Personal data shall be processed for, in addition to navigation purposes, upon the submission of any FORM on the stated website section, to:
NATURE OF THE SUBMISSION
|A) CONTACT US: sending requests to be contacted, for more information, or for assistance and support
|Processing is required to perform under a contract to which the data subject is privy, or to handle pre-contractual matters undertaken upon request of the same; (C44) Art. 6 par. 1 subpart (b), GDPR||Max: 12 months||Submission is mandatory.
Any failure to submit the necessary data shall make it impossible for the user to be contacted.
|B) NEWSLETTER SUBSCRIPTIONS FOR PURPOSES OF DIRECT MARKETING, for the sending of advertising or direct-sale materials, or to conduct market research, assess customer satisfaction, or to send sales-related information, and newsletters using automated channels (email).
These communications may include the promotional efforts of third parties and/or the logos of third-party companies within the same corporate group.
For a full list of group companies, please write to firstname.lastname@example.org
No personal data will be transferred to third parties.
For purposes of improving such communication’s effectiveness, the Data Controller may use newsletter and communication systems that include reports. Through these reports, the Data Controller may learn, for example: the number of readers, openings, unique “clickers” and clicks; the devices and operating systems utilised to read the notice; details on individual user’s activities; details on all emails sent, and on which emails reached their destination, which were blocked or forwarded; All of these data are used for the purpose of assessing, and optimising, if needed, the outcomes of such communication efforts.
|Processing is predicated on consent to personal-data processing; (C42, C43)
Art. 6 par. 1 subpart (a) of the GDPR
|Until consent is withdrawn
|Submission is mandatory.
Any failure to submit the necessary data shall make it impossible for the user to receive promotional communications and newsletters
|C) WORK WITH US, to submit a job application||Processing is required to handle pre-contractual matters undertaken upon request of the same; (C44) Art. 6 par. 1 subpart (b), GDPR||Max: 12 months||Submission is mandatory.
Any failure to submit the necessary data shall make it impossible for the user to submit an application
|D) RESERVED AREA, to access the log-in area on the website
Under construction, no data collection yet
|Under construction, no data collection yet||Under construction, no data collection yet||Under construction, no data collection yet|
4. TO WHOM WILL DATA BE DISCLOSED
Personal data shall be disclosed, as circumstances (including the purposes contemplated for specific areas) warrant, to parties processing data as independent Data Controllers; or Data Processors (Art. 28, GDPR), and processed by natural persons (Art. 29, GDPR) acting under the authority of the Data Controller and Processors pursuant to specific instructions provided regarding processing purposes and modalities, for specific purposes as required for the involved areas. Data shall be disclosed to recipients with registered offices in Italy, falling into the following categories:
- Parties providing services for website and communication-network management, including email services, headquartered in Italy;
- The website host in Germany;
- Authorities with jurisdiction over legal compliance and/or any orders of the public administration, upon request.
For purposes based on:
- Vtiger Systems India Private Limited, No. 18, 20th Main, 2nd Block, Rajajinagar, Bangalore – 560010, Karnataka, India, entity providing services for the management of newsletter and advertising/marketing communication platforms
- Group companies, affiliates, and subsidiaries, with locations inside and outside the EEA, on a global level, list available at this link;
- independent professionals, firms, or companies with registered offices in Italy, providing support and consultancy including (for the “work with us” area) third parties and HR consultants and recruitment firms.
The list of Data Processors is constantly updated, and is available by writing to email@example.com or to the other contact information appearing above.
5. WILL DATA BE TRANSFERRED OUTSIDE THE EEA?
Personal data will be transferred to non-EEA countries in order to carry out purposes underlying the data-processing purposes themselves. Data shall be transferred in accordance with Article 44 et seq. of the GDPR:
– to entities providing adequate guarantees, using standard contract clauses (SCC) as established by the EU Council (Art. 46, par. 2, subparts (c)-(d) to non-EEA countries, worldwide, the list appears on link;
For more information on obtaining a copy of the guarantees applicable to the transfer of data outside the EU, please write to firstname.lastname@example.org
6. IS AUTOMATED PROCESSING USED?
Personal data shall be subject to traditional manual, electronic, and automated processing. Please note that no fully automated decision-making processes shall be used.
7. WHAT ARE MY RIGHTS? HOW CAN I EXERCISE MY RIGHTS?
You may assert your rights as enumerated in Art. 15 et seq. of the GDPR, by writing to the DPO at email@example.com or by contacting the Data Controller at firstname.lastname@example.org. You have the right, at any time, to request access to your personal data (Art. 15), rectifications (Art. 16), data erasure (Art. 17), and restriction of processing (Art. 18). The Data Controller shall disclose (Art. 19) to each recipient to whom personal data has been transferred any rectification or erasure or processing limitation to be made. The Data Controller shall advise the data subject of such recipients upon the data subject’s request. You have the right to data portability in certain enumerated cases (Art. 20); in such cases, the data will be provided to you in a structured, commonly used, machine-readable format. You have the right to object in certain cases (Art. 21) at any time, to any processing based on legitimate interest; in certain cases, you have the right to withdraw your consent, without prejudice to the lawfulness of any processing based on such consent prior to revocation.
To opt out of any automated direct-marketing (emails), simply send an email to email@example.com with “cancellazione da automatizzato” (“unsubscribe”) in the subject line, or use one of our automated cancellation systems (for email only).
Should you believe that any personal-data processing performed by the Data Controller violates EU Regulation no. 2016/679, you as the data subject have the right to lodge a complaint with the data protection authority, either in the Member State where you habitually live or work, or in the location where the alleged violation of the regulation occurred (https://www.garanteprivacy.it/) or to file suit in a court of proper jurisdiction.
8. Amendments to the policy
The Data Controller reserves the right to modify, update, append, or remove parts to this notice. In order to facilitate the verification and modifications to the texts, the policy will note the date of most recent update.
Updated on: 24 May 2021