PRIVACY POLICY – INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA OF CUSTOMERS / USERS
HOLDER OF THE TREATMENT
The Data Controller, relating to identified or identifiable persons who have consulted this site, is Gruppo Strazzeri Srl Società Benefit, viale Jonio, 11 – 95129 Catania. He can be contacted at privacy@gruppostrazzeri.it
Within the Strazzeri Group, personal data are processed by staff who work as “Appointee” and by external data processors related to the purposes of the processing specified below, following the related specific instructions and indications given to them.
PURPOSE OF THE TREATMENT
Personal data voluntarily provided will be processed for the following purposes:
- to be able to provide the consulting services and training courses offered by Gruppo Strazzeri Srl Società Benefit, directly or through professional partners;
- comply with the obligations related to the activity of the Strazzeri srl Benefit Company Group and in particular for legal, administrative, accounting and tax obligations;
- for communication and sending of personal data in Italy and abroad (exclusively to EU countries or those that have compatible legislation on Data Protection), including through the web;
- browsing on this website;
- possible interaction with social networks;
- any request for contact, with the sending of information requested by the interested party;
- for marketing activities: sending e-mail messages, telephone contacts, text messages, newsletters, mail, commercial communications, advertising material on products or services offered by the Data Controller or by professional partners and analysis and surveys of the degree of satisfaction with the quality of services; send by e-mail telephone contacts, sms, mail, commercial and promotional communications of third parties.
TYPE OF DATA PROCESSED AND METHOD OF COLLECTION
- Navigation data – log file
It is possible to access the Site without the user being asked to provide any personal data. The computer systems and applications dedicated to the operation of this website detect, during their normal operation, some data (the transmission of which is implicit in the use of Internet communication protocols) not associated with directly identifiable users. The collected data includes the IP addresses of users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request and the numeric code indicating the status of the response given by the server (good end, error, etc.). These data are processed for the time strictly necessary under current law and could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
- Data provided voluntarily by the user
The voluntary and explicit sending of e-mails to the addresses indicated in the different access channels of this site entails the subsequent acquisition of the address and data of the sender / user, necessary to respond to the requests produced and / or provide the requested service. However, it is ensured that this treatment will be based on principles of correctness, lawfulness and transparency and protection of confidentiality as indicated in the GDPR. In particular, the newsletter service involves the acquisition of the name, surname, company and e-mail address and is not mandatory for the purpose of using the other services offered by the Data Controller.
LEGAL BASIS OF THE PROCESSING
The Data Controller processes Personal Data relating to the User / interested party if one of the following conditions exists:
- the processing is necessary for the execution of a contract with the User / interested party and / or for the execution of pre-contractual measures;
- the processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
- the processing is necessary for the performance of a task of public interest or for the exercise of public authority vested in the Data Controller;
- the processing is necessary for the pursuit of the legitimate interest of the Data Controller or of third parties.
However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each treatment and in particular to specify whether the treatment is based on the law, provided for by a contract or necessary to conclude a contract.
OPTIONAL PROVISION OF DATA
Apart from what is specified for navigation data, the provision of personal data by the interested party, for the purposes described in the previous paragraph, is to be considered optional. Failure to provide them, however, may make it impossible to use certain services provided by the site and result in the non-execution or the impossibility of continuing the relationship with the Strazzeri srl Group Benefit Company.
METHOD OF DATA PROCESSING
Personal data is collected and recorded for specific, explicit and legitimate purposes, accurately and, if necessary, updated. These data are processed with automated tools for the time strictly necessary to achieve the purposes for which they are collected or subsequently processed, in compliance with the principles of lawfulness, correctness, purpose limitation and data minimization, pursuant to art. 5 of the GDPR and in compliance with the mandatory time limits prescribed by law. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
COMMUNICATION AND / OR DISCLOSURE OF DATA
The data being processed may be disseminated and / or communicated to companies contractually linked to Gruppo Strazzeri srl Società Benefit, in accordance with and within the limits of the GDPR in order to make our production system more efficient and offer a better service. Personal data may be transferred abroad to non-EU countries within the scope and within the limits set by the GDPR, in order to comply with contracts or related purposes. The data, in general, may be disclosed to subjects belonging to the following categories:
- subjects that provide services for the management of the information system used by Gruppo Strazzeri srl Società Benefit and of the telecommunications networks (including e-mail);
- firms or companies in the context of assistance and consultancy relationships;
- competent authorities for the fulfillment of legal obligations and / or provisions of public bodies, upon request.
- to our collaborators, employees, as part of their duties, in all our offices;
- to all those natural and / or legal persons, public and / or private in the event that the communication is necessary for the conclusion of the contractual object;
- to banking institutions for the management of receipts and payments deriving from the execution of contracts in place;
- to professionals or professional firms, companies, for the purpose of processing accounting and tax obligations;
- to professionals, also in associated form, for any credit recovery activities;
- for the protection of one’s image and rights;
- for statistical purposes.
The subjects belonging to the aforementioned categories perform the function of data processing manager, or operate in total autonomy as separate data controllers. The list of managers is constantly updated and available at Gruppo Strazzeri srl Benefit Company. Any further communication or dissemination will take place only with the explicit consent of the interested party.
DATA RETENTION PERIOD
At the end of the service or provision of the service, unless otherwise agreed with the interested party, personal data will be stored exclusively for historical or statistical purposes, in accordance with the law, regulations, community legislation and codes of ethics and good conduct signed pursuant to Article 40 of EU Reg. 2016/679, for a period as per current legislation (usually 10 years), or, if they are not subject to any law, for a period not exceeding five years. Beyond this period, personal data will be stored anonymously, or will be destroyed.
POSSIBLE EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS
The owner informs the interested party that on this site there is no automated decision-making process, so in particular there is no profiling system.
MINORS
This Site and the Controller’s Services are not intended for minors under the age of 16 and the Controller does not intentionally collect personal information relating to minors. In the event that information on minors were unintentionally registered, the Data Controller will delete them in a timely manner, at the request of the users.
RIGHTS OF THE INTERESTED PARTIES
The Data Controller facilitates the exercise of rights by the interested party, by adopting all appropriate measures (technical and organizational). The “interested parties”, that is the natural persons, legal persons, bodies or associations, to whom the data refer have the right, at any time, to obtain confirmation of the existence or otherwise of the same data and to know its content and origin, verify its accuracy or request its integration or updating, or rectification pursuant to EU Reg. 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Rights of the interested party. Pursuant to the same articles, the interested parties also have the right to request the cancellation, transformation into anonymous form or blocking of data concerning them, processed in violation of the law, and to oppose in any case, for legitimate reasons, to their treatment.
Any communications can be sent to the e-mail box: privacy@gruppostrazzeri.it
• Right of rectification: the interested party can contact us directly to have their data modified, rectified and supplemented, also by providing a supplementary declaration
• Right to be forgotten: the interested party can send us a request to delete all data concerning him, within 30 days we will process his request, in cases where:
- the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed (Article 17, paragraph 1, letter a);
- the interested party revokes the consent on which the processing is based (Article 17, paragraph 1, letter b); c. the interested party exercises the right to object to the processing of his personal data pursuant to Article 21, paragraphs 1 and 2, of the RGPD;
- the personal data have been unlawfully processed (Article 17, paragraph 1, letter d);
- the cancellation fulfills a legal obligation (Article 17, paragraph 1, letter e);
- the personal data were collected in relation to the offer of information society services to minors (Article 17, paragraph 1, letter f), which refers to Article 8, paragraph 1).
In the event that the Data Controller has made the personal data of the interested party public, for example by publishing them on a website, he undertakes to inform the other data controllers who process the personal data deleted, including “any link, copy or reproduction “.
It should be remembered that Article 17 of the RGPD states that the request for cancellation cannot be accepted if the reasons described in the aforementioned article, paragraph 3, letters a), b), c), d), e).
• Right to portability: if requested, we will export the data of the interested party, in a structured format, commonly used and readable by an automatic device, so that they can be transferred to third parties without impediments, with the possibility of keeping them in view of further use, without infringing the rights and freedoms of others
• Right to object: the interested party may object, at any time, to all the specific uses we make of personal data concerning him, including profiling and direct marketing.
• Right of access: we are transparent about the data we collect and the use we make of it. You can contact us at any time to request confirmation as to whether or not personal data is being processed, access the information in our possession, request its modification and, if necessary, obtain a copy.
• Right to limitation: the interested party has the right to obtain from the Data Controller the limitation of treatment when one of the following hypotheses occurs:
- The interested party disputes the accuracy of the personal data, a limitation valid for the period necessary for the Data Controller to verify the accuracy of such data;
- The processing is unlawful, but the interested party opposes the deletion of personal data, requesting instead that its use be limited;
- Personal data are necessary for the interested party to ascertain, exercise or defend a right in court, although the Data Controller no longer needs it for the purposes of the same;
- The interested party objected to the processing carried out because it was necessary for the execution of a task of public interest I connected to the exercise of public authority invested in the owner or for the pursuit of the legitimate interest of the Data Controller or third parties, pending the verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the interested party.
Changes to this privacy policy
The Data Controller reserves the right to make changes to this Privacy Policy at any time by notifying the interested parties on this page. Therefore, please consult this page often, referring to the date of the last modification. In the event of non-acceptance of the changes made to this privacy policy, the interested party may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to the Personal Data collected up to that time.
COMPANY INFORMATION
Strazzeri Group srl Benefit Company – Company managed by Sole Director – Registered Office: Viale Jonio, 11 – 95129 Catania – Tax Code / VAT number / Reg. Impr. CT n. 04211930872 – R.E.A. TV 280513 – Share capital Euro 10,000 – PEC: gruppostrazzeri@pec.confindustriact.it