INFORMATION AND CONTACT DETAILS OF THE CONTROLLER
Art. 13, paragraph 1(a) and (b) EU Reg. n. 679/2016
Tecno 3 s.r.l., whose registered office is at Via Mastri Cestai, n. 2 - 12040 Corneliano d'Alba (CN), P.I. 03119410045
Contact details of the Controller
Tel: 0173/610564 - Fax: 0173/619494
Contact details of the Data Protection Officer
Tecno 3 s.r.l. does not fall in the hypotheses provided by art. 37 of EU Reg. n. 679/2016
Tecno 3 s.r.l., whose registered office is at Via Mastri Cestai, n. 2 - 12040 Corneliano d'Alba (CN), P.I. 03119410045, as the controller of your personal data (hereinafter also "Controller"), inform you, within the meaning of Articles 12 and 13 of EU Regulation n. 679/2016 (General Data Protection Regulation, henceforth called for brevity "GDPR"), that your personal data will be processed by subjects specifically authorized to and limited to the aims and with the modalities specified hereafter with reference to the capabilities of the web portal http://www.beantobarmachine.com.
OBJECT AND PURPOSES OF THE PROCESSING
The Controller informs you that it will process your personal data, and specifically (i) your identifying personal common data such as name and surname, email address, telephone number, and identifying and IP addresses or domain names, in accordance with the purposes and the methods, as defined and specified below.
The Website users’ personal data, as described above, will be subject to processing in the ways and in the forms prescribed by the GDPR for the carrying out of specific functionalities of the Website, with particular reference to procedures, described therein, of data collection, "Fill out the form for further information" and "Contact us right away and start to produce YOUR chocolate" form filling.
In particular, the personal data provided by yourself, as data subject, to the Controller, will be processed for the pursuit of the following purposes:
For the response to specific requests from the user/data subject to the controller via the Website and its communication tools, in particular via the "Fill out the form for further information" and "Contact us right away and start to produce YOUR chocolate" forms, both finalized to the vehiculation of requests for any kind of information;
For the purposes of direct marketing, via the aforementioned forms, especially for the sending of newsletters and commercial information, the sending of homage of trade publications and information on machineries, activities and services, commercial and promotional initiatives of the company, and of the commercial network belonging to the company itself or of third parties, signalling advertising events, and the promotion of them through letters, telephone, advertising material, communication systems, Internet, realization of statistical surveys aimed at the needs of monitoring the progress of business relations with customers, market research or measurements of the degree of satisfaction on the quality of the services rendered by the company and the activity carried out by means of personal interviews or phone calls, questionnaires.
This Privacy Information is effective only with reference to the above mentioned web portal http://www.beantobarmachine.com, but not with reference to other and different portals or Websites accessible through links present therein, of which the Controller is not in any way the holder.
LAWFULNESS OF PROCESSING
Apart from what above specified for navigation data, the communication from the data subject to the Controller of the personal data, as above described, has, as prerequisites for the lawfulness of processing, the following legal basis:
Art. 6, para. 1(b) of the GDPR, concerning the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject to entering into contact, for the purposes referred to in point a).
Art. 6, para. 1(a) of the GDPR, concerning the data subject freely given, specific, informed and unambiguous consent, in any case revocable, for the purposes referred to in point (b).
The processing of your personal data is therefore necessary for the integral fulfilment of the aims referred to in point a), and consequently your refusal to provide the above mentioned data may result in the failure to carry out the functions and services of the Website; instead, the processing of your personal data is merely optional with regard to the completion of commercial activities and direct marketing referred to in point b), and therefore the possible lack of consent does not prevent the fulfilment of the other purposes as above indicated. In any case, the consent from you possibly loaned, may be from you revoked at any time, with the immediate effect of intermitting the connected activities and business services.
METHOD OF PROCESSING
The processing of the personal data communicated by yourself is realized by means of the operations indicated in Art. 4 n. 2) of the GDPR, and precisely: "collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction".
The above described personal data are subjected to automated processing for the time strictly necessary to achieve the purposes for which they have been collected, with technical and organizational measures adopted to prevent the loss of data, incorrect criminal use and/or unauthorized access, and such, therefore, to ensure a level of security appropriate to the risk within the meaning of art. 32 of GDPR, by subjects specifically authorized, in compliance with the provisions of art. 29 of GDPR, i.e. employees and/or collaborators of the Controller as authorized subjects and/or system administrators, which can carry out operations of consultation, use, processing, comparison and any other appropriate operation in compliance with the provisions of the law necessary to ensure, inter alia, the confidentiality and security of data as well as the accuracy, updating and relevance of the data in relation to the purposes and methods declared.
It should be noted, in particular, that the above mentioned personal data will be processed only under the controller’s approval, except as specified below, it will be not, therefore, disseminated and, within the meaning of Art. 13, paragraph 1, lett. (e), it will be processed only by authorized persons and/or any processor (in person of individual professionals and/or complex professional associations), and/or by entities that operate as autonomous controllers, the list of which is available from the office of the Controller and is supplied after the written request from the data subject, among which ranks, explicitly, the hosting company and/or by technical personnel in charge of the management and/or maintenance of the Website, but only and exclusively for the purposes above expressly and specifically indicated.
DISSEMINATION OF THE DATA
In relation to the above mentioned purposes, the personal data can be communicated to the following subjects and/or categories of subjects listed below or can be communicated to companies and/or to persons, providing services, also external, on behalf of the Controller.
Among these, for the sake of greater clarity, but not limited to: professionals and consultants, also as complex professional associations; subjects the company relies on for the acquisition of commercial information related to contractual or precontractual requirements; companies, external subjects, banks and credit institutions, financial intermediaries not banking, insurance professionals in respect of the standard limits; individuals who perform control activities, review and certification of activities carried out by the company, possibly also in the customers’ interest; subjects that provide computer and telematic services for the management of the computer system used by the Controller and of the telecommunications networks (including the email management and web portals and Internet sites - hosting - services cloud storage); competent Authorities and/or supervisory subject for the performance of the obligations of law; fiscal consultancy companies or consultants; labor consultants; legal lawfirm for the protection of the contractual rights; individuals who perform fulfilments of control, audit and certification of activities carried out by the Controller, which operate as processor according to Art. 28 of GDPR, or in total autonomy as distinct Controller.
This Website may share some of the data collected with IT services localized outside of Italy and of the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) also through social plugin and the service of Google Analytics. The transfer of personal data outside the EU is authorized on the basis of specific decisions of the European Union’s Commision and of the Supervisory Authority for the protection of personal data, in particular the decision 1250/2016 (i.e. Privacy Shield), so that we do not need further consent. The above mentioned companies ensure the adhesion to the Privacy Shield.
In any case, in the hypothesis that a personal data transfer extra EU would be necessary, the Controller now ensures that the data transfer will be in accordance with the provisions of applicable law, and in particular in accordance with Articles 44 - 45 - 46 - 47 - 48 and 49 of GDPR.
DATA RETENTION PERIOD
We draw your attention to the fact that, in compliance with the principles of lawfulness of processing, purpose limitation and data conservation and minimization, within the meaning of Art. 5 of GDPR, the storage period of your personal data is established for a period not greater than the achievement of the purposes for which they were collected and processed, i.e. for the entire duration of the fulfilment of the above mentioned purposes, and therefore, exhausted the processing finality, your data will be erased from any physical and logical support.
THE DECISION-MAKING PROCESSES AND AUTOMATED PROFILING
The Controller informs you that, for the purposes of the personal data processing, does not avail itself of the decision-making automated processes, i.e. those directed to take decisions based solely on technological means on the basis of predetermined criteria (i.e. without the human involvement), nor does it perform automated profiling activities, namely that directed to use your personal data to analyze or predict aspects concerning the professional performance, the economic situation, health, personal preferences, interests, reliability, conduct, the location or the movements etc.
Rights of the data subject
Right of access ex art. 15 of the GDPR and right of rectification ex art. 16 of the GDPR
As the data subject, within the meaning of art. 15 of the GDPR, you have the right to obtain from the Controller the confirmation of the existence or not of a personal data processing concerning yourself, to obtain access to them and to all the information referred to in Article 15, paragraph 1, letters (a) to (h), by release of the copy of the data object of processing in structured format, of common use, readable by automatic device and interoperable.
Pursuant to art. 16 of the GDPR, you also have the right to obtain from the Controller the rectification and/or integration of the data object of processing, if they are not accurate and/or updated and/or incorrect and/or incomplete.
Right to erasure ex art. 17 of the GDPR and right to restriction of processing ex art. 18 of the GDPR
As the data subject, you have the right to obtain, without undue delay, from the Controller, exclusively in the cases referred to in art. 17, paragraph 1, letters (a) to (f), of the GDPR, the erasure of the data concerning yourself - with the exception of specific cases provided for by art. 17 paragraph 3.
As the data subject, within the meaning of art. 18, paragraph 1, letters (a) to (d) of the GDPR, you have the right to request and obtain from the Controller the restriction of processing of your personal data, i.e. that such data are not subjected to additional processing and can no longer be modified. The Controller ensures that the restriction of processing to be carried out by technical devices adapted to ensure their inaccessibility and immutability.
The right to data portability ex art. 20 of the GDPR
As the data subject, you have the right to receive, within the meaning of art. 20 of the GDPR, by the Controller, the personal data concerning yourself, whose processing is performed by automated means, in a structured, commonly used and machine-readable format, and you also have the right to transmit such data to another controller, i.e. to obtain from the Controller, where technically feasible, the direct transmission of such data to another controller specifically identified.
Right to object ex art. 21 of the GDPR
You have the right to object in any moment to the processing of personal data concerning yourself, for reasons related to your particular situation, in cases where the processing of your personal data is necessary (1) for the execution of a task in the public interest and/or connected to the exercise of public powers which is invested the Controller; (2) for the pursuit of a legitimate interest of the Controller or a third party; (3) for profiling activities performed by the Controller on the basis of the preceding points.
You also have the right to object to the processing of your personal data for reasons related to your particular situation where the same data are processed for the purposes of scientific research or historical or for statistical purposes in accordance with Article 89, paragraph 1 of the GDPR, except when the processing is necessary for the execution of a public interest task.
Detailed operating mode to exercise the rights
You may exercise the rights listed above by request to be sent to the email address firstname.lastname@example.org or by registered letter with return receipt to the address "Via Mastri Cestai, n. 2 - 12040 Corneliano d'Alba (CN)", to the attention of Mr. Rosella Sobrero, as internal referent with regard to privacy and protection of personal data.
The Controller will confirm receipt of your request and will give you the information relating to the action taken with reference to the exercise of your rights provided for in Articles 15 to 22 of the GDPR, within one (1) month after receipt of the request. If necessary, and taking into account the complexity and the number of requests, the Controller may extend this period of two (2) months after communication motivated by transmitting within one (1) month after receipt of the request.
The Controller will communicate any rectification, cancellation, limitation, opposition to all recipients, as identified by the art. 4, paragraph 1, n. 9 of the GDPR, to which such data have been transmitted, unless this proves impossible or involves a disproportionate effort.
Following the sending of your request for correction, cancellation, opposition, limitation, if the Controller has reasonable doubts about your identity will ask you more information to confirm it. These notifications will be sent via email from address email@example.com and they will be processed by the person authorized for the specific purpose.
If the Controller does not comply with the request within a period of one (1) month after receipt of the request, it will inform you about the reasons for the non-compliance and about your faculty to lodge a complaint with a Supervisory Authority (i.e. the Italian “Autorità Garante per la protezione dei dati personali”), as specified pursuant to Art. 13, paragraph 2, letter (d) and governed by Articles 77 ff. of the GDPR.