1. DATA CONTROLLER AND DATA PROTECTION OFFICER (DPO)
The Data Controller is BEGHELLI SPA based in Valsamoggia (BO), loc. Monteveglio, via Mozzeghine n. 13/15, email address email@example.com.
The Data Protection Officer (DPO) can be contacted at the email address firstname.lastname@example.org
2. PURPOSES, LAWFUL BASIS OF PROCESSING AND PERIOD OF PERSONAL DATA STORAGE
Purpose: the data provided by you when compiling the form will be processed by the Company to respond to your requests for information on the Company and/or its products/services.
Lawful basis of purposes: performance of a contract of which you are part.
Period of personal data storage: These data will be stored for the time required to process each individual information request. Once this is complete, your data will be destroyed or anonymised.
3. OBLIGATION TO PROVIDE DATA
The transfer of data marked with an asterisk (*) on the data collection form is compulsory to provide you with the information requested; therefore failure to compile these data will not enable the Company to process your request.
4. PROCESSING METHODS
The processing of data is based on the principles of lawfulness, fairness and transparency with the minimisation of data (privacy by design); it may be performed both manually and using automated means designed to store, process and transmit data, and will be carried out using adequate technical and organisational measures, as far as is reasonable and state of the art, to guarantee, among others, the security, confidentiality, integrity, availability and resilience of systems and services, avoiding the risk of loss, destruction, access or unauthorised disclosure or any unlawful use, as well as any reasonable measures to delete or promptly rectify incorrect data with respect to the purposes for which they are processed.
5. DATA RECIPIENTS
Data can be processed by external subjects operating as independent controllers, such as, by way of example and not limited to, supervisory or control authorities and bodies and generally any subject, public or private, authorised to request the said data.
Data may also be processed on behalf of the company by external subjects appointed as processors in accordance with art. 28 of the GDPR, who receive the relevant and appropriate instructions for these procedures. These subjects are mainly in the following categories:
a. companies offering web site maintenance services;
b. associate companies and/or part of the Beghelli Group
c. technical assistance companies
d. call centre companies
6. SUBJECTS AUTHORISED FOR PROCESSING
The data may be processed exclusively by employees of the Controller or appointed Processors assigned to fulfil the purposes outlined above, who have been explicitly authorised for processing and who have received the relevant operating instructions to do so.
7. TRANSFER OF PERSONAL DATA TO NON-EU MEMBER STATES
No transfer of data outside the European Union is envisaged.
8. RIGHTS OF DATA SUBJECTS - COMPLAINTS TO THE SUPERVISORY AUTHORITY
The company provides the email address email@example.com so that all data subjects concerned may request the Controller access to the relevant data, for deletion, amendments, corrections of errors, the integration of missing data, and restriction on processing as envisaged in the cases stated in art. 18 of the GDPR, as well as any objection to processing, for reasons related to specific personal circumstances, in the theoretical legitimate interest of the controller.
Data subjects shall also have the right, in the case of processing based on consent or on a contract and processed by automated means, to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller.
The data subjects have the right to lodge a complaint to the competent Supervisory authority in the member state where he/she normally resides or works, or in the state in which the presumed breach occurred.