Pursuant to EU Regulation 679/2016, containing the provisions on the protection of individuals with regard to the processing of personal data, Grafiche Antiga SpA with registered offices at Via delle Industrie 1, Crocetta del Montello (TV) hereinafter referred to as the “Company”, as Data Controller, is required to provide specific information on the use of personal data and cookies.
LEGAL BASIS OF PROCESSING
Giving your consent to collect and process your personal data is optional, and you may refuse such consent, or withdraw any consent previously given, at any time (by writing to the following e-mail address firstname.lastname@example.org). Refusing to give us your consent may however mean that we cannot provide some services and may interfere with your browsing experience.
In any case, you may provide your personal data in the forms/request for information sent to the Company.
As from 25 May 2018 (date on which the GDPR goes into force), this site will process some of the data according to the legitimate interests of the data controller.
TYPE OF DATA PROCESSED
This website uses common and anonymous data. In particular, the website uses log files for the computerised collection of data, when users visit the web pages of the website. We collect the following information: internet protocol address (IP); type of browser and parameters of the device used to connect to the website; name of your Internet service provider (ISP); date and time of your visit; web page from where the request originated (referral) and exit page; country of origin; number of clicks; the numerical code indicating the status of the server response (successful, error, etc.) and the parameters of the user’s operating system and IT environment. The above data are used only to process anonymous statistical information on the use of the website and to ensure that it runs efficiently. Please be aware that data may be used to ascertain liability in the case of IT crimes against the website at the request of the authorities.
When you electively, explicitly and voluntarily send us a request for information, even by e-mail, we obtain your e-mail address in order to reply to your request, including any other personal data that may be present in the letter/message.
PURPOSE AND RETENTION OF THE PERSONAL DATA PROCESSED
Your data will be processed for the following purposes:
- exclusively in aggregate and anonymous form to ensure a good browsing experience when you use our website. None of this data may be used to identify an individual-user of the website, nor do they permit identification (as from 25 May 2018 such information will be processed according to the legitimate interests of the data controller);
- for security purposes (spam filters, firewalls, virus detection), data that is automatically recorded may include personal data such as your IP address, that may be used, in compliance with applicable laws, in order to prevent attempts to attack the website or other users, or in any case to prevent criminal and other harmful activities. This data will however not be used to identify the user or for profiling purposes, nor crossed-referenced with other data nor supplied to third parties, but will be used only to protect the website and its users (as from 25 May 2018 this data will be processed according to the legitimate interests of the data controller);
- to disclose data to third parties who support us to provide our services;
The data received will be used exclusively to provide the service requested and only for the period of time required to provide the service.
The user is responsible for ascertaining that it is authorised to enter third-party data or contents subject to national and international laws.
The data collected by the website are used exclusively for the purposes indicated above and will be retained only for the time strictly necessary to carry out the activities specified. The personal data collected by the website will in any case not be disclosed to third-parties, for any reason whatsoever, other than in the case of a legitimate request from a judicial authority, and only in the cases set forth by law. We may however disclose your personal data to third-parties when this is necessary to provide a specific service that you have requested or to perform security checks on the website or to optimise the website.
PLACE OF DATA PROCESSING
Any processing related to the Web services of this website are performed on the premises of the Company exclusively by technical staff in charge of processing, or by persons in charge of occasional maintenance operations. No data obtained from the Web service will be disclosed or disseminated. The personal data provided by users who wish to receive information material are used exclusively to provide the service requested.
PLUGINS AND SOCIAL NETWORKS
This website uses social media plugins to share content on your favourite social networks. These plugins are disabled by default when you access the page, in order to safeguard your privacy. Cookies may be enabled, if this is required by the social network, only when the user wishes to use the plugins. Please bear in mind that if you sign in to the website using social media you grant permission to the social network to share the cookies used by the social network with us.
Collection and use of the information obtained through plugins are subject to the provisions of the privacy policies of the social networks, to which you should refer. This website also uses the web platform to send the newsletter MailChimp that, with the introduction of the “GDPR-friendly form”, is GDPR Compliant.
TRANSFER OF DATA TO THIRD COUNTRIES
This website shares some of the data collected with services located outside the European Union. In particular, with Facebook, Twitter, Pinterest and Instagram, through the social plugins and services of Google Analytics and MailChimp. The transfer is authorised according to specific regulations, decisions of the European Union and the Data Protection Authority, above all decision 1250/2016 (Privacy Shield), so that no further consent is required. The above companies represent and guarantee that they are committed to complying with Privacy Shield.
This website processes the data of users in a lawful and fair manner, using security measures to prevent unauthorized access, disclosure, editing or unauthorized destruction of data. Processing is carried out with IT and/or computer tools, and organizational methods and logics strictly related to the purposes in question. The software used to manage the website is constantly updated, and regularly scanned in order to check for viruses and dangerous codes.
In addition to the data controller, in some cases, certain categories of persons in charge of processing who are involved in the organisation of the website (administrative, commercial, marketing, legal personnel, system administrators) or other third parties (such as technical service providers, hosting providers, IT companies, communication agencies), may have access to the data.
The user may exercise its rights against the Data Controller, at any time, as set forth by EU Regulation 2016/679, by contacting the Data Processor. In order to exercise its rights, the User should identify itself in an unequivocal manner. The Company shall reply within no more than 30 days and, should this not be possible, shall advise why it needs to extend this term. The reply is free of charge other than if the request is groundlessness (i.e. if no data of the data subject are held) or excessive (i.e. submitted repeatedly) and in these cases a fee no higher than the costs actually incurred for the search actually carried out, will be charged. The rights relevant to the personal data of deceased persons may be exercised by anyone who has a proprietary interest or is acting to safeguard the data subject or for justifiable reasons of family protection. The data subject has the right to lodge a complaint before the supervisory authority. In the case of personal data breach incurred by the Company, the data controller will report such breach to the competent supervisory authority within no more than 72 hours from the event, also informing the data subject.
In particular, the data subject has the right to request and obtain:
- the source of the personal data;
- the categories of personal data processed;
- the processing purposes and methods
- the retention period
- the logics applied in the case of processing with electronic instruments
- the identification details of the Data Controller
- the persons or categories of persons to whom your personal data may be communicated or who may become aware of your data as data processors or persons in charge of processing, even in Third Countries.
- if data profiling is used
- confirmation of whether or not your personal data exist and that such data are provided in an intelligible form
- updating and rectification of data, completion of incomplete personal data and restriction of processing
- erasure, conversion into anonymous form or blocking of any data processed in breach of the law (including data that need not be retained for the purposes for which the data were collected or subsequently processed)
- the copy of the data processed
RIGHT TO OBJECT
Finally, we inform you that the data subject has the right to object:
- to the processing of its personal data, including profiling, for legitimate reasons, even if such reasons pertain to the purpose for which the data were collected
- to the processing of its personal data for the following purposes: to send advertising material, direct sales, market surveys, marketing messages for the processing of data for scientific or historical research or for statistical purposes, unless such processing is in the public interest.
DATA CONTROLLER AND DATA PROCESSOR
The Data Controller is Grafiche Antiga S.p.A.; any communications may be addressed to the Data Processor on e-mail email@example.com to the registered offices of the Company.