The Data Controller is Biesse SpA, with registered office at Via della Meccanica, 16, Pesaro, Italy, phone number: +39 0721 439100, Tax Code and VAT number IT 00113220412 Companies Register Pesaro Urbino No. 1682 (hereinafter referred to as the 'Company' or ‘Controller’).
DPO contact details
The DPO can be contacted at firstname.lastname@example.org
Purposes and legal basis of the data processing and data conservation period
The data you provide on completing the dedicated form will be processed in order to respond either by email or telephone to your requests for contact/information.
The processing is necessary to fulfil specific requests of the data subject. The legal basis for processing is therefore the execution of a contract to which the data subject is a party.
This data will be kept for the time necessary to respond to individual requests for information, up to a maximum of 24 months. Once the period above has elapsed, your data will be destroyed or made anonymous in accordance with the technical procedures of cancellation and back-up.
Pursuant to Article 13(2)(e) of the GDPR, we hereby inform you that the provision of data marked with an asterisk is mandatory; as such, any refusal to provide this data will render it impossible to respond to your request for contact.
The provision of other data, not marked with an asterisk on the form, is optional.
Parties authorised to process the data
Your personal data will be processed by company employees and/or outside staff who have received adequate operating instructions and who the company has expressly authorised to process it.
Data recipients and transfer of data outside the EU
The data may also be processed by entities designated by the Company as data controllers, including those with headquarters outside the EU. These entities, by way of example, provide the Company with professional services instrumental to the purpose indicated in this privacy statement, such as, by way of example: the company responsible for maintenance/management of the Company's website and of the electronic and/or telematic tools it uses; the company that manages the sending of responses to requests, as well as the company that provides the CRM software (and in particular the Salesforce Services - i.e. Sales Cloud, Service Cloud, Chatter and Communities – and Marketing Cloud services), currently salesforce.com EMEA Limited, with registered office in the UK.
Salesforce.com has adopted the Binding Corporate Rules ("BCR") for Processors to legitimise the transfer of personal data outside the European Union to companies within its group that process such data on behalf of Data Controllers established in a member state in their capacity as Data Processors and/or Sub-Data Processors.
Salesforce’s Processor Binding Corporate Rules are available at the following link https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf
For further information, please consult the following links https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/EU-Data-Transfer-Mechanisms-FAQ.pdf and https://help.salesforce.com/articleView?id=000314281&type=1&mode=1 (“Where is my Salesforce instance located?”)
Your data may be communicated to independent data controllers such as supervisory and control authorities and bodies and, in general, public or private parties entitled to request/receive the data.
Rights of the data subject
The data subject may exercise the rights provided for by Articles 15-22 of the GDPR vis-a-vis the Data Controller and, in particular, may request access to the data concerning them, its erasure, the rectification of inaccurate data, integration of incomplete data and restriction of processing in the cases envisaged by Article 18 of the GDPR.
In order to exercise their rights, the data subject may contact the Data Controller by sending a written communication to the above address or an email to email@example.com
Data subjects may, at any time, lodge a complaint with the Personal Data Protection Authority (Article 77 of the GDPR), as well as take legal action before the appropriate courts (Article 79 of the GDPR).
 Pursuant to Article 18 of the GDPR, the data subject has the right to obtain restriction of processing from the data controller when one of the following hypotheses applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests the restriction of its use;
c) although the controller no longer needs the personal data for the processing purposes, it is required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.