- Data Controller
The Data Controller of the data provided by users is Innse-Berardi S.p.A. with registered office in Via A. Franchi, 20 – 25127 Brescia.
Type of data collected
- Navigation data
The information systems and programs used to operate the site collect certain personal data, the transmission of which is implicit in the use of Internet communication protocols.
This category of data includes, for example, the IP addresses or domain names of the computers of the users who connect to the site.
- Data provided voluntarily by the user
To consult the website, users are not required to provide any personal data. However, the optional, express and voluntary sending of emails to the addresses indicated on this site, or use of the “Contact us” and “Career” sections, entails the acquisition of the user’s address and the relevant entered data, which are required to follow up the requests sent.
- Purpose and legal basis of data processing
Navigation data (section 2, letter a) is used for the purpose of:
- collecting data and information in aggregate and anonymous form only to verify the proper functioning of the site;
- collecting data and information to protect the security of the site (spam filters, firewalls, virus detection) and of its users;
- obtaining statistical information on the use of the site.
Data provided voluntarily by the user (section 2, letter b) shall be processed electronically and/or manually by the Data Controller exclusively for purposes related to the communication sent by the data subject. The data provided shall not be transferred to third parties without the effective and express consent of the data subject to the processing. Data acquired through the “Contact us” and/or “Career” forms on this site or through the spontaneous sending of emails to the contacts indicated on the same are processed for the sole purpose of providing the service requested.
In the event of hypothetical cybercrimes against the site, navigation data may also be used to ascertain responsibility.
- Data processing method
The processing of the user’s personal data is carried out based on the principles of correctness, lawfulness and transparency, using manual and/or electronic means, with organisational systems related to the purposes of the processing that guarantee the security, integrity and confidentiality of the data and the rights of the data subject.
Technical and organisational measures have been adopted to protect data from destruction or loss, even accidental, and against unauthorised access or disclosure.
Processing may be carried out with or without the use of electronic or automated means.
- Disclosure of data
In addition to the Data Controller, authorised internal staff (administrative, sales, legal, system administrators) appointed for the purpose may have access to your data, for the purposes of the processing itself.
The collected data may also be disclosed to external parties (for example, third-party technical service providers, hosting providers, IT companies) eventually appointed as Data Processors pursuant to Article 4, Paragraph 1, Point 8) of the Regulation, who operate on behalf of the Data Controller and according to the instructions provided, exclusively for activities strictly related to the purposes indicated above (for example, to guarantee the operation of the Internet service, management of information and communications systems).
- Data retention period
The Data Controller shall process data provided voluntarily by the user (section 2, letter b) for the time strictly necessary to provide the service requested, as better described in the extended policies.
- Provision of data
The navigation data collected within the scope of this processing (section 2, letter a) is strictly used for the IT management of the site.
Voluntary provision of personal data (section 2, letter b) is optional and aimed solely at following up user requests; therefore, failure to provide the necessary data makes it impossible for the Data Controller to reply.
- Data storage
Personal data shall be stored at the Data Controller headquarters and in the places, within the European Union, where the parties involved in the processing are located.
- Rights of the data subject
Users may exercise certain rights with regard to the Data processed by the Data Controller; in particular, pursuant to Articles 15-21 of Regulation (EU) 2016/679, users have the right to:
- access personal data
- check and request the rectification of personal data
- obtain the removal (or erasure) of personal data
- obtain the restriction of personal data processing
- obtain the portability of personal data
- oppose the processing
- submit a complaint to the Supervisory Authority (Italian Data Protection Authority) or engage in legal proceedings.
- How to exercise your rights
Users may exercise their rights at any time by sending:
- An email to the address: firstname.lastname@example.org
- A registered letter with return receipt to the address: Innse-Berardi S.p.A. Via A. Franchi, 20 – 25127 Brescia.