INFORMATION ON THE PROCESSING OF PERSONAL DATA OF WEBSITE USERS

The owner of this site, entity/company, in compliance with the obligations arising from national^[1] and EU legislation (hereinafter GDPR^[2] or Regulation) and subsequent amendments, respects and protects the confidentiality of users/visitors, putting in place appropriate and proportionate security measures so as not to infringe their rights.

This information applies exclusively to the online activities of this site in particular to the compilation of forms, requests for information or any other form of interaction with the site that involves the communication by the user of personal data. With it, the Owner pursues the objective of providing maximum transparency regarding the information that the site collects and how it uses it.

The treatment will be based on the principles of lawfulness, correctness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability.

Pursuant to Articles 13 and 14 of the GDPR and current legislation, the following information is provided regarding the processing that entity/company will perform with personal data:

1. Subjects of the treatment

The Data Controller is ORLANDI s.r.l., with registered office in Via Libertà, 15 – 20853, Biassono (MB), C.F./P.IVA 07932360154, contactable using the e-mail address roberto@orlandisrl.eu, or the certified e-mail address (PEC) orlandisrl@gigapec.it.

2. Modalities of treatment and type of data collected

The Owner adopts all the technical and organizational measures suitable to secure the personal data processed. In particular, these measures are designed to prevent unauthorized access, disclosure, modification or destruction of data, which will be collected, processed and stored in the archives, both paper and electronic, of the Owner and / or internal subjects authorized and external managers for this purpose expressly authorized. The treatment will be carried out with the aid of both paper and computer media or electronic tools with logic of organization and processing of personal data in order to ensure the security and confidentiality.

The Owner may process some personal data of the users who interact with the web services of the site, in particular:

• navigation data: the IP address, the addresses in URI^[3] notation, the type of browser and the parameters of the device used to connect to the site, the name of the Internet Service Provider (ISP), the web page the visitor comes from^[4]and goes to, as well as details relating to the date and time of the visit, the requests sent to the site server and which make it possible to navigate, may be acquired automatically by the computer systems during the use of the site. Navigation data may also be used to compile anonymous statistics that allow us to understand the use of the site and to improve its structure. Surfing data may possibly be used to ascertain illegal activities, such as computer crimes, to the detriment of the site;
  personal contact data (name and surname, e-mail address, company name and telephone number), possibly of an economic and fiscal nature (if, for example, an invoice is requested), necessary for the performance of existing or future contractual relationships with users.

Are not collected and processed in any way “special categories” of personal data, or data classified as sensitive^[5].

3. Purposes of the treatment

The data provided by the user or communicated by third parties will be processed for the following purposes:

1. registration to the website, to the services developed or made available by the Owner, use of the related information services, management of contact or information requests;
2. Establishment of contractual relationships and consequent administrative, legal and fiscal fulfilments, as well as to allow an effective management of financial and commercial relationships;
3. fulfilment of obligations provided for by EU and national regulations;
4. verification of the correct functioning of the site and for security reasons, in order to block attempts to damage the site itself or to cause damage to other users and in any case to ascertain and repress harmful or criminal activities.

By accessing the “Contacts” section, the site allows the visitor/user to enter messages and other information. The voluntary and explicit sending of such information does not require the request of consent and any compilation of forms specifically designed involve the subsequent acquisition of the address and data of the visitor / user, necessary to respond to requests made and / or to provide the requested service.

The information that users of the site will make public through the services and tools made available to them are provided by the user knowingly and voluntarily, going the owner free from any liability with regard to possible violations that may be committed for the effect. In fact, it is up to the user to obtain any permission to enter personal data of third parties or content protected by national and international standards.

4. Legal basis for the processing of personal data

The provision of personal data for the purposes referred to in paragraphs 3-1) and 3-2) is mandatory, as the treatment is related to a pre-contractual and / or contractual phase or functional to a request of the interested party or required by a specific law. Failure by the interested party to provide certain personal data in relation to the above-mentioned purposes could prevent the Data Controller from providing its services.

The data collected and processed for the purposes of site security and prevention of abuse and illegal activities referred to in paragraph 3-4), as well as data for the analysis of site traffic (statistics) in aggregate form, are processed on the basis of the legitimate interest of the Owner to protect the proper functioning of the site, and to protect the users themselves. In such cases, the user may exercise the right to object at any time (see paragraph 9. “Rights of the interested party”).

5. Use of Cookies

Cookies are small text files that the site sends to users’ terminals and are used to perform computer authentication, session monitoring, storing information on specific configurations, storing preferences and more. This site uses cookies primarily to improve the browsing experience by measuring and analyzing aggregated and anonymized browsing data.

For information on the cookies used, as well as on the management, setting and deactivation of cookies, users can consult the relevant section of the site and follow the procedures provided for this purpose.

6. Recipients of personal data

    

The data will not be disseminated by the Owner, giving knowledge to undetermined subjects in any way, even by making them available or consultation.

The data will be stored by the Owner and may instead be communicated to specific subjects defined as follows:

• authorized subjects involved in the organization of the site^[7];
• external subjects^[8] delegated for this purpose to specific processing activities and duly appointed as Data Processors pursuant to art. 28 of the Regulations, in accordance with the applicable legislation and limited to the purposes of the professional services required and necessary;
• subjects whose right to access the data is recognized by provisions of law or orders of the authorities;
• any third countries or international organizations, if for technical and/or operational reasons it is necessary to transfer some of the data collected to technical systems and services managed in the cloud and located outside the European Union[8]. In this case, the processing will be regulated in accordance with the provisions of Chapter V of the GDPR and authorized according to specific decisions of the European Union and the Italian Data Protection Authority.

A complete list of all the persons in charge and authorized to process personal data can be requested by writing to the e-mail address roberto@orlandisrl.eu, or by regular mail to Via Libertà, 15 – 20853, Biassono (MB).

7. Place of treatment

 
The data collected from the site are processed at the headquarters of the data controller and at the datacenter of Web Hosting. The Web Hosting (Serverplan srl società unipersonale), as Data Processor, processes personal data on behalf of the Data Controller in accordance with European standards.

8. Period of conservation of personal data

The data collected will be processed exclusively for the purposes indicated above and stored for the time strictly necessary to provide the requested service. In any case, this period of time will not exceed 10 years, after which the owner will proceed to the automatic cancellation of personal data collected.

9. Rights of the interested party

The Regulations reserve specific rights to users/concerned parties. In particular, the interested party may exercise at any time the right to:

• access their personal data, obtaining confirmation as to whether or not personal data concerning them is being processed and, if so, to be informed of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the data may be communicated, the applicable storage period, the existence of automated decision-making processes;
• to obtain the rectification of inaccurate personal data concerning him/her without undue delay
• obtain, in the cases provided for, the cancellation of personal data concerning him without undue delay;
• obtain, in the cases provided for, the limitation of processing;
• to request the portability of the data he has provided to the Data Controller, i.e. to receive them in a structured, commonly used and machine-readable format, also to transmit such data to another Data Controller without hindrance from the Data Controller to whom he has provided them within the limits established by art. 20 of the Regulation;
• to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him, in the cases provided for by the Regulation;
• revoke his consent at any time, with the same ease with which it was granted;
• propose a complaint to the Guarantor Authority for the Protection of Personal Data;
• Obtain all available information on the origin of personal data, if these have not been collected from the data subject himself;
• to be informed without undue delay in the event of a “data breach”, i.e. if the violation of his/her personal data presents a high risk for his/her rights and freedoms
• to be informed of the existence of adequate safeguards, should personal data be transferred to a third country or to international organizations.

All of the above rights may be exercised at the request of the interested party by writing directly to roberto@orlandisrl.eu.

This information notice may be subject to periodic updates.

Owner of the personal data treatment
ORLANDI s.r.l.

__________________

[1] D. Lgs. n. 196/2003, Code for the protection of personal data, novated by D. Lgs. 101/2018;
[2] European Regulation for the protection of personal data n. 2016/679;
[3] Uniform Resource Identifier;
[4] referral;
[5] pursuant to Article 4 of the Code and Article 9 of the GDPR;
[6] e.g. employees of the Data Controller and possibly of the Data Processor, including administrative staff, sales staff, system administrators;
[7] e.g. third party technical service providers, lawyers, hosting providers, IT companies, communication agencies;
[8] es. fornitori di servizi tecnici terzi, legali, hosting provider, società informatiche, agenzie di comunicazione;
[9] in particular with Google, Facebook, Twitter, Microsoft, LinkedIn, through social plugins and the Google Analytics service.