Privacy Policy Statement

Information on the processing of personal data pursuant to Article 13 of Regulation (EU) 2016/679

Below we explain how we use and process your personal data in compliance with Regulation (EU) 2016/679. Please note that this information is only valid for our websites and not for external websites with links on our pages. We are in no way responsible for the content or privacy policies of the websites of third parties.

We provide this information in accordance with:

- article 13 of Regulation (EU) 2016/679,

- Recommendation 2/2001 on requirements for collecting personal data on-line which was adopted on 17 May 2001 by the Data Protection Working Party established by article 29 of Directive 95/46/CE. This recommendation establishes requirements for collecting personal data online; in particular on when, how and which information must be provided to an individual user when he or she connects to a website, irrespective of the reason for the initial contact.

- Directive 2002/58/CE and its subsequent amendment, Directive 2009/136/CE, dealing with the protection of privacy in the electronic communications sector and the regulation of spam and cookies.

- the regulations issued by the Italian Data Protection Authority and published on the Official Journal of the Italian Republic n. 126 - June 3, 2014 (Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies - 8 may 2014)

 

1. THE DATA CONTROLLER, as defined by article 4.7 of Regulation (EU) 2016/679 is Bandinelli srl – Via Dell’Artigianato, 1 – Castelfranco Piandiscò (AR), Tel 055/965071 info@bandinelli.it whose legal representative is Giuseppe Bandinelli.

DATA PROCESSOR, as defined by article 4.8 of Regulation (EU) 2016/679, is Bandinelli srl, registered office Via Dell’Artigianato, 1 a Castelfranco Piandiscò (AR).

2. TYPES OF INFORMATION PROCESSED

Personal data and identification data.

Personal data means any information relating to a natural person who is identified or who can be identified, even indirectly, by reference to any other information, including a personal identification number. Identification data means personal data which allows a subject to be identified directly (for example, name, surname, email address, address, telephone number, etc.…).

Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This type of data is not collected with the aim of associating it with identified subjects, but because of its nature, it could be used by third parties holding information on the same subjects to identify users of our website. This data category includes IP addresses, the domain names of users’ computers who connect to our website, URI (Uniform Resource Identifier) mapped addresses of requested resources, times of requests, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other data relating to the operating system and the information technology environment of the user. This type of data is used exclusively to obtain anonymous statistical information on the use of our website and to control that it is functioning correctly.

Legal defence and court proceedings

The personal data of website users may be used by the Controller in court or in the stages leading to court proceedings, to defend himself from abuse of this website or its services. The data may be used to ascertain responsibility in cases of suspected cyber-crime that cause damage to the website.

System maintenance

The personal data of users may be used in additional ways and for additional purposes connected to the maintenance of our systems

Data provided voluntarily by the user

When a user voluntarily sends emails to the email addresses on our website or completes forms by inserting personal data (should they be present), we acquire the email address of the user, which is necessary for us to reply to the request, as well as any other personal data the user provides.

Specific information

Specific information may be presented on the website in relation to particular services or data processing regarding data provided by the user or interested party.

Cookies

Read our cookies policy here.

3. THE PURPOSES AND LEGAL BASIS OF DATA PROCESSING AND LEGITIMATE INTEREST

In accordance with article paragraph 1 letter b, personal data that is voluntarily provided by the user may be used for the following purposes, until the user opts out:

ï browsing on our website;

ï requests to contact the user, with the sending of information requested by the user;

4. MODALITIES OF DATA PROCESSING – RETENTION TIME

We process users’ data automatically and manually, using tools and procedures which guarantee the maximum security and privacy. Personal data is handled by persons officially appointed to the task pursuant to the terms and conditions of article 32 of Regulation (Eu) 2016/679. Data will be retained for as long as needed to fulfill the purposes for which it was collected. This website uses third party web hosting services.

5. COMMUNICATION AND DISSEMINATION OF DATA AND TRANSFER OF DATA ABROAD

Your personal data will not be communicated to third parties except to companies contractually connected to Bandinelli srl within the European Union, pursuant to the terms and conditions of article 44 of Regulation (EU) 2016/679, to comply with contractual obligations or other connected purposes.

Your data may be communicated to third parties belonging to the following categories:

• service providers for the management of the information systems used by of Bandinelli srl including telecommunications networks, such as email and newsletters, for example Mail Chimp;

• individuals or companies providing assistance or consultancy services

• competent authorities in order to fulfill legal obligations and/or to comply with the requests of public bodies.

The subjects belonging to the abovementioned categories may perform the function of data processor or act in complete autonomy as data controllers. The list of data processors is continuously updated and available from Bandinelli srl in Via Dell’Artigianato, 1 a Castelfranco Piandiscò (AR).

6. AUTOMATED PROCESSING AND PROFILING

Your data will not be subjected to automated processing or used for profiling.

7. NATURE OF TRANSFER AND REFUSAL

Apart from browsing data (as defined above), the provision of personal data by the user is optional. Should users refuse to provide their personal data we may not be able to satisfy requests for information, or offer other services connected to our website.

8. MINORS

This website and the services it offers are not intended for persons under the age of 18 and we do not intentionally collect the personal data of minors. Should it come to our knowledge that the personal data of minors has been involuntarily collected, we will delete such data as soon as possible at the request of users.

9. RIGHTS OF THE PARTIES INVOLVED

In order to exercise your rights as set out by Regulation (EU) 2016/679 of the European Parliament and Council on 27 April 2016, you may directly contact the data controller at our company address stated above, using the telephone number 055/965071 or by email at info@bandinelli.it.

 

As stated in article 13, paragraph 2, and from articles 15 to 22 of the Regulation, you have the following rights concerning the handling of your data:

 

a) Right of access to your personal data. You are entitled to know:

- if any of your personal data is being processed

- the purposes for which it is being processed

- the receivers or categories of receivers, to whom your personal data has been communicated

- if you did not supply the data yourself, all information available about its origin

- if there exists an automated decision process, including profiling

 

You are entitled to a copy of the personal data being processed.

 

b) Right to rectification and integration of personal data;

 

c) Right to erasure of data («the right to be forgotten»). You have the right to obtain erasure of your personal data where one of the following applies:

1. the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

2. you withdraw your consent for the data processing and there does not exist any other legal ground for the processing;

3. you object to the processing and there are no overriding legitimate grounds for the processing;

4. your personal data have been unlawfully processed;

5. your personal data have to be erased for compliance with a legal obligation in the European Union or in a Member State to which the controller is subject;

 

Where personal data has been made public in an online environment the controller must take reasonable steps to inform other controllers who are processing the personal data to erase links to copies or replication of that data.

d) Right to restrict processing. You have the right to restrict the processing of your personal in these cases:

1. you contest the accuracy of your personal data, for the period in which the controller verifies the accuracy of the data;

2. the data is being unlawfully processed and you request restriction instead of erasure;

3. although the controller no longer needs your personal data, you need the data to be kept in order to exercise or defend a legal claim;

4. you object to the data processing and the controller is considering whether there are legitimate grounds which override those of the subject.

 

e) Right to file a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) following the procedures and indications on the official website, www.garanteprivacy.it.

 

f) Right to portability. You have the right to receive the personal data you have provided to a controller in a structured, commonly used and machine-readable format and the right to transmit these data to another controller when:

1. the lawful basis for processing the information is consent or for the performance of a contract

2. the processing is carried out by automated means

 

Where it is technically possible, you have the right to obtain the direct transmission from one data controller to another.

 

g) Right to object in any moment to the processing of your personal data, including profiling, in these circumstances:

1. the processing is being carried out on the basis of legitimate interests of the controller and you state your specific reasons for objecting;

2. your data are being used for direct marketing.

 

h) Rights related to automated decision making including profiling. You have the right not to be subject to a decision based solely on automated processing, including profiling except in cases where the decision is necessary for entering into or the performance of a contract between yourself and the data controller or is authorized by European Union or Member State law to which the controller is subject or is based on your explicit consent.

i) The right to withdraw consent at any moment.

 

These rights are to be exercised without payment and without restrictions except in situations set out by article 23 of Regulation (EU) 2016/679.

10. CHANGES TO THIS INFORMATION

We reserve the right to modify, update, add to or remove parts from the present privacy policy statement at any time. The statement will always indicate the most recent date of modification or updating. In using our website after we have modified or updated the statement, users accept the information set out in its most recent version.

Last update: 25/05/2018