Privacy Policy
Dear Visitor of the Website, complying with Privacy Law is particularly dear to us.
In particular, "General Data Protection Regulation" (EU Regulation 2016/679, known under the English acronym "GDPR") requires us to provide you with the following information on the processing of your Personal Data, pursuant to Article 13 of the aforementioned Regulation.
"Processing of Personal Data", in plain words, means any operation concerning any "information relating to an identified or identifiable natural person". For example, first and last name, or an email address with a "username" that identifies you (e.g. mariarossi@....), is considered "Personal Data", and the actions of collection, registration with us and use of your Personal Data to send you a communication, are considered "Processing" operations; same applies (again, for example) to communication of Data to other organizations and storage.
Our organization is defined as the "Data Controller", meaning that we are the entity that establishes how and for what purposes information relating to natural persons are processed.
You, as the "individual to whom the Personal Data refer", are referred to as the "Data Subject", and are entitled to receive the following information about who we are, what personal data we process, why, how and for how long we process it, and what obligations and rights you have in this regard.
If you are a natural person or a sole proprietorship, you are the Data Subject; if you are a private or public organization (e.g. a corporation, association, public body), the Data Subjects are the natural persons who administer the organization itself or who operate under its authority (e.g. its employees); information strictly related to the organization (e.g. tax code number or VAT number) is not considered Personal Data.
Depending on whether you are a simple Visitor, sending us a Request through the Contact Form, and/or at the addresses you can find at the “Contact” Page, or in case you want to buy our products through our e-commerce and/or benefit from one of our Services, we collect and/or we require you to provide us with Data, necessary to permit you to browse our Website and/or receive our answers to your requests and/or purchase our products and/or benefit from our services.
Definitions of terms and expressions used within this Privacy Policy are contained in the Glossary. For anything not expressly defined therein, please refer to the definitions contained in the Terms of Use of the Website; in the event of any conflict between definitions, for the purposes of this Privacy Policy, the definitions in the Glossary (at the bottom of the page) shall prevail over those contained in the Terms of Use of the Website.
The website of the Italian Data Protection Authority contains further information useful to better understand the topic (see e.g.: http://www.garanteprivacy.it/home/diritti).
Who are we ("Data Controller")?
CVL Macchine Speciali S.r.l. Strada per felizzano14 - Fubine Monferrato - CAP 15043 (AL) ITALY Tel. (+39) 0131 210001-Partita IVA 02465400063 - Numero REA AL-258143
What categories of Personal Data do we process?
“Common" personal data (the ones included in the registration page and checkout) at the minimum extent needed to fulfill each of the Purposes shown below. We process all the Data you supply when writing an e-mail. We require you not to include in the communications you send us any “particular information” referred to you or others (e.g. health data). In order to allow you to browse the Website, we process Browsing Data, which sometimes does not consist of Personal Data because it cannot allow your Identification. For further information on the meaning of Browsing Data and whether they consist of Personal Data, we invite you to consult the proper Glossary entry at the end of this Policy.
Why do we process Personal Data (Purpose) and what is the basis for the Processing (Legal Basis) of each category of Data?
To whom do we communicate the Data (Categories of Recipients)?
To the minimum extent necessary to achieve each of the Purposes, based on the Applicable Legislation and/or a contractual agreement with the Data Controller, to:
subjects/subjects necessary for the performance of activities related to and consequent to the management of the Site and the provision of the Services, acting as Data Processors (e.g. IT service providers, etc.) obliged to confidentiality and compliance with the Privacy Policy;
consultants and/or professionals appointed by us, autonomous; Data controllers;
subjects necessary for the execution of activities related to and consequent to the execution of the Contract, as Data Processors or as autonomous Data Controllers (e.g. IT service providers, banking, insurance, shipping and transport, commercial agency, accountancy, tax, legal, etc.);
other persons authorized by us (e.g. our employees), committed to confidentiality or subject to a legal obligation of confidentiality;
public bodies and Authorities, if and to the extent provided for by the Applicable Legislation or their orders, or for the exercise, establishment and/or defence of a right in court.
The Data Controller does not disclose Personal Data, unless required to do so in accordance with the law, by Authorities, intelligence and security bodies or other public entities for defence or state security purposes or prevention, the detection or prosecution of criminal acts.
Do we transfer your Personal Data outside the European Economic Area?
Processing may take place outside the European Economic Area (EEA), mainly through the computer service provider. The Data Controller ensures that, if this happens, any transfer of Data to companies and/or third parties located in countries outside the EEA takes place within the limits and under the conditions set out in art. 44 et seq. of the GDPR. In particular, the transfer will be made to entities (third countries and/or international organisations) for which there is an adequacy decision of the European Commission pursuant to Article 45 GDPR, or on the basis of one of the other guarantees or exceptions provided for in Chapter V of EU Regulation 2016/679 (GDPR). We encourage the Visitor/User to contact us for further information about the transfer of Personal Data outside the European Economic Area.
How long do we store the Data?
The maximum retention time is related to the provisions of the Applicable Law that allow (or oblige us to) Retain the Data to protect our rights or until you exercise your right to object to processing (if and to the extent that it is applicable). We process Personal Data for Marketing Purposes until you withdraw your consent (or cancel your subscription to the Newsletter). We keep the personal data of those who write to us for information through the Contact Form and/ or addresses on the page "Contacts" for a maximum of two years from the request. The navigation data will not last longer than seven days (unless criminal offences are established by the judicial authority).
Does the Site use cookies?
Yes. Please refer to Cookie Management for more information and to view our policy on this topic.
Are you obliged to provide us with personal data?
Due to the operation of the Internet, you cannot refuse to communicate your Browsing Data. You may not refuse to provide certain Personal Data (e.g. the IP address of your device). Of course you are not obliged to send us a request through the Contact Form or contact us at the numbers on the Site, on the page "Contacts", purchase our products and use our Services, but if you intend to do so you will need to provide us with the Personal Data we require. Furthermore, it is not mandatory to express consent to the processing of personal data for marketing purposes.
What happens if you refuse to disclose your Data?
If you refuse to provide us with your Data for the contractual purposes, we will not be able to establish and/or continue the Contract. If you refuse (initially or later) the processing for Marketing Purposes (e.g. Newsletter), you will not be subject to any particular consequences, but you will not be (or you will no longer be able to) be informed about news related to our activities, nor benefit from any promotions, discounts or bonuses.
What rights do you have as "Interested"?
You, as the subject to whom the "Data Subject" refers, have the right to:
-to access the data held by the Controller, and to request a copy thereof, unless the exercise of the right infringes the rights and freedoms of other natural persons.
-to request the rectification of incomplete or incorrect data;
-request the deletion of data, subject to the exclusions or limitations provided for by the Applicable Law (e.g. Art. 17 § 3 GDPR);
-request the restriction of processing, if the conditions are met and subject to the exclusions provided for in Art. 18 § 2 GDPR;
-Request the portability of data (ie in a commonly used and machine readable format, so that they can be transmitted to another Owner without impediments), to the extent that the processing is based on consent or the need to perform a contract, where technically possible and unless the exercise of the law infringes the rights and freedoms of other natural persons;
-to lodge a complaint with an Supervisory Authority (in Italy, www.garanteprivacy.it), or with the Data Protection Supervisor of the EU State where he is habitually resident or works, or the place where the alleged breach occurred.
Right of opposition
You can object to the processing of data based on:
I. consent (e.g. Direct Marketing purposes, including profiling activities as they relate to), not initially providing it or subsequently revoking it (with the warning that any subsequent withdrawal of consent does not affect the lawfulness of the processing of data carried out in the period prior to such withdrawal);
II. on the legitimate interest of the Data Controller, and specifically for the purposes of soft spam, upon simple request, initially (by writing to the e-mail address below) or subsequently in each communication.
III. the legitimate interest of the Data Controller, at any time for reasons related to your particular situation (e.g. damage to your honour, reputation, decency), unless the Data Controller demonstrates a legitimate interest compelling and prevailing pursuant to art. 21.1 GDPR, and except the processing is necessary for the establishment, exercise or defense of a legal action.
The exercise of the above rights may also be delayed, limited or excluded in the cases provided for by art. 2-undecies d. lgs. 196/2003.
Who can you contact for questions or to exercise your rights?
You can contact the Data Controller for questions related to the processing of your Personal Data by sending an email to privacy@cvlmacchinespeciali.it or by post to CVL Macchine Speciali S.r.l. Road to The Felizano 14 - Fubine Monferrato - (AL) - CAP 15043 - Italy.
NOTE THAT:
The information presented here refers exclusively to the processing of personal data collected through this Site. If you enter into a relationship with us that goes beyond simply browsing the Site or requesting information, you will receive further information about the processing of your personal data.
this Privacy Policy is in force from June 2021; we reserve the right to modify its content, in whole or in part, also following changes to the Privacy Policy; We will publish the updated version of the Privacy Policy on the Site and it will be binding from that moment on: you are therefore invited to visit this section regularly.
We do not knowingly collect personal information from individuals under the age of sixteen. If information about children is recorded, we will promptly delete it at the request of the person concerned or the person exercising authority over them.
GLOSSARY
"Applicable Law" means any provision, of whatever degree, belonging to the Italian or European Union law, however applicable to the Site.
"Authority" means a public or private body or entity with administrative, judicial, police, disciplinary and control powers.
"Authorised" means the natural person, placed under the direct authority of the Data Controller, who receives instructions from the latter on the Processing of Personal Data, pursuant to Article 29 of the GDPR.
"Navigation data" means the data that the computer systems and software procedures used to operate the Site acquire, in the course of their normal operation, and the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but by its very nature could, through processing and associations with data held by third parties, allow users to be identified. This data category includes IP addresses or domain names of computers used by users connecting to the Site, addresses in notation URI (Uniform Resource Identifier) of resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (good end, error, etc.) and other parameters related to the operating system and computer environment of the user. These data are used only for the purpose of obtaining anonymous statistical information on the use of the Site and to check its proper functioning and are deleted immediately after the processing.
"Committee" or "EDPB": the European Data Protection Committee, established by art. 68 of the GDPR and governed by Articles 68 to 76 of the GDPR, which replaces the WP29 from 25/5/2018.
"Communication": "to give knowledge of personal data to one or more specified subjects, other than the interested party, by the representative of the holder in the territory of the European Union, by the controller or his representative in the territory of the European Union, authorised entities, pursuant to Article 2-quaterdecies, processing of personal data under the direct authority of the controller or the person responsible for processing, in any form, including making the data available, consulting or linking them" (as defined in article 2 -ter, paragraph 4, letter a of the Privacy Code).
"Contact form" means the form available on the Website, consisting of one or more pages, through which the Visitor can send requests for information and quotes.
"Cookies" are short text fragments (letters and/or numbers) that allow the web server to store information on the browser to be reused during the same visit to the Site (session cookie) or later, even after days (persistent cookies). Cookies are stored, according to the user’s preferences, by the individual browser on the specific device used (computer, tablet, smartphone). The following categories shall be considered:
Technical cookies: these cookies are essential for the proper functioning of the Site and are used only for the purpose of "to transmit a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or User to provide such service" (cf. art. 122, paragraph 1, Privacy Code).
Analytical cookies: these cookies are used to collect and analyze anonymously traffic and use of the Site. These cookies, while not identifying the user, allow, for example, to detect whether the same user logs in again at different times. They also allow you to monitor your system and improve its performance and usability. The deactivation of these cookies can be carried out without any loss of functionality.
Profiling cookies: these are persistent cookies used to identify (anonymously or not) your preferences and improve your browsing experience.
Third-party cookies (analytical and/or profiling): these cookies are generated by organizations that are not part of the Site, but integrated into parts of the page of the Site. For example, Google widgets (e.g. Google Maps) or social plug-ins (Facebook, Twitter, LinkedIn, Google+, etc.).
"Customer" means the entity, natural or legal person, that signs the Contract, as well as its legal representatives, directors, officers, employees (employees and/or collaborators) and any agents.
"Data Controller" means: "the natural or legal person, public authority, department or other body which alone or together with others determines the purposes and means of processing personal data", as defined in Article 4, paragraph 1, No. 7 of the GDPR.
"Controller": "natural or legal person, public authority, agency or other body processing personal data on behalf of the controller", as defined in Article 4, paragraph 1, n. 8, of the GDPR.
"Data subject": "identified or identifiable natural person", as defined in article 4, paragraph 1, n. 1, of EU Regulation 2016/679 (c.d. "GDPR").
"GDPR": Regulation (EU) 2016/679 "on the protection of individuals with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)".
"Privacy Code": Legislative Decree n. 196/2003 and subsequent amendments and/ or additions (in particular from the D.Lgs. n. 101/2018).
"Personal Data" means "any information relating to an identified or identifiable natural person; "Interested Party" means a person who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person" as defined in Article 4, Article 1, point 1 of the GDPR).
"Privacy Regulations": EU Regulation 2016/679 ("GDPR"), D.Lgs. 196/2003 and subsequent amendments and/or additions ("Privacy Code"), as well as the measures taken by the Supervisory Authority in the execution of the tasks established by the GDPR and the Privacy Code, and by the further applicable legislation, The Committee will be responsible for the coordination of the activities of the European Commission and the Member States.
"Profiling" means the "any form of automated processing of personal data consisting in the use of personal data to assess certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement", as defined in Article 4, paragraph 1, n. 4 of the GDPR.
"Processing" means any operation or complex of operations carried out on personal data or sets of personal data, including by automated means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation , use, communication by transmission, dissemination or otherwise made available, alignment or combination, restriction, deletion or destruction", as defined in Article 4, paragraph 1, paragraph 2, of the GDPR.
"Publication" means the action by which the Owner communicates information on the Site, without implementing procedures that require the Visitor to take a look at it.
"Recipient" means "a natural or legal person, public authority, department or other body to which personal data is communicated, even if not interposed", as defined in Article 4, paragraph 1, n. 9 of the GDPR.
"Regulation" or "Regulation" means one or more of the sets of rules referred to in this Law as Privacy Law and Applicable Law.
"Restriction of processing": "the marking of personal data stored for the purpose of limiting their future processing", as defined in Article 4, paragraph 1, n. 3, of the GDPR.
"Control authority" means the independent public authority established by a European Union State, or by the European Union itself, responsible for overseeing the application of the Privacy Law (for Italy Garante per la Protezione dei Dati Personali - Garante per la Protezione dei Dati Personali, http://www.garanteprivacy.it).
"Third party" means "a natural or legal person, public authority, body or agency other than the data subject, the controller, the controller and persons who, under the direct authority of the Data Controller or the Data Controller, are authorised to process personal data as defined in Article 4(1)(10) of the GDPR.
"Visitor" means the natural or legal person who uses a device and navigates, via the Internet, on the public pages of the Site.
"Website": the web pages viewed through the subdomains https://cvlmacchinespeciali.it included.
"WP29": the Working Group for the Protection of Individuals with regard to the Processing of Personal Data, established pursuant to Article 29 of Directive 95/46/EC, whose tasks are laid down in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC.