Pursuant to Art. 13 Reg. (UE) 2016/679 (“GDPR”)
Who is this document intended for? This document is intended for all Users and Clients interacting with the Portal.
Why am I seeing this document? Article 13 of the GDPR (Regulation UE 679/2016), requires that we (the Data Controller) inform you (the Data Subject) regarding what processing your personal information will be undergoing, and who will perform such processing, so that you can be guaranteed that the processing is fair and transparent. In the rest of the document you will learn:
1. who will process your information (Data Controller and Data Processors)
2. which personal information will be processed
3. the purposes for which such information will be processed
4. for how long the information will be stored
5. what are your rights
a) European General Data Protection Regulation (GDPR) UE 2016/679
b) D.Lgs. 196/2003 (Italian Privacy Code), as amended by Legislative Decree 101/2018 and subsequent amendments.
Article 13 of the GDPR (Regulation UE 679/2016), requires that we (the Data Controller) inform you (the Data Subject) regarding what processing your personal information will be undergoing, and who will perform such processing, so that you can be guaranteed that the processing is fair and transparent.
1) DATA CONTROLLER
The Data Controller is: Novotex Italiana Spa, Via E. Fermi 20, 20083 Gaggiano – Loc. Bonirola (MI) – Italy
Tel.: +39 02 9082941 – Email address for Subject Access Requests: firstname.lastname@example.org PEC: email@example.com
2) PURPOSES, LEGAL BASIS, NATURE OF PROCESSING AND RETENTION TIMES
Your personal information is collected for the following purposes:
the legal basis for this processing is the need to comply with a legal obligation to which the Controller is subject;
the retention times for information processed for this purpose is 10 years after the end of the contract; in case of litigation, the information will be retained for the entire duration of the same, until the exhaustion of the terms of availability of appeals;
we collect your personal information for this purpose as required by law: your refusal to provide the required information will make it impossible to proceed with any contractual relations.
Management of the “Novotex Library” service:
the legal basis for this processing is the necessity to perform of a contract to which you, the Data Subject are party or in order to take steps at your request in order for you to enter into a contract with us;
the retention times for information processed for this purpose is 2 years after the end of the contract; in case of litigation, the information will be retained for the entire duration of the same, until the exhaustion of the terms of availability of appeals;
we collect your personal information for this purpose as required by the contract: your refusal to provide the required information will make it impossible to proceed with any contractual relations.
Sending of information and promotional material on the data controller’s activity (newsletters, offers, …) similar to services already rendered, market research (surveys and analysis of customer satisfaction, also in anonymous form, …):
the legal basis for this processing is the legitimate interest of the Controller;
the information processed for this purpose is retained until the Data Subject requires to be unsubscribed or otherwise removed from the list of recipients.
3) WHICH PERSONAL INFORMATION IS PROCESSED
By “processing of personal information” we mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Occasionally, we may require information that qualifies as “personal data of special categories”, as per art. 9 GDPR, that is, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health or data concerning a natural person’s sex life or sexual orientation. Such data will be processed by the Controller only after an explicit consent to the processing has been collected from the Subject.
We process the following personal data:
• Data required to access the Library reserved area
When you register for access to the reserved area, the Controller will process the following personal data:
registry information [Name, Surname, Email]
• Data required to subscribe to the newsletter
When you register for the newsletter, the Controller will process the following personal data:
registry information [Name, Surname, Email, Company, Role]
• Web browsing data
The computer and software systems that this Portal needs to operate, collect, during their normal course of operation, several personal data whose exchange is implicit in the use of Internet communication protocols.
Such data include your IP address or the domain names of the computers or telephones used by the Subject; the URI/URL (Uniform Resource Identifier/Locator) address of the resources required by the Subject; the time of request, the method used to issue the request, the size of the required resource file, the numerical code indicating the status of the server’s reply and other parameters related to the Operating System and IT environment of the Subject.
Such data are required for the proper functioning of the Web services and, additionally, are processed with the purpose of:
collecting statistical information on service usage (most visited pages, number of visitors, visitor by date and time of day, era, geographical areas of origin of the visitors, etc.
insuring that the services are functioning properly.
Web browsing data are retained for no more than 365 days and are erased immediately after their aggregation for analysis (except for any need to investigate crimes by the judicial authority).
• Data provided by the user
If the User optionally, explicitly and voluntarily sends one or more messages to any of the Portal contact addresses, the Controller will obtain the User’s contact data and all the data included in the User’s communication. Such data are necessary for the Controller to reply to the User.
The User can at any time register with the Portal in order to access the reserved area and to use the services that the Controller will render there.
• Cookies and other tracking systems.
- Definitions and characteristics of cookies
Cookies and similar technologies are information that websites send or read on your devices at the first visit, and are then re-transmitted to the same sites at the next visit. Thanks to these technologies, sites can remember preferences and actions (such as, for example, login data, the chosen language, font sizes, other display settings, etc.) so that these do not need to be input again on the next visit. These technologies are used to perform computer authentication, session monitoring and storage of information regarding the activities of users accessing a service and may also contain a unique identification code that allows a website to keep track of the user’s navigation within the site for statistical or advertising purposes.
In particular, consent is not required for “technical cookies”, e.g. those used for the sole purpose of carrying a communication through an electronic communication network, or strictly necessary to provide a service expressly requested by the user; in other words, cookies that are indispensable for the operation of a site.
Prior consent is instead required for non-anonymized “analytical” cookies and for profiling cookies, e.g. those that provide statistical analysis on the use of a website or that help create user profiles to send targeted advertising messages in line with the preferences expressed by users during browsing or otherwise associated with their profile.
Which kinds of cookies are used in the Portal and how they can be de-selected:
While browsing the portal, the following third-party cookies will be loaded on the user’s system. The third parties, listed below with links corresponding to their privacy policies and opt-out mechanisms, treat the user’s Personal Data as data controllers on behalf of the Data Controller.
- How to view and modify cookies via your browser:
Cookies can be authorised, blocked or erased (all or part of them) through specific actions in your browser, or through third-party add-ons and extensions. The deactivation of the portal’s technical cookies, though, may compromise some of the Portal’s services or functionalities that may therefore cease working properly.
4) DATA REGARDING MINORS
Minors may not provide their personal data to the Portal. The Controller can in no instance be held responsible for his inadvertent collection of personal data, or false declarations, provided by a minor; should this eventuality occur, the Data Controller will facilitate the right of access and cancellation forwarded by the legal guardian or by those who exercise parental authority.
5) RECIPIENTS OF PERSONAL DATA
Your personal data may be shared, for the aforementioned purposes, with:
- subjects acting as Data Processors, i.e. natural persons, companies or professionals that render services to the Data Controller in the following areas: accounting, administration, legal, fiscal, financing and debt collection in relation to the services provided by the Controller;
- subjects with which the Controller must necessarily interact in order to provide services;
- subjects, entities or authorities to which it is mandatory to communicate your personal data pursuant to legal provisions or orders of the authorities;
- personnel expressly authorized by the Data Controller and necessary to carry out activities that are strictly related to the provision of services, and who have committed themselves in writing to confidentiality or have an adequate and equivalent legal obligation of confidentiality and who have received adequate operating instructions;
The complete list of the Controller’s Data Processors can be obtained upon written request to the Controller.
6) TRANSFER OF PERSONAL DATA
Some of your personal data are shared with parties that may be outside of the European Union. The Controllers insures that the processing of such data by the recipients is fully compliant to the provisions of the GDPR. Such transfers can have their legal basis on an Adequacy decision or on Standard Contractual Clauses approved by the European Commission. Additional information can be obtained upon written request to the Controller.
7) EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS, INCLUDING PROFILING
The data controller does not adopt an automated decision-making process on the processing of personal data, including profiling, for the purpose of concluding or executing the contract.
8) DATA SUBJECT RIGHTS
Pursuant to articles 15-18 of the GDPR, You have the following rights:
- the right to access to your personal data;
- the right to rectify inaccurate personal data regarding you;
- the right to object to the processing;
- the right to restrict the processing that concerns you.
A specific request to the Data Controller can be sent to the e-mail address provided for Subject Access Requests (see §1).
9) RIGHT TO LODGE A COMPLAINT
A Data Subject who considers that the processing of personal data relating to him or her is in violation of the GDPR has the right to lodge a complaint with a supervisory Authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement (in Italy, the Italian Data Protection Authority can be reached at www.gpdp.it), as per Art. 77 GDPR; without prejudice to any available administrative or non-judicial remedy, each data subject also has the right to an effective judicial remedy, as per art, 79 GDPR.
10) CHANGES TO THIS POLICY
The Data Controller reserves the right to make changes at any time to this Policy. The current version is published at the following link: www.novotex.it/privacy