This English Translation is provided for Customers’ convenience only. Only the original Italian Text is legally binding. Should there be discrepancies between the Italian and the English Versions, the Italian text will prevail.
Ciotola S.R.L., registered office in Piazza De Gasperi, 18, 35131 Padua (PD), Italy, in its capacity as data controller (hereinafter “Ciotola” or “Controller“) pursuant to EU Regulation 679/2016 (hereinafter: “Regulation” or “GDPR“) – considers privacy and the protection of personal data a key factor within its professional activities. Before communicating any personal data to the Controller, all Users of the Ciotola site are invited to read carefully this statement which contains important information on the protection of their personal data. “Personal Data” also includes sensitive Personal data.
This notice only describes management procedures for the official Ciotola website (www.ciotolasrl.it (hereinafter “Website“) and not for any external websites, which may be consulted by the User via links.
Additional information may be provided within the different “access channels” (channels permitting interchange of information between Holder and User including but not limited to Newsletters and online forms), divided up by the topics covered (subject areas).
- constitutes an integral part of the Website;
- is made pursuant to Art. 13 of the Regulation for those who interact with the Internet services of the Website;
- in certain sections of the Website, where considered necessary, will be supplemented by detailed provisions regarding the specific processing of personal data.
Processing of personal data will be based on principles of fairness, lawfulness and transparency, respecting data purpose restrictions and retention periods, data minimisation and accuracy, integrity and confidentiality, as well as the principle of accountability pursuant to Art. 5 of the GDPR.
Users’ personal data will therefore be processed in accordance with the legislative provisions of the Regulation and the confidentiality obligations set out therein.
Personal data processing means any operation or set of operations on personal data or sets of personal data, performed with or without the use of automated processes such as collecting, recording, organising, structuring, storing, adjusting or modifying, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, comparing or correlating, blocking, cancelling or data destruction.
The personal data being processed may be in the form of text, photographic or video images and any other information liable to identify the data subject or render him/her identifiable.
1. Data controller
Ciotola S.r.l., registered office Piazza De Gasperi, 18, 35131 Padua (PD), Italy.
2. Personal data processed
2.1. Navigation data – log files
The computer systems and the applications dedicated to the functioning of this website detect, during their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) which is not associated with direct User identification.
The collected data includes IP addresses and the domain names of the computers used by the Users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters concerning the operating system and the IT environment used by the User. This data is processed, only for the time strictly necessary, for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.
2.2. Data provided voluntarily by the User
The voluntary and express act of sending of electronic mail to the addresses indicated in the different access channels of this Website and filling in of specifically prepared (forms) entail the subsequent registration of sender’s/User’s addresses and data, necessary to respond to product requirements and / or to provide the requested service. Specific information in summary form will be indicated or displayed on Website pages, set up for particular “on request” services.
2.3. Third party data provided voluntarily by Users
In the use of particular services, personal data of third parties, communicated to Ciotola by the User, may be processed. With regard to these hypothetical situations, the User stands as an independent “data controller”, assuming all corresponding legal obligations and responsibilities. In this connection, the User will fully indemnify Ciotola against any objection, claim, request for damages deriving from data processing, which may be received by the Ciotola from third parties, whose personal data has been processed through User’s use of the Website services in violation of applicable regulations governing personal data protection.
In any event, if the User provides or otherwise processes third party personal data in their use of the Website, he/she hereby guarantees – and assumes full consequential liability – that this particular instance of processing is based on the User having previously obtained the third party’s consent to processing of any information regarding the latter.
3. Purpose of Processing
Ciotola will process personal data for the following purposes:
- to respond to requests received through the communication channels published on the Site (“Contact” Section). The legal basis for this processing is the performance of a contract to which the data subject is a party or the execution of pre-contractual measures taken at the data subject’s request (Art. 6.1.b GDPR);
- to prevent or control unlawful conduct or to protect and enforce rights. The legal basis for such processing is the legitimate interest of the Data Controller (Art. 6.1.f GDPR);
- Sending Personal data collected through the Ciotola site may be used, with the consent of the data subject, for the request to send informative material or commercial information. The legal basis for such processing is the legitimate interest of the Data Controller (Art. 6.1.f GDPR).
4. Methods of processing
Personal data is processed with automated tools, for no longer than strictly necessary to achieve the purposes for which it is collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorised access.
5. Optional nature of the provision of data
The User is free to provide, or not, personal data contained in the enquiry forms for the various services offered in the portal; however, failure to provide any compulsory information, will make it impossible for the service to be supplied.
6. Transfer, communication and dissemination of personal data
Personal data provided will not be transferred abroad to non-EU countries or to an international organization. Data management and storage is done on servers located in the European Union. In any case, it is understood that the Data Controller, should it become necessary, will have the right to move the location of the servers to Italy and/or the European Union and/or countries outside the EU. In this case, the Data Controller assures as of now that the transfer of data outside the EU will take place in accordance with the applicable legal provisions by entering, if necessary, into agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.
Personal data may be disclosed to third parties belonging to the following categories:
- freelancers, firms or companies within the scope of assistance and consulting relationships;
- subjects that provide services for the management of the activities indicated above in the purposes (subjects for communication, printing);
- subjects that provide services for the management of the information system and telecommunications networks;
- platform operators for the services listed above (site hosting, management software);
- competent authorities for fulfillment of obligations of laws and/or provisions of public bodies, upon request.
The above recipients may act as Data Processors pursuant to Article 28 GDPR. Personal data will be also processed only by persons authorized by the Data Controller, pursuant to Art. 29 GDPR, due to their job description or company role.
7. Storage of Personal Data
Personal data processed for the simple navigation of the Website will be kept for the time strictly necessary for this activity.
For enquiries, requesting shipment of informative material or commercial information, personal data will be kept for a period of two years.
Notwithstanding the above, Ciotola reserves the right to store the User’s personal data for the period of time provided for and permitted by Italian law to protect their interests pursuant to Art. 2947 of the Italian Civil Code.
8. Data Subject’s Rights
Pursuant to articles 15 ff of the GDPR, Users have the right to request from Ciotola access to their personal data, at any time, to rectify or cancel it or to object to its processing pursuant to Art. 21 of the Regulation. Users also have the right to request processing be restricted in the cases provided for by Art. 18 of the Regulation. Further, Users have the right to obtain, in a structured, commonly used and machine-readable format, the data concerning them, according to the cases provided for by Art. 20 of the Regulation. Requests should be sent in writing to the Data Controller at the Email address: firstname.lastname@example.org.
Users are entitled, at any time, to lodge a complaint with the competent supervisory authority (guarantor for the protection of personal data), pursuant to Art. 77 of the Regulation, if they consider that their data has been processed contrary to the legislation in force.
To exercise the above-mentioned rights or for any other enquiry, please write to Data Controller: Ciotola S.R.L., registered office: Piazza De Gasperi 18, IT -35131 Padua (PD), Italy or to email@example.com.