The Data Controller is Biesse SpA, with registered office at Via della Meccanica, 16, Pesaro, Italy, phone number: +39 0721 439100, Tax Code and VAT number IT 00113220412 Companies Register Pesaro Urbino No. 1682 (hereinafter referred to as the 'Company' or ‘Controller’).
DPO contact details
The DPO can be contacted at firstname.lastname@example.org
Processing purpose and legal basis
The data will be used by the Company to send its newsletter and in particular to send communications of an informative nature on the latest news regarding the Biesse Group and/or to announce events such as trade fairs and conferences by e-mail to those who make an explicit request by filling in the Newsletter subscription form.
The processing is necessary to fulfil specific requests of the data subject. The legal basis for processing is therefore the execution of a contract to which the data subject is a party.
The data will be retained until you unsubscribe from the newsletter service. After this point, it will be destroyed or anonymised in accordance with the cancellation and back up procedures.
Pursuant to Article 13(2)(e) of the GDPR, we hereby inform you that the provision of data marked with an asterisk is mandatory; therefore any refusal to provide it will make it impossible to send you the Newsletter.
The provision of other data, not marked with an asterisk on the form, is optional. Therefore, any refusal will not preclude the sending of the Newsletter.
Parties authorised to process the data
Your personal data will be processed by company employees and/or external staff who have received adequate operating instructions and who the company has expressly authorised to process it.
Data recipients and transfer of data outside the EU
The data may be processed by persons designated by the Company as data processors who provide the Company with services instrumental to the purpose indicated in this statement, such as, for example: the company responsible for maintenance/management of the Company's website and of the electronic and/or telematic tools it uses; the company that manages subscription to and/or sending of the newsletter, as well as the company that provides the CRM software (and in particular the Salesforce Services - i.e. Sales Cloud, Service Cloud, Chatter and Communities – and Marketing Cloud services), currently salesforce.com EMEA Limited, with registered office in UK.
Salesforce.com has adopted the Binding Corporate Rules ("BCR") for Processors to legitimise the transfer of personal data outside the European Union to companies within its group that process such data on behalf of Data Controllers established in a member state in their capacity as Data Processors and/or Sub-Data Processors
The Salesforce’s Processor Binding Corporate Rules are available at the following link https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf
For further information, please consult the following links https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/EU-Data-Transfer-Mechanisms-FAQ.pdf and https://help.salesforce.com/articleView?id=000314281&type=1&mode=1 (“Where is my Salesforce instance located?”)
Your data may be communicated to independent data controllers such as supervisory and control authorities and bodies and, in general, public or private parties entitled to request/receive the data.
Rights of the data subject
Data subjects may exercise the rights provided for by Articles 15-22 of the GDPR vis-a-vis the Data Controller and, in particular, request access to the data concerning them, its erasure, rectification of inaccurate data, integration of incomplete data and restriction of processing in the cases envisaged by Article 18 of the GDPR.
In order to exercise their rights, data subjects may contact the Data Controller by sending a written communication to the address indicated above
In any case, data subjects have the right to object to the receipt of the newsletter by clicking on the unsubscribe link at the bottom of each email or by writing to the address email@example.com
Data subjects may, at any time, lodge a complaint with the Personal Data Protection Authority (Article 77 of the GDPR), as well as take legal action before the appropriate courts (Article 79 of the GDPR).
 Pursuant to Article 18 of the GDPR, the data subject has the right to obtain restriction of processing from the data controller when one of the following hypotheses applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests the restriction of its use;
c) although the controller no longer needs the personal data for the processing purposes, it is required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.