Concerning the protection of personal data pursuant to art. 13 of the 2016/679 EU regulation
in compliance with the provisions of art. 13 of the U.E. 2016/679 (the “GDPR”) and in application of the principles set by the GDPR itself, we invite you, before starting to browse our website (the “Website”), to read this information on the processing of personal data , in order to make you aware of the characteristics and methods of processing (the “Processing”), characteristics and methods concerning any information we acquire as a result of navigation by any person (the “User”) on the Website, and provided by it through the Website itself, which concern a natural person (the “Data Subject”) who is identified or identifiable (the “Personal Data”). In accordance with art. 4.1. of the GDPR, “”an identifiable natural person is one who can be identified, directly or indirectly, by referring to an identifier such as a name, an identification number, location data, an online identifier or by one or more features specific to the physical, physiological, genetic, mental, economic, cultural or social identity.”
1. Data Controller (the “Data Controller”).
The Data Controller is the Beste S.p.a., company fiscal code/VAT number IT01629440973, in the person of its legal representative, registered office in Via Primo Levi 6 59022 Cantagallo, Prato (PO) Italy, registered email address: email@example.com , e-mail: firstname.lastname@example.org, website www.beste.it.
Any communications concerning the Processing, also pursuant to the following articles, must be sent by you and/or by the Data Subject, by registered letter with a return receipt, registered email or email to the addresses indicated above.
2. Purposes of the Processing (the “Purposes”) and legal basis.
Personal Data, whether collected from the Data Subject (article 13 of GDPR) or not (article 14 of GDPR), will be used exclusively for the following purposes:
allow the use of the Website; respond to User requests (including, by way of example, requests for quotations and spontaneous applications); fulfilling pre-contractual and contractual obligations related to you; fulfilling and demanding the fulfillment of specific obligations set out by laws and regulations; send by e-mail, commercial proposal for good and services of the same kind of your previous order (soft-spam); send newsletters. The legal basis of the Processing entails: our need to execute a contract of which the Data Subject is part of, namely pre-contractual measures adopted at the request of the Data Subject itself;
our need to fulfill a legal obligation;
The legitimate interest on the part of the Data Controller (Art. 6 letter “f” of the GDPR);
Only for the purpose under (vi) the consent freely given by the Data Subject by email, appropriate forms and checkbox.
With reference to point (v), the Data Controller specifies that in the context of the sale of a product or service, the data subject’s e-mail coordinates may be used by the Data Controller, without prior request for consent from the Data Subject, for the purpose offer and sale of services similar to those already being sold (Article 130, 4 of Legislative Decree 196/2003). The interested party may oppose this treatment at any time, free of charge, by simple written request to the addresses indicated above.
3. Compulsory or optional provision of personal data.
The communication, on your part – also by sending e-mails, filling out special forms and affixing the required flags -of Personal Data to us is optional, however it is necessary since any refusal to release them, as well as any communication of incorrect data, makes it impossible for the Controller to establish the relationship or to implement the various purposes for which the Personal Data are collected.
For the same reasons, as well as for the purpose of correct management of the existing relationship, we kindly ask you to inform us immediately about any changes to the Personal Data we have already collected.
4. Communication of personal data
The Personal Data are processed internally by persons who are authorized to process them (the “Authorized Individuals”). Such operations are under the responsibility of the Data Controller, for the purposes indicated above.
Your personal data may be communicated to individuals or entities external to us, who are tasked with fulfilling instrumental and/or accessory functions to our business activity. Such individuals or enti-ties will process said data on our behalf.
These individuals or entities, in accordance with the provisions of art. 28 of the GDPR, will be ap-pointed by us as External Managers of the Processing (the “External Managers”). An updated list of the External Managers, which is available at the registered office of the Data Controller, will be pro-vided to the Data Subject upon written request to the aforementioned addresses.
Apart from the aforementioned cases, the Personal Data may also be disclosed to further recipients and/or categories of recipients (the “Recipients” and the “Categories of Recipients”), only for the per-formance of activities under the per-contractual and/or contractual relationship between us, and/or to fulfill legal obligations, and/or upon requests from the Authorities. Such communications will, in any case, be performed in compliance with the guarantees provided by the GDPR, the guidelines of the Italian Authority, as well as the Commission established, pursuant to the aforementioned GDPR.
Without prejudice to the foregoing, the Personal Data will in no case be disclosed and/or communi-cated to third parties, unless specifically agreed by the Data Subject and, in any case, only when necessary for the fulfillment of the Purposes.
5. Processing of “special categories of Personal Data” and “Personal Data relating to criminal convic-tions and offenses.”
The Data Controller does not precess special categories of Personal Data. Anyway, if, as part of the processing, the Data Controller becomes aware of Personal Data relating:
(i) to “special categories” pursuant to art. 9 of the GDPR (i.e. those “that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, and those concerning genetic and/or biometric data intended to identify an individual, and data concerning the health or sex life or sexual orientation of an individual”). Such data will be processed exclusively for the purposes indicated, only prior to agreement from the Subject Data or, anyway, because the Processing is necessary for carrying out the obligations and specific rights of the Data Controller or of the Data Subject in the context of labor law, social security and social protection, in so far as it is authorized by the law of the European Union, the Member States or by the collective agreement under the laws of the Member States, in the presence of appropriate safeguards for fundamental rights and interests of the Data Subject;
(ii) to “criminal convictions and offenses or related security measures” pursuant to art. 10 of the GDPR, the Processing will take place only under the control of the Italian Public Authority or if the Processing is authorized by the laws of the European Union or of the Member States, which provides the appropriate guarantees for the rights and freedoms of the Data Subjects. Any comprehensive register of criminal convictions shall be kept only under the control of official authority.
6. Processing of data
The Processing is performed with the aid of electronic and/or paper tools and, in all cases, by adopt-ing organizational and IT measures and procedures suitable to protect the security, confidentiality, relevance and non-excessive nature of the data.
7. Territorial application.
The Personal Data will be processed within the territories of the European Union.
If, for technical and/or operational reasons, it becomes necessary to rely on individuals or entities located outside of this territory, they will be appointed as External Managers. The transfers of Personal Data to such individuals or entities will be limited to performing specific processing activities, in compliance with the provisions of the GDPR, with all the necessary precautions taken to ensure total protection of the personal data. The transfer will only take place after an evaluation of the appropriateness of the guarantees (including, for example, an assessment, which is expressed by the European Commission, on whether the country of the recipient is deemed appropriate for such processing, or whether adequate guarantees are provided by the recipient, pursuant to Article 46 of the GDPR, etc.).
In all cases, the Data Subject may request more information from the Data Controller if the Personal Data have been processed outside the European Union. The Data Subject may also request evidence of the specific guarantees adopted.
8. Retention period
The Personal Data will be retained by the Data Controller for a period of time strictly necessary for pursuing the Purposes, and in particular, until the termination of pre-contractual and contractual re-lationships between us, subject to a further retention period that may be imposed by the law.
As regards the CV spontaneously transmitted, they will be kept for a period not exceeding 3 years from the dispatch, or the different maximum period indicated by the Authority for the protection of personal data.
In order to manage any contentious claims or disputes, and in any case for the assessment, exercise or defense of a law in court, the Personal Data may be kept for a further period of time, which is equal to the prescription period established by the same right.
9. Issuing of information.
This information is provided exclusively with reference to the Website and not with regard to other websites that may be consulted by the User via links or accessed through social buttons on the Website, with respect to which the Data Controller assumes no responsibility.
Any changes or updates to this information will be available to Users in the appropriate section of the Website and will apply as of the date of its publication. If the interested party does not intend to accept any changes, he may interrupt the use of the Website. Therefore, the Interested are invited to periodically consult the aforementioned section.
10. Rights of the Data Subject and how to exercise them.
- The Data Subject, at any time, can exercise the rights recognized by the GDPR (the “Rights of the Data Subject”), and in particular:
Art. 15 – Right of access of the Data Subject: the Data Subject has the right to access their data and related Processing. This right allows to obtain confirmation of whether or not one’s Personal Data is being processed, thus the possibility to request and receive a copy of the data being processed;
- Art. 16 – Right of rectification: the Data Subject has the right to obtain from the Data Controller the rectification of inaccurate Personal Data concerning themselves, without undue delay. In light of the Purposes of the processing, the Data Subject will have the right to have incomplete personal data made complete, by providing a supplementary statement.
- Art. 17 – Right to cancellation (“right to be forgotten”): the Data Subject has the right to request from the Data Controller the deletion of their personal data, which will no longer be subject to the Processing. In some cases, among which are the completion of the purpose for the processing, revoked consent, opposition to the processing or when the processing of the personal data is otherwise not compliant with the GDPR, the Data Subject may request immediate cancellation of their data;
- Art. 18 – Right to limit the Processing: the Data Subject has the right to limit the processing of their Personal Data in case of inaccuracies, disputes or as an alternative measure to cancellation;
- Art. 20 – Right to data portability: the Data Subject, except when the data are archived by means of non-automated processing (e.g. in paper format), has the right to receive personal data pertaining to them in a structured format that is commonly used and readable by automatic devices, referring to data supplied directly by the Data Subject with express consent or on the basis of a contract. Furthermore, if technically feasible, the Data Subject may request the transmission of such data to another Data Controller;
- Art. 21 – Right to object: the Data Subject has the right to object to the processing of personal data concerning themselves, at any time, for reasons related to a particular situation of theirs.
If the Data Subject wants to exercise one of the rights listed above, they must address the request directly to the Data Controller at the addresses indicated above. Should the Data Subject wish to exercise the right to lodge a complaint, the pertaining communication must be sent to the Guarantor Authority or, alternatively, an appeal must filled before the competent Court.
The Data Controller’s period for replying to the Data Subject is, for all of the rights (including the right of access) and also in case of denial, 1 month, extendable up to 3 months in case of extreme complexity.
In any case, art. 12 of the GDPR shall apply.
The Data Controller does not process Personal Data relating to minors. By accessing the Website and using the services, the User declares to have reached the age of majority.
12. Withdrawal of consent
In cases where the Processing should only take place after the consent of the Data Subject, and if, in such scenario, the latter has provided it, they have the right to revoke the consent they have given at any time, by sending a written request to the Data Controller, at the addresses indicated above.
The withdrawal of the consent will not affect the lawfulness of any Processing arising from the previously given consent.