Disclosure www. rbmitalia.it artt. 13-14 of the EU Reg 2016/679 The disclosure is a general obligation that must be fulfilled before or after maximum when initiating the direct collection of personal data. In case of personal data not collected directly from the data subject, the information must be provided within a reasonable time, or at the time of the communication (not of the registration) of the data (to third parties or to the interested party). Pursuant to the General Regulations for the Protection of Personal data of natural persons (GDPR - Reg. (EU) 2016/679), the undersigned organization, data controller, informs of the following: |
||||
13 co.4 |
14 co.2 lett. f) 14 co.1 lett. d) |
|
SOURCES AND CATEGORIES OF PERSONAL DATA |
The personal data held by the undersigned organization are collected directly from interested parties. This site does not collect data sensitive, for which we mean those suitable for revealing the origin racial or ethnic, philosophical or other religious beliefs, political opinions, membership of trade unions, associations or organizations a religious, philosophical, political or trade union character, state of health e sex life. |
|
|
|
Navigation data |
The computer systems and software procedures responsible for functioning of the website acquire, in the course of their normal exercise, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information you don't they are collected to be associated with identified interested parties, but which for their very nature could, through elaborations and associations with data held by third parties, allow users to be identified. In this Data category includes IP addresses or domain names of computers used by users who connect to the site, the addresses in notation URI (Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating it status of the response given by the server (successful, error, etc.) and others parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining information anonymous statistics on the use of the site and to check its correctness functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site. |
|
|
|
Profiling data |
They are not directly acquired profiling data regarding consumption habits or choices of the interested party. However, it is possible that through links or incorporating elements of third parties, are acquired by autonomous subjects or separate such information. In this regard, see the Cookies section of third parties. |
|
|
|
Cookies |
Like others, this website saves cookies on the browser used by the user concerned for transmission of personal information and to enhance the experience. Indeed cookies are small text strings that sites visited by the user, they send to his terminal (usually the browser), where they are stored, sometimes even with characteristics of wide persistence temporal, to be then retransmitted to the same sites at the next visit. As explained below, it is You can choose whether and which cookies to accept, bearing in mind that refusing its use may affect the ability to carry out some transactions on the site or on the accuracy and adequacy of some contents customizable proposals or the ability to recognize the user from one visit to the next one. In case no choice is made to in this regard, the default settings and all cookies will be applied will be activated: however, at any time, it will be possible to communicate or change decisions in this regard. |
|
|
|
Technical cookies |
In particular, so-called session cookies are used, that are not stored permanently on the user's computer e they disappear when the browser is closed and their use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe exploration and efficient site and avoiding the use of other computer techniques potentially prejudicial to the confidentiality of the navigation of users and do not allow the acquisition of personal identification data of the user. Then we use analytics cookies that help to understand how visitors interact with the contents of the site, collecting information (geographical origin and web, technology used, language, pages entry, visits, exit, residence times, etc.) and generating website usage statistics without personal identification of individual visitors. All of these are to be considered technical cookies for which, since it is not necessary to give consent, the mechanism of opt-out. Technical cookies are not disclosed to third parties as necessary or useful for the functioning of the site; therefore they are treated only by subjects qualified as appointees, data processors or administrators of system. |
|
|
|
Third Party Cookies |
Finally the site embeds cookies and other elements (tags, pixels, etc.) of third parties (autonomous and on which the Owner has no responsibility) who also carry out activities of profiling and for which reference should be made to the respective sites: • Google (widget) |
|
|
|
Data provided voluntarily by the user |
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the site entails the subsequent acquisition the sender's address, necessary to respond to requests, as well as any other personal data included in the email. Even sending, explicit and voluntary forms that can be filled in on the site containing data of the interested party involves the processing to comply with the obligations pre-contractual or the execution of the services provided by sending the forms. This information in the forms may concern personal data, contact details, contact details, telephone numbers, email addresses of the interested parties and third parties identified and identifiable having cause with the user of the site. In any case, specific summary information will be progressively reported o displayed on the pages of the site set up for particular services a request. |
13 co.1 lett. a) |
13/14 co.1 lett. c)
in the case of legitimate interests: 13co.1 letter d) 14co.2 letter b) |
|
PURPOSE AND LEGAL BASIS OF THE PROCESSING |
Personal data are used (ref. articles 6 (b) of the GDPR): a) to allow browsing the site and b) optionally to perform the service or provision requested as part of the normal activity carried out by the undersigned organization (ATECO code 23.91.0 - Production of abrasive products ). Furthermore, all personal data can be processed: c) for purposes connected to obligations established by laws, as well as by provisions imstart from authorities legitimated by law (ref. articles 6 (c) and 9 (b, g, h) of the GDPR); d) for the ascertainment, exercise or defense of a right in court e out-of-court (legitimate interest) of the undersigned organization (ref. articles 6 (f) and 9 (f) of the GDPR); e) for direct marketing according to the legitimate interest of the Data Controller in particular; for cookies, the advertising ids used to show advertisements and ads; for e-mail addresses for sending the newsletter; for browsing and usage logs to protect the site and the service from cyber-attacks; in these cases the interested party can always deny consent so that the Data Controller will refrain from processing (ref.artt. 6 (f) of the GDPR); f) for purposes functional to the activity for which the interested party has the right to demonstrate or no consent, such as eg. subscription to the newsletter to receive messages information and promotion and sale of products and services, detection of degree of satisfaction, communication of data to third parties for receipt of mailing of information and promotional communications and marketing (GDPR art.6 (a)) |
13 co.1 lett. b / c) |
13 co. 2 lett. e) |
|
CONSEQUENCES OF REFUSING DATA |
The provision of data collected from the interested party is optional but essential for the purpose the processing of the same for the purposes in letters a) and b). In case in which the interested parties do not communicate their indispensable and non-essential data allow the processing, it will not be possible to proceed with the completion e implementation of the proposed services and follow up on contractual obligations undertaken, with consequent prejudice for the correct fulfillment of regulatory obligations, such as eg. accounting, tax and administrative ones, etc .. Except as specified for navigation data, the user is free to provide personal data for cookies and specific requests through forms eg. on products and / or services. Failure to provide them may make it impossible to obtain what is requested. For all non-essential data, including sensitive data, the provision is optional. In the absence of consent or conferment incomplete or incorrect of certain data, including sensitive data, the the required formalities could be so incomplete as to be required injury or in terms of penalties or loss of propertyfici, both for the impossibility of guaranteeing the adequacy of the treatment itself to obligations for which it is carried out, and for the possible failure correspondence of the results of the processing itself to the obligations imposed by the law to which it is addressed, intending exonerated the writing organization from any and all liability for any penalties or afflictive measures. |
|
|
|
DATA PROCESSING METHOD |
The treatments connected to the web services of the site are treated with automated tools for the time strictly necessary to achieve the purposes for which they were collected; take place at the server in Italy or EU and are only handled by technical personnel in charge of processing, or by any persons in charge of maintenance and administration operations. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access and loss of confidentiality. The structure is equipped with anti-intrusion devices, firewalls, log and disaster recovery. Specific encryption mechanisms are used and data segregation and user authentication and authorization. Data processing means their collection, registration, organization, storage, processing, modification, cancellation and destruction or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of data personal data takes place through manual, IT and telematic tools, with logic strictly related to the purposes themselves and, in any case, in order to ensure the security and confidentiality of personal data will therefore be processed in compliance with the methods indicated in art. 5 EU Reg. 2016/679, which provides, among other things, that the data be processed lawfully and according to correctness, collected and recorded for specific, explicit and legitimate, accurate, and if necessary updated, relevant, complete and not exceeding the purposes of the processing, in compliance with the rights and fundamental freedoms, as well as the dignity of the person concerned with particular reference to confidentiality and personal identity, through protection and safety measures. The undersigned organization has prepared and will further refine the access security system e data retention. There is no automated decision-making process (e.g. di profiling). |
|
13/14 co.1 lett. f) |
|
EXTRA EU TRANSFERS |
The treatment takes place in non-EU and non-EEA countries, when connections to the site come from these countries (on request of the interested party who is there). |
|
13/14 co.2 lett. a) |
|
STORAGE PERIOD |
Personal data will be kept, in general, as long as the purposes of the processing continue according to the category of data treated. |
13 co.1 lett. d) |
13/14 co.1 lett. e) |
|
CATEGORIES OF RECIPIENTS |
The data (only the indispensable ones) are communicated to representatives and data processors, both internal to the organization of writer, as well as external, who perform specific tasks and operations (site administration, analysis of navigation data, traffic, of profiling, management of emails and forms sent voluntarily by the user, fulfillment of e-commerce requests and orders, etc.) in cases and ai subjects required by law
The data will not be object dissemination unless otherwise provided by law or prior anonymization. Except as specified for cookies and elements of third parties, without the prior general consent of the interested party to communications to third parties , will be It is possible to carry out only the services that do not provide such communications . In case of specific and timely consents will be required and the subjects who they will receive the data and will use them as autonomous owners . In some cases (not object of the ordinary management of this site) the Authority can request news and information, for the purpose of monitoring the processing of personal data. In in these cases, the response is mandatory under penalty of an administrative penalty. |
13 co.1 lett. e) |
13/14 co.2 lett. b / c) 13/14 co. 2 lett. d / e) |
|
RIGHTS OF THE INTERESTED PARTY |
At any time you can: exercise your rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when required with respect to the data controller, pursuant to art. from 15 to 22 of the GDPR ( link to the standard); to propose complaint to the Guarantor ( www.garanteprivacy.it ); if the treatment yes based on consent, revoke this consent given, taking into account that the withdrawal of consent does not affect the lawfulness of the processing based on the consent before revocation. |
|
|
|
Disabling cookies |
Almost all browsers offer the ability to manage and not enable cookies, in order to respect user preferences. In some browsers can set rules to manage site cookies for site, an option that offers more precise control over the user's privacy; another function available on some browsers is the navigation mode incognito, so that all cookies created in this mode are deleted after closing. See the following instructions for managing cookies in related browsers: • Chrome • Firefox • Safari |
13 co.1 lett. f) |
13/14 co.1 lett. a / b) |
|
ADDRESSES AND CONTACTS |
The data controller is Zandonella Necca Dino. The headquarters are in Via Nazionale, 48/52 - 14011 Baldichieri d’Asti (AT). Contact details are: telephone 0141/66121; e-mail info@bmitalia.com The complete list of data processors is available on request. |
Extracted from EU Reg. 679/2016
Article 15 Right of access of the interested party
1. The interested party has the right to obtain confirmation from the data controller that it is or the processing of personal data concerning him is in progress and in this case, to obtain access to personal data and the following information:
a) the purposes of the treatment;
b) the data categories personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if addressed to third countries or organizations international;
d) when possible, the retention period of personal data provided or, if not possible, the criteria used to determine this period;
e) the existence of law of the interested party to ask the data controller to rectify or deletion of personal data or limitation of data processing personal data concerning him or to oppose their treatment;
f) the right to propose complaint to a supervisory authority;
g) if the data is not collected from the interested party, all the information available on them origin;
h) the existence of a process automated decision-making, including profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, material information on the logic used, as well as the importance and expected consequences of this treatment for the interested party.
2. Should the data personal data are transferred to a third country or to an organization international, the interested party has the right to be informed of its existence adequate guarantees pursuant to Article 46 relating to the transfer.
3. The owner of the processing provides a copy of the personal data being processed. In case of further copies requested by the interested party, the owner of the treatment may charge a reasonable cost-based fee administrative. If the interested party submits the request by means electronic, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format.
4. The right to obtaining a copy referred to in paragraph 3 must not affect the rights and freedoms of others.
Article 16 Right of rectification
The interested party has the right to obtain from the data controller the correction of personal data inaccuracies concerning him without undue delay. Taking into account the purpose of the processing, the interested party has the right to obtain the integration of incomplete personal data, including by providing a declaration supplementary.
Article 17 Right to erasure ("right to be forgotten")
1. The interested party has the right to obtain from the data controller the cancellation of personal data concerning him without undue delay and the owner of the processing has the obligation to delete the data without undue delay personal, if one of the following reasons exists:
a) personal data are not more necessary than the purposes for which they were collected or otherwise processed;
b) the interested party revokes the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and if it does not exist other legal basis for the processing;
c) the interested party opposes the processing pursuant to Article 21 (1) and there is no reason legitimate prevailing to proceed with the processing, or opposes the processing pursuant to Article 21, paragraph 2;
d) the personal data are been treated unlawfully;
e) personal data must be deleted to fulfill a legal obligation under the law of the Union or of the Member State to which the data controller is subject;
f) personal data are collected in relation to the company's service offer of the information referred to in Article 8, paragraph 1.
2. The owner of the processing, if he has made personal data public and is obliged, pursuant to of paragraph 1, to delete them, taking into account the available technology e of implementation costs takes reasonable measures, including technical ones, for inform the data controllers that they are processing personal data of the interested party's request to delete any link, copy or reproduction of your personal data.
3. Paragraphs 1 and 2 do not apply to the extent that processing is necessary:
a) for the exercise of right to freedom of expression and information;
b) for the fulfillment of a legal obligation that requires the processing provided for by Union law o of the Member State to which the data controller is subject or for the execution of a task carried out in the public interest or in the exercise of public authority vested in the data controller;
c) for reasons of interest public in the public health sectora in accordance with Article 9, paragraph 2, letters h) and i), and Article 9, paragraph 3;
d) for archival purposes in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89 (1), to the extent that the right to referred to in paragraph 1 is likely to render impossible or seriously harm the achievement of the objectives of this treatment; or
e) for the assessment, the exercise or defense of a right in court.
Article 18 Right to limitation of treatment
1. The interested party has the right to obtain from the data controller the limitation of treatment when one of the following hypotheses occurs:
a) the interested party disputes the accuracy of personal data, for the period necessary for the owner of the processing to verify the accuracy of such personal data;
b) the processing is unlawful and the interested party opposes the deletion of personal data and asks instead that its use is limited;
c) although the owner of the treatment no longer needs it for the purposes of processing, personal data are necessary for the interested party to ascertain, exercise or defend a right in court;
d) the interested party objected to the processing pursuant to Article 21, paragraph 1, pending verification regarding the possible prevalence of the legitimate reasons of the owner of the treatment with respect to those of the interested party.
2. If the processing is limited in accordance with paragraph 1, such personal data are processed, except for storage, only with consent of the interested party or for the ascertainment, exercise or defense of a right in court or to protect the rights of another natural person or legal or for reasons of significant public interest of the Union or of one Member State.
3. The interested party who has obtained the restriction of processing pursuant to paragraph 1 is informed by the data controller before such limitation is revoked.
Article 19 Obligation to notify in case of rectification or cancellation of personal data o limitation of processing
The data controller communicates to each of the recipients to whom the personal data have been transmitted any corrections or cancellations or limitations of processing carried out in accordance with Article 16, Article 17 (1), and of article 18, unless this proves impossible or involves an effort disproportionate. The data controller informs the interested party of these recipients if the interested party requests it.
Article 20 Right to data portability
1. The interested party has the right to receive in a structured, commonly used and readable format from automatic device the personal data concerning him provided to a data controller and has the right to transmit such data to another holder of the treatment without impediments by the holder of the tprocessing to which it provided them if:
a) the treatment is based on consent pursuant to article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), or on a contract pursuant to Article 6, paragraph 1, letter b); and
b) the treatment is carried out by automated means.
2. In exercising their rights regarding data portability a pursuant to paragraph 1, the interested party has the right to obtain the transmission direct personal data from one data controller to another, if technically feasible.
3. Exercise the right referred to in paragraph 1 of this article is without prejudice Article 17. This right does not apply to processing necessary for the execution of a task of public interest or related to the exercise of public authority vested in the data controller.
4. The right to referred to in paragraph 1 must not harm the rights and freedoms of others.
Article 21 Right to object
1. The interested party you have the right to object at any time, for reasons connected with yours particular situation, to the processing of personal data concerning him ai pursuant to article 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions. The data controller refrains from further process personal data unless he proves the existence of compelling legitimate reasons to proceed with the processing that prevail over interests, rights and freedoms of the data subject or for ascertaining, exercising or defending a right in court.
2. Should the data personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data that concern it carried out for these purposes, including profiling in the to the extent that it is connected to such direct marketing.
3. So far as the interested party opposes the processing for direct marketing purposes, i personal data are no longer processed for these purposes.
4. The right to referred to in paragraphs 1 and 2 is explicitly brought to the attention of the interested party and is presented clearly and separately from any other information at later at the time of the first communication with the interested party.
5. In the context of the use of information society services and without prejudice to the Directive 2002/58 / EC, the interested party can exercise his right to opposition by automated means using specific techniques.
6. Should the data personal data are processed for scientific or historical research purposes or for purposes statistics pursuant to Article 89 (1), the interested party, for reasons related to your particular situation, you have the right to object to the processing of personal data concerning him, except if the processing is necessary for the performance of a task of public interest.
Article 22 Automated decision-making process relating to natural persons, including the profiling span>
1. The interested party
has the right not to be subjected to a decision based solely on
automated processing, including profiling, which produces effects
legal affairs concerning him or which significantly affects him in a similar way
on the person of him. span> p>
2. Paragraph 1
does not apply if the decision: a) is required for the
conclusion or execution of a contract between the data subject and a holder of the
treatment; b) is authorized by
law of the Union or of the Member State to which the holder of the
treatment, which also specifies adequate measures to protect the rights, of the
freedom and legitimate interests of the data subject; c) is based on consent
explicit of the interested party. 3. In the cases of
referred to in paragraph 2, letters a) and c), the data controller implements measures
appropriate to protect the rights, freedoms and legitimate interests
of the interested party, at least the right to obtain human intervention by the
data controller, to express their opinion and to contest the
decision. 4. The decisions
referred to in paragraph 2 are not based on the particular categories of data
personal data referred to in Article 9 (1), unless it is applicable
Article 9 (2) (a) or (g) and no measures are in place
adequate for the protection of rights, freedoms and legitimate interests
of the interested party.