This page will describe the management of our web site as regards to the processing users personal data.
This is an information that is provided pursuant to art. 13 of the D.lg. n. 196/2003 (hereinafter, “Privacy Code”) and art. 13 EU Regulation n. 2016/679 (hereinafter, “GDPR”) to those who interact with web services accessible electronically from the address:
1.Data Controller, data processor and data handlers
The Data Controller is:
Guzzini Engineering SRL
S.P. 571 Km 10,983
Fax 071/7574373 – 757395
The up-to-date list of data processors and data handlers is kept at the Data Controller’s headquarters.
2. Object of the data processing
The Data Controller processes personal data of a non-sensitive nature (for example name, surname, tax code, VAT number, email, telephone number – hereinafter, “personal data” or even just “data”) provided by you during registration for web services offered by the Data Controller (for example: website, newsletter, social network).
3. Purpose of the data processing
Your personal data is processed:
A) without your express consent (art. 24 lett. a, b, c of the Privacy Code and art. 6 lett. b, e of the GDPR), for the following service provision purposes:
– for the purpose of compliance with a legal obligation, regulation, community legislation or an order of an official authority;
– to prevent or discover fraudulent activities or violations deemed harmful to the website;
– to exercise the rights of the Data Controller, for example the right of defence in court.
B) Only after your specific and distinct consent (art. 23 and 130 of the Privacy Code and art. 7 of the GDPR), for the following marketing purposes:
– to send you by email newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller
– to enable you to register on the website;
– to enable you to subscribe to the newsletter provided by the Data Controller and any additional services you may request;
Please be informed that if you are already our customer, we may send you commercial communications regarding services and products offered by the Data Controller that are similar to those you have already made use of, unless you specifically object (art. 130 paragraph 4 of the Privacy Code).
4. Data processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) of the GDPR, specifically: collection, registration, organisation, retention, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data may be processed using electronic, manual and/or automated means.
The Data Controller shall process the personal data for the time necessary to fulfil the aforementioned purposes and in any case for no longer than 10 years from the termination of the relationship for Service Purposes and for no more than 2 years from the collection of the data for Marketing Purposes.
5. Access to data
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
– to employees and collaborators of the Data Controller or companies of the Group to which the Data Controller belongs, in their capacity as data handlers and/or internal data processing managers and/or system administrators;
– to companies of the Group to which the Data Controller belongs (for example, for marketing or promotional activities or for collecting opinions, for storage of personal data, etc.) or to third parties (for example, service providers for management and maintenance of the website, suppliers, credit institutions, professional studios, etc) who perform outsourced activities on behalf of the Data Controller, in their capacity as external data processors.
6. Data communication
Without your express consent (ex art. 24 lett. a), b), d) of the Privacy Code and art. 6 lett. b) and c) of the GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to supervisory authorities, judicial authorities as well as to all other subjects to whom the communication is mandatory by law for the fulfilment of the purposes indicated above. Your data shall not be disclosed.
7. Nature of data provision and the consequences of refusal to reply
The provision of data for the purposes referred to in art. 2.A) is mandatory. Without said data, we shall not be able to guarantee registration on the website or the services outlined in art. 2.A).
The provision of data for the purposes referred to in art. 2.B), meanwhile, is optional. You can therefore decide not to provide any data or to subsequently revoke consent to the processing of data already provided: in this case, you shall not receive newsletters, commercial communications and advertising material related to the services offered by the Data Controller. However, you shall continue to be entitled to the Services referred to in art. 2.A).
8. Rights of the interested party
As an interested party, you have the rights set forth in art. 7 of the Privacy Code and art. 15 of the GDPR, namely the right to:
i. obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and the communication in intelligible form of said data;
ii. obtain information on: a) the source of the personal data; b) the purposes and methods of processing; c) the logic applied when the data is processed with the use of electronic instruments; d) the identity of the Data Controller, data processors and the representative designated pursuant to Article. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1 of the GDPR; e) the parties or categories of parties to which the personal data can be transferred or which can gain knowledge of them as designated representatives of the State, data processors, or handlers;
iii. obtain: a) the updating, correction or, when applicable, additions to the data; b) the cancellation, transformation into anonymous form, or blocking of data processed in violation of law, including those that need not be retained for the purposes for which the data were collected or subsequently processed; c) certification that the parties to which the data have been communicated or disclosed have been notified of the operations specified in points a) and b), also regarding their content, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected;
iv. oppose, in whole or in part: a) for legitimate reasons, the processing of your personal data, even if it is pertinent to the purpose of its collection; b) the processing of personal data concerning you for the purpose of sending advertising material or direct sales material, for the completion of market research or for commercial communication, through automated calling systems without human intervention, through email and/or traditional marketing communications by telephone and/or physical post. It should be noted that the interested party’s right of opposition, outlined above at point b), for the purposes of direct marketing by automated means also extends to traditional means and that in any case the interested party remains entitled to exercise the right of opposition even only in part. Therefore, the interested party may decide to receive communications through traditional means only or automated communications or neither of the two types of communication.
Where applicable, you also have the rights outlined in articles 16-21 of the GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the supervisory authority.
9. How to exercise your rights
You may at any time exercise your rights by sending:
– a letter by registered mail to Guzzini Engineering SRL S.P. 571 Km 10,983 – 62019 Recanati (MC)
– an e-mail to the e-mail address firstname.lastname@example.org
This website and the services provided by the Data Controller are not intended for minors (under 18 years of age) and the Data Controller does not knowingly collect personal information relating to minors. In the event that information relating to minors is inadvertently recorded, the Data Controller shall delete it promptly, at the request of the user.