1. What types of data are processed and for what purposes?
The computer systems and software procedures used to operate this site acquire some personal data during their normal
operation, the transmission of which is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment. These data, which are necessary for the use of web services, are also processed in order to: (i) to obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.); and (ii) to check the correct functioning of the services offered. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site. Navigation data are processed for our legitimate interest in ensuring the security of the Site, checking its proper functioning and obtaining statistics in relation to its use (Art. 6 (1)(f) of the GDPR).
Data provided voluntarily by you:
- in letters/faxes/e-mails spontaneously sent to us: the optional, explicit and voluntary sending of your personal data to the mail or e-mail addresses published on the Site entails the subsequent acquisition of such data, which are necessary to pursue our and your legitimate interest in replying to the requests you send in relation to the Site and/or our activities ( 6 (1)(f) of the GDPR). You are free not to provide such data. However, failure to provide such data may make it impossible to fulfil your request;
- during calls made to our telephone number: when you contact our telephone number, we may process personal data that you spontaneously communicate to us during the telephone conversation or that we reasonably request in order to pursue our and your legitimate interest in providing you with what you have requested ( 6 (1)(f) of the GDPR). You are free not to provide such data. However, failure to provide such data may make it impossible to fulfil your request.
2. Who may become aware of my personal data?
Your personal data may come to the knowledge of employees and/or collaborators of the Company in charge of managing the Site, providing assistance or supplying you with what you have requested. Furthermore, your personal data may be disclosed to subjects who, as data processors, provide us with services instrumental to the performance of our activities, such as, purely by way of example and without limitation, suppliers of IT and logistics services functional to the operation of the Site and companies in the group, which provide us with intra-group services.
3. Will my personal data be communicated to third parties?
Your data may be communicated to the Judicial Authority at its request in the cases provided for by law.
4. How will my personal data be processed and for how long will they be stored?
Your personal data will be processed with automated and non-automated tools. Specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorized access. Navigation data will be stored for a maximum period of 7 (seven) days, unless further storage should be necessary to ascertain responsibility in case of hypothetical computer crimes against the Site or to comply with requests of judicial authorities. If you have contacted us by letter, fax, e-mail or telephone to obtain information about the Site or about our company, your data will be kept for the time required by law or for the time necessary to pursue the processing purposes indicated above.
5. Will my data be transferred outside the European Economic Area?
7. What are my rights?
You have the right to exercise at any time, free of charge and without formalities the following rights set out in Articles 15 to 22 of the GDPR, including: (i) the right of access to personal data (i.e. the right to obtain from us confirmation as to whether or not data relating to you are being processed and, if so, to obtain access to the personal data, obtaining a copy thereof, and to the information referred to in Article 15 of the GDPR), (ii) the rectification (i.e. the right to obtain the amendment of inaccurate data relating to you or the supplementation of incomplete data) or erasure of data, if one of the grounds indicated in Article 17 of the GDPR applies, or the restriction of processing relating to you (i.e. the right to obtain, in the cases indicated in Article 18 of the GDPR, the marking of the data stored with the aim of limiting their processing in the future), (iii) the right to data portability (i.e. the right, in the cases set out in Article 20 of the GDPR, to receive from us, in a structured, commonly used and machine-readable format, data relating to you and to transmit such data to another data controller without hindrance). You also have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you pursuant to Article 6(1)(e) (performance of a task carried out in the public interest or in the exercise of official authority) or (f) (legitimate interest) of the GDPR, including profiling on the basis of those provisions. You also have the right to withdraw your consent at any time where a processing operation is based on your consent. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to withdrawal.
8. How can I contact you and exercise my rights?
You may exercise your rights by contacting us by letter at the following address "Ghella S.p.A., Via Pietro Borsieri 2/a, 00195 - Rome - For the attention of the Privacy Coordinator" or by e-mail at firstname.lastname@example.org. We remind you that you always have the possibility to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or with the different Supervisory Authority of the Member State of the European Union where you reside or work or where the alleged violation occurred.
Last update: February 2022