1. DATA CONTROLLER AND DATA PROTECTION OFFICER (DPO)
The Data Controller is Beghelli S.p.A., with registered office in Valsamoggia (BO), loc. Monteveglio, via Mozzeghine n. 13/15 (hereinafter, the "Controller"), answering to the following e-mail address: email@example.com.
The Controller has appointed a Data Protection Officer (DPO), who can be reached at the following e-mail address: firstname.lastname@example.org.
2. PURPOSES, LEGAL BASIS OF THE PROCESSING ACTIVITY AND DATA RETENTION
Purposes of the processing activity:
Your personal data are processed for the following purposes:
a) to allow you to register on the Portale and take advantage of the services offered;
b) to carry out direct marketing activities towards you: by way of example, sending – by automated means of contact (such as sms, mms e-mail, instant messaging and social apps) and traditional means (such as telephone calls with operator and paper mail) – promotional and commercial communications relating to services/products offered by the Controller, or reporting company events, as well as carrying out market studies and statistical analysis;
c) carry out profiling activities: by way of example, analysis of your preferences, habits, behaviours, interests, in order to send you personalized commercial communications and/or targeted promotional actions and/or offers and services adapted to your needs/preferences;
d) send you information and promotional material regarding products similar to those you previously purchased (so-called “Soft Spam”);
e) where necessary, to ascertain, exercise or defend the rights of the Controller in court;
f) to fulfil the legal obligations to which the Controller is subject.
With reference to the purpose referred to in letter a), the legal base for the processing is Article 6(1)(b) of the GDPR, "performance of a contract"; with reference to the purposes referred to in letters b) and c), the legal base for the processing is Article 6(1)(a) of the GDPR, "the data subject has given consent to the processing of his or her personal data"; with reference to the purposes referred to in letters. d) and e), the legal base for the processing is Article 6(1)(f) of GDPR, "processing is necessary for the purposes of the legitimate interest pursued by the controller"; with reference to the purpose referred to in letter f), the legal base for the processing is Article 6(1)(c) of GDPR, "compliance with a legal obligation to which the controller is subject".
Your personal data will be kept only for the period necessary to pursue the purpose for which they are processed or, in any case, within the terms provided for by applicable national and EU laws, rules and regulations.
In any case, with reference to the purpose referred to in letter a), your personal data will be kept for a period not exceeding 10 (ten) years, starting from the date they are provided, without prejudice to the fulfilment of legal obligations and the need of the Controller to protect his interests.
In relation to the purposes referred to in letters b) and c), your personal data will be kept until your consent is revoked.
With reference to the purpose referred to in letter d), your personal data will be stored until you have opposed the processing using the appropriate link at the bottom of each communication sent by e-mail, or by contacting the Controller at the following e-mail address: email@example.com.
With regard to the purposes referred to in letters e) and f), your personal data will be processed for the period strictly necessary to allow the Controller to ascertain, exercise or defend a right in court or whenever the courts exercise their judicial functions, as well as to allow the Controller to fulfil the legal obligations to which it is subject.
Once the above-mentioned storage periods have expired, personal data will be destroyed, deleted or made anonymous.
3. COMPULSORINESS OF THE DATA PROVISION
The provision of your personal data is optional. Failure to provide it, however, would make it impossible for the Controller to pursue the above-mentioned purposes.
4. PROCESSING METHODS
The processing of personal data is based on the principles of correctness, lawfulness, transparency and minimization, referred to in art. 5 of the GDPR. The processing of personal data may be carried out either manually or through automated methods designed to store, process and transmit them. The processing is carried out by means of technical and organizational measures that are adequate, for what is right and at the state of the art, to guarantee, among other things, the security, confidentiality, integrity, availability and resilience of the systems and services, avoiding the risk of loss, destruction, unauthorized access or disclosure or, in any case, unlawful use of personal data. Lastly, processing shall be carried out by means of reasonable measures to erase or rectify data that are inaccurate with respect to the purposes for which they are processed.
5. DATA RECIPIENTS
Your personal data may be shared with:
• subsidiaries and/or companies belonging to Beghelli Group;
• persons authorized by the Controller to process personal data who are committed to confidentiality or have an adequate legal obligation of confidentiality;
• persons delegated and/or appointed by the Controller to carry out activities strictly related to the pursuit of the above-mentioned purposes (including technical maintenance, market research, call-center, etc.), rightly appointed as data processors;
• persons, companies or professional firms that provide assistance and advice to the Controller, rightly appointed as data processors;
• subjects, entities or authorities to whom the communication of your personal data is mandatory by law or orders of the competent authorities, who act as autonomous controllers.
Your personal data may be transferred outside the European Economic Area only if the requirements of Articles 44 et seq. of the GDPR are met.
6. DATA SUBJECT’S RIGHTS – WITHDRAWAL OF CONSENT
By contacting the Controller via e-mail at firstname.lastname@example.org, you may request access to your data, their cancellation, correction of inaccurate data, integration of incomplete data, limitation of processing in the cases provided for by art. 18 of the GDPR, as well as exercise opposition to processing, for reasons related to your particular situation, in cases of legitimate interest of the Controller.
Furthermore, in the event that the processing is based on consent or contract and is carried out by automated means, you have the right to receive the data in a structured, commonly used and readable format and, if technically feasible, to transmit them to another data controller without hindrance.
You have the right to withdraw your consent at any time for marketing and/or profiling purposes and to object to the processing of data for marketing purposes, including profiling related to direct marketing. If you prefer to be contacted, for the aforementioned purposes, exclusively by traditional means, you have the possibility to express your opposition to receiving communications by automated means only. The withdrawal of consent does not affect the lawfulness of the processing based on consent before the withdrawal.
To withdraw your consent, you may contact the Data Controller – at any time – at the following e-mail address: email@example.com.
Finally, we remind you that you are always entitled to lodge a complaint with the competent supervisory authority, pursuant to art. 77 of the GDPR, if you believe that the processing of your personal data is contrary to the regulations in force.