information on the processing of personal data
made pursuant to art. 13 of Regulation (EU) 2016/679
General Regulation on the protection of personal data
Below we provide some additional and specific information with respect to the general information on the website, available at the link https://www.casagrandegroup.com/privacy-policy/ referring to contact requests sent to Casagrande SpA through the online form specifically used .
|Who is the Data Controller?||Casagrande SpA , with registered office in Fontanafredda (PN), Via Malignani 1; the contact details are firstname.lastname@example.org ;|
|What personal data do we process?||· Company contact details, such as email address and telephone number;
· Sometimes the applicant’s name and surname may be requested;
|Why do we process Personal Data?
|1. To respond to contact requests;
2. For the need to ascertain, exercise or defend a right in court or whenever the Authorities exercise their functions;
|What is the treatment based on?
|The sub treatments. 1) and sub. 2), concern the legitimate interest of the Data Controller.|
|How do we process personal data?||In computer mode, with the observance of every precautionary measure applied by the Data Controller that guarantees its security, confidentiality and control.
The data may also be stored and processed on servers located outside the European Community in compliance with the regulations in force.
|Who do we disclose personal data to?
(Categories of Recipients)
|a. Employees, collaborators, persons appointed and authorized by the Data Controller;
b. Service providers, who act as data processors pursuant to Article 28 of the GDPR, such as, for example, the person who manages the website;
c. Subjects legally entitled to access the data;
d. Subjects to whom communication is necessary for the fulfillment of contractual obligations;
e. Public authorities;
f. Third Parties.
The personal data processed by the Data Controller are in no way subject to disclosure.
|How long do we keep personal data?||Personal data will be kept for the time necessary to pursue the purposes listed above. In any case, the processing cannot last longer, for each data processed, than the limitation period for the exercise of the rights connected to that data.
Criteria used to determine the further retention period of the data:
a. Pursuit of the purposes related to the processing.
b. Retention time required by law.
c. Withdrawal of consent by the interested party (in case of treatment based on consent).
d. Maximum term allowed by current legislation to protect the rights and / or interests of the Data Controller
|Is the provision of personal data mandatory or optional? What happens in case of refusal to communicate personal data?||The provision of data is necessary in order to allow us to process contact requests, failure to provide it makes it impossible for the Data Controller to provide for the requests received.|
|What rights has the interested party?||The interested party has the right to:
a. Access the data in our possession and request its communication in an intelligible form;
b. Request updating, rectification and / or integration;
c. Request cancellation (“right to be forgotten”);
d. Request the limitation of the processing;
e. Request notification of the update, rectification, cancellation, limitation;
f. Request data portability;
g. Oppose the treatment;
Submit a complaint to a supervisory authority.
1 – Identity and contact details of the Data Controller
The Data Controller is Casagrande SpA , with registered office in Fontanafredda (PN), Via Malignani 1 . The contact details of the Data Controller are indicated here for the management of the requests of the interested parties, as specified in point 8: contact details email@example.com .
2- Type of data processed
The Data Controller collects and processes, for the purposes described below, the following data:
- Company contact details, such as email address and telephone number;
- Sometimes the applicant’s name and surname may be requested;
3 – Purpose and legal basis of data processing
The Data Controller will carry out the processing for the following purposes:
- To respond to contact requests sent by means of the various forms accessible online, from the website (such as, for example, spare parts request, service support request, commercial showcase, “contact us” form); this treatment is based on the legitimate interest of the Data Controller .
- For the need to ascertain, exercise or defend a right in court or whenever the Authorities exercise their functions, on the basis of the legitimate interest of the Data Controller.
4 – Methods of data processing
The data will be processed with the support of IT or telematic means, in compliance with the Regulations and the Code, and, in any case, in order to guarantee the security and confidentiality of the data and prevent unauthorized disclosure or use, the alteration or destruction through efficient physical, logical and organizational security measures .
Where necessary for the pursuit of the purposes referred to in paragraph 3, the Data of the interested party could be transferred abroad, to non-EU countries / organizations that guarantee compliance with the processing methods provided for by the GDPR.
5 – Data recipients
The data may be disclosed (limited to the respective area of competence and for the sole purpose of implementing the purposes described):
- a) subjects to whom the communication of data is necessary for the functioning of the website, who act as Data Processors, by virtue of written agreements entered into with the Data Controller, such as for example the manager of the website ;
- b) persons in charge and persons authorized by the Data Controller who are committed to confidentiality or are subject to an adequate legal obligation of confidentiality (e.g. employees and collaborators of the Data Controller);
The data will not be disseminated.
In order to fulfill legal obligations, regulations, community legislation or contractual obligations, as well as to exercise any rights in court, the following third parties may have access to the data of the interested party (i) tax, legal or accounting consultants ; (ii) companies that provide the Owner with services that are instrumental to the management of the contractual relationship (eg suppliers of management applications); (iii) public and private supervisory and control authorities and bodies (eg Revenue Agency, judicial authority, etc.).
6 – Data retention period
As part of the purposes indicated above, the data will be kept for the time strictly necessary to achieve the purposes for which they were collected and processed. The criterion for determining the actual data retention period will be represented by the limitation period of the actions deriving from the relationship with the interested party. Without prejudice to the need to keep data for the purpose of fulfilling legal obligations in the head of the owner or to ascertain, exercise or defend the rights of the owner in court, the data of the interested party will not be kept for a period exceeding 10 years from the completion of the purpose, except for specific interruption of the prescription, after which the same data will be irreversibly destroyed or made anonymous, unless their further conservation is necessary to fulfill legal obligations or to fulfill orders given by Public Authorities and / or Supervisory Bodies.
- Compulsory and optional nature of providing personal data
The provision of data is necessary in order to allow us to process contact requests , failure to provide it makes it impossible for the Data Controller to provide for the requests received.
8 – Rights of the interested party
By sending a communication to the registered office of the owner or to the address firstname.lastname@example.org , each interested party may at any time exercise the rights referred to in Articles. from 15 et seq. of the Regulation, including: (i) obtain confirmation as to whether or not data concerning him is being processed; (ii) obtain access to their data and information indicated in art. 15 of the Regulation; (iii) obtain the correction of inaccurate data concerning him without undue delay or the integration of incomplete data; (iv) request the cancellation of data concerning him without undue delay; (v) request the limitation of the processing of data concerning him; (vi) be informed of any corrections or cancellations or limitations of the processing carried out in relation to the data concerning him; (vii) receive the Data concerning him in a structured format, commonly used and readable by an automatic device; (viii) oppose at any time, for reasons connected with their particular situation, to the processing of data concerning them carried out on the basis of the legitimate interest of the Data Controller; The complete list of the data subject’s rights can be found on https://www.garanteprivacy.it/Regolazioneue/diritti-degli-interessati .
The exercise of the aforementioned rights is not subject to any formal constraint and is free. The interested party’s request is replied to within one month of receiving it. In case of particular complexity, the deadline could be extended; in these cases, the Data Controller undertakes to provide at least one interlocutory communication within one month of receiving the request.
In case of exercise of one of the rights provided for by the Regulations, the Data Controller reserves the right to verify the identity of the requesting interested party, requesting to send a photocopy of an identity document certifying the legitimacy of the request. Once the identity of the applicant has been confirmed, the photocopy received will be immediately destroyed.
9 – Complaint to the Supervisory Authority
If the interested party considers that the processing that concerns him violates the provisions of the Regulation, he can always lodge a complaint with the Guarantor for the protection of personal data ( www.garanteprivacy.it ), or with the Guarantor of the country in where he habitually resides, works or the place where the alleged violation has occurred.