This page provides a description of how the website manages the processing of its users’ personal data. This policy is provided pursuant to Article 13 of the GDPR 2016/679 on the protection of personal data for anyone interacting with the website’s services and pages that can be accessed on the Internet from the address:
https://www.startexmaglieria.com, which is the website’s homepage.
This policy only applies to the website in question and its sections. It does not apply to other websites or pages that do not belong to this website, which Users may visit via links.
THE DATA CONTROLLER
Data on identified or identifiable individuals may be processed if they simply consult or interact with this website.
The Data Controller is STARTEX MAGLIERIA S.R.L., with its registered head office in Carpi (MO), Via Lenin, No 1, e-mail firstname.lastname@example.org.
The processing for this website’s services takes place at the Data Controller’s head office and is only carried out by staff appointed and authorised to process data.
A Data Protection Officer (DPO) has not been appointed.
TYPES OF DATA PROCESSED
The computer systems and software procedures used to run this website might acquire certain personal data during normal use, which is transmitted using Internet communication protocols. This information is not collected to be associated with identified data subjects. However, by its very nature, it might be used to identify users by means of processing and matching with information held by third parties. This data category includes the IP addresses or domain names of the computers used by users accessing this website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used to submit the request to the server, the size of the file received in reply, the numerical code indicating the server response status (successful, error, etc) and other parameters relating to the User’s operating system and computer set-up. This data is only used to extract anonymous statistical information on how the website is used and to ensure that it is running properly. It is deleted immediately after processing. Data could be used to ascertain liability in the event of possible cyber crimes against the website.
Data provided voluntarily by the User
If data is sent explicitly and voluntarily to this website by filling in the appropriate form/format to request information, the sender’s address will then be stored together with any other personal data sent (including, but not limited to, their name, residential area, telephone number and/or e-mail address, etc), in order to reply to the requests.
PURPOSES OF THE PROCESSING
Your personal data, which is collected, processed and archived through the website, is processed for the following purposes:
- for purposes strictly related to the need to reply to and follow up on requests directly submitted by the User through the form available to the User on the website (for example, to provide information on a product/service, a cost estimate, the names of dealers in the area of interest, etc);
- to send any advertising, informational or promotional material regarding the subject of the requests submitted from the User by filling in the appropriate form and/or relating to the products/services of the sender;
- for potential profiling, i.e. to develop a commercial profile of the User by using the data obtained from consulting the website, as well as the data provided from the User by filling in the appropriate form; to develop a commercial profile of the User, based on the data collected from browsing the website (this data is acquired by the Data Controller from cookies or similar technology), in order to analyse or cover aspects of the User, such as their preferences or personal interests and therefore to send targeted commercial messages for the User’s preferences or interests, as well as to customise the website or the products and/or services offered.
The Data Controller only processes personal data for the purposes under points 2 and 3 when Users have granted their express consent.
THE LEGAL GROUNDS FOR THE PROCESSING ARE BASED ON:
– the requirement to fulfil pre-contractual measures adopted at the request of the data subject/User and in the Data Controller’s legitimate interest, for the purposes under point 1 above;
– your express consent granted for the purposes under points 2 and 3 above.
PROCESSING METHOD and RETENTION PERIOD
Any personal data collected during browsing is processed with automated means. Specific security measures are implemented to prevent the data from being lost, used unlawfully or inappropriately, and accessed without authorisation.
In accordance with the principle of “limitation of data retention” under Article 5 of Regulation (EU) No 2016/679 (GDPR), any data collected shall be retained for a period of time no longer than required to achieve the purposes for which it was processed or according to the time limits set by law. Whether or not any retained data has become obsolete in relation to the purposes for which it was collected is checked periodically. In particular, any data processed for the purposes under points 1, 2 and 3 above shall be retained for 2 years.
SCOPE OF COMMUNICATION AND CIRCULATION OF DATA
Any data collected and processed is protected by the Data Controller using physical and logical measures in order to minimise any risk of unauthorised access, as well as the circulation, loss or destruction of data.
Personal data shall not be circulated, but may be disclosed by the Data Controller, to provide the service offered, to the following subjects:
- a) subjects, organisations or authorities for which the communication of the User’s personal data is compulsory by law or by order of the authorities;
- b) affiliated/partner subjects/companies and/or dealers with which the Data Controller has entered into special collaboration agreements and which are used to provide the service, for the sole purpose of allowing them to provide the products and/or services requested by the User.
Personal data may only be disclosed to the Data Controller’s employees and partners (including outside the company) expressly appointed and authorised by the Data Controller to process data, as well as to facilities that provide technical support on the Data Controller’s behalf (legal services, company audits, maintenance and/or repair of computer equipment, etc).
TRANSFERRING DATA ABROAD
The data collected shall not be transferred abroad.
DATA SUBJECTS’ RIGHTS
Data subjects/Users are always entitled to ask the Data Controller for access to their data, to have it amended or deleted, to restrict or object to its processing, to request data portability, or to withdraw their consent to the processing by exercising these and other rights provided for by applicable legislation (GDPR) simply by writing to the Data Controller. Data subjects also have the right to file a complaint with a supervisory authority. In Italy, this is the Italian Data Protection Authority (Garante per la Protezione dei dati or Garante Privacy), with its offices in Rome, Piazza di Monte Citorio No 121.
Requests should be sent to Startex Maglieria S.r.l., with its registered head office in Carpi (MO), Via Lenin, No 1, e-mail email@example.com.