PERSONAL DATA PROCESSING POLICY
PERSONAL DATA PROCESSING POLICY
Gefit S.p.A. (hereinafter, “Gefit”), aware of the importance of the protection of personal data, in its capacity as Data Controller, hereby states that the personal data acquired through browsing the website www.gefit.com will be processed in accordance with the law on personal data protection. When using the services offered by the website, the user will receive specific policies regarding the further processing of personal data carried out by Gefit.
With reference to the procedures for management and processing of personal data of users consulting this website, pursuant to Article 13 of Regulation (EU) No 2016/679, Gefit provides the following information:
- Types of data collected, processing purpose and legal basis
In the course of their normal operation, the IT systems and software procedures used to operate the website www.gefit.com acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the users’ terminals that connect to the website, MAC (Media Access Control) addresses, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. This data is used only to obtain anonymous statistical information on the use of the website and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical cyber crimes against the website. The legal basis that legitimises the processing of personal data for this purpose is to be found in the case provided for by art. 6(1)(b) of Regulation (EU) no. 2016/679, i.e. to allow the user to use the service requested. This same data may also be used to comply with legal obligations or requests from judicial authorities. The legal basis that legitimises the processing of personal data for this purpose is to be found in the case provided for by art. 6(1)(c) of Regulation (EU) no. 2016/679, i.e. because the processing is necessary to comply with a legal obligation to which the data controller is subject.
Data provided voluntarily by the user
Following the voluntary sending of e-mail messages to the e-mail addresses on this website, Gefit may process the sender’s e-mail address and any other personal data contained in the message in order to respond to the user’s requests. Specific privacy policies will in any case be provided at the time of use of particular tools envisaged by the website. The legal basis that legitimises the processing of personal data for this purpose is to be found in the case provided for by art. 6(1)(b) of Regulation (EU) no. 2016/679, i.e. to provide the service requested. This same data may also be used to comply with legal obligations or requests from judicial authorities. The legal basis that legitimises the processing of personal data for this purpose is to be found in the case provided for by art. 6(1)(c) of Regulation (EU) no. 2016/679, i.e. because the processing is necessary to comply with a legal obligation to which the data controller is subject.
- Data retention period
The personal data collected and processed as a result of browsing the website www.gefit.com will be retained for the entire period of provision of the service and in any case deleted or made anonymous within 7 days. Personal data sent autonomously by users through the tools on the website will be deleted after providing the requested service or responding to the same and in any case within a maximum of 6 months from the completion of such activity, with the exception of that required to comply with fiscal, accounting and administrative legislation or to fulfill other legal obligations and to document the activities carried out.
- Processing methods
The personal data collected will be processed and retained by electronic means and will be stored both on electronic media and on paper, organised into databases, and on any other type of suitable support.
Specific security measures are adopted to prevent data loss, illegal or incorrect use and unauthorised access..
The processing of personal data carried out by Gefit does not involve any automated decision-making processes.
- Communication and/or provision of personal data
The communication and/or provision of browsing data is a necessary requirement for provision of the service requested (browsing the website) and compulsory for such purpose: Failure by the data subject to communicate and/or provide personal data will make it impossible for Gefit to allow browsing of the website www.gefit.com.
- Parties to which personal data may be communicated
The personal data collected will not be disseminated and may be communicated to: (i) parties having a recognised right and interest in accessing the personal data of users according to the law or secondary and/or EU legislation; (ii) authorised internal personnel of the Controller; (iii) companies, associations or professional firms that provide services and activities on behalf of the Controller as “Data Processors” for the fulfilment of legal obligations, as well as for any organisational and administrative requirements necessary to provide the services requested. Based on its legitimate interest, the Controller may transmit personal data collected on the website to companies belonging to its business group for internal administrative purposes.
The names of the Data Processors are contained in an updated list available from Gefit (to be requested via the contacts indicated in point 9).
- Transfer of data abroad or to international organisations
Gefit does not transfer the personal data of the data subjects collected through browsing or use of the services present on the website www.gefit.com to international organisations.
- Links to third party websites or services
This policy is provided only for the processing of personal data carried out through this website or the tools provided by the same, and not also for any other websites accessed via links, the managers of which act as independent data controllers. Users are therefore invited, before accessing the services of third parties, to carefully read their privacy policies.
- Rights of the data subject
In relation to the aforementioned processing of personal data, the data subject has the right to exercise the rights provided for by Regulation (EU) No. 2016/679 at any time, including, for example, to obtain the indication of:
– the source of the personal data;
– the processing purposes and methods;
– the logic applied in case of processing carried out with the aid of electronic means;
– the identities of the Controller, data processors and of the designated representative;
The data subject has the right to obtain:
– access, update, correction or, when interested, integration of the data;
– erasure, transformation into anonymous form or blocking of data processed in violation of the Law;
– restriction of processing of his/her data.
The data subject my also ask for a copy of his/her data in standard format (the so-called “Right to data portability”).
Finally, the data subject has the right at any time and without cost, to object, in whole or in part, for legitimate reasons, to the processing of his/her personal data , even if pertinent to the collection purpose, if:
– processing is carried out in accordance with article 6(1)(e) of Regulation (EU) No. 2016/679 (“processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”) or (f) (“processing is necessary for the purposes of pursuing the legitimate interests of the controller or of third parties”) including profiling on the basis of such provisions;
– processing is carried out for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication (direct marketing), including profiling insofar as it is related to the latter.
The data subject has the right to withdraw his/her consent to processing, when this is based on the case provided for by art. 6(1)(a) (when“the data subject has given consent to the processing of his/her personal data for one or more specific purposes”), or article 9(2)(a) (the data subject has given his/her explicit consent to the processing of such personal data for one or more specific purposes) of Regulation (EU) No. 2016/679, at any time without affecting the lawfulness of the processing based on consent given prior to withdrawal.
If the data subject considers that the processing operations concerning him/her are in breach of the current legislation, he/she has the right to lodge a complaint with a supervisory authority, in particular in the Member State in which he/she normally resides or works or in which the alleged breach occurred. The Italian Supervisory Authority can be reached at the contacts available on its website.
- Data Controller – Contact Details
The Data Controller is Gefit S.p.A., Via De Negri 9, 15121 – Alessandria, tax code/VAT no. 00418680062, in the person of the legal representative pro tempore. Gefit may also be contacted at the email address firstname.lastname@example.org and at the certified email address email@example.com.
In order to exercise the rights listed above, the data subject may make a request using the following e-mail address firstname.lastname@example.org.
Gefit reserves the right to update this personal data processing policy.