PRIVACY POLICY
Information pursuant to Article 13 of
European Regulation 2016/679 (GDPR)
In accordance with the provisions of European Regulation 2016/679 (General Data Protection Regulation) we are providing you with information concerning the personal data processing performed by this website. This document is not to be considered valid for other websites that can be consulted via the links on the domain owner’s websites, which are not to be considered in any way responsible for third party websites. This information is provided pursuant to art. 13 of European Regulation 2016/679 and it is also based on the provisions of Directive 2002/58/CE, as updated by Directive 2009/136/CE on Cookies as well as the provisions of the Measures of the Authority for the protection of personal data of 08.05.2014 regarding cookies.
THE DATA CONTROLLER is VALSIR S.p.A., with registered office in Vestone (BS) – Località Merlaro 2, in the person of its pro tempore legal representative, (hereinafter, the “Data Controller”). You can at any time contact the Data controller at the following contact details: by post: VALSIR S.p.A. Località Merlaro 2, Vestone (BS); email: This email address is being protected from spambots. You need JavaScript enabled to view it.; contact area http://www.valsir.it/en/contatti/contatti/contatti The Data Controller may appoint others within the company who are duly authorized and trained to perform processing operations under the authority of the Data Controller, pursuant to article 29 of EU Regulation 2016/679. Processing operations may also be carried out on behalf of the Data Controller by external parties duly appointed as Data Processors pursuant to art. 28 of EU Regulation 2016/679. A complete and updated list of the people responsible for data processing is available at the registered offices of the Data Controller, using the contact details indicated above.
2. DATA PROCESSED
Personal Data: any information relating to an identified or identifiable natural person («data subject»); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to identification information such as the name, an identification number, location data, an online identifier or one or more elements characteristic of their physical, physiological, genetic, psychological, economic, cultural or social identity (such as, for example, name, surname, date of birth, address, e-mail, telephone number etc).).
Surfing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the URI-mapped addresses (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given (successful, error, etc.) and other parameters related to the operating system and to the user’s computer environment.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.
Maintenance
The User’s personal data may be processed with additional methods and purposes related to website maintenance. Data provided voluntarily by the user.
The optional and voluntary sending of personal data (e.g., by sending emails to the addresses indicated on this website or by filling in registration forms or requests for catalogues/technical manuals/price lists on this site) involves the acquisition and processing by the Data Controller of data provided voluntarily by users when completing registration forms or any additional personal data included in the communication including name, surname, address, telephone number, email address and any other data provided to receive access credentials to the various areas of the website (e.g. profession), including Registered Users Area, Download Area, Events/Seminars Area etc.). Specific summary information will also be provided on the pages of the site in relation to the particular processing of user data (e.g. applications in the area “Work with us”).
Cookies For more information on the cookies used by this website please consult the Cookie Policy.
3. PURPOSE AND LEGAL BASIS OF DATA PROCESSING Personal data provided voluntarily will be processed in compliance with the conditions of legality pursuant to art. 6 paragraph 1, letter f) EU Regulation 2016/679 (legitimate interest of the Data Controller, taking into account the reasonable expectations of the data subject at the time and in the framework of personal data collection, when the data subject can reasonably expect that processing will be performed for such a purpose) for the following purposes:
a) With reference to surfing data, to obtain anonymous statistical information on the use of the site and check that it is functioning correctly;
b) At the request of the user, to send information/documents/services requested by the user by completing registration forms or forms for requesting catalogues/technical manuals/price lists/ and/or contact details;
c) At the user’s requests, selection of personnel and assessment of applications received by filling in forms for data collection in the “Work with us” area or via email addresses available on the site;
d) With reference to the email address provided by the data subject in the context of the sale of a product or a service, for direct marketing purposes, for the purpose of the direct sale of products or services of the data controller similar to those already purchased by the client/user.
Processing of data will be carried out in compliance with the conditions of legality pursuant to art. 6, paragraph 1, letter a) EU Regulation 2016/679 (consent of data subject) for the following purposes:
e) with prior consent, for purposes of direct marketing, sending of newsletters, advertising or direct sale material or for market research or commercial communication - by automated means, email, fax, SMS or other types of messages, and by telephone calls via operator and conventional post – and sending material to monitor the degree of satisfaction, promotional material or material on events and initiatives organised by the Data Controller;
f) with prior consent, for purposes of direct marketing, sending of newsletters, advertising or direct sale material or for carrying out market research or commercial communication - by automated means, email, fax, SMS or other types of messages, and by telephone calls via operator and conventional post – and sending material to monitor the degree of satisfaction, promotional material or material on events and initiatives organised by the companies of the Valsir Group (controlling, controlled, subsidiaries and affiliated companies);
g) With prior consent, for profiling purposes, or in order to allow the Data Controller to process the user / consumer profiles and to analyse or predict aspects concerning the preferences or personal interests of the data subject, purchases habits, geographical position, in order to provide the user / consumer with a personalized service and target the commercial proposals of interest to the user.
Processing of data will be carried out in compliance with the conditions of legality pursuant to art. 6 letter b) and c) EU Regulation 2016/679 (contractual and legal obligations) for the following purposes:
h) administrative and accounting management of goods/services supplied by Valsir through the website’s e-commerce area.
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA The personal data provided may be communicated to: - companies in the Valsir Group; - service providers for the management of the information system used by the data controller and the telecommunications networks (including email, the web platform, the website, sending of newsletters); agencies, firms or companies that provide assistance and advice for the aforementioned purposes; service providers in relation to orders from users over the e-commerce area; competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request. Those belonging to the aforesaid categories perform the function of Data Processing Manager, or they operate in complete autonomy as separate Data Controllers. The list of data processors is constantly updated and is available at the Data Controller’s office and at the contacts mentioned above.
5. TRANSFER OF DATA TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION AND GUARANTEES The personal data provided will not be disseminated and may be transferred to countries outside the EU, in order to comply with the aforementioned purposes, within the limits and conditions set forth in art. 44 and other articles of EU Regulation 2016/679. Specifically, the data will be transferred only: - to third countries or international organizations for which the Commission has intervened with an assessment of adequacy (art. 45 EU Regulation 2016/679); - towards third countries or international organizations that have provided adequate guarantees and with which the data subject has enforceable rights and effective remedies (art. 46 EU Regulation 2016/679), also through contractual clauses and the other provisions referred to in article 46, paragraph 3); - towards third countries or international organizations on the basis of exceptions in specific situations (art. 49 EU Regulation 2016/679). The data subject may obtain information on the guarantees provided by the Data Controller for the transfer of data by contacting the Data Controller.
6. DATA STORAGE PERIOD OR CRITERIA FOR DETERMINATION OF PERIOD Data processing will be performed using manual and automated methods, using tools and methods to ensure maximum security and confidentiality, by persons authorized to do so.
In compliance with the provisions of art. 5 paragraph 1 letter e) of EU Regulation 2016/679 the personal data collected will be stored in such a way that allows identification of the data subject for a period not exceeding the purposes for which the data was collected and subsequently processed. The storage times of the personal data provided depend on the purposes of the processing performed:
a) purposes related to surfing technical data for the proper functioning of the website: storage only for the related session, after which the data will be cancelled;
b) purposes of feedback following the request for information/documents/contact (12 months);
c) for administrative/accounting/financial/ purposes relating to the supply of goods/service (10 years);
d) collection of data for personnel selection (24 months);
e) direct marketing or promotional communications (24 months);
f) profiling (12 months)
7. NATURE OF PROVISION AND REFUSAL The provision of your personal data for the purposes referred to in point 3 letter h) of this statement is necessary in order to fulfil contractual and legal obligations related to the supply of Valsir goods/services through the website’s e-commerce area. Your refusal will make it impossible to supply you with the goods/service requested though the e-commerce area. The provision of your personal data for the purposes referred to in point 3 letter a) b) c) d) of this statement is necessary in order to : browse the website, comply with your requests, evaluate your application, send you notices of interest (if you are already our client).Your refusal to provide data implies, respectively, the inability to browse the site, be contacted and/or receive requested information and/or documents, receive direct marketing communications of interest. The provision of personal data and consent to processing for the purposes referred to in point 3 letters e) f) and g) of this policy (direct marketing by the Data Controller / communication of data to other companies in the Valsir Group for marketing purposes / user profiling) is optional. Refusal to give consent will mean respectively that your data is not processed for direct marketing purposes and/or will not be disclosed to the companies in the Group for marketing purposes and/or will not be processed for profiling purposes.
8. RIGTHS OF THE DATA SUBJECTS
You can exercise your rights as expressed in articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, by contacting the Data Controller: VALSIR S.p.A. Località Merlaro 2, Vestone (BS); email: This email address is being protected from spambots. You need JavaScript enabled to view it.; contacts area http://www.valsir.it/en/contatti/contatti/contatti You have the right, at any time, to obtain access from the Data Controller to your personal data and to request information regarding the purposes of the processing, the categories of personal data processed, any recipients of the personal data to whom the personal data will be disclosed, in particular recipients in third countries, the retention period or, if that is not possible, the criteria used to determine the retention period; the existence of automated decision making, including profiling. You have the right to rectify, erase your personal data or to restrict processing. If processing is based on article 6, paragraph 1, letter a), or on article 9, paragraph 2, letter a), you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You have the right to be informed about the existence of safeguards concerning the transfer of your data to third countries or international organisations under article 46 of EU Regulation 2016/679. You have the right to data portability; where this right applies, the Data Controller will provide your personal data in structured, commonly used and machine readable format, and the right to transmit this data to another data controller. Furthermore, you have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data under article 6, paragraph 1, letter e) or f), including profiling on the basis of such provisions. If your personal data are being processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data performed for such purposes, including profiling to the extent that it is connected to direct marketing. You have the right to not to be subject to a decision based solely on the automated processing, including profiling, where it produces legal effects or significantly affects you. Without prejudice to any other administrative or judicial appeal, in the event that you believe that the processing of your personal data violates EU Regulation 2016/679, you have the right to lodge a complaint with a supervisory authority.
9. MODIFICATIONS TO THE PRIVACY POLICY
The data controller reserves the right to modify, update, add or remove parts of this privacy statement at its discretion and at any time. The data subject is required to periodically check for any modifications. In order to facilitate this verification, the statement will contain an indication of the update date of the policy. Use of the site following posting of changes will constitute your agreement to the same.
Update date: 25 May 2018
DATA CONTROLLER – VALSIR S.P.A.