Privacy notice pursuant to Art. 13 Reg. (EU) 2016/679 (GDPR)
Pursuant to Regulation (EU) 2016/679 (hereinafter “GDPR”), this page describes the methods for processing personal data. This is an information that is provided pursuant to art. 13 GDPR. The information is not to be considered valid for other third party websites, possibly accessible through links on this website, for which no responsibility is assumed.
Personal data: means any information relating to an identified or identifiable natural person («Data subject»); An identifiable natural person is one who can directly or indirectly be identified, in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier or to one or more specific factors to the physical, physiological, genetic, mental, economic, cultural or social identity (art. 4, par. 1 no. 1 – C26, C27, C30 GDPR).
Users personal data
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers and terminals used by users, URI / URL (Uniform Resource Identifier / Locator) addresses of the requested resources, the time of the request, the method used in submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
Data disclosed voluntarily
The optional, explicit and voluntary sending of messages to the contact addresses indicated on this site and the compilation of data collection forms entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data inserted.
Information about the processing of personal data carried out through Social Media platforms
Regarding the processing of personal data carried out by the managers of the Social Media platforms used by the Data Controller, please refer to the information provided by them through their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of the dedicated Social Media platforms, to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation.
Specific information may be on the pages of the Site in relation to particular services or processing of the data provided.
Cookies and other tracking systems.
For Cookies and other tracking systems, see the cookies policy reported in the footer of the site and at the following link.
- WHO IS THE DATA CONTROLLER? HOW TO CONTACT HIM?
Ceme S.p.a. with registered office in Viale dell’Industria 5, 27020, Trivolzio (PV), duly represented by its Legal Representative. You can reach the Data Controller at the following contacts: T +39 0382 18051, email: email@example.com.
2. PURPOSES OF PROCESSING, LEGAL BASIS FOR THE PROCESSING AND DATA RETENTION PERIOD
PURPOSES OF THE PROCESSING LEGAL BASIS DATA RETENTION PERIOD PROVISION OF PERSONAL DATA Browsing on this website Art. 6 par. 1, lett. f) GDPR Legitimate interest of the controller The storage of browsing data will take place for the duration of the browsing session on the site. The provision of data is necessary for normal navigation on the site. B) Management of contact requests, sending contact requests, information The processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same (C44)
art. 6 par. 1 letter b) of the GDPR
Maximum 12 months The conferment is necessary.
Failure to provide the necessary data will make it impossible to be contacted and receive information
C) Management of your requests and requests from other interested parties, pursuant to art. 15 and following of the GDPR (rights of the interested party) The processing is necessary to fulfill a legal obligation to which the data controller is subject (C45)
Art. 6 par. 1 letter c) of the GDPR
5 years from the closing of the request, except for disputes The provision of personal data is mandatory, as it is essential to be able to execute legal obligations. D) Customer Area Registration, to access the reserved area of this site. The processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same (C44) art. 6 par. 1 letter b) of the GDPR Until the termination of the contract and the technical time for disabling the credentials The conferment is necessary.
Failure to provide the necessary data will make it impossible to access the restricted area
3. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA
The personal data provided by the Customer may be communicated to recipients, who will process the data as Data Processors (art. 28 GDPR) and/or as natural persons acting under the authority of the Data Controller and the Data Processor (art. 29 GDPR), or who operate completely independently as independent Data Processors, in order to fulfil the purposes pursued by Ceme as indicated above.
The data may be communicated to recipients belonging to the following categories:
– Subjects that provide services for the management of the IT system and the communication networks of Ceme S.p.a. (including e-mail and hosting services);
- Companies providing assistance and consultancy services for the management of the APP;
- Freelancers, firms or companies in the context of assistance and consultancy relationships;
- Authorities responsible for fulfilling legal obligations and/or provisions of public bodies, upon request.
The list of appointed Data Processors is constantly updated and available by contacting the Data Controller at the addresses indicated above.
- WILL THE DATA BE TRANSFERRED TO NON-EEA COUNTRIES?
Personal data will not be transferred to non-EEA countries.
- IS THERE AN AUTOMATED PROCESS?
Personal data will be subjected to traditional manual, electronic and automated processing. It is specified that fully automated decision-making processes are not carried out.
- WHAT ARE YOUR RIGHTS? HOW CAN YOU EXERCISE THEM?
You may exercise your rights as provided for in Regulation (EU) 2016/679 by contacting the Data Controller at the email address firstname.lastname@example.org. You have the right, at any time, to ask the Data Controller for access to your personal data (art. 15), rectification (art. 16) or erasure (art. 17), and restriction of processing (art. 18). You also have the right to data portability, where applicable (art. 20): in this case, the Data Controller will provide you with your personal data in a structured, commonly used and machine-readable format. Without prejudice to any other administrative and judicial remedy, if you deem that processing of your data infringes Reg. (EU) 2016/679, pursuant to art. 15 letter f), you have the right to lodge a complaint with the Supervisory Authority, i.e. the Italian Data Protection Authority (https://www.garanteprivacy.it/) and, with reference to art. 6 paragraph 1, letter a), you have the right to withdraw your consent at any time by writing to the Data Controller and/or the DPO according to the procedures described above.
- CHANGES TO THE INFORMATION
The Data controller reserves the right to modify, update, add or remove parts of this information. In order to facilitate the verification and modification of the text, the information will contain the update date.
Date of update: 17/05/2022