11 December 2018

opticom.beghelli.it: website Privacy Policy Registration

The Data Controller is BEGHELLI SPA based in Valsamoggia (BO), loc. Monteveglio, via Mozzeghine n. 13/15, email address privacy@beghelli.it.
The Data Protection Officer (DPO) can be contacted at the email address dpo@beghelli.it
a) to consent to the registration on the web site, obtain authorisation to become a Beghelli-Opticom installer (also via cross checks with publicly accessible databases and telephone calls to verify contact telephone numbers) and to use dedicated services for installers and/or end users.
b) if necessary, to accept, exercise or defend the rights of the Data Controller in legal proceedings
c) direct marketing purposes: by way of example, for the delivery - by electronic means (such as text message, mms, email, instant messaging app or social media) and conventional means (such as telephone calls with operator and standard post) - of promotional and commercial correspondence regarding services/products offered by the company or notifications of company events, as well as for market studies and statistical analyses.
d) Profiling purposes: by way of example, for analysis of personal preferences, habits, behaviour, interests in order to send personalised commercial correspondence/targeted promotional actions/offers and services adapted to personal needs/preferences.
e) Communication/transfer of personal data to third parties: by way of example, shareholding companies, associated with the Data Controller, commercial partners for processing for marketing purposes concerning the products and/or services of each third party involved.
Lawful basis of purpose: “performance of a contract of which you are part” for the purposes as stated in point a); “legitimate interest” for the purpose as stated in point b); “consent” (specific, optional and it can be withdrawn at any time) for the purposes as stated in points c), d), and e).
Period of personal data storage: the contractual duration and after termination, for the ordinary limitation period of 10 years for the purposes as stated in letter a); in the case of litigation (letter b)), for the duration of any legal disputes until completion of the terms of implementation outlined in legal remedies. For the purposes as stated in letter c), e) the data will be stored until withdrawal of consent by the data subject. For the purposes of profiling (letter d) the data will be stored until withdrawal of consent and in any event no longer than a period of 24 months.
On expiry of the storage terms specified above, the data will be destroyed, deleted or anonymised.
The transfer of data requested in the registration form and those for authorisation to become a Beghelli-Oticom installer are compulsory for the conclusion and execution of the contract; any refusal to provide the said data will therefore not allow work as a Beghelli-Oticom installer.
For the purposes as stated in c) d) e) the transfer of data is optional and can be withdrawn at any time.
Opticom is a service dedicated to subjects who are over the age of 16.

The processing of data is based on the principles of lawfulness, fairness and transparency with the minimisation of data (privacy by design); it may be performed both manually and using automated means designed to store, process and transmit data, and will be carried out using adequate technical and organisational measures, as far as is reasonable and state of the art, to guarantee, among others, the security, confidentiality, integrity, availability and resilience of systems and services, avoiding the risk of loss, destruction, access or unauthorised disclosure or any unlawful use, as well as any reasonable measures to delete or promptly rectify incorrect data with respect to the purposes for which they are processed.
Data can be processed by external subjects operating as independent controllers, such as, by way of example and not limited to, supervisory or control authorities and bodies and generally any subject, public or private, authorised to request the said data.
Data may also be processed on behalf of the company by external subjects appointed as processors in accordance with art. 28 of the GDPR, who receive the relevant and appropriate instructions for these procedures. These subjects are mainly in the following categories:
a. companies offering email delivery services;
b. companies offering web site maintenance services;
c. companies offering support in the production of market studies.
d. associate companies and/or part of the Beghelli Group
e. technical assistance companies
f. call centre companies
The data may be processed exclusively by employees of the Controller or appointed Officers assigned to fulfil the purposes outlined above, who have been explicitly authorised for processing and who have received the relevant operating instructions to do so.
No transfer of data outside the European Union is envisaged.
The company provides the email address privacy@beghelli.it so that all data subjects concerned may request the Controller access to the relevant data, for deletion, amendments, corrections of errors, the integration of missing data, and restriction on processing as envisaged in the cases stated in art. 18 of the GDPR, as well as any objection to processing, for reasons related to specific personal circumstances, in the theoretical legitimate interest of the controller.
Data subjects shall also have the right, in the case of processing based on consent or on a contract and processed by automated means, to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller.
Data subjects will have the right to withdraw consent granted at any time for marketing and/or profiling purposes, and to object to the processing of data for marketing purposes, including profiling related to direct marketing. Without prejudice to the option of the data subject who prefers to be contacted for the above purposes exclusively by traditional means, to object only to receiving correspondence by automated means. The withdrawal of consent does not compromise the legitimacy of processing based on consent prior to withdrawal.
The data subjects have the right to lodge a complaint to the competent Supervisory authority in the member state where he/she normally resides or works, or in the state in which the presumed breach occurred.