This page describes how to manage the site in relation to the processing of personal data of users who consult it.
Following consultation of this site, data relating to identified or identifiable persons may be processed.
The information is also based on Recommendation n. 2/2001 that the European Authorities for the protection of personal data, gathered in the Group established by the art. 29 of the directive n. 95/46 / EC, adopted May 17, 2001 to identify some minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that the data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.
This information is also provided in compliance with the legislation on the protection of individuals with regard to the processing of personal data pursuant to EU Regulation 679/2016 (hereinafter referred to as the “Regulation”).
1. HOLDER OF THE TREATMENT
The Data Controller is GRALGI SRL – Via Egadi n.7 – 20144 Milano.
2. METHOD OF TREATMENT AND SAFETY MEASURES
The Personal Data are processed with automated and non-automated tools, for the only time strictly necessary to achieve the purposes for which they were collected.
Within GRALGI SRL you can learn about your personal data, as appointees or managers of their treatment, the employees or external collaborators assigned to services, as well as internal and external structures, which perform technical and support tasks on behalf of the Company ( in particular: legal services, IT services, shipments) and corporate control services.
The processing of data is carried out by personnel directly employed by the Data Controller and / or by natural or legal persons specifically identified by this person as data controllers or processors. The data provided will in no case be subject to disclosure or communication to third parties, except for the communication to the subjects whose right to access the data is recognized by legal provisions or by orders of the authorities as well as to subjects, also external and / or foreign , for which the Data Controller uses for the performance of instrumental and / or ancillary activities for the management of the data collected and the provision of the services and benefits connected to it, including the suppliers of software solutions, web applications and storage services provided also through Cloud Computing systems and used for this purpose.
3. PLACE OF DATA PROCESSING AND CATEGORIES OF PERSONS TO WHOM THEY MAY BE COMMUNICATED
The processing of data connected to the web services of this site takes place at the Registered Office of GRALGI SRL, or of the party that collects the data, and is only handled by company personnel, authorized to process data, or by authorized third parties of the company .
No personal data deriving from the web service is disclosed.
For the performance of some of the activities related to the processing of your personal data in relation to the services made available through the site, GRALGI SRL may make communications to trusted companies or external bodies. These companies collaborate directly with GRALGI SRLand operate in total autonomy as distinct “owners” of the processing or as external managers.
4. TYPES OF DATA PROCESSED AND PURPOSE OF THE TREATMENT
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified as users. This category of data includes IP addresses or domain names of computers and / or networks used by users connecting to this site, URI (Uniform Resource Identifier) addresses of requested resources, time of request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the web server (success, error, etc.) and other parameters relating to the operating system and the environment computer user. This data is used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. It should be noted that the aforementioned data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Company’s website.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated in the specific sections of this website entails the subsequent acquisition of some personal data of the applicant, necessary to respond to requests. Specific summary information will be progressively reported or displayed on the pages of the site where it is possible to interact with the Company. The personal data provided by users who forward requests for information on products and services are used for the sole purpose of performing the service or provision requested and the methods of their treatment are regulated in the specific section of the site called “Information on privacy”.
5. PURPOSE OF THE TREATMENT
The personal data provided by users will be used:
– to allow access to the services offered within the site;
– to allow browsing on the site;
Registration is permitted to those who explicitly request it, by filling in the forms on the site pages with this specifically dedicated service, after reading the specific information and authorizing GRALGI SRL to process their personal data.
The refusal to provide the data makes it impossible to obtain the services offered by the site.
6. NATURE OF THE PROVISION OF DATA
In the event that the user intends to interact with the Company via the site, the provision of data is optional, but it constitutes a necessary and indispensable condition for providing the user with the information requested: the failure to provide it therefore makes it impossible for the Owner to guarantee an answer.
7. RIGHTS OF THE INTERESTED PARTIES
In addition to the right of access concerning the possibility of obtaining confirmation from the Data Controller that data is being processed, the Data Subject enjoys the rights granted to him in the art. 16-21 of the Regulation, namely:
- Obtain from the Data Controller the rectification of inaccurate data concerning him without unjustified delay, or the integration of incomplete Personal Data, even providing a supplementary declaration;
- To obtain the deletion of the Personal Data concerning him from the Data Controller without undue delay, when:
– the data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
– the Data Subject revokes the consent to the Processing of Personal Data and there is no other legal basis for the Treatment of the same;
– the Data Subject has opposed the Processing and there is no legitimate prevailing reason to proceed with the Treatment;
– the Personal Data have been processed unlawfully;
– personal Data must be deleted to fulfill a legal obligation to which the Owner is subject;
- Obtain from the Data Controller the limitation of the processing of Personal Data when:
– the Data Subject disputes the accuracy of the Personal Data, for the period necessary for the Data Controller to verify such circumstance;
– the Processing is illicit and the interested party, by opposing the deletion of the data, only asks that its use be limited;
– although the Data Controller no longer needs it for the purposes of the Processing, the Personal Data are necessary for ascertaining, exercising or defending a right in court;
– the Data Subject has objected to the Processing for the period necessary to assess the prevalence of the Data Controller’s legitimate reasons with respect to His.
- Receive from the Data Controller in a structured format, commonly used and readable by an automatic device, the Personal Data concerning him if:
– the treatment is based on consent or a contract;
– the processing is carried out by automated means. In this case the interested party has the right to obtain direct transmission of Personal Data from one Data Controller to the other, if technically feasible;
- Object at any time, for reasons related to your particular situation to the Processing of Personal Data concerning you.
8. POSSIBLE TRANSFER OF PERSONAL DATA ABROAD
The management and storage of data takes place on the server of the owner and / or third party companies appointed as external data processors. The servers on which the above data are stored are located in Italy and within the European Union. Personal Data are not transferred outside the European Union.
In any case, it is understood that the Owner, if necessary, will have the right to move the location of the archives and servers in Italy and / or in the European Union and / or in non-EU countries. In this case, the Data Controller now ensures that the extra-EU data transfer will take place in compliance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for by the European Commission.
9. HOW TO EXERCISE THE RIGHTS
To exercise their rights, the interested party may contact the Data Controller by writing:
– by e-mail, to email@example.com,
– by ordinary mail, at the address GRALGI SRL – Via Egadi n.7 – 20144 Milano.
The deadline for responding to the interested party is thirty days, extendable up to three months in particularly complex cases; in these cases, the Data Controller provides at least an interim communication to the interested party within the term of thirty days.
The exercise of rights is, in principle, free; the Owner reserves the right to request a contribution in the event of manifestly unfounded or excessive requests (even repetitive), also in light of the indications that may be provided by the Privacy Guarantor.
10. COMPLAINT TO THE PRIVACY GUARANTEE
The interested party has the possibility to lodge a complaint with the Privacy Authority, which can be contacted on the website www.garanteprivacy.it.