In addition to the Controller company as identified above, any partner websites that from time to time participate in the data processing activities may hold the role of autonomous Controllers.
Purpose of the processing
1) Navigation data
During normal operation, the computer systems and software procedures for the operation of this Website acquire some personal data which is implicitly transmitted in the use of Internet communication protocols. This information is not gathered in order to be associated to the identified Data Subjects, but which by its very nature could, if processed and associated to data held by third parties, lead to the identification of the users. This category of data includes the IP addresses or names of computer domains used by the users when connecting to the website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in reply, the numerical code indicating the state of the reply given by the server (OK, error, etc.) and other parameters concerning the operating system and computer environment of the user. This data is used only for anonymous statistical information concerning the use of the website and to check its correct operation. The data on web contacts are not in any case retained for more than seven days, except for any investigation of computer crimes against the website.
No data from the web service are disclosed or notified.
2) Data provided voluntarily by users/visitors
If by connecting to this website users/visitors send their personal data to access certain services, or to make requests by e-mail, they are aware that this entails the acquisition by the Controller of the sender’s address and/or any other personal data that will be processed exclusively to respond to the request, or to provide the service.
The personal data provided by the users/visitors will be communicated to third parties only in the event that the communication is necessary to comply with the requests of the users/visitors themselves or for legal obligations (e.g. for invoicing).
Methods of processing
The processing is carried out using automated tools (e.g. using electronic procedures and supports) and/or manually (e.g. on paper) for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, in compliance with the relevant regulations in force. Specific security measures are observed to prevent the loss of data, illicit or incorrect use of the same and unauthorised access, in order to allow access only to data processors appointed in accordance with the provisions of the law in force. You may obtain the list of External Data Processors pursuant to Art. 28 of Regulation EU 679/2016 from the registered office of the Controller or by sending an e-mail request to the above addresses.
Purposes of the processing
In addition to those indicated in the individual information preceding the completion of the forms in the various sections of the website, the purposes of the processing carried out by the Controller must be understood to be those:
a) collection and storage and processing for the purposes of the establishment and operational and administrative management of the contractual relationship established and the provision of the service offered on the website;
b) use of your personal data (in particular your e-mail address) for direct marketing communications;
c) processing of personal data provided and those inferred from navigation on the website in order to provide a service consistent with the information transmitted during the use of the service;
d) collection, storage and processing of data for statistical analysis in anonymous and/or aggregate form;
e) purposes functional to the performance of our activity, such as offering personalised content such as newsletter services or sending direct marketing communications.
Legal basis for processing
The legal basis for the processing of data by the Controller through the aforementioned website consists, as regards the indications in the previous point sub a) in the contract entered into, or in the pre-contractual phase connected to it, with the Data Subjects, while as regards sub b), c), d), e) the legal basis is to be found in the legitimate interest of the Controller to the free economic initiative referred to in Art. 41 of the Italian Constitution. For all further and future purposes that so require, consent will be requested in the appropriate form and shall also be considered as a valid legal basis.
In addition to the Controller, in some cases, categories of data processors and authorised persons involved in the company organisation (administrative, sales, marketing or legal staff, accountants, system administrators) may have access to the data. Furthermore, the Controller may make use of external parties (such as third-party technical service providers, carriers, hosting providers, cloud services, IT companies, communication agencies) who will be appointed as external data processors. The updated list of Data Processors can always be requested from the Controller, by contacting the address indicated above.
Transfer to a third country
The Controller does not transfer website user/visitor data to other countries outside the European Union. The data processed by the Controller will never be disclosed.
Place of data processing
The processing operations connected to the web services of this website take place in Italy and therefore, on the basis of Reg. EU 2016/679 are considered eligible as they are performed in the EU. The data are processed only by technical staff of the Office in charge of processing. If necessary, the data connected to the newsletter service may be processed by the staff of the company that manages the Data Center (data processor in accordance with Article 28 of Reg. EU 2016/679), at the company’s registered office.
Time and place of data storage
The data are processed for the time necessary to carry out the service requested by the User and then destroyed by secure means of destruction, such as document destroyers for paper, and wiping for data on computer support.
Optional or obligatory provision of data
Apart from what has been specified for navigation data that acquire data automatically, users/visitors are free to provide their personal data or not to provide them. Failure to provide such information may only lead to the impossibility to meet any requests. The voluntary, explicit and optional sending by the user of e-mails to the addresses indicated in this website implies the subsequent acquisition of the sender’s address, required to reply to any requests for services, products or information, and any other personal data included in the email.
Rights of data subjects
The person to whom the personal data refer has the right at any time under the GDPR to obtain confirmation of the existence or otherwise of such data and to know its content and origin, verify its accuracy or request its integration, updating or correction.
The requests should be sent to CEKY SRL., with registered office in Lograto, Via Industriale n. 21/23, CAP 25030 (BS), P.IVA 03488790175, e-mail firstname.lastname@example.org, PEC email@example.com.
In relation to the processing of the aforesaid data the customer/user has the right to obtain from the Controller:
1. the confirmation of the existence or not of your personal data, their communication in an intelligible form and the knowledge of their origin, as well as the logic on which the processing is based;
2. the erasure, within a reasonable period, of your data, their transformation into anonymous form or the blocking of those processed in violation of the law;
3. the updating of the data, their rectification or, where interested therein, their integration;
4. certification that the operations referred to in points 2) and 3) above have been brought to the attention of those to whom the data has been communicated, unless this proves impossible or involves the use of disproportionate means;
5. the rectification or erasure of data concerning you or the restriction of processing;
6. has the right to withdraw consent for optional processing not related to the performance of the contract signed with the Controller;
7. Finally, you also have the right to oppose, for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection, to ask for their portability, to exercise the right to be forgotten, as well as to apply to both the ordinary Judicial Authority and the Supervisory Authority responsible for the protection of personal data for any violation deemed to have suffered in the manner indicated on the website of the Data Protection Authority itself at the address www.garanteprivacy.it
Automated decision-making processes
No automated decision-making processes are carried out on the aggregated data collected, except for the purpose of better management of the website.
This Website and the Controller’s Services are not intended for minors under 18 years of age and the Controller does not intentionally collect personal information referring to minors. In the event that information on minors is unintentionally recorded, the Controller will promptly erase it, at the request of the users.