PERSONAL DATA PROCESSING AND PROTECTION DISCLAIMER
ARTI GRAFICHE BM s.r.l. with registered office in Vinovo (TO) - Italy (hereinafter the “Company” or the “Data Controller”), hereby provides the information for the processing of personal data entered or collected on the website www.bmbemore.it under Article 13 of the EU Regulation 679/2016 (hereinafter the “GDPR”) and the applicable national legislation on privacy and personal data protection.
The Company, as Data Controller, undertakes to protect the confidentiality and rights of the Data Subject and, following the principles dictated by the aforementioned rules, the processing of the data provided will be based on the principles of correctness, lawfulness and transparency.
1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The controller of your personal data is:
ARTI GRAFICHE BM s.r.l.,
Via Candiolo 102,
10048 VINOVO (TO) - Italy
VAT and Tax Code: 00712310010
If the Data Controller makes use of data processors or sub-processors according to Article 28 GDPR, the updated list of data processors and processors is kept at the Data Controller's registered office.
2. THE TYPES OF PERSONAL DATA WE PROCESS
The types of personal data we collect depend on the purpose for which they are collected.
In general, we can collect directly from you:
Data provided voluntarily: personal contact data, such as name, surname, e-mail address, address, city, telephone number;
Browsing data: These data items are used to statistical anonymous information on the use of the website and to check its correct operation.
They concern usage, display and technical data, including the user's device identifier or IP address, the time you visited the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to your operating system and computer environment.
3. WHY WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL GROUNDS
The processing of your Personal Data by the Controller takes place:
A) Only with your specific and separate consent - Art. 6 (a) and Art. 7 GDPR - for the following marketing purposes:
- sending by e-mail, post and/or text messages and/or telephone contact, newsletter commercial communications and/or advertising material on products or services offered by the Controller and surveying the degree of satisfaction of services;
- possibly sending by e-mail, post and/or text message and/or telephone contact commercial and/or promotional communications from third parties.
B) without your express consent - Art. 6 (b) - (f) GDPR - for the following purposes:
- finalising contracts with the Controller;
- fulfilling pre-contractual, contractual and tax obligations arising from existing relationships;
- fulfilling the obligations envisaged by law, by a regulation, by EU regulations or by an order from the Authority;
- pursuing a legitimate interest of the Controller or a third party, provided that its interests or fundamental rights and freedoms requiring the protection of personal data are not overridden.
If you have withheld your consent, it will not be possible to carry out the aforementioned activities, and in any event, if you have given your consent to the processing activities, you will have the right to revoke your consent at any time.
4. HOW LONG WE STORE AND PROCESS YOUR DATA PERSONAL
Your Personal Data will be processed by the Data Controller only for the time necessary to achieve the purposes of the processing indicated in paragraph 3, after which they will only be retained to comply with the relevant legal obligations, for administrative purposes and/or to assert or defend one's own right and, in any case, not beyond the time limits set by law for the prescription of rights.
In particular, for marketing purposes, your Personal Data will be retained by the Controller for up to two years.
5. HOW WE PROCESS YOUR PERSONAL DATA
Personal Data are subject to both paper and electronic and/or automated processing for the time necessary to achieve the purposes for which they are collected by the Data Controller or by persons duly authorised and/or appointed to carry out such tasks, who are constantly identified and/or appointed, duly instructed and made aware of the constraints imposed by law.
The tools and media used in the performance of processing activities are appropriate to guarantee data security and confidentiality.
The company undertakes to:
- ensure that data processed are accurate and up-to-date, and promptly receive any corrections and/or additions requested by the data subject.
- take appropriate security measures to ensure adequate data protection.
- notify the Data Subject, within the time limits and in the cases provided for by the mandatory regulations, of any personal data breaches.
6. TO WHOM WE MAY DISCLOSE YOUR PERSONAL DATA
For the above-mentioned purposes, your collected data may be made accessible or communicated to:
- employees and collaborators of the Data Controller, in their capacity as authorised processors. Such individuals are, however, subject to obligations of confidentiality and privacy;
- third parties who carry out outsourced activities on behalf of the Data Controller to which activities functional to the provision and distribution of the services offered through the website are entrusted (e.g. hosting companies, programmers, system and database administrators, technical assistance centres, Internet and telecommunications operators) or whose activities are connected, instrumental or in support of those of the Data Controller (e.g. management software and/or cloud marketing);
- all those public and/or private subjects, natural and/or legal persons (legal, administrative and tax consultancy firms, credit recovery companies, Judicial Offices, Chambers of Commerce, Chambers and Labour Offices, etc.), if the communication is necessary or functional for the correct fulfilment of the contractual obligations undertaken, as well as the obligations deriving from the law;
- all the entities (including public authorities) that have access to personal data by virtue of regulatory or administrative measures.
In any case, your personal data will not be disseminated.
7. TRANSFER OF PERSONAL DATA OUTSIDE THE EU AREA
Your personal data will be stored and processed in the European Union.
In any case, the Data Controller may, where necessary, have your Personal Data processed outside the EU (EEA) area following the applicable legal provisions, if necessary by entering into agreements ensuring an adequate level of protection and/or by adopting the standard contractual clauses provided for by the European Commission.
This website and the Data Controller do not intentionally collect Personal Data from children under the age of 18. Under applicable law, the person exercising parental responsibility must provide consent to the collection of the child's Personal Data.
If Personal Data on minors are inadvertently recorded, the Controller will delete them promptly.
9. YOUR RIGHTS
Under Art. 15 et seq. of the GDPR and applicable national privacy and data protection legislation, you are entitled to:
1) Obtain confirmation from the Data Controller as to whether or not personal data relating to you are being processed and, if so, to obtain access to the personal data and further information on the purpose of the processing, category of data processed, recipients of communication and/or data transfer, etc.
2) Obtain from the Data Controller the rectification of inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including using a supplementary statement.
3) Obtain from the Data Controller the deletion of personal data concerning you without undue delay within the limits and in the cases provided for by current law.
4) Obtain from the Controller the restriction of processing in cases where the accuracy of the personal data is contested if the processing is unlawful and the Data Subject has objected to the processing, if the personal data are necessary for the establishment, exercise or defence of a legal claim, if following the objection to the processing the Data Subject is awaiting verification as to whether or not the legitimate interest of the Controller prevails.
5) Receive in a structured, commonly used and machine-readable format your personal data that you provided to the Data Controller and has the right to data portability and thus to transmit such data to another data controller without hindrance from the data controller to whom you provided them if the processing is based on consent or a contract and the processing is carried out by automated means.
6) Oppose, at any time, the processing of personal data that have a legitimate interest of the Data Controller as their legal grounds.
7) If you think that your rights have been violated by the Data Controller, you may lodge a complaint with the Data Protection Authority and/or other competent supervisory authority under the GDPR.
Following the exercise of the rights referred to in paragraphs 2), 3) and 4), the Data Controller will notify each of the recipients to whom the personal data have been transmitted of any rectification or cancellation or restriction of processing within the limits and in the forms provided for by the legislation in force.
To exercise the rights listed above vis-à-vis the Data Controller, you must submit a written request by sending a registered letter with a return receipt to the following address:
ARTI GRAFICHE BM s.r.l.
Via Candiolo 102,
10048 Vinovo (TO) - Italy
VAT no. 00712310010
or by sending an e-mail to firstname.lastname@example.org
This notice may be amended and/or updated at any time.
If the Data Controller intends to process your Personal Data for purposes other than those listed in art. 3 above, the Data Controller will provide you with adequate information regarding such purposes, collecting your specific consent where necessary.