In compliance with the obligations laid down by the European Privacy Regulation EU/2016/679 (GDPR), we would like to hereby inform you that Madas Srl, with registered office at 5 Via Valeria Moratello – 35044 Legnago (VR), certified e-mail address firstname.lastname@example.org, VAT no. 03117440234, tax code 03117440234, in its capacity as Data Controller and administrator of the company’s website, will process the personal data that concern you, that may be collected by us, provided by you and/or other notified persons, via the filling in of forms, the browsing of web pages and the use of online services.
The processing of the data that you have provided willingly or that have been collected by another means will be performed in conformity with the rules and regulations on privacy in force; it will comply with the principles of pertinence, comprehensiveness and completeness.
Pursuant to the provisions of article 13) of the European Privacy Regulation EU/2016/679 (GDPR), we would like to inform you as follows:
- PURPOSE OF THE PROCESSING:
A. The following information may be collected and processed during the navigation on and use of the company’s website, exclusively for security purposes and for the improvement of the service offered:
- Page from which the site was accessed (via URL query parameters)
- Original page that leads the visitors
- Time and date of access
- Quantity of data transferred
- Access status (translated page, page not found, etc.)
- Operating system and browser used
- Customer’s IP address and possibly the domain name or the name of the ISP
- Registration data, statistics on pages viewed, traffic data and advertising data (see “Cookies Information Notice”).
- the normal performance of the company’s activities and/or of the activities foreseen by the corporate object
- requirements related to the stipulation of contracts and assignments, to their performance, to subsequent amendments or changes and for any obligation foreseen for the performance thereof
- operational, organisational, managerial, fiscal, financial, insurance and accounting requirements related to the contractual and/or precontractual relationship established
- compliance with all types of obligations foreseen by laws, regulations or EU rules and regulations
- registration, management and storage of the access logs of the web applications and online services
- security during the use of our web applications and online services
- requirements of monitoring of the means by which products/services are provided, of the progress of relationships with suppliers and of analysis and management of the risks related to the contractual relationship.
- if during the process of filling in the form or subsequently during the use of our online services you have provided your explicit, specific and voluntary consent, your personal data may also be processed for traditional marketing, online marketing, web marketing and web advertising activities.
- METHODS OF PROCESSING:
The processing will be performed by non-automated or partially automated means and may consist of the following operations: collection, recording, organisation, storage, consultation, use, treatment, alteration, selection, extraction, comparison, interconnection, transmission, disclosure, dissemination, erasure, destruction, blocking and restriction.
The processing will be performed by paper-based means and with electronic, IT and telematic tools that are able to guarantee the security and confidentiality of the data in conformity with the previsions of article 32) of the European Privacy Regulation EU/2016/679 (GDPR) on appropriate security measures.
All technical, IT, organisational, logistical and procedural security measures will be adopted in any case during the performance of the processing operations, so as to guarantee the minimum level of data protection provided for by the law. The aforementioned methods applied during processing will guarantee access to the data only to the persons specified under point 4).
- LEGAL BASIS FOR THE PROCESSING:
The provision and processing of data are:
- mandatory and do not require your consent for the fulfilment of purposes related to obligations foreseen by laws, regulations or EU rules and regulations.
- indispensable and do not require your consent for all personal data necessary for the correct use of the web applications and online services and for the establishment, management and continuation of the commercial and/or contractual relationship.
- optional and require your explicit consent for all personal data collected for marketing purposes or for purposes that are not directly and/or indirectly related to contractual, precontractual, legal obligations, obligations that pertain to safeguarding vital interests, to the performance of public duties, to the exercise of public powers or to the pursuit of legitimate interests. `
- CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA:
The persons or categories of persons that may become aware of the data or to whom the personal data may be disclosed are as follows:
- The Legal Representative of the Data Controller
- The Data Protection Officer (where appointed)
- The Data Processors: Consultants and Consultancy Companies, Independent Professionals, Self-Employed Persons, Technical and Engineering Firms, Agents and Representation Agencies, Banking and Insurance Institutes, Credit Recovery Companies, Auditors and Auditing Firms, Accounting Firms, Labour Consultancy Firms, Legal Firms, Transport and Logistics Companies, Sub-contractors, and Doctors and Doctors’ Surgeries.
- Persons tasked with the Processing Management, Administration, Secretariat, Human Resources, Marketing, Sales, Technical Area and IT Systems.
- System Administrators
The personal data may, further, be disclosed to Public Bodies, Police Forces or other Public or Private Persons, but exclusively for the purpose of fulfilment of obligations foreseen by law, regulations or EU rules and regulations.
- TRANSFER OF THE DATA ABROAD:
The data may be processed and transferred for the purposes under point 1) and by the means under point 2) also to the persons under point 4) established in member states of the European Union and/or outside the European Union, but exclusively based on an Adequacy Decision of the European Commission, on Adequate Privacy Guarantees or on the authorisation of the Data Protection Authority.
- PERIOD OF RETENTION:
The data will be collected and registered only for the purposes under point 1) and will be retained for a period of time that does not exceed ten years from their collection for administrative and accounting purposes and for a period of time that does not exceed twenty-four months for marketing purposes.
- MEANS BY WHICH THE DATA SUBJECT MAY EXERCISE HIS/HER RIGHTS:
In any case, you may always and at any time request from the Legal Representative of the Data Controller and/or from the Data Protection Officer (where appointed) a copy of your personal data, information regarding the location at which your personal data are processed and an updated list with the identifying data of all Data Processors and System Administrators authorised to process your data.
At any time, you may freely withdraw the consent you have provided, without any negative consequences and without compromising the lawfulness of the processing performed until that time, and you may exercise the rights of the data subject vis-a-vis the Data Controller, as said rights are provided for by the European Privacy Regulation EU/2016/679: Access, Rectification, Deletion, Restriction, Opposition, Portability, Complaint to the Data Protection Authority.