The Data Controller is Biesse S.p.A., with registered office in Via della meccanica 16, Pesaro, Italy. Email email@example.com, telephone number: +39 0721 439100, tax code and VAT no. IT 00113220412 Pesaro Urbino Business Register no. 1682 (hereafter the "Company" or "Owner").
DPO contact details
The DPO can be contacted at firstname.lastname@example.org
Purpose of processing, legal basis and retention period
|Purpose of processing||Legal basis for processing||Data retention period|
The data will be used by the Company to send out its newsletter and in particular to send information by e-mail (to those who explicitly request it by filling in the Newsletter subscription form) on the latest news from the Biesse and/or notification of events such as trade fairs and conferences
The processing is necessary to fulfil specific requests from the data subject. The legal basis for the processing is therefore the fulfilment of a contract to which the data subject is party.
|The data will be stored until you unsubscribe from the newsletter service.|
|Communication of your data (including your interests, as inferred from your navigation on our website) to those Biesse distributors who have been assigned - as an exclusive area - the country indicated by you on the form, so they can use those data in their role as autonomous Controllers for their own marketing purposes. Transfer of data outside the EU, in the case of a country outside the European Union.||Consent of the person concerned.||Until disclosure to third parties.|
After this time, your data will be destroyed or anonymised, subject to the erasure and back-up procedures.
Provision of data
Pursuant to Art. 13, para. 2, letter e) of the GDPR, we inform you that the provision of data marked with an asterisk is mandatory; refusal to provide such data will therefore make it impossible for us to send you the newsletter.
The provision of other data (not marked with an asterisk on the form) is optional. In this case, refusal will not preclude the sending of the newsletter.
Persons authorised to process data
Your personal data will be processed by Company employees and/or collaborators who have received appropriate operating instructions and who have been specifically authorised in this task by the Company.
Data recipients and data transfer outside the EU
The data may be processed by parties nominated by the Company as data processors and who provide the Company with services instrumental to the purpose indicated in this notice. For example: the company in charge of the maintenance/management of the Company's website and of the electronic and/or telematic tools used on the site; the company that manages the subscription and/or sending of the newsletter, and the company that provides the CRM software (and in particular the Salesforce Services - i.e. Sales Cloud, Service Cloud, Chatter and Communities - and Marketing Cloud services) to the country - salesforce.com EMEA Limited, with registered office in the UK.
salesforce.com has adopted the Binding Corporate Rules ("BCR") for Processors, to legitimise the transfer of personal data outside the European Union to companies within its group that act as processors and/or sub-processors on behalf of the data controllers established in member states.
saleforce's Processor Binding Corporate Rules can be viewed at the following link https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf
Further information can be found at the following links: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/EU-Data-Transfer-Mechanisms-FAQ.pdf and https://help.salesforce.com/articleView?id=000314281&type=1&mode=1 ("Where is my Salesforce instance located?")
Your data may be communicated to autonomous data controllers such as authorities and supervisory/control bodies and, in general, subjects - public or private - entitled to request/receive the data.
Rights of the data subject
The data subject may exercise against the Data Controller the rights recognised by Articles 15-22 of the GDPR. In particular, the data subject may request access to data concerning him/her and to the information referred to in Article 15 of the GDPR, the deletion of such data in the cases referred to in Article 17, the correction of inaccurate data, the integration of incomplete data, and the restriction of processing in the cases referred to in Article 18 of the GDPR.
 Pursuant to Article 18 of the GDPR, the data subject has the right to obtain from the Data Controller the restriction of processing
when one of the following occurs:
a) the data subject challenges the accuracy of the personal data (for the time needed for the Controller to verify their accuracy);
b) the processing is unlawful and the data subject objects to the deletion of his/her personal data and requests instead that their use be restricted;
c) although the Data Controller no longer needs them for the purposes of processing, the personal data are necessary for the verification, exercise or defence of legal claims by the data subject;
d) the data subject has objected to processing pursuant to Article 21, para.1, pending checks on whether the legitimate reasons of the Controller prevail over those of the data subject.
2. If processing is restricted pursuant to paragraph 1, such personal data are (except for storage purposes) only processed with the consent of the data subject, or for the verification, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the Union or a member state.
3. A data subject who has obtained processing restriction pursuant to paragraph 1 will be informed by the Controller before that restriction is lifted.
To exercise their rights, data subjects may contact the Data Controller in writing at the above-mentioned physical address or by sending an email to email@example.com
In any case, the person concerned has the right to refuse the newsletter by clicking on the unsubscribe link at the bottom of every email.
The data subject may lodge a complaint at any time with the Data Protection Authority (Art. 77 GDPR), or take legal action (Art. 79 GDPR).