1. Who is the controller ?
Bonaiti S.p.A., with headquarters in via Galileo Galilei 27 – Mestrino 35035 (PD) Italy. The controller can be contacted using the e-mail address firstname.lastname@example.org or the Certified Electronic Mail email@example.com.
2. What data is processed?
The company Bonaiti S.p.A. processes some of the personal data of the users who interact with the IT systems and the software processes which are necessary to the functioning of the website. Firstly, Bonaiti S.p.A. processes data which is automatically acquired by the IT systems during the website surfing, such as the IP address, domain names and type of browser. Such data does not include any further personal information and is used to get anonymous statistical information on the use of the website, and to check the modality of its use; furthermore it is processed to ascertain responsibility in case of hypothetical computer crimes against the website.
Personal data which are supplied by the user, such as name, surname, and address, are processed. The Company can collect and use different types of personal data according to specific purposes, as described below.
It should be noted that sending emails to the addresses mentioned on this website implicates the acquisition of the origin email address, and of other possible personal data included in the mail. Specific synthetic privacy policies are available on the website’s pages which are dedicated to services on request.
3. What are the purposes of the data processing?
Personal data required on the form are processed:
a) Without your consent, for the following purposes: i) registration to the website; ii) fulfilment of pre-contractual, contractual and fiscal obligations arising from contractual relationships; iii) fulfilment of accounting and tax requirements; iv) fulfilment of obligations as required by the law, rules, EU legislation or authority’s orders; v) prevention or discovery of fraudulent activities or damaging abuses to the website; vi) exercise of the Controller’s rights such as, for example, defence before the courts.
b) Only with your consent, for the following purposes: i) to send out newsletters; ii) to send commercial communications and/or promotional material on products or services offered by the Controller; iii) information related to means of payment; iv) information on habits and profiling, such as data regarding purchases, information on activities and initiatives related to the management of the relationship with clients, purchase habits and preferences, other information (e.g. information on job, education, hobbies, lifestyle) which the applicable law allows to collect.
4. Basis for the data processing
The users’ personal data is processed if:
- the subject has given consent for one or more purposes, and only in reference to the purposes for which the consent is given;
- the data processing is necessary for the execution of the contract with the subjects.
5. To whom is the data disclosed?
The personal data collected on the website can be processed by other subjects who are involved in different ways in the company organization, and specially:
- those who have access to, and process, personal data under the controller’s authority (referent/authorized staff);
- natural or legal persons who treat personal data on behalf of the controller (data processing managers).
In any case, the subject can ask the controller for the updated list of the data processing managers, by email.
Except for the above mentioned possibilities, the subject’s personal data shall not be disclosed to third parties unless:
- the user has given express consent to the disclosure;
- the disclosure is necessary to supply products or services as requested by the same subject;
- it is required by the Judicial Authority or by the Public Safety Authorities.
6. How is data processed?
In relation to the above mentioned purposes, data is processed with IT tools, computers, or on paper, with tools suitable to guarantee maximum security in order to avoid unauthorized accesses through the adoption of suitable safety measures.
Personal data is collected both with completely automated processes and manually, but the consent of the subject who supplies their data to the form on the website is always necessary.
7. Is data transferred abroad?
Personal data can be transferred out of the national territory, to countries located inside the European Union or outside the EU.
8. How long can your data be stored?
Personal data will be processed and stored for the time period necessary for the purpose for which it was collected.
- for the purposes related to the management of the contract: data will be stored for the time period necessary to the execution of the service which was required and, after this, for the time period in which the controller is subject to mandatory data retention for tax purposes or other purposes required by law or regulations. Data is stored, anyhow, for the time period which is necessary for the prescription of possible responsibility actions (10 years);
- for marketing and profiling purposes: 48 months from the date of collection, with the possibility for the subject to modify or revoke the consent;
- for the newsletter: 48 months from the date of collection, with the possibility for the subject to modify or revoke the consent;
9. What are the subject’s rights?
The subject has the right to ask the controller if personal data treatment regarding them is underway, and if so, gain access to the following information:
- purpose of the treatment;
- type of data treated;
- recipients of the personal data;
- planned retention period, if possible;
- existence of the right to modify or delete the personal data, or to limit the treatment;
- receive the personal data related to the subject in a structured format of common use and which can be read by automatic devices, and request their transmission to another controller, if this is possible from a technical point of view.
- existence of the right to lodge a complaint to a control authority (personal data protection Authority – www.garanteprivacy.it;
- if the data is not collected at the subject’s place, all the information on the origin;
- if personal data is transferred to a third country or to an international organization, the subject has the right to be informed on adequate safeguards of the transfer.