DATA PROCESSING POLICY
pursuant to art. 13 of EU Regulation 2016/679
General Regulation on the protection of personal data
NAVIGATION ON THE WEBSITE CASAGRANDE.COM
Below we provide to the persons who come into contact with our Company (the “Data Subjects”), a brief description of the essential characteristics of the processing of their personal data carried out by Casagrande S.p.A., with registered office in Fontanafredda (PN), Via Malignani 1, acting as Data Controller (hereinafter the “Data Controller”). The processing will take place in compliance with Regulation (EU) 2016/679 – General Data Protection Regulation (the “Regulation”) and Italian Legislative Decree 196 of 30 June 2003, as amended by Italian Legislative Decree 101/2018 hereinafter: the “Code”).
“Data” means “any information concerning an identified or identifiable natural person” and “processing” means “any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction”.
For further details please see the detailed information below.
The information on the processing of personal data concerning navigation on the Company’s website is made available, in summary form, in the following summary table on the processing, which will allow you to easily find the essential information relating to the processing of personal data. In any case, the detailed information is available, which gives a complete picture of the information that we are required to provide pursuant to art. 13 of the GDPR.
|Who is the Data Controller?||Casagrande S.p.A., with registered office in Fontanafredda (PN), Via Malignani 1; contact information email@example.com;|
|What personal data do we process?||· Browsing data;|
· Data collected by means of cookies.
|Why do we process Personal Data?|
|1. To allow you to browse our website;|
2. To carry out research and/or statistical analysis on aggregate or anonymous data, without the possibility of identifying the user;
3. To comply with legal obligations or to comply with orders from public authorities.
4. For the need to ascertain, exercise or defend a right in court or whenever the Authorities exercise their functions;
|What is the basis for the Processing?|
|How do we process personal data?||Electronically and in paper form, in compliance with all precautionary measures applied by the Data Controller to ensure security, confidentiality and control.|
The data may also be stored and processed on servers located outside the European Community in compliance with current regulations.
|To whom do we disclose personal data?|
(Categories of Recipients)
|a. Employees, collaborators, persons appointed and authorised by the Data Controller;|
b. Service providers, who act as Data Processors ex art. 28 of the GDPR, such as, for example, the person who manages the website;
c. Persons legally entitled to access the data;
d. Subjects to whom the communication is necessary for the fulfilment of the contractual obligations;
e. Public authorities;
f. Third Parties.
The personal data processed by the Data Controller are not subject to disclosure in any way.
|How long do we store personal data?||Personal data will be stored for the time necessary to achieve the above-mentioned purposes. In any event, the processing may not last longer, for each piece of data processed, than the period of limitation for exercising the rights connected with that data.|
Criteria used to determine the period of further storage of the data:
a. Pursuit of the purposes related to the processing.
b. Storage time required by law.
c. Withdrawal of consent by the data subject (in the case of processing based on consent).
d. Maximum term allowed by current legislation to protect the rights and/or interests of the Data Controller
|Is the provision of personal data mandatory or optional? What happens in the event of refusal to communicate personal data?||If you want to browse the website, you must provide us with the browsing data and data contained in some cookies (technical cookies). Should you not provide your data, you may not have an optimal browsing experience on this website, and we may not be able to meet your requests.|
|What rights does the data subject have?||The Data Subject has the right to:|
a. Access the data in our possession and request its communication in intelligible form;
b. Request the updating, rectification and/or integration;
c. Request cancellation (“right to be forgotten”);
d. Request the restriction of the processing;
e. Request notification of the update, rectification, cancellation, restriction;
f. Request data portability;
g. Oppose the processing;
Lodge a compliant to a supervisory authority.
1- Identity and contact information for the Data Controller
The Data Controller is Casagrande S.p.A., with registered office in Fontanafredda (PN), Via Malignani 1. The contact details of the Data Controller for the handling of data subjects’ requests, as specified in section 8: Contact details, are provided here firstname.lastname@example.org.
The DPO in charge can be contacted at the email address email@example.com
2- Type of Data processed
Visiting and consulting the website generally involves the collection and processing of the user’s common personal data, connected to the browsing data;
with reference to cookies, please refer to the specific Policy accessible at the link https://www.casagrandegroup.com/cookie-policy/
3 – Purpose and legal basis for processing the data
The Data Controller shall carry out the processing for the following purposes:
- allow the user to use the services and features on the website, on the basis of the legitimate interest of the Data Controller;
- research and/or statistical analysis on aggregate or anonymous data, without the possibility of identifying the user, to measure the operation of the website, to measure traffic and to evaluate the usability and interest of the website (without data processing by the Data Controller), on the basis of the legitimate interest of the Data Controller;
- fulfilment of legal obligations to which the Data Controller is subject;
- need to ascertain, exercise or defend a right in court or whenever the Authorities exercise their functions, on the basis of the legitimate interest of the Data Controller.
4 – Processing methods
Data shall be processed by computer or electronic means, in compliance with the Regulation and Code, and, in any case, in such a way as to guarantee the security and confidentiality of the data and to prevent unauthorised disclosure or use, alteration or destruction by means of efficient security measures of a physical, logical and organisational nature.
Where necessary for the pursuit of the purposes set out in paragraph 3, the Data Subject’s Data may be transferred abroad, to countries/organisations outside the EU that guarantee compliance with the processing methods set out in the GDPR.
5 – Data recipients
The data may be disclosed (limited to the respective scope of competence and for the sole purpose of implementing the purposes described):
- a) to parties to whom the communication of data is necessary for the operation of the website, who act as Data Processors, by virtue of written agreements entered into with the Data Controller, such as the website operator;
- b) appointees and persons authorised by the Data Controller who have committed themselves to confidentiality or are subject to an appropriate legal obligation of confidentiality (e.g. employees and collaborators of the Data Controller);
The data shall not be disseminated.
In order to comply with legal obligations, regulations, EU legislation or contractual obligations, as well as to exercise any rights in court, the data subject’s data may be accessed by the following third parties (i) tax, legal or accounting consultants; (ii) companies that provide the Data Controller with services instrumental to the management of the contractual relationship (e.g. suppliers of management applications); (iii) public and private supervision and control authorities and bodies, (e.g. Revenue Agency, court authorities, etc.).
6 – Storage time of the data
Within the scope of the above-mentioned purposes, the data will be stored for the time strictly necessary to achieve the purposes for which they were collected and processed. The criterion for determining the actual storage period of the data will be the limitation period of the actions deriving from the relationship in place with the Data Subject. Without prejudice to the need to keep the data for the fulfilment of the legal obligations of the Data Controller or the assessment, exercise or defence in court of the Data Controller’s rights, the Data Subject’s data will not be kept for a period longer than 10 years from the completion of the purpose, except for the specific interruption of the prescription, after which the same data will be destroyed or made irreversibly anonymous, unless further storage is necessary to comply with legal obligations or to comply with orders given by Public Authorities and/or Supervisory Bodies.
- Mandatory and optional nature of the provision of personal data
In order to browse the website, the user must provide the browsing data and data contained in some cookies (technical cookies). Should you not provide your data, you may not have an optimal browsing experience on this website, and we may not be able to meet your requests.
8 – Rights of the data subject
By sending a communication to the Data Controller’s registered office or to the e-mail firstname.lastname@example.org, all data subjects may at any time exercise their rights pursuant to arts. 15 et seq. of the Regulation, including: (i) obtain confirmation as to whether or not data concerning him/her is being processed; (ii) obtain access to his/her Data and to the information indicated in art. 15 of the Regulation; (iii) obtain the correction of inaccurate data concerning him/her without undue delay or the integration of incomplete data; (iv) request the cancellation of data concerning him/her without undue delay; (v) request the restriction of the processing of data concerning him/her; (vi) be informed of any corrections or cancellations or limitations of the processing carried out in relation to the data concerning him/her; (vii) receive the data concerning him/her in a structured, commonly used and machine-readable format; (viii) object at any time, for reasons related to his/her particular situation, to the processing of data concerning him/her carried out on the basis of the legitimate interest of the Data Controller; The complete list of the rights of the Data Subject can be found at https://www.garanteprivacy.it/Regolamentoue/diritti-degli-interessati.