x
1.0
26 November 2018
beghelli.it: website Privacy Policy Newsletter
1. DATA CONTROLLER AND DATA PROTECTION OFFICER (DPO)
The Data Controller is BEGHELLI SPA based in Valsamoggia (BO), loc. Monteveglio, via Mozzeghine n. 13/15, email address privacy@beghelli.it.
The Data Protection Officer (DPO) can be contacted at the email address dpo@beghelli.it
The Data Protection Officer (DPO) can be contacted at the email address dpo@beghelli.it
2. PURPOSES, LAWFUL BASIS OF PROCESSING AND PERIOD OF PERSONAL DATA STORAGE
a. Contractual purposes: delivery, by email, of exclusively informative correspondence (Newsletters) to those who expressly request this, by entering their email address on the relative data collection form.
b. Direct marketing: by way of example, for the delivery - by electronic means (such as text message, mms, email, instant messaging app or social media) and conventional means (such as telephone calls with operator and standard post) - of promotional and commercial correspondence regarding services/products offered by the company or notifications of company events, as well as for market studies and statistical analyses.
c. Communication/transfer of personal data to third parties: by way of example, shareholding companies, associated with the Data Controller, commercial partners for processing for marketing purposes concerning the products and/or services of each third party involved.
b. Direct marketing: by way of example, for the delivery - by electronic means (such as text message, mms, email, instant messaging app or social media) and conventional means (such as telephone calls with operator and standard post) - of promotional and commercial correspondence regarding services/products offered by the company or notifications of company events, as well as for market studies and statistical analyses.
c. Communication/transfer of personal data to third parties: by way of example, shareholding companies, associated with the Data Controller, commercial partners for processing for marketing purposes concerning the products and/or services of each third party involved.
Lawful basis of purpose: for the purposes as stated in a. performance of a contract of which you are part; consent (specific, optional and it can be withdrawn at any time) for the purposes as stated in points b), and c).
Period of personal data storage: for the purposes stated in point a. through to the request to unsubscribe from the newsletter by the data subject. For the purposes as stated in letters b and c, the data will be stored until withdrawal of consent by the data subject.
On expiry of the storage terms specified above, the data will be destroyed, deleted or anonymised.
3. OBLIGATION TO PROVIDE DATA
In accordance with art. 13, para. 2, letter e) of the GDPR, we inform you that the supply of the email address for the above purposes is compulsory; therefore any refusal will mean that delivery of the Newsletter will be impossible.
Consent for the purposes stated in points b and c is optional and can be withdrawn at any time.
This is a service dedicated to subjects who are over the age of 16.
In accordance with art. 13, para. 2, letter e) of the GDPR, we inform you that the supply of the email address for the above purposes is compulsory; therefore any refusal will mean that delivery of the Newsletter will be impossible.
Consent for the purposes stated in points b and c is optional and can be withdrawn at any time.
This is a service dedicated to subjects who are over the age of 16.
4. SERVICE CANCELLATION
The service can be cancelled by doing one of the following:
- Clicking on the link in each mail to unsubscribe from the service;
- Exercising your rights as specified below;
The service can be cancelled by doing one of the following:
- Clicking on the link in each mail to unsubscribe from the service;
- Exercising your rights as specified below;
5. PROCESSING METHODS
The processing of data is based on the principles of lawfulness, fairness and transparency with the minimisation of data (privacy by design); it may be performed both manually and using automated means designed to store, process and transmit data, and will be carried out using adequate technical and organisational measures, as far as is reasonable and state of the art, to guarantee, among others, the security, confidentiality, integrity, availability and resilience of systems and services, avoiding the risk of loss, destruction, access or unauthorised disclosure or any unlawful use, as well as any reasonable measures to delete or promptly rectify incorrect data with respect to the purposes for which they are processed.
The processing of data is based on the principles of lawfulness, fairness and transparency with the minimisation of data (privacy by design); it may be performed both manually and using automated means designed to store, process and transmit data, and will be carried out using adequate technical and organisational measures, as far as is reasonable and state of the art, to guarantee, among others, the security, confidentiality, integrity, availability and resilience of systems and services, avoiding the risk of loss, destruction, access or unauthorised disclosure or any unlawful use, as well as any reasonable measures to delete or promptly rectify incorrect data with respect to the purposes for which they are processed.
6. DATA RECIPIENTS
Data can be processed by external subjects operating as independent controllers, such as, by way of example and not limited to, supervisory or control authorities and bodies and generally any subject, public or private, authorised to request the said data.
Data can be processed by external subjects operating as independent controllers, such as, by way of example and not limited to, supervisory or control authorities and bodies and generally any subject, public or private, authorised to request the said data.
Data may also be processed on behalf of the company by external subjects appointed as processors in accordance with art. 28 of the GDPR, who receive the relevant and appropriate instructions for these procedures. These subjects are mainly in the following categories:
a. companies offering web site maintenance services;
b. associate companies and/or part of the Beghelli Group
c. technical assistance companies
d. call centre companies
7. SUBJECTS AUTHORISED FOR PROCESSING
The data may be processed exclusively by employees of the Controller or appointed Processors assigned to fulfil the purposes outlined above, who have been explicitly authorised for processing and who have received the relevant operating instructions to do so.
The data may be processed exclusively by employees of the Controller or appointed Processors assigned to fulfil the purposes outlined above, who have been explicitly authorised for processing and who have received the relevant operating instructions to do so.
8. TRANSFER OF PERSONAL DATA TO NON-EU MEMBER STATES
No transfer of data outside the European Union is envisaged.
No transfer of data outside the European Union is envisaged.
9. RIGHTS OF DATA SUBJECTS - COMPLAINTS TO THE SUPERVISORY AUTHORITY
The company provides the email address privacy@beghelli.it so that all data subjects concerned may request the Controller access to the relevant data, for deletion, amendments, corrections of errors, the integration of missing data, and restriction on processing as envisaged in the cases stated in art. 18 of the GDPR, as well as any objection to processing, for reasons related to specific personal circumstances, in the theoretical legitimate interest of the controller.
The company provides the email address privacy@beghelli.it so that all data subjects concerned may request the Controller access to the relevant data, for deletion, amendments, corrections of errors, the integration of missing data, and restriction on processing as envisaged in the cases stated in art. 18 of the GDPR, as well as any objection to processing, for reasons related to specific personal circumstances, in the theoretical legitimate interest of the controller.
Data subjects shall also have the right, in the case of processing based on consent or on a contract and processed by automated means, to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller.
Data subjects will have the right to withdraw consent granted at any time for marketing and/or profiling purposes, and to object to the processing of data for marketing purposes, including profiling related to direct marketing. Without prejudice to the option of the data subject who prefers to be contacted for the above purposes exclusively by traditional means, to object only to receiving correspondence by automated means. The withdrawal of consent does not compromise the legitimacy of processing based on consent prior to withdrawal.
The data subjects have the right to lodge a complaint to the competent Supervisory authority in the member state where he/she normally resides or works, or in the state in which the presumed breach occurred.