1. DATA CONTROLLER AND DATA PROTECTION OFFICER (DPO)
The data controller is BEGHELLI S.p.A. with registered office in Valsamoggia (BO), Monteveglio, via Mozzeghine n. 13/15. VAT NUMBER 00666341201, email address firstname.lastname@example.org.
The Data Protection Officer (DPO) can be reached at the e-mail address email@example.com
2. PURPOSES, LEGAL BASIS OF THE PROCESSING AND STORAGE PERIOD OF PERSONAL DATA
a) to allow the registration to the website and to take advantage of the services dedicated to the data subjects such as the acquisition of goods and services through the Store available on the website and the services related to it (e.g. shipment and monitoring of purchased goods);
b) allow registration for events organized by Beghelli S.p.A.;
c) if necessary, to ascertain, exercise or defend the rights of the Data Controller in a judicial proceeding;
d) Direct marketing: e.g. sending - by automated communication methods (such as sms, mms, e-mail, instant messaging and social apps) or traditional methods (such as telephone calls with an operator and traditional mail) - promotional and commercial communications relating to services/products offered by the Company or reporting of company events, as well as carrying out market studies and statistical analysis;
e) Profiling: such as analysis of your preferences, habits, behavior and interests in order to send you customized commercial communications/promotional actions targeted/offers and services adequate to your needs/preferences;
f) Communication/transfer of personal data to third parties: by way of example, parent companies, subsidiaries, affiliates of the Data Controller, commercial partners for the purpose of their processing for marketing purposes relating to the products and / or services of each third party;
g) To comply with obligations provided for by regulations and applicable national laws (e.g. tax obligations for billing purposes).
Legal basis for the purpose: performance of a contract to which you are party for the purpose referred to in points (a) and (b); legitimate interest for the purpose referred to in point (c); consent (specific, optional and withdrawable at any time) for the purposes referred to in points (d), (e) and (f); performance of legal obligations for the purpose referred to in point (g).
Period of retention of data: duration of the contract and subsequently on the basis of the prescriptive terms of the contract for the purposes referred to in letters a), b) and g); in the case of litigation (letter c)), for the entire duration of the same, until exhaustion of the time limits for the exercise of the right of appeal. For the purposes referred to in letters. d), f) the data will be stored until revocation of the consent of the person concerned. For profiling purposes (letter e) the data will be kept until the revocation of consent and in any case never beyond the period of 24 months.
Once the above-mentioned storage terms have expired, the Data will be destroyed, erased or anonymized.
3. MANDATORY OF PROVISIONS OF DATA
The provision of data marked with an asterisk (*) in the registration form to the site is required for the creation of a user account. The refusal to provide such data does not allow, therefore, the registration to the website and the possibility for the user to access the services reserved for registered users.
In order to make purchases in the store, the user is required to complete the fields marked with an asterisk (*) in the "profile data" form. The refusal to provide such data does not allow, therefore, to make purchases and the possibility for the Company to process its request.
This is a service dedicated to persons who have reached 16 years of age.
4. PROCESSING METHODS
The processing of data is based on the principles of fairness, lawfulness and transparency and minimization of data (privacy by design); may be carried out either manually or using automated methods aimed at storing, processing and transmitting the data and will be carried out using appropriate technical and organizational measures, as long as is reasonable and appropriate to the state of the art, to guarantee the security, confidentiality, integrity, availability and resilience of the systems and services, preventing the risk of loss, destruction, unauthorized access or disclosure or, in any case, unlawful use, as well as through reasonable measures to promptly erase or rectify inaccurate information in relation to the purposes for which they are processed.
5. WHO MAY PROCESS DATA
The data may be processed by external subjects operating as data controllers such as supervisory and control authorities and in general subjects, public or private, legitimated to request the data.
The data may also be processed, on behalf of the Company, by external parties designated as data processors pursuant to art. 28 of the GDPR, to whom adequate operating instructions are given. These subjects are essentially included in the following categories:
a. companies that offer e-mail services;
b. companies that offer website maintenance services;
c. companies that offer support in carrying out market research;
d. subsidiaries and/or companies belonging to the Beghelli Group;
e. technical assistance companies;
f. call center companies.
6. SUBJECTS AUTHORIZED TO PROCESS
The data may only be processed by employees of the Data Controller or Data Processors responsible for pursuing the above purposes, who have been expressly authorised to process the data and who have received appropriate operating instructions.
7. TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION
There are no data transfers outside the European Union.
8. RIGHTS OF THE DATA SUBJECT - CLAIM TO THE SUPERVISORY AUTHORITY
By contacting the Company by e-mail at the address firstname.lastname@example.org, data subjects may ask the Data Controller for access to the data concerning them, for its erasure, correction of inaccurate data, integration of incomplete data, limitation of processing in the cases provided for in art. 18 GDPR, as well as opposition to processing, for reasons connected with their particular situation, in cases of legitimate interest to the Data Controller.
Furthermore, if the processing is based on consent or contract and is carried out by automated tools, the data subjects have the right to receive the data in a structured format, commonly used and in a common machine-readable format, and, if technically possible, to transmit them to another Data Controller without any hindrance.
The data subjects have the right to revoke the consent given at any time for marketing and/or profiling purposes, as well as to oppose the processing of data for marketing purposes, including profiling related to direct marketing. It remains possible for data subject who prefers to be contacted for the above purpose exclusively by traditional channels, to express his or her opposition only to the receipt of communications by automated channels. Revocation of consent shall not affect the lawfulness of processing based on consent prior to revocation.
Data subjects shall have the right to submit a complaint to the competent supervisory authority in the Member State where they habitually reside or work or in the Member State where the suspected breach has occurred.