Dear Visitor of the Website, complying with Privacy Law is particularly dear to us.
In particular, "General Data Protection Regulation" (EU Regulation 2016/679, known under the English acronym "GDPR") requires us to provide you with the following information on the processing of your Personal Data, pursuant to Article 13 of the aforementioned Regulation.
"Processing of Personal Data", in plain words, means any operation concerning any "information relating to an identified or identifiable natural person". For example, first and last name, or an email address with a "username" that identifies you (e.g. mariarossi@....), is considered "Personal Data", and the actions of collection, registration with us and use of your Personal Data to send you a communication, are considered "Processing" operations; same applies (again, for example) to communication of Data to other organizations and storage.
Our organization is defined as the "Data Controller", meaning that we are the entity that establishes how and for what purposes information relating to natural persons are processed.
You, as the "individual to whom the Personal Data refer", are referred to as the "Data Subject", and are entitled to receive the following information about who we are, what personal data we process, why, how and for how long we process it, and what obligations and rights you have in this regard.
If you are a natural person or a sole proprietorship, you are the Data Subject; if you are a private or public organization (e.g. a corporation, association, public body), the Data Subjects are the natural persons who administer the organization itself or who operate under its authority (e.g. its employees); information strictly related to the organization (e.g. tax code number or VAT number) is not considered Personal Data.
Depending on whether you are a simple Visitor, sending us a Request through the Contact Form, and/or at the addresses you can find at the “Contact” Page, or in case you want to buy our products through our e-commerce and/or benefit from one of our Services, we collect and/or we require you to provide us with Data, necessary to permit you to browse our Website and/or receive our answers to your requests and/or purchase our products and/or benefit from our services.
The website of the Italian Data Protection Authority contains further information useful to better understand the topic (see e.g.: http://www.garanteprivacy.it/home/diritti).
Who are we ("Data Controller")?
CVL Macchine Speciali S.r.l. Strada per felizzano14 - Fubine Monferrato - CAP 15043 (AL) ITALY Tel. (+39) 0131 210001-Partita IVA 02465400063 - Numero REA AL-258143
What categories of Personal Data do we process?
“Common" personal data (the ones included in the registration page and checkout) at the minimum extent needed to fulfill each of the Purposes shown below. We process all the Data you supply when writing an e-mail. We require you not to include in the communications you send us any “particular information” referred to you or others (e.g. health data). In order to allow you to browse the Website, we process Browsing Data, which sometimes does not consist of Personal Data because it cannot allow your Identification. For further information on the meaning of Browsing Data and whether they consist of Personal Data, we invite you to consult the proper Glossary entry at the end of this Policy.
Why do we process Personal Data (Purpose) and what is the basis for the Processing (Legal Basis) of each category of Data?
Categories of Personal Data
Analyze the traffic on the Website (e.g. detect the most visited pages, the number of visitors per time slot or day, geographical areas of origin, etc.) to understand how the Website is used, in order to manage, optimize, and improve it, or even just for statistical purposes; solve operational problems (e.g. anomalies in page loading); perform monitoring activities to reject and/or prevent cyber attacks and frauds
Browsing Data, anonymous information (which does not allow us to trace your identity) and Common Personal Data (e.g. full IP address)
To satisfy your requests regarding the Website and our activities received at the contact details on the "Contacts" page through the Contact Form or through other means (e.g. requests for estimates)
Common Personal Data
The need to take pre-contractual measures at your request (Art. 6.1.b GDPR)
Selling our products and/or supply our services and perform all the activities related and subsequent
Common Personal Data
The need to take pre-contractual measures at your request (Art. 6.1.b GDPR)
Direct Marketing (sending advertising material, commercial communications, direct sell, market’s interviews, appreciation questionnaires) toward Lead and/or Prospect, also through the Newsletter
Common Personal Data
Your explicit consent, freely given and revocable at any time (Art. 6.1.a GDPR)
Marketing (to the e-mail address provided by the customer, on services similar to those provided, pursuant to art. 130 paragraph 4 of the Italian Privacy Code - "soft spam")
Common Personal Data
Our legitimate interest in consolidating our business relationship with you (Art. 6.1.f GDPR), unless you inform us that you wish to object it
Fulfil obligations under Applicable Law and/or orders issued by Authorities
Common Personal Data
The need to perform the Contract concluded with you (art. 6.1.b GDPR) or the need to fulfill legal obligations (art. 6.1.c GDPR)
Establish, exercise and/or defend a right in the appropriate forums
Common Personal Data
Our legitimate interest in defending a right we have against the Data Subject (Art. 6.1.f GDPR)
To whom do we communicate the Data (Categories of Recipients)?
To the minimum extent necessary to achieve each of the Purposes, on the basis of the Applicable Rules and/or a contractual agreement with the Data Controller, to:
persons/entities necessary for the execution of the activities connected and consequent to the management of the Website and the provision of Services, who act as Data Processors (e.g. IT service providers, etc.) obliged to confidentiality and to respect the Privacy Law;
consultants and/or professionals appointed by us, autonomous Data Controllers;
subjects necessary for the execution of activities related and consequent to the execution of the Contract, acting as Data Processors or as autonomous Data Controllers (e.g. suppliers of computer services, banking, insurance, shipping and transport, commercial agency, accounting, tax, legal, etc.);
other persons authorized by us (e.g. our employees), committed to confidentiality or subject to a legal obligation to confidentiality;
public organizations and Authorities, if and to the extent required by the Applicable Law or their orders, or for the exercise, assessment and/or defense of a right in court.
The Data Controller does not disclose Personal Data, except when required to do so, in accordance with the law, by Authorities, information and security bodies or other public entities for purposes of defense or State security or for the prevention, investigation or prosecution of criminal offences.
Do we transfer Personal Data outside the European Economic Area?
The processing might take place outside the European Economic Area (EEA), mostly through the supplier of IT services. The Data Controller ensures that whether this may occur, any transfer of Data to companies and/or third parties located in countries outside the EEA is carried out within the limits and under the conditions set out in Articles 44 et seq. of the GDPR. In particular, the transfer will be made to entities (third countries and/or international organizations) for which there is an adequacy decision of the European Commission pursuant to Article 45 GDPR, or on the basis of one of the other guarantees or derogations provided for in Chapter V of EU Regulation 2016/679 (GDPR). We invite the Visitor/ User to contact us for further information about the transferral of Personal Data outside the European Economic Area.
How long do we retain the Data?
The maximum extent of storage time is related to the provisions of the Applicable Law which allow us to (or obliged us to) retain the Data to protect our rights or until your exercise of your right to object to the processing (if and to the extent that it is applicable). We process Personal Data for Marketing purposes until the withdrawal of the consent (or until you unsubscribe from the Newsletter). We store the personal data of those who write to us for information through the Contact Form and/or at the addresses on the "Contacts" page for a maximum of two years from the request. The Browsing Data persist no longer than seven days (except for any need to ascertain crimes by the judicial authority).
Does the Website make use of Cookie?
Are you obliged to provide us with Personal Data?
Due to the operation of the Internet network, you may not refuse to communicate your Browsing Data.it is not allowed to refuse to communicate some Personal Data (e.g. IP address of your device). Of Course you are not obliged to send us a request through the Contact Form or contact us at the numbers on the Website, at the page “Contacts”, purchase our products and benefit from our Services, subscribe the Newsletter, but if you intend to do it, then you will have to provide us your Personal Data we need. Also it is not mandatory to express consent for Processing Personal Data for the purpose of Marketing.
What happens if you refuse to communicate your Data?
If you refuse to provide us with your Data for the contractual purposes, we will not be able to establish and/or continue the Contract If you refuse (initially or subsequently) the processing for Marketing purposes (e.g. Newsletter), you will not be subject to any particular consequences, but you will not (or can no longer) be informed about news related to our activities, nor benefit from any promotions, discounts or bonuses.
What rights do you have as a "Data Subject"?
You, as the person to whom the data refer ("Data Subject") have the right to:
to access the data held by the Controller, and to ask for a copy, unless the exercise of the right violates the rights and freedoms of other natural persons.
request the rectification of incomplete or inaccurate data;
request the erasure of the data, subject to the exclusions or limitations established by the Applicable Law (e.g. Art. 17 § 3 GDPR);
request the restriction of processing, if the conditions are met and subject to the exclusions established by Art. 18 § 2 GDPR;
request data portability (i.e. commonly used and machine-readable format, so that they can be transmitted to another Data Controller without hindrance), to the extent that the processing is based on consent or on the need to perform a contract, where technically possible and except where the exercise of the right infringes the rights and freedoms of other natural persons;
lodge a complaint with a Supervisory Authority (in Italy, www.garanteprivacy.it), or with the Data Protection Authority of the EU State where he or she habitually resides or works, or of the place where the alleged violation occurred.
Right to object
You may object to the processing of data based on:
I. consent (e.g. the purpose of Direct Marketing, including Profiling activities insofar as it is related to them), by not giving it initially or by withdrawing it subsequently (with the warning that any subsequent withdrawal of consent does not affect the lawfulness of the data processing carried out in the period prior to such revocation);
II. on the legitimate interest of the Controller, and specifically for the purpose of soft spam, upon simple request, initially (by writing to the e-mail address below) or subsequently in each communication.
III. on the legitimate interest of the Data Controller, at any time for reasons related to your particular situation (e.g. harm to your honor, reputation, decorum), unless the Data Controller demonstrates a compelling and overriding legitimate interest pursuant to Article 21.1 GDPR, and unless the processing is necessary for the establishment, exercise or defense of a legal claim.
The exercise of the above rights may also be delayed, limited or excluded in the cases provided for by art. 2-undecies d. lgs. 196/2003.
Who can you contact for questions or to exercise your rights?
You may contact the Data Controller for questions concerning the processing of your Personal Data by sending an email to email@example.com or by post to CVL Macchine Speciali S.r.l. Strada per felizzano14 - Fubine Monferrato - CAP 15043 (AL) Italy.
The information presented herein relates exclusively to the processing of personal data collected through this Website. In the event that you enter into a relationship with us that goes beyond simply browsing the Website or requesting information, you will receive further information regarding the processing of your personal data.
We do not intentionally collect personal information from individuals under the age of sixteen. In the event that information about children is recorded, we will delete it in a timely manner, at the request of the person concerned or of those exercising authority over them.
“Applicable Law”: any provision, of whatever rank, belonging to Italian or European Union law, in any way applicable to the Website.
“Authority“: public or private body or organisation with administrative, judicial, police, disciplinary and supervisory powers.
“Authorised“: the natural person, placed under the direct authority of the Data Controller, who receives instructions from the latter on the Processing of Personal Data, pursuant to and for the purposes of Article 29 of the GDPR.
“Browsing Data“: are the data that the computer systems and software procedures used to operate the Website acquire, during their normal operation, and whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Data Subjects, but given their very nature, this information could, through processing and association with data by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment of the user. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and is deleted immediately after processing.
“Committee“ o “EDPB”: the European Data Protection Committee, established by Art. 68 of the GDPR and governed by Articles 68 to 76 of the GDPR, which replaces WP29 from 25/5/2018.
“Communication“: "giving knowledge of personal data to one or more specific subjects other than the data subject, the representative of the data controller in the territory of the European Union, the data controller or its representative in the territory of the European Union, persons authorised, pursuant to article 2-quaterdecies, to process personal data under the direct authority of the data controller or the data processor, in any form whatsoever, including by making the data available, consulting or interconnecting them" (as defined in article 2-ter, paragraph 4, letter a of the Italian Privacy Code).
“Contact Form“ the Form available on the Website, composed by one or more pages, through which the Visitor can send information requests and quotes.
“Cookies“ short fragments of text (letters and/or numbers) that allow the web server to store information on the browser to be reused during the same visit to the Website (session cookies) or afterwards, even after days (persistent cookies). Cookies are stored, according to the user's preferences, by the individual browser on the specific device used (computer, tablet, smartphone). The following categories are considered:
Technical cookies: these cookies are essential for the correct functioning of the Website and are used for the sole purpose of "transmitting a communication over an electronic communication network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or User to provide such service" (see art. 122, par. 1, of the Italian Privacy Code).
Analytical cookies: these cookies are used to anonymously collect and analyze the Website’s traffic and usage. These cookies, while not identifying the user, allow, for example, to detect if the same user logs in again at different times. They also make it possible to monitor the system and improve its performance and usability. The deactivation of such cookies can be performed without any loss of functionality.
Profiling cookies: these cookies are persistent ones used to (anonymously or otherwise) identify your preferences and improve your browsing experience.
Third party cookies (analytical and/or profiling): these cookies are generated by organisations not part of the Website, but integrated into parts of the Website page. For example, Google widgets (e.g. Google Maps) or social plugins (Facebook, Twitter, LinkedIn, Google+, etc.).
“Customer”: the subject, natural or legal person, who signs the Contract, as well as its legal representatives, directors, officers, workers (employees and/or collaborators) and any agents.
“Data Controller”: "the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data", as defined in Article 4, sub-paragraph 1, no. 7, of the GDPR.
“Data Processor”: "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller", as defined in Article 4, sub-paragraph 1, no. 8, of the GDPR.
“Data Subject“: "identified or identifiable natural person", as defined in Article 4, sub-paragraph 1, no. 1, of EU Regulation 2016/679 (so-called "GDPR").
“GDPR”: Regulation (EU) 2016/679 "on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)".
“Italian Privacy Code“: Legislative Decree no. 196/2003 and subsequent amendments and/or additions (in particular by Legislative Decree no. 101/2018).
“Personal Data“: shall mean "any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person" as defined in Article 4(1)(1) of the GDPR).
“Privacy Law“: EU Regulation 2016/679 ("GDPR"), Legislative Decree 196/2003 and subsequent amendments and/or additions ("Italian Privacy Code"), as well as the measures adopted by the Supervisory Authority in execution of the tasks established by the GDPR and the Italian Privacy Code, and further applicable legislation, of whatever rank, including the opinions and guidelines drawn up by the Committee.
“Profiling“: means "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements", as defined in Article 4, subparagraph 1, no. 4, of the GDPR.
“Processing”: "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction", as defined in Article 4, subparagraph 1, no. 2, of the GDPR.
“Publication“: the action by which the Data Controller communicates information on the Website, without implementing procedures that require the Visitor to view it.
“Recipient“: means “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not", as defined in Article 4, sub-paragraph 1, no. 9, of the GDPR.
“Regulations” o “Regulations”: one or more of the sets of regulations referred to in this Act as Privacy Law and Applicable Law.
“Restriction of processing”: "the marking of personal data stored with the aim of limiting their processing in the future", as defined in Article 4, sub-paragraph 1, no. 3, of the GDPR.
“Supervisory Authority”: the independent public authority established by a State of the European Union, or by the European Union itself, in charge of monitoring the application of the Privacy Law (for Italy, the Italian Data Protection Authority - Garante per la Protezione dei Dati Personali, http://www.garanteprivacy.it).
“Third party”: means "a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data", as defined in Article 4(1)(10) of the GDPR.
“Visitor”: the natural or legal person who uses a device and navigates, through the Internet, on the public pages of the Website.
“Website”: the web pages displayed through https://cvlmacchinespeciali.it subdomains included.
“WP29”: the Working Party on the Protection of Individuals with regard to the Processing of Personal Data, established pursuant to Article 29 of Directive 95/46/EC, whose tasks are set out in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC.