BIGonDRY Srl (Tax code and VAT no. 02920490246) with registered office in Via Tozzi, 7 – Pove del Grappa 36020, Italy – Tel. +39 0424 219594 Fax +39 0424 592367, e-mail firstname.lastname@example.org; (hereinafter, “Controller”), as Data Controller, informs you pursuant to Art. 13 of the EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following manner and for the following purposes.
1) Object of the treatment
The Controller processes personal, identifying and non-sensitive data (in particular, name, surname, tax code, VAT number, e-mail address, telephone number – hereinafter, “personal data” or “data”) communicated by you when registering on the Data Controller’s website and/or when requesting information through the contact form provided by the Data Controller.
2) Purpose of treatment
Your personal data may be processed without your express consent (art. 6 letter. b) and f) GDPR), for the following purposes of service:
- allowing your navigation on the website;
- managing and maintaining the website;
- fulfilling the obligations provided for by law, regulation, Community legislation or an order of the Authority;
- preventing or detecting fraudulent activities or abuses that damage the website;
- exercising the rights of the Controller, for example the right of defense in court.
3) Methods of treatment
The processing of your personal data is carried out by means of the operations indicated in Art. 4 no. 2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to paper, electronic and automated processing.
The Controller will process personal data for the time necessary to fulfill the above purposes and in any case for no more than 10 years from the termination of the relationship.
4) Access to data
Your data may be made accessible for the purposes referred to in Article 2:
· to employees and collaborators of the Data Controller, as persons in charge and/or internal data processors and/or system administrators;
· to external companies for support activities in the study of the feasibility of the customer’s project, for activities of technical management of the project, for the storage of personal data, etc..) or to third parties (for example, providers for the management and maintenance of the website, suppliers, credit institutions, professional firms, etc.) who perform outsourced activities on behalf of the Controller, such as external data controllers;
5) Communication of data
Without your express consent, the Controller may communicate your data for the purposes referred to in Article. 2. A) to supervisory bodies, judicial authorities and all other persons who require such communication by law for the performance of the above purposes. In any case, your data will not be subject to disclosure.
6) Transfer of data
The management and storage of personal data will take place within the European Union on servers of the Controller and / or third-party companies appointed and duly appointed as data processors. Our servers are currently located in Italy. The data will not be transferred outside the European Union. In any case, it is understood that the Controller, if necessary, will have the right to change the location of the servers in Italy and / or in the European Union and / or non-EU countries. In this case, the Data Controller hereby guarantees that the transfer of non-EU data will take place in accordance with the applicable legal provisions, entering, if necessary, agreements guaranteeing an adequate level of protection and/or adopting the standard contractual clauses provided for by the European Commission.
7) Nature of data provision and consequences of refusal to respond
The provision of data is required. In their absence, we cannot guarantee the navigation and the use of the requested services.
8) Rights of the data subject
As an interested party, you have the rights under Article 15 of the GDPR and specifically the rights to:
A) obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet recorded, and to receive such data as intelligible form;
B) obtain the indication of:
· the origin of the personal data;
· the purposes and methods of processing;
· the logic applied in case of processing carried out with the aid of electronic instruments;
· the identification data concerning the data controller, the data processors and the designated representative and the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of such data, as designated representatives in the territory of the State, data processors or persons in charge of the processing;
– update, correction or, when interested, integration of data;
– cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
– acknowledgment that activities A) and B) have been notified, including their content, to those to whom the data were communicated or disseminated, unless this requirement proves impossible or involves the use of means that are clearly out of proportion in view of the right that is being protected;
D) exercise opposition, in whole or in part:
· for legitimate reasons, to the processing of personal data concerning you, even if relevant to the purpose of collection;
· against the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by email and / or traditional marketing methods by telephone and / or mail. Please note that the right of opposition of the person concerned, as set out in point B) above, for direct marketing purposes by means of automated methods extends to the traditional ones, always without prejudice to the possibility for the person concerned to exercise the right of opposition even only in part. Therefore, the interested party may decide to receive only communications by traditional means or only automated communications or neither of the two types of communication.
· where applicable, your also have the rights under Articles 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right of opposition), as well as the right to lodge a complaint to the Supervisory Authority.
9) Procedures for the exercise of rights
You may at any time exercise your rights by sending:
· a registered letter with notice of receipt addressed to: BIGonDRY Srl, Via delle Industrie, 61 – Cartigliano (VI) Italia e-mail: Info@bigondry.com;
· an email to the following address: email@example.com
· a certified email to the following address: firstname.lastname@example.org
This site and the services of the Controller are not intended for children under 18 years of age and the Controller does not intentionally collect personal information relating to minors. In the event that information on minors is unintentionally recorded, the Controller will delete it in a timely manner, upon requests of the users.
11) Data Controller, Data Processors and Persons in charge of data processing
Data Controller is BIGonDRY Srl (Tax number 02920490246) with head office in Via Tozzi, 7 – Pove del Grappa, Italy – Tel. +39 0424 219594, e-mail email@example.com; certified email address firstname.lastname@example.org. The updated list of Data Processors and Persons in Charge of data processing is kept at the registered office of the Data Controller.
12) Changes to this Policy
This Policy is subject to change. We therefore recommend that you check this information regularly and refer to the latest version.