ACCORDING TO THE EU REGULATION 679/2016 (“GDPR”) ART. 13, 14 AND FOLLOWING ADJUSTMENT NATIONAL RULES
Identity and contact details of the Data Controller
The Data Controller, according to articles 4 and 24 of the EU reg. 2016/679, is ARAN World S.R.L.U. Unipersonale, Zona Industriale Casoli, 64032 Atri (TE) Italy. VAT 01444880676
Tel.+39 085 8794400, email: firstname.lastname@example.org, legally represented by the pro tempore (hereinafter referred to as “Data Controller”).
Contact details of the Data Protection Officer (D.P.O.)The Data Controller does not carry out any activities which foresee the nomination of the Person in charge of protection of personal data.
Purposes and lawful basis for the processing personal data
Personal data will be collected for the purposes and according to the lawful basis here after listed:
Point 3: lett. a): In order to manage your contractual relationship or for the execution of pre-contractual measures (such as, for example, the request for information or quotation); to allow navigation on this website and technical management of connections to it; to manage any contact request by the interested party and to answer them; to respond to the requests for assistance and the needs of customers and users. In this case, You are free to give Your Personal Data, however, if data is not supplied, it will be impossible to establish the abovementioned report, to satisfy Your request and to use all the services provided by the site.
Point 3, lett. b): With Your specific consent (which can be revoked at any time), in order to send you promotional communications on the Data Controller and communications on events organized by the Controller (here after as “marketing purposes”)
This processing is necessary for the performance of a contract of which You are part of, for the providing of a service, for the necessary to answer requests from interested parties. Furthermore it is necessary for compliance with a legal obligation to which the controller is subject
Categories of processed personal data
he computer systems and software procedures responsible for the operation of this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of internet communication protocols. This is information which is not collected in order to be associated to identified data subjects, but which by its very nature could, through processing and associations with data held by third parties, make it possible to identify users.
This category of data includes IP addresses or domain names of computers used by users who connect to the site, addresses in URI notation (uniform Resource identifier) of the requested resources, the date and time of the request, the method used to submit the request, the size of the response file, the numeric code indicating the status of the response given by the server and other parameters related to the operating system and the computer environment of the User.
These data are used only to obtain anonymous statistical information to use the website and to check the correct operation of it, and they will be immediately removed after processing.
Data supplied voluntarily by the User
If emails are sent voluntarily, explicitly and optionally to addresses given on this site, the sender’s address, which is required to respond to requests, is automatically acquired, as are any other personal data which may be included in the communication. The user assumes the responsibility of the Personal Data of third parties published or shared through this application and warrants that you have the right to communicate or disseminate them, freeing the Data Controller from any liability to third parties.
Recipients and categories of recipients
Personal data won’t be spread, this means they won’t be given to unknown parts. They can be spread though to well known parts, in conformity with the law, for purposes which are strictly related to the ones above mentioned. Any access to Your personal data is limited to all subjects authorized by the Data Controller. The spreading of data to the detected third parts, as long as they are involved and productive, is tied to the fulfilment of the purposes mentioned at point 3, therefore collected and processed personal data could be:
- used anonymously for statistic purposes;
- put at disposal of the Data Controller’s co-operators , persons in charge authorized for the processing of personal data;
- given to third parts, persons or companies, Public Administrations, professionals, Law and Orders, Government, courts or other public authorities authorized by the Law;
- given to commercial partners, only in case of previous and explicit consent given by the User;
- when necessary, transferred to another Data Controller of processing according to what established by GDPR, also concerning the right of transfer of data.
Information could also be given when they are requested by Judicial Authorities or Public Security. In no cases collected data will be spread later on.
The list of all persons in charge of personal data processing is available at the Data Controller’s headquarter.
Transferring data abroad
Data won’t be transferred outside European Union.
Here’s a grid containing data retention period (determination criteria):
|Point 3, lett a): agreement management||For the whole agreement’s duration and the following 10 years.|
|Point 3, lett b): Marketing purposes||5 years starting from the collection, with the opportunity for the users to change and/or breach the agreement.|
Data processing methods
The data will be processed using manual, computerised or digital tools suitable for guaranteeing security and confidentiality, and will be carried out by duly trained employees in compliance with the Applicable Legislation. No automated decision-making are used.
In addition to the Data Controller, in some cases, access to the data may be available to other parties involved in the organization of this Website (administrative, commercial, marketing, legal, system administrators) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) also appointed as Data Processing Managers by the Data Controller, if necessary.
Besides, if we need to contact you regarding the management of Your location, where you give your consent for the processing of data for the purposes referred to in point 3, (lett. b), You may be contacted by e-mail, newsletter, text message, an equivalent electronic tool, post or a call operator via the contact details you have provided.
If you prefer to be contacted via just one or some of these addresses, you can send a specific written request without the need for procedural formalities to the Data Controller.
Defence in court
The User’s Personal Data may be used by the data Controller in court or in the preparatory stages to its possible establishment for the defence against misuse of this website or related services by the User. The user declares to be aware that the Data Controller may be forced to reveal personal data upon request of public authorities.
System logs and maintenance
In order to allow for its correct functioning and maintenance, this website and any third party services it uses may collect system logs which are files that record the interactions and may also contain Personal Information, such as IP address User.
Information not included in this Policy
Further information regarding the processing of Personal Data may be requested at any time to the Data Controller using the contact details.
Answer to requests “Do not track”
We inform you that you may exercise your rights according to the Applicable legislation, among which are the rights of:
- accessing Your Personal Data and knowing the source, the purpose and the aims of their processing, data belonging to the parts they are spread to, the retention period and the determination criteria (art 15);
- asking for an adjustment (art 16);
- removing (“oblivion”), if not needed anymore, if incomplete, wrong, or collected against the law (art 17);
- asking for the processing to be limited to a part of information concerning Yourself (art.18);
- within the limits of possibility, receiving in a structural way or to send to You, or persons communicated by You all information concerning Yourself, or the ones provided willingly from You;
- setting yourself against their processing based on legit interest (art.21);
- revoking Your consent at any time, in case this constitute the basis of the processing (the revocation doesn’t prejudice the legality of the processing carried out before the revocation itself).
All mentioned rights can be exercised through written request, sent to the Data Protection Officer (DPO), to the contacts on points 1 and 2.
The Data Controller at this point must proceed without any delay or the latest within one month after receiving the request. This expiration can be postponed of 2 months if necessary, considering the complexity and the number of the requests received by the Data Controller. In these cases the D.C., within one month after receiving your request, will inform You and let You know about the reason they postponed.
We would like to remind you that, if you do not deem our response to your request to be satisfactory, you can contact and lodge a complaint with the Authority for the protection of personal data (www.garanteprivacy.it) in the manner established by the Applicable legislation.