“www.andreoli-italy.it” hereinafter will be referred to as “THIS SITE”
“EU Regulation 2016/679” hereinafter will be referred to as “GDPR”
“ANDREOLI SRL” hereinafter will be referred to as “the DATA CONTROLLER”
The protection of your Privacy is one of our main objectives.
For this reason, the contents and services offered by THIS SITE are provided only to those who make an explicit request, and in the various sections of THIS SITE (where we collect personal data), specific information is available pursuant to art. 13 of the GDPR for your perusal before providing the requested data.
The DATA CONTROLLER is
Headquarters: Via delle Campiane, 1/1A – 20811 Cesano Maderno (MB)
VAT ID No. 03832050961
Tax ID No. 03832050961
We hereby declare that the DATA CONTROLLER complies with the GDPR and provides for the protection of persons and other individuals in relation to the processing of personal data. According to the abovementioned regulations, the processing carried out by this site will be based on the principles of lawfulness, correctness, transparency, purpose and storage limitation, data minimisation, accuracy, integrity and confidentiality.
PERSONAL DATA SUBJECT TO PROCESSING
THE PURPOSES OF PROCESSING
RECIPIENTS OF THE PERSONAL DATA
RIGHTS OF THE INTERESTED PARTY
PERSONAL DATA SUBJECT TO PROCESSING
By “processing of personal data” we mean any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making it available, comparison or interconnection, limitation, deletion or destruction (Article 4.2 of the GDPR).
We wish to inform you that the personal data subject to processing will comprise – also depending on your decisions on how to use the services of THIS SITE – an identifier such as the name, the email address, the telephone number or another identification number, location data and other data that can make you identified/identifiable, depending on the type of services requested (hereinafter known only as “PERSONAL DATA”). The DATA CONTROLLER does not collect, in any case, special categories of personal data (religion, political affiliation, state of health, etc.).
The categories of PERSONAL DATA processed by THIS SITE are the following:
DATA SUPPLIED VOLUNTARILY BY THE INTERESTED PERSON
When using certain areas of THIS SITE, you may incur into the processing of PERSONAL DATA supplied voluntarily by you in order to be contacted and/or to receive a service in return, such as requesting information, applying for customisable offers, signing up for newsletters, purchasing products or services.
The computer systems and software procedures used to operate THIS SITE collect, during their regular operation, certain PERSONAL DATA, the transmission of which is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified interested parties, but, because of its nature, could allow to identify users, through processing and associations with data held by third parties. This category of data includes IP addresses or computers’ domain names used to access THIS SITE, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of server’s response (successful, error, etc.) and other parameters regarding the operating system and user’s computing environment. This data is only used to obtain anonymous statistical information on the usage of THIS SITE and to check its correct functioning, to identify anomalies and/or abuse, and are deleted immediately after processing. This data could be used to assess liability in case of any hypothetical cybercrimes against our site or third parties. Currently, THIS SITE is hosted on the servers of Siteground.
WHAT ARE COOKIES
Cookies are small text files that store different types of information about the user who is visiting a website, such as the location, the device (PC, smartphone, tablet, etc.) and the browser used, authentication data, browsing preferences, etc… but they can also store data about personal habits and choices – this information may be used to trace a profile of each individual consumer.
More specifically, there are two macro-categories of cookies:
strictly necessary for the functioning and use of the web service, are used to collect and aggregate information about site visits. Among these there are:
- browsing (or session) cookies
- authentication cookies (for example, entering username and password)
- personalisation cookies (for example, related to saving preferences)
- functionality cookies (for example, saving a shopping cart or language/currency settings)
- cookie analytics (or statistical, which are considered technical if used by the operator to collect data in an aggregate form (= without collecting IP addresses), on the number of users and on how they visit the site)
- flash player cookies (if they do not exceed the duration of the session)
are used to outline the user’s profile and display targeted advertising, such as:
- first or third-party advertising profiling cookies;
- retargeting cookies;
- social network cookies;
- statistics cookies managed entirely by third parties (except for analytics cookies installed directly on the server of the first party or of their server farm without third-party interactions, such as Piwik; third-party cookies managed anonymously, or in relation to which the third party cannot access the disaggregated analytics concerning IP addresses).
TYPES OF COOKIES ON THE SITE
All cookies used on THIS SITE do not allow the acquisition of the user’s personal data and cannot retrieve any other data from the user’s hard drive or transmit computer viruses or take possession of the user’s email address.
When browsing THIS SITE, “technical” cookies will be downloaded. These cookies are necessary to use the site and the user gives consent to installing this type of cookies simply by continuing to browse the site, clicking a link or scrolling the page itself (or by confirming the brief notice that appears on a banner during the first visit to the site).
Google Plus: whenever content published on Google Plus appears on the site, Google Plus may install cookies to detect preferences related to the use of this service. For more information see Google and Google Plus Privacy Policies.
The same applies to any other links to third-party sites, to which the related policies will apply.
TABLE OF COOKIES
When accessing THIS SITE, you will see a message (shown below) in a window from which you can immediately disable certain categories of cookies. Below is the message that appears during the first visit to the site, followed by the complete list of cookies and the option to disable them.
INITIAL DECLARATION AND THE TABLE OF COOKIES
THE PURPOSES OF PROCESSING
The processing that we intend to carry out, under your explicit consent (where necessary), has the following purposes:
- To improve the website browsing experience: to allow browsing, consultation and viewing of the informative material on THIS SITE, as well as to improve the browsing experience of THIS SITE.
- Legal requirements: to comply with legal, accounting and tax obligations to which the DATA CONTROLLER is subjected to, as this is a legitimate PERSONAL DATA processing (pursuant to Art. 6.1(c) of the GDPR).
- To reply to information requests: to reply to information requests received via email, phone, chat or through the designated form, about services and solutions offered on THIS SITE.
- To send newsletters: by expressly joining the Newsletter service, you consent to the processing of email address and other personal data you provide to us voluntarily (when filling in the registration form) for the purpose of periodically sending the Newsletter and any another personalised service to which you subscribe, as well as to improve the effectiveness of the advertising campaigns associated with our services. If you sign up to the newsletter, we will periodically send you emails containing: an update on the news of THIS SITE (new services, etc.), useful information for your business, new business or partner company of the DATA CONTROLLER, commercial offers of products and services offered by the DATA CONTROLLER. Once you sign up for the newsletter, you can cancel your subscription at any time, by making a specific request through the mechanism proposed in the footer of the email received.
- Marketing purposes: to carry out direct marketing via e-mail (soft spam) for services similar to those you have subscribed to or purchased, to pursue the legitimate interest of the DATA CONTROLLER of promoting products or services in which you are likely to be interested in. Unless, of course, you did not consent to this kind of processing either initially or after subsequent communications. We remind you that the processing carried out for the purpose of email marketing of products or services similar to those purchased by you finds a legal basis in the legitimate interest of the DATA CONTROLLER (ref. Recitals (47) and (70) of the GDPR, Art. 6.1(f) of GDPR) to promote their products or services in a context in which the data subject can reasonably expect this type of processing, to which they may, however, object at any time. In fact, if you wish to oppose to the processing of your data for marketing purposes, you can do so at any time following the instructions in the footer of a promotional email or by sending a request to the email of the DATA CONTROLLER.
- Statistical purposes and market research: to develop studies, research, market statistics; to send advertising material, information notices, commercial information or surveys to improve the service (“customer satisfaction”) via email or text message, and/or through the use of the phone with operator and/or through the official pages of THIS SITE or on social networks or other official channels of the DATA CONTROLLER.
- Fraudulent conduct: exclusively for purposes of security and fraudulent conduct prevention, the DATA CONTROLLER implements an automatic control system that involves the detection and analysis of user behaviour on the site, associated with the processing of PERSONAL DATA, including the IP address. The consequences of this processing are that, if a person attempts to engage in fraudulent conduct on THIS SITE (for example to benefit several times of the same promotion without having the right to do so). the DATA CONTROLLER reserves the right to exclude this individual from the promotion or to adopt any another appropriate measure for their own protection. This processing is also based on the legitimate interest of the DATA CONTROLLER to detect frauds committed against them (ref. Recital (47) of the GDPR, Art. 6.1 (f) of the GDPR).
- Communication to third parties: only in reference to certain services, the data may be processed for purposes of communication to third parties for their third-party marketing purposes, i.e. to provide information and/or to make offers on products, services or initiatives offered or promoted by other companies of the DATA CONTROLLER and/or its affiliates and/or subsidiaries, and/or other business partners and outsourcers acting as independent data controllers.
Providing your PERSONAL DATA for the purposes of processing based on the issuance of your consent (pursuant to Art. 6.1(a) of the GDPR) is entirely optional and will not affect the use of other services of THIS SITE.
RECIPIENTS OF THE PERSONAL DATA
Your PERSONAL DATA may be processed electronically with access limited to persons appointed and authorised by the DATA CONTROLLER, who has taken all the necessary security measures to minimise the risk of privacy violation by third parties and is ready to adopt the security measures that prove indispensable at any time.
Your PERSONAL DATA may be shared for “processing purposes” listed above, with:
- Persons who normally act as data processing managers, that is: people, companies or professional firms that provide assistance and advice to the DATA CONTROLLER in management, accounting, administrative, legal, tax, financial and credit recovery in relation to the provision of services; as well as people, companies or professional firms that provide professional assistance and consultancy services necessary to support the provision of the services offered on THIS SITE. The complete list of data processing managers is kept at the DATA CONTROLLER’s office and you can request an updated copy at any time by contacting the DATA CONTROLLER’s at their email address.
- Persons who perform activities necessary for the services offered by the DATA CONTROLLER, or individuals with whom it is necessary to interact for the provision of services, or those who are delegated to perform technical maintenance activities (including maintenance of network equipment and electronic communications networks), or companies of the group or connected to the DATA CONTROLLER (whether Italian or foreign) who carry out administrative or statistical tasks (collectively known as “Recipients”)
- Persons authorised by the DATA CONTROLLER to process PERSONAL DATA required to perform activities strictly related to the provision of services, who are committed to confidentiality or have an appropriate legal obligation of confidentiality, such as employees of the DATA CONTROLLER;
- Business partners for independent and distinct purposes of business information and market research, and only in cases where you have provided your explicit consent.
- Persons, entities or authorities who require your PERSONAL DATA pursuant to legal provisions or orders from the authorities (for example, requests by the judicial authorities during a criminal investigation);
Some of your PERSONAL DATA is shared with Recipients that may be located outside of the European Economic Area. The DATA CONTROLLER ensures that the processing of your PERSONAL DATA by these Recipients is in compliance with the GDPR. Indeed, transfers can be based on a decision on the adequacy or on Standard Contractual Clauses approved by the European Commission.
More information is available from the DATA CONTROLLER, including information on which types of processing imply the transfer of the data in question to the outside of the European Economic Area. Given that the said transfer is necessary for the use of the service, in accordance with the privacy legislation in force, it is justified pursuant to Art. 44 and the following of CHAPTER V of the GDPR.
The PERSONAL DATA processed for the purposes described above will be kept for the time strictly necessary to achieve the relevant goals. In any case, since the processing is carried out for the provision of services, the DATA CONTROLLER will process the PERSONAL DATA until the time allowed by the Italian legislation for the protection of one’s own interests (Art. 2946 of the Civil Code and the following).
The PERSONAL DATA retention period varies according to the purpose for which it was collected:
- For Legal obligations : they will be kept until the end of the period specified by the applicable laws, and may be kept for a longer period if necessary as to protect the interests of the HOLDER from possible liability for supplies.</.
- To Reply to information requests : will be used for the time strictly necessary to achieve the purpose, and subsequently be kept exclusively for management purposes and to protect the interests of the HOLDER from possible liability based on such treatments.
- To Send newsletters or Marketing purposes or Statistical and market research purposes: they will be kept by the HOLDER until the consent given by the interested party is revoked. Once the consent has been withdrawn, the use of the data for these purposes will cease, but the HOLDER may keep them as a means to protection from possible liability based on the data treatment.
- To Use the site’s services or Reply to requests for assistance or Third party communications : it will be used for the time strictly necessary to achieve its purpose, and, as this personal data is processed to provide products/services, it will then be stored for a longer period as may be necessary to protect the interests of the HOLDER from possible liability for supplies.
The DATA CONTROLLER reserves the right to store your PERSONAL DATA until the time allowed by the Italian law for the protection of one’s own interests (Art. 2947(1)(3) of the Civil Code). More information on the period of data retention and on the criteria used to establish the length of this period can be requested from the DATA CONTROLLER.
RIGHTS OF THE INTERESTED PARTY
You have the right to request from the DATA CONTROLLER, at any time, the access to your PERSONAL DATA (according to Art. 15 of the GDPR), the correction (according to Art. 16 of the GDPR), the deletion (according to Art. 17 of the GDPR), the limitation of the processing (according to Art. 18 of the GDPR) or to oppose to the processing in the cases provided for in article 21 of the GDPR, and to obtain the data concerning you in a structured format, that can be commonly used and read by an automatic device, (“portability” according to Art. 20 of the GDPR). All the requests can be made by writing an email to the DATA CONTROLLER, using the address shown at the top of this document.
In any case, you are always entitled to file a complaint with the competent supervisory authority (the Authority for the Protection of Personal Data), pursuant to art. 77 of the GDPR, if you believe that the processing of your PERSONAL DATA is against the legislation currently in force.
Click here to read the version valid until May 24th, 2018.