Information notice pursuant to Article 13 of the REGULATION (EU) 2016/679 (GDPR)
WHY THIS INFORMATION
Pursuant to Regulation (EU) 2016/679 (hereinafter, “GDPR”), this page describes how personal data are processed. This information is provided pursuant to Article 13 of GDPR and is not to be considered valid for other third-party websites that may be reached through links on this website, for which no liability is accepted
Personal data that can be processed
Personal data: any information concerning an identified natural person, with particular regard to an identifier such as the name, the identification number, location data, the online identifier or to one or more elements regarding its physical, physiological, genetic, mental, economic, cultural or social identity
Personal data of users/contractors
Browsing data
The computer systems and software procedures in charge of this site’s operation acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or the domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) form addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (done, error, etc.) and other parameters concerning the user’s operating system and computer environment.
Data supplied voluntarily by the user
The optional, explicit and voluntary sending of messages to the contact addresses indicated on this site and/or the filling in of data collection forms entail the subsequent acquisition of the sender’s address, necessary in order to reply to the requests, as well as of any other personal data entered in the message.
Information on the processing of personal data through social media platforms
As for the processing of personal data carried out by the managers of the Social Media platforms used by the Data Controller, please refer to the information provided by them in their respective privacy policies. The Data Controller processes the personal data provided by the users through the pages of the dedicated Social Media platforms in order to manage the interactions with the users (comments, public posts, etc.) and in compliance with the regulations in force.
Specific information
Specific information may be provided on the pages of the Site with reference to particular services or processing of the data provided.
Cookies and other tracking systems. What are cookies? What are they used for?
As for Cookies and other tracking systems, please refer to the Cookies Policy in the footer of the Site and the following link.
- WHO IS THE DATA CONTROLLER? HOW TO CONTACT THEM?
The data controller is CEAM AMADEO SPA, with registered office in Cermenate, via Dante Alighieri, 5, in the person of its pro-tempore Legal Representative, who may be contacted for any information by e-mail privacy@ceamitalia.it, or telephone No. +39 031/771316.
- PURPOSE OF PROCESSING, LEGAL BASIS, DATA RETENTION AND NATURE OF DATA PROVISION
| PURPOSES OF THE PROCESSING | LEGAL BASIS | DATA RETENTION | NATURE OF PROVISION |
| Navigation on this website. The data required to use the web services are also processed for the purpose of: -obtaining statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.); -to check the correct functioning of the services |
Processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, taking into consideration the reasonable expectations of the data subject and the activities that are strictly necessary for the operation of the site or for browsing it (Art. 6, par. 1 lett. f and C47 of GDPR). |
Navigation data will be retained for the whole duration of the browsing session. | The provision of data is necessary to browse the website. |
| Use of cookies and similar technologies. Please, refer to the cookies policy in the Site footer |
For non-technical necessary cookies and similar technologies, processing is based on consent to the processing of personal data (Art. 6 para. 1 letter a and C42, C43 of the GDPR). The consent is given through the banner and the cookie policy of the website |
See Cookie Policy in the Site footer | See Cookie Policy in the Site footer |
In addition to navigation, personal data will be processed for:
| PURPOSES OF THE PROCESSING | LEGAL BASIS | DATA RETENTION | NATURE OF PROVISION |
| A) Any contact request or information | Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (C44) art. 6 par. 1 lett. b) of GDPR. | 12 months maximum | The provision of data is necessary. Failure to provide the necessary data will result in the impossibility of being contacted and receiving information. |
| B) DIRECT MARKETING, for sending advertising or direct marketing material or for carrying out market research, approval or commercial and promotional communication, newsletters, by automated means (electronic mail, SMS) and traditional means (telephone and paper mail). | Processing is based on consent to the processing of personal data (C42, C43) Art. 6(1)(a) GDPR |
Until consent is revoked (o opt-out) |
The provision of data is voluntary. The failure to provide the necessary data will make it impossible to receive direct marketing communications. |
| C) Handling your requests pursuant to art. 15 et seq. of GDPR (rights of the data subject) | The processing is necessary for compliance with a legal obligation to which the Data Controller is subject to. (C45) Art. 6 para. 1 letter c) GDPR. |
5 years after closing of the claim, unless in dispute | The provision of data is mandatory, , in order to be able to execute legal obligations. |
| D) Activities of an administrative, accounting, organisational and customer data management nature, for pre-contractual and contractual purposes | Fulfilment of contractual/pre-contractual obligations Art. 6(1)(b) of the GDPR |
1 year | The provision of personal data is mandatory, as it is necessary in order to fulfil contractual and pre-contractual obligations. |
- RECIPIENTS OR CATEGORIES OF RECIPIENTS
Personal data are disclosed, also on the basis of the purposes of specific areas, to subjects who will process them by acting as independent Data Controllers, or Data Processors (art. 28 GDPR) and processed by natural persons (art. 29 GDPR) acting under the authority of the Data Controller and the Processors on the basis of specific instructions on the purposes and methods of processing, for specific purposes based on the area of reference. The data will be disclosed to the following categories of recipients:
– Subjects providing services for the website and communication networks, including e-mail, hosting and website management
– Independent professionals, firms or companies in the context of assistance and consultancy relationships;
– platform operators for the services listed above (e.g. site hosting);
– Competent authorities to fulfil legal obligations and/or provisions of public bodies, upon request
The list of Data Processors can be obtained by writing to privacy@ceamitalia.it or to the headquarters of the Data Controller.
- DATA TRANSFER TO THIRD COUNTRIES AND/OR INTERNATIONAL ORGANIZATION?
Personal data will not be transferred to non-EEA countries for the purposes indicated on paragraph A), C) and D). For direct marketing purposes, paragraph B), personal data should be trasnsfered to non EEA countries, to subjects who have provided adequate guarantees, with standard contractual clauses (SCC) of the European Commission (art. 46, par. 2, lett. c and lett. d).
For information about the guarantees for the transfer of data outside the EEA, please write to privacy@ceamitalia.it.
- AUTOMATED PROCESS?
Personal data will be subjected to traditional, electronic and automated manual processing. It should be noted that fully automated decision-making processes are not carried out.
- DATA SUBJECT RIGHTS
You can exercise the rights perusant Articles. 15 and s.s. GDPR, by writing to privacy@ceamitalia.it.
You have the right, at any time, to obtain access to your personal data (art.15), their rectification (art.16), their erasure (art.17), restriction of processing (art.18). The data controller shall (art. 19) communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed. The controller shall inform the data subject about those recipients if the data subject requests it. In the cases provided for, you have the right to the portability of your data (Art. 20), in which case they will be provided to you in a structured, commonly used and machine-readable format. You have the right to object (art.21), at any time, to the processing of your data based on legitimate interest, and in cases where the legal basis is consent, you have the right to withdraw the consent given, without prejudice to the lawfulness of the processing based on the consent given prior to the revocation.
If you wish to stop receiving automated direct marketing communications (e-mail, SMS, instant messaging), please send an e-mail to privacy@ceamitalia.it with the subject line “unsubscribe from automated” or use our automatic unsubscribe systems for e-mails only (opt-out).
If you wish to stop receiving traditional direct marketing communications (telephone calls by an operator and paper mail), please write an email to privacy@ceamitalia.it with the subject line “unsubscribe from traditional”.
If you wish to stop receiving marketing communications, please send an e-mail to privacy@ceamitalia.it with the subject line “unsubscribe marketing”.
If you believe that the processing of personal data carried out by the Data Controller is in breach of the provisions of Regulation (EU) 2016/679, you have the right to lodge a complaint with the Supervisory Authority, in particular in the Member State in which you normally reside or work or in the place where the alleged breach of the Regulation has occurred (garante privacy https://www.garanteprivacy.it ), or to take appropriate legal action.
- AMENDMENTS TO THIS INFORMATION NOTICE
Data controller may change, modify, add or remove any part of this Information. In order to facilitate the verification of any changes, the information will contain the indication of the date of update of the information itself.
Update on: 18/01/2022