1. What types of data are processed and for what purposes?
The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment. These data are necessary to use web-based services and are also processed in order to (i) extract statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.); and (ii) check functioning of the services. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Website. The navigation data are processed for our legitimate interest to guarantee the safety of the Website, to check its correct functioning and to obtain statistics related to its use (art. 6, co. 1, let. f) of the GDPR).
Data voluntarily provided by you:
• in letters/fax/e-mail spontaneously sent to us: the optional, explicit and voluntary sending of your personal data to the mail addresses or e-mail addresses published on the Website entails the subsequent acquisition of such data, necessary to pursue our and your legitimate interest in responding to requests sent by you in relation to the Website and/or our activities (art. 6, co. 1, let. f) of the GDPR). You are free not to provide such data. However, failure to provide such data may cause the impossibility to comply with your request;
• on the occasion of calls made to our telephone number: when contacting our telephone number, we may process the personal data spontaneously communicated by you during the telephone conversation or reasonably requested by us to pursue our and your legitimate interest in providing you with what has been requested (art. 6, co. 1, let. f) of the GDPR). You are free not to provide such data. However, failure to provide such data may cause the impossibility to comply with your request.
2. Who might have knowledge of my personal data?
Employees and/or collaborators of the Company in charge to manage the Website, provide assistance or provide you with what you have requested, might have knowledge of your personal data. Furthermore, entities which, acting as data processor, provide us with services that are instrumental to the performance of our business, might have knowledge of your personal data, including, but not limited to, IT and logistics service providers that are functional to the operation of the Website, and group companies that provide us with intra-group services.
3. Will my personal data be disclosed to third parties?
Your data could be communicated to the Judicial Authority at the request of the same in the cases provided for by law.
4. How will my personal data be processed and how long will they be stored?
Your personal data will be processed using automated and non-automated tools. Specific security measures are put in place to prevent data loss, illicit or incorrect use and unauthorized access. The navigation data will be retained for a maximum period of 7 (seven) days, unless further storage is necessary to ascertain responsibility in the event of hypothetical computer crimes against the Website or to fulfil requests of the judicial Authority. If you have contacted us by letter, fax or e-mail to obtain information about the Website or our business, your data will be stored for the time required by law or for the time necessary to pursue the aforementioned processing purposes.
5. Will my personal data be transferred outside the European Economic Area?
7. What are my rights?
You have the right to exercise at any time, free of charge and without formalities the following rights as per articles from 15 to 22 of the Regulation: the right to request access to personal data (or the right to obtain from us the confirmation that data concerning you are being processed and, if so, to obtain the access to personal data, obtaining a copy themof and of the information referred to in Article 15 of the Regulation) and rectification (i.e. the right to obtain the correction of inaccurate data concerning you or the integration of incomplete data) or the erasure of the same (meaning the right to obtain the deletion of data concerning you, should any of the events indicated in Article 17 of the Regulation occur) or the restriction of the processing related to you (meaning the right to obtain, in the cases indicated in art. 18 of the Regulation, the marking of stored personal data with the aim of limiting their processing in the future), in addition to the right to data portability (i.e. the right, in the cases indicated in Article 20 of the Regulation, to receive from us, in a structured, commonly used and machine readable format the data concerning you, and to transmit it to another data controller without impediments). You also have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, based on point (e) (performance of a task carried out in the public interest or in the exercise of official authority) or (f) (legitimate interest) of Article 6(1) of the Regulation, including profiling based on those provisions. You also have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before revocation.
8. How can I contact the company and exercise my rights?
You can exercise your rights by contacting us by mail at the following address “Ghella S.p.A., Via Pietro Borsieri 2/a, 00195 – Rome – To the attention of the Privacy Coordinator” or by e-mail at email@example.com. We remind you that you always have the possibility to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) or to the different Supervisory Authority of the Member State of the European Union in which you reside or work or where the alleged violation has occurred.
Last update: July 2019