Informative report on the protection of personal data in compliance with art. 13-14 of the GDPR Regulation (UE) 2016/679 (General Data Protection Regulation) and relevant implementing provisions
The Data Controller of the processing of personal data acquired through this website is Ideabiella Srl Contact details: Via Torino 56 – 13900 Biella – firstname.lastname@example.org
Please be informed that:
• all personal data are processed fairly, lawfully and transparently, in compliance with the general principles laid down in the GDPR Regulation and the Privacy Code;
• personal data are collected and processed exclusively for the purposes specified in this informative report;
• the objective is to collect, process and use the lowest possible number of data;
• when collecting personal data, we make sure they are as accurate and updated as possible;
• if the acquired personal data are no longer necessary for the purposes for which they have been collected or we are not obliged to their retention by law, we will do everything to erase, destroy or anonymize them;
• specific safety measures are in place in order to prevent data loss, illegal or improper use and unauthorized access;
• personal data shall not be shared with, sold, or made available to subjects other than those specified in this Informative Report.
3.a. Law and contractual obligations– data processing necessary to fulfil a legal or contractual obligation to which the data controller is subject, or to perform a specific request of the data subject.
The information systems and software procedures, used to operate this website, acquire during normal operation certain personal data, whose transmission is implied in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers and terminals used by users who connect to the website, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, time of the request, method used to submit the request to the server, size of the file obtained in reply, numerical code indicating the status of the response from server (successful delivery, error, etc.) and other parameters relative to the operative system and the user’s IT environment.
Personal data can be processed without the data subject’s consent to comply with the obligations arising from laws, regulations, codes or procedures approved by the competent Authorities and Institutions.
Personal data shall also be processed for the purposes connected with the provision of services by the Company during website navigation, namely:
b. Defence of a right before a court
Personal data shall also be processed anytime there is the necessity to establish, exercise or defend a legal claim of the Data Controller or of companies or other entities related to the Controller before a court.
c. Legitimate interest of the Data Controller
The Data Controller shall be entitled to process the personal data without the data subject’s consent, in the following cases:
The personal data shall be kept for a period of time not exceeding the period necessary for the purposes for which data have been collected and processed in compliance with legal obligations.
The use of session cookies (not persistent) is limited to the strict minimum necessary for a safe and efficient browsing of websites. The storing of session cookies in users’ terminal equipment or browsers is under the user’s control, whereas on the servers at the end of HTTP sessions, cookies information remain recorded in the services’ logs, for the relevant retention times.
Since the aforementioned data are necessary for maintaining and providing all the services connected with the Website navigation, failing to communicate them will make the supply of such services impossible.
All collected and processed data can be disclosed only for the purposes specified above and only to the following categories of recipients: persons who, due to specific contractual obligations can manage the website and persons (employees and/or collaborators of the Data Controller) who have been expressly authorized to the personal data processing.
In terms of the (GDPR) European Regulation 679/2016 and national legislation, and within the limits and in accordance with the procedures provided for by the applicable law, a data subject has the right:
to obtain confirmation as to whether or not personal data concerning him exist (right to access);
to be informed of the source of the personal data;
to obtain communication in intelligible form;
to be informed of the logic, methods and purposes of the processing;
to obtain updating, rectification, integration, erasure, anonymization, blocking of data that have been processed unlawfully, including those data whose retention is no longer necessary for the purposes for which they have been collected;
where there is the expressed consent to personal data, to obtain from the Data Controller his personal data in a structured form readable by a data processor and in a format commonly used by electronic devices;
the right to bring a compliant before a Supervisory Authority.
The rights referred to above may be exercised by making a request via e-mail to the Data Controller.
This Informative Report may be subject to periodic revision, also in consideration of the reference legislation and case law. Any significant changes thereto shall be adequately reported in the website homepage for a reasonable period of time. In any case, the data subject is invited to regularly consult this Informative Report.