INFORMATION ON THE PROCESSING OF PERSONAL DATA OF WEBSITE USERS
The owner of this website, the company REG SALDATRICI ELETTRONICHE MATERIE PLASTICHE GALBIATI SRL, in compliance with the obligations arising from national[1] and EU legislation (hereinafter GDPR[2] or Regulation) and subsequent amendments, respects and protects the confidentiality of users/visitors, putting in place appropriate and proportionate security measures so as not to harm their rights.
This policy applies exclusively to the online activities of this site in particular to the completion of forms, request for information or any other form of interaction with the site that involves the communication by the user of personal data. With it, the Owner pursues the goal of providing maximum transparency regarding the information the site collects and how it uses it.
The processing will be based on the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability.
Pursuant to Articles 13 and 14 of the GDPR and current legislation, the following information is provided regarding the processing that the company REG SALDATRICI ELETTRONICHE MATERIE PLASTICHE GALBIATI SRL will perform with personal data:
1. Data subjects
The Data Controller of personal data processing is the company REG SALDATRICI ELETTRONICHE MATERIE PLASTICHE GALBIATI SRL, having its registered office in Via Enrico Fermi 28 Bonirola di Gaggiano 20083 Milan – VAT 01504740158, contactable using the e-mail address info@reg.it, or the certified e-mail address (PEC) amministrazione@pec.reg.it.
2. Method of processing and type of data collected
The Data Controller takes all appropriate technical and organizational measures to secure the personal data processed. In particular, these measures are aimed at preventing unauthorized access, disclosure, modification or destruction of the data, which will be collected, processed and stored in the archives, both paper and electronic, of the Data Controller and/or authorized internal subjects and external Managers expressly authorized for this purpose. The processing will be carried out with the help of both paper and computer media or electronic tools with logics of organization and processing of personal data, so as to ensure their security and confidentiality.
The Data Controller may process some personal data of users who interact with the web services of the site, in particular:
- browsing data: the IP address, the addresses in URI notation[3], the type of browser and the parameters of the device used to connect to the site, the name of the Internet Service Provider (ISP), the visitor’s origin[4] and exit web page, as well as details regarding the date and time of the visit, the requests sent to the site’s server and which make it possible to browse the site, may be acquired automatically by the computer systems during the use of the site. Browsing data may also be used to compile anonymous statistics to understand the use of the site and to improve its structure. Browsing data may possibly be used for the investigation of illegal activities, such as in cases of computer crimes, to the detriment of the site;
- personal contact data (name and surname, e-mail address, company name and telephone number), possibly of an economic and fiscal nature (in case, for example, an invoice is requested), necessary for the performance of existing or future contractual relationships with users.
No “special categories” of personal data, i.e., data that qualify as sensitive, are collected and processed in any way[5].
3. Purposes of processing
Data provided by the user or communicated by third parties will be processed for the following purposes:
a. registration to the website, to the services developed or made available by the Owner, use of related information services, management of contact or information requests;
b. establishment of contractual relationships and consequent administrative, legal and fiscal fulfilments, as well as to allow an effective management of financial and commercial relationships;
c. fulfillment of obligations under EU and national regulations;
d. direct marketing, i.e. sending of advertising material, promotional activities, commercial communication of products and/or services offered by the company; this activity may be performed by sending advertising/information/promotional material and/or invitations to participate in initiatives, events and offers aimed at rewarding users/customers, carried out through “automated” contact systems[6];
e. verification of the proper functioning of the site and for security reasons, in order to block attempts to damage the site itself or cause damage to other users and in any case ascertain and repress harmful or criminal activities.
By accessing the “Contact” section, the site allows the visitor/user to enter messages and other information. The voluntary and explicit sending of such information does not require a request for consent, and any completion of specifically prepared forms involves the subsequent acquisition of the address and data of the visitor/user, necessary to respond to the requests made and/or to provide the requested service.
The information that users of the site will consider to make public through the services and tools made available to them are provided by the user knowingly and voluntarily, going the Owner exempt from any liability with regard to possible violations that for the effect should be committed. It is in fact up to the user to achieve any permissions for the input of personal data of third parties or content protected by national and international regulations.
4. Legal basis for the processing of personal data
The provision of personal data for the purposes referred to in points 3-a) and 3-b) is mandatory, as the processing is related to a pre-contractual and/or contractual phase or functional to a request of the Interested Party or required by a specific regulation. Failure on the part of the Data Subject to provide certain personal data in relation to the aforementioned purposes could prevent the Data Controller from providing its services.
With regard to point 3-d) (direct marketing), personal data is entered voluntarily by the Data Subject. The consent must be expressed through an unequivocal positive act, moreover it must be free, specific, optional and always revocable without consequences on the usability of the services, except for the impossibility for the Controller to deliver some of them. In any case, the user may exercise the right to object at any time (see paragraph 9. “Rights of the Data Subject”).
The data collected and processed for the purposes of site security and prevention from abuse and unlawful activities referred to in paragraph 3-e), as well as data for the analysis of site traffic (statistics) in aggregate form, are processed on the basis of the legitimate interest of the Owner to protect the smooth operation of the site, as well as to protect the users themselves. In such cases, the user may exercise the right to object at any time (see Section 9. “Rights of the Data Subject”).
5. Use of Cookies
Cookies are small text files that the site sends to users’ terminals and are used to perform computer authentication, session tracking, storing information about specific configurations, storing preferences and more. This site uses cookies primarily to improve the browsing experience by measuring and analyzing aggregated and anonymized browsing data.
For information on the cookies used, as well as the management, setting and deactivation of cookies, users can consult the appropriate section of the site and follow the procedures specifically provided.
6. Recipients of personal data
The data will not be disseminated by the Holder, giving knowledge of it to undetermined subjects in any way, not even by making it available or consultation.
The data will be stored at the Data Controller and may instead be disclosed to determined parties defined as follows:
- authorized subjects involved in the organization of the site[7];
- external subjects[8] delegated for this purpose to specific processing activities and duly appointed as Data Processors pursuant to Article 28 of the Regulations, in accordance with applicable legislation and limited to the purposes of the professional services required and necessary;
- subjects to whom the right to access the data is recognized by provisions of law or orders of the authorities;
- possible third countries or international organizations, if for technical and/or operational issues it is necessary to transfer some collected data to technical systems and services managed in the cloud and located outside the European Union area[9]. In this case, the processing will be regulated in accordance with the provisions of Chapter V of the GDPR and authorized according to specific decisions of the European Union and the Data Protection Authority.
The complete list of all the persons in charge and authorized to process personal data can be requested by writing to the e-mail address info@reg.it or by regular mail to the address Via Enrico Fermi 28 Bonirola di Gaggiano 20083 Milan.
7. Place of processing
Data collected from the site are processed at the Data Controller’s offices and at the Web Hosting datacenter. The Web Hosting (Serverplan S.r.l.) as Data Processor, processes personal data on behalf of the Data Controller in accordance with European standards.
8. Period of storage of personal data
The data collected will be processed exclusively for the purposes indicated above and kept for the time strictly necessary to provide the requested service. In any case, this period of time will not extend beyond 10 years, after which the Data Controller will automatically delete the collected personal data.
9.Rights of the Interested Party
The Regulations reserve specific rights to users/interested parties. In particular, the Data Subject may exercise at any time the right to:
- to access his or her personal data, obtaining confirmation as to whether or not personal data concerning him or her are being processed and, if so, to be informed as to the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the data may be communicated, the applicable retention period, the existence of automated decision-making processes
- obtain the rectification of inaccurate personal data concerning him/her without undue delay;
- Obtain, in the cases provided for, the deletion of personal data concerning him/her without undue delay;
- obtain, in the cases provided for, the limitation of processing;
- to request the portability of the data he or she has provided to the Controller, i.e. to receive them in a structured, commonly used and machine-readable format, including for the purpose of transmitting such data to another Data Controller without hindrance from the Data Controller to whom he or she has provided them within the limits established by Article 20 of the Regulation
- to object at any time, for reasons related to his or her particular situation, to the processing of personal data concerning him or her, in the cases provided for in the Regulation;
- withdraw his or her consent at any time, as easily as if it had been granted;
- to lodge a complaint with the Data Protection Authority;
- Obtain all available information on the origin of personal data, if it has not been collected from the Data Subject himself/herself;
- receive notice without undue delay in the event of a “data breach,” i.e., if the breach of one’s personal data presents a high risk to one’s rights and freedoms;
- to be informed of the existence of adequate safeguards if personal data are transferred to a third country or international organizations.
All of the above rights may be exercised at the request of the Data Subject by writing directly to info@reg.it.
This notice may be subject to periodic updates.
Personal data controller
REG SALDATRICI ELETTRONICHE MATERIE PLASTICHE GALBIATI SRL
[1] D. Legislative Decree No. 196/2003, Personal Data Protection Code, as amended by Legislative Decree 101/2018;
[2] European Data Protection Regulation No. 2016/679;
[3] Uniform Resource Identifier;
[4] referral;
[5] pursuant to Article 4 of the Code and Article 9 of the GDPR;
[6] e.g. SMS and/or MMS, e-mail, interactive applications;
[7] e.g., employees of the Data Controller and possibly the Data Processor, including administrative staff, sales staff, system administrators;
[8] e.g., third-party technical service providers, lawyers, hosting providers, IT companies, communications agencies;
[9] in particular with Google, Facebook, Twitter, Microsoft, LinkedIn, via social plugins and the Google Analytics service;