EU Regulation 2016/679 on personal data processing – Art. 13
Dierre s.p.a., with operational headquarters in S.S. per Chieri 66/15, 14019 Villanova d'Asti, tax code/VAT 02333970016 (hereafter as “Data Controller“) hereby informs you under art. Legislative Decree no. 196/2003 as amended by Legislative Decree no. 101/2018 (hereafter referred to as the “Privacy Code”) and art. 13 of EU Regulation no. 2016/679 (hereafter the “GDPR”) that your data will be processed by the methods and for the purposes specified below:
1. Subject of processing:
1.1 Type of data collected
Pursuant to EU Regulation 679/2016 on the processing of personal data when using our services, you agree that our company will collect some of your personal data. This statement is intended to tell you what data we collect, why and how we use it.
1.1.1. Data provided by the user
When you ask for some information or register on our website, we ask you to provide us with some of your data in order to take advantage of our services.
These are, by way of a non-exhaustive example, the data we ask for:
- Name, Surname,
- home address,
- telephone number.
1.1.2. Data that we collect automatically from the website
We collect the following data by means of our services:
- technical data: for example, IP address, browser type, information on your computer, data relating to the current (approximate) position of the instrument you are using;
2. Purposes of processing
The data processing will be aimed at carrying out the activities listed below.
1) personal data are collected on our site in order to:
- allow the user the access to the site https://www.dierre.com/en
- allow the user to register in the Mydierre reserved area, as a professional or as a dealer,
- allow the user to get in touch with our agents both in Italy and abroad,
- allow the user to download the catalogs through our web forms and take advantage of our online services to identify or create a customized product (configurator),
- perform the service or provision requested,
- collect statistical information on the use of the site (most visited pages, number of visitors by time or day, geographical areas of origin, etc.) and improve its usability for its users.
2.2) Furthermore, with your explicit consent (art. 130 of the Privacy Code and art. 7 of the GDPR), we may manage your data to:
- end you also advertising material by e-mail, newsletters and communications with informative and / or promotional content in relation to the services provided and / or events promoted by the Owner or his commercial partners.
3. Methods of processing
Your personal data will be processed through the operations identified in section 4, no. 2) of the GDPR, and specifically: collection, registration, organization, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, freezing, communication, erasure and destruction of data. Your personal data will be processed in both printed and electronic and/or automated form.
4. Access to data
Your data may be made accessible for the purposes described in art. 2, and with your consent for the purposes described in art. 2.2:
- to the Data Controller’s employees and collaborators, as persons in charge of the processing and/or internal data processors and/or system administrators;
- to third-party companies or other parties (such as, by way of example, ICT companies, internet site providers, etc) providing services outsourced by the Data Controller, as external data processors.
5. Communication of the data
With no need for express consent (under art. 6, letters b) and c) of the GDPR), the Data Controller may communicate your data for the purposes specified in section 2.1 to supervisory bodies, judicial authorities, and to those parties to whom the data must obligatorily be provided by law for the specified purposes. These parties will process the data as independent data controllers. Only with your consent for the purposes described in point 2.2 to third-party companies such as commercial partners and event organizers. Your date will not be disseminated.
6. Data transfer extra-EU
This site may share some of the data collected with services located outside the European Union area, specifically Google, Facebook and / or Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized because of specific decisions of the European Union, by the Guarantor for the protection of personal data, and by the guarantees provided by the so-called Privacy Shield.
7. Nature of data conferral and consequences of refusing to answer
8. Data retention period
The data collected by the site during its operation are kept for the time strictly necessary to carry out the specified activities. Upon expiration, the data will be deleted or anonymized, unless there are other purposes for storing them, for example for security reasons in those cases of abuse that need to be clarified. In such cases the Data Controller will retain the personal data acquired for the time necessary to fulfill the legal obligations and / or possibly to assert and / or defend a right in the appropriate forums.
The data collected in relation to the purpose set out in point 2.2 will be kept for 2 years from the date of termination of the purpose of the service offered.
9. Data subject’s rights
As data subject, you enjoy the rights identified in art. 15 of the GDPR, and specifically:
- the right to obtain confirmation as to whether or not personal data concerning you exist, regardless of their being already recorded, and communication of such data in intelligible form;
- the right to be informed: a) of the source of the personal data; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if the latter is carried out with the help of electronic means; d) of the identification data concerning the data controller, data processors and the representative designated as per section 3, paragraph 1 of the GDPR; e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing;
- the right to obtain: a) updating, rectification or, where interested therein, integration of the data; b) erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- the right to object, in whole or in part: a) on legitimate grounds, to the processing of personal data concerning you, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys, using automated calling systems without the action of an operator, by e-mail and/or or using traditional telephone and/or print mailing marketing methods. Note that the data subject’s right to object, described in point b) above, to the use of personal data for direct marketing purposes using automated methods also extends to traditional methods and that the data subject may exercise the right to object in whole or in part. The data subject may therefore decide to receive only communications sent by traditional methods or only automated communications, or neither of the two types of communication.
Where applicable, the data subject shall also have the rights guaranteed under sections 16-21 of the GDPR (right to correction, right to be forgotten, right to limitation of processing, right to data portability, right objection), and the right to present a complaint to the competent authority, the Autorità Garante.
10. How data subjects may exercise their rights
Data subjects may exercise their rights at any time by sending:
a letter by registered mail with return receipt Dierre s.p.a. - with registered office in S.S. per Chieri 66/15, 14019 Villanova d'Asti - or by sending an e-mail to email@example.com
11. Data Controller, data processor and persons in charge of the processing
The Data Controller is Dierre s.p.a., with operational headquarters in S.S. per Chieri 66/15, 14019 Villanova d'Asti. An updated list of data processors and persons in charge of the processing is kept in the Data Controller’s operational headquarters.