INFORMATION ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO ART. 13-14 OF REG. 679/2016 (“GDPR”)
Karman Srl, as Data Controller with regard to the processing of your personal data, informs you on the use of same and on your rights as data subject, also regarding the contacts received through the web site https://www.karmanitalia.it/. For a better understanding of the information, please see the indications of the Data protection supervisor https://www.garanteprivacy.it/regolamentoue/guida-all-applicazione-del-regolamento-europeo-in-materia-di-protezione-dei-dati-personali.
1. WHO IS THE PROCESSOR WHO DECIDES THE PURPOSE AND MEANS OF TREATMENT? HOW AND WHERE CAN YOU CONTACT THEM?
The data controller is Karman Srl, with headquarters in Via Grandi no.10, Fossombrone(PU) – 61034, e-mail:firstname.lastname@example.org , for the exercise of the rights listed below and for any requests for clarification.
2. WHAT PURPOSES, METHODS, LEGAL ASSUMPTIONS, CONSEQUENCES, DATA RETENTION TIMES ARE APPLIED TO THE TREATMENTS?
The data that will be requested from you will be processed out as follows:
- to provide information and clarification on the activities of the Controller, through the available means of contact (email, messaging, telephone, post, etc.) (LEGAL BASIS: overriding legitimate interest of the Controller to provide the requested information and to administer the relationship; DURATION: for as long as necessary to provide the requested information, maximum 24 months);
- any obligations deriving from laws, regulations and Community legislation (LEGAL BASIS: obligatory by law; DURATION: for the entire prescriptive period provided for by the applicable laws);
- eventual ascertainment, defense or exercise of a right in court (LEGAL BASIS: legitimate interest, considered prevailing for self-defense in court; DURATION: for the entire prescriptive duration provided by applicable laws);
- to protect the security of the Controller’s networks and IT systems (LEGAL BASIS: Legitimate interest, considered overriding as it complies with Recital 49 GDPR; DURATION: 6 months);
- marketing by the Controller (LEGAL BASIS: consent, always revocable by the data subject; DURATION: maximum 24 months unless revoked in advance) through promotional emails, social media, messaging; any newsletters, unless otherwise specified, are sent for the duration of their production by the Controller unless opposed/unsubscribed by the data subject (always possible); the activity covers sales offers, market research, promotions and discounts, direct marketing to the user; – failing that, no marketing activities will be carried out towards the user;
- profiling for marketing purposes by the Controller (LEGAL BASIS: consent, always revocable by the data subject; DURATION: maximum 12 months unless revoked in advance); in this case, the marketing described in the previous point will be implemented on the basis of the user profile made up of the data collected and observed by the Controller, to address offers that respond to the user’s actual and probable interests; – failing this, no personalized marketing activities will be carried out towards the user and therefore you will receive generic promotional messages (if you have consented to the previous purpose).
b) with reference to the methods of processing the personal data of the data subject, said processing will be carried out in compliance with the security measures provided for by the regulations in force, in manual or computerized form.
3. TO WHOM CAN YOUR DATA BE COMMUNICATED?
The Controller, for the performance of activities, may communicate them to the following subjects to the extent strictly necessary for the achievement of the aforementioned purposes, all based in the European Community/European Economic Area unless otherwise indicated:
- to the authorized personnel of the Data Controller;
- to bodies for the coordination, supervision and management of Internet networks, both domestic and foreign, as well as communication and telephone networks and related services (in particular messaging and e-mail, cloud services);
- to companies and professionals, as well as service providers (in particular, IT assistance and maintenance, as well as web administration, legal assistance, etc.), which the Data Controller uses for the management of its activities and relations with the data subjects, who may be appointed as Data Controller’s officers if necessary;
- any authorities, public bodies or third parties who have access to the data by law or on the basis of measures regulated by the applicable legislation.
For the purposes outlined in this policy statement, the data may be transferred abroad to countries belonging to the European Union. In the case of U.S.-based providers of software products and web services and related data transfers, transfers will be made in accordance with the standard contractual clauses of the European Commission and any additional measures, unless otherwise specified.
4. WHAT RIGHTS DO YOU HAVE REGARDING THE PROCESSING OF YOUR DATA?
You may contact the Data Controller to assert the rights indicated in articles. 15-22 GDPR. Your rights are as follows:
- you have the right to ask the Data Controller for access to your personal data, requesting confirmation of their existence or otherwise, as well as the rectification or erasure of the same or the limitation (temporary blocking) of processing concerning you;
- YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF SAID DATA FOR REASONS RELATED TO YOUR PARTICULAR SITUATION IN CASE: (I) OF PROCESSING NECESSARY FOR THE PERFORMANCE OF A TASK CARRIED OUT IN THE PUBLIC INTEREST OR IN CONNECTION WITH THE EXERCISE OF OFFICIAL AUTHORITY, OR (II) IN THE CASE OF THE PURSUIT OF THE LEGITIMATE INTERESTS OF THE DATA CONTROLLER;
- if you have provided consent for one or more specific purposes, you have the right to withdraw that consent at any time;
- you have the right to the portability of your personal data (for those with a legal basis of contractual or consensual execution) by request to the data controller, by means of communication of a file in .CSV format, or similar open interoperable format, depending on the type of data requested;
- you have the right to lodge a complaint with the following Control Authority: Data Protection Authority (http://www.garanteprivacy.it); however, you may also lodge a complaint with the competent supervisory authority of the Member State in which you have your habitual residence or place of work or in which the alleged infringement occurred;
- you have the right to request information on the balancing of interests carried out by the Controller for processing based on legitimate interest.
5. WHO DID WE COLLECT YOUR DATA FROM AND WHAT TYPE OF DATA?
The data is collected directly when you request information from the Data Controller. The data you have directly provided are common data, such as name, surname, email, etc.. All these data are mandatory in order to request and receive information. For cookies see below.
Cookies are small strings of text (information) that are placed in the user’s browser when a website is visited (including via similar technologies in mobile devices, tablets, etc.). They have important functions within the Network to ensure the technical monitoring of sessions, the storage of specific information, etc.. During navigation, the user may also receive cookies from third party sites (“third party”) for purposes and in ways determined by these third parties. Choices about cookies can be expressed through the appropriate banner and through the function always available as a menu/icon on the web page.
With exclusive reference to the users of this Site, we inform you that the following types of cookies are used:
a) The use of session cookies (which are not permanently stored on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable the safe and efficient exploration of the site. The session cookies used on this site avoid the use of other computer techniques that could potentially compromise the privacy of the users’ browsing and do not allow the acquisition of personal identification data.
LEGAL BASIS: execution of requested services (website navigation), without which the website could not be used correctly; CONSERVATION: automatic cancellation at the end of the navigation session;
b) Third party analytical cookies are used but adopting tools and procedures to de-identify the data (partial IP masking – pseudonymized) and the third party has been asked not to cross-reference the information collected with other data, so that the data collected is used only for aggregate statistics and metrics on the use of this website.
LEGAL BASIS: legitimate interest of the Controller, considered prevailing after de-identification of the data; STORAGE: see per individual cookie, unless you delete the cookies.
These two types of cookies are used for the sole purpose of “carrying out or facilitating the transmission of a communication over an electronic communication network or as strictly necessary in order to provide an information society service explicitly requested by the contracting party or user to provide such service” (see Art. 122, paragraph 1 of the Privacy Code) and therefore not subject to consent. The user can always technically disable the use by our site of these types of cookies, however, this may result in the inability or suboptimal navigation of the site itself.
c) Analytical cookies are also used, unencrypted, as are profiling and/or others with a non-technical function: useful for tracing specific actions or behavioral patterns recurring in the use of features offered (pattern) in order to group the different profiles within homogeneous clusters of different sizes, so that it is also possible to modulate the provision of the service in an increasingly personalized, as well as send targeted advertising messages, i.e. in line with the preferences expressed by the user as part of the navigation on the network.
LEGAL BASIS: consent (also for macro-categories), always revocable;
STORAGE: see per individual cookie, unless you delete the cookies
d) Social network widgets are those special “buttons” or “blocks” on the website that depict the icons of social networks and allow users who are browsing to interact with a “click” directly with social platforms.
For further information, also on the deactivation of these cookies for what has not already been reported above, we recommend that you consult the following links:
- Twitter – https://support.twitter.com/articles/20170519-uso-dei-cookie-e-di-altre-tecnologie-simili-da-parte-di-twitter
- Twitter – http://twitter.com/privacy
- Facebook – https://www.facebook.com/policy/cookies
- Instagram – https://help.instagram.com/1896641480634370
- Pinterest – https://policy.pinterest.com/it/privacy-policy
- LinkedIn – https://www.linkedin.com/legal/cookie_policy
- Various Google services (e.g. YouTube) – http://www.google.com/policies/privacy/
User’s can delete cookies from their system at any time, and set specific privacy preferences so as not to store cookies, in different ways depending on the browser used. For more information:
- Internet Explorer – http://support.microsoft.com/kb/278835
- Chrome – https://support.google.com/chrome/answer/95647?hl=en-GB
- Firefox – https://support.mozilla.org/en-US/kb/remove-recent-browsing-search-and-download-history
- Safari – http://support.apple.com/kb/PH5042
- Opera – http://www.opera.com/browser/tutorials/security/privacy/
To disable tracking by Google Analytics on all websites, visit http://tools.google.com/dlpage/gaoptout.
Notwithstanding the above, the owner informs you that you may make use of Your Online Choices. Through this service you can manage the tracking preferences of most advertising tools. The owner, therefore, advises users to consider using this resource in addition to the information provided by this document: see http://www.youronlinechoices.com/it.