POLICY ON THE PROCESSING OF PERSONAL DATA OF USERS OF THIS WEBSITE
Dear Data Subject, Graphus has the utmost respect for User privacy. Any data that is communicated by the User through the website shall be processed with the utmost care, availing of all tools to guarantee its security, in full compliance with current legislation protecting data confidentiality. We wish to inform you that the “Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)” foresees the protection of individuals with regard to the processing of personal data as a fundamental right.
Pursuant to Article 13 of the GDPR, therefore, we inform you of the following:
A / CATEGORIES OF DATA
Oggetto del trattamento possono essere i suoi dati personali quali:
a. Data collected automatically – During normal operation, the computer systems and applications used to operate this website detect data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable Users. The data collated includes the IP addresses and domain names of the computers utilised by Users connecting to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the method employed to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etcetera) and other parameters regarding the operating system, the browser and the IT environment utilised by the User, the name of the internet service provider (ISP), the date and time of the visit, the web page of origin for the visitor (referral) and of exit.
B / DATA CONTROLLER
The Data Controller is Graphus – via A. Ghislanzoni 10, 23900 Lecco (LC) Italy, having VAT number 03289610135 and which can be contacted by telephone at +39.0341.324179 or through the email address: firstname.lastname@example.org.
C / SOURCES OF PERSONAL DATA
The personal data held by the Data Controller is collected directly from the Data Subject.
D / PURPOSE OF DATA PROCESSING AND LEGAL BASIS
The legal basis and purpose of the data processing is as follows:
1. For data collected automatically, the legal basis is the legitimate interest of the Data Controller and the purpose is to guarantee and improve the web browsing experience.
2. For data provided voluntarily by the User, the legal basis is their consent and, when sending emails to our addresses, the purpose is to be able to send responses to specific requests made by the User; for the forms, the purpose is indicated in the specific Policy.
3. For cookies and plug-ins: please refer to the specific Cookies Policy.
E / DATA DESTINATION
Within the limits pertinent to the purposes for processing indicated, your data may be disclosed to partners, consulting companies, private companies, third-party technical service providers, hosting providers, IT companies and communications agencies.
F / TRANSFER OF DATA TO THIRD COUNTRIES
Your data is not subject to transfer to a third country.
G / RETENTION PERIOD
Based on the Storage Limitation principle (Article 5 of the GDPR), verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically. In particular:
1. The data collected automatically is processed, for the time strictly necessary, for the sole purpose of obtaining statistical information regarding use of the website and to check on its regular functioning, as well as for security purposes or according to the deadlines set by law.
2. The data provided voluntarily by the User shall be retained for a period of time not exceeding the achievement of the purposes for which it is processed or according to the deadlines set by law.
H / RIGHTS OF THE DATA SUBJECT
The Data Subject always has the right to request the Data Controller for access to their data, its correction or deletion, the limitation of the processing or the possibility to oppose to the processing, request data portability, revoke consent to the processing of data asserting these and other rights provided by the GDPR through a simple communication to the Data Controller. The Data Subject can also file a complaint with the Supervisory Authority.
I / OBLIGATORY NATURE OF THE CONFERMENT
The Data Subject always has the right to request the Data Controller for access to and the correction or deletion of their data, along with the limitation of its processing or the possibility to oppose to the processing, to request data portability, and revoke consent to the processing of data by asserting these and other rights conferred by the GDPR through simple communication to the Data Controller. The Data Subject can also file a complaint with the Supervisory Authority.
With regard to Points D.1 and D.2 of the aforementioned purposes, the provision of User data is mandatory whilst browsing our website to facilitate the correct delivery of the service. The granting of consent regarding the User’s data per Point D.3 is optional and will not compromise the provision of the service in any way.
J / METHODS OF DATA PROCESSING
The personal data provided by the User will be subject to processing operations in compliance with the aforementioned legislation and the confidentiality obligations that inspire the Data Controller’s activities. The data will be processed both with IT tools and on paper and on any other type of suitable support (such as in the cloud, supplementary digital archiving and storage systems and so on), in compliance with adequate technical and organisational security measures set out under the GDPR.
K / FINAL NOTES AND MEANS OF UPDATING
The Policy is provided only for this website and not for other websites that may be consulted by the User through links contained within this website. The Policy may be subject to changes due to the introduction of new regulations in this regard, thus the User is invited to periodically check this page in order to be always up-to-date on the latest legislative developments. Prior versions of this Policy can always be requested from the Data Controller.
M / AUTOMATED DECISION-MAKING PROCESSES
There are no automated decision-making processes.