Welcome to www.biesse.com (the “Website”).
- Data controller
- Purposes and legal basis of the processing, and storage times
- Methods of the processing
- Data conferral
- Recipients of the personal data
- Parties authorised to process the data
- Transfer of data outside the European Union
- Your rights
- Contact data of Data Protection Officer (DPO)
1. Data controller
The party that collects and processes the Personal Data in the capacity of Data Controller (hereinafter “Data Controller”) is Biesse S.p.A., with registered office in Via della Meccanica, 16, Pesaro, Italy, telephone number: +39 0721 439100, Tax Code and VAT number IT 00113220412, registered in the Companies Register of Pesaro Urbino under No. 1682.
2. Purposes and legal basis of the processing, and storage times
- Browsing data
The IT systems and software procedures in place to ensure that the Website runs smoothly acquire, during their normal functioning, certain personal data which are implicitly sent when the Internet communication protocols are used. This information is not collected to be associated with identified Data Subjects, but instead consists of information which, by its very nature, when processed and associated with data held by third parties, could lead to the identification of the users. This data category includes the IP addresses or domain names of the computers used by those who connect to the Website, the URIs (Uniform Resource Identifiers) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relative to the user’s operating system and IT environment. These data are used for the following purposes:
- to obtain anonymous statistic information about the use of the Website and to check that it is working properly;
- for the technical administration of the Website;
- to ascertain any liability in case of alleged computer crimes committed to the detriment of the Website.
These data are stored for at least 26 months.
- Data provided voluntarily
In certain sections of the Website, you may be asked to provide personal data. In this case you will be provided with the specific notice issued pursuant to Article 13 of the GDPR regarding the processing of your personal data in relation to the individual purposes pursued.
Information about the cookies used on this Website can be found on the following page: https://www.biesse.com/it/cookie_policy
3. Methods of the processing
When processing Personal Data that can either directly or indirectly identify the Data Subject, we strive to uphold the principle of strict necessity. For this reason, we have configured the Website in such a way as to ensure that the use of the Personal Data is minimised and to limit the processing of the same which enables the Data Subject to be identified, only processing them in case of necessity or upon the request of the authorities and/or police forces (such as, for example, in the case of data regarding traffic and your visit to the Website or your IP address).
Your Personal data will be processed using automated tools and only for the time necessary in order to fulfil the purposes for which they have been collected. They will be processed in compliance with the principle of necessity and proportionality, and we will refraining from processing the Personal Data in cases where the operations can be performed using anonymous data or other methods.
We have implemented specific security measures to prevent the loss of the Personal Data as well as any unlawful or inappropriate uses of and unauthorised accesses to the same. However, please note that to ensure the security of your data, your device must be fitted with tools such as constantly updated anti-virus software, and that the provider of your internet connection must guarantee the secure transmission of the data by implementing firewalls, anti-spam filters and other similar protections.
4. Data conferral
Apart from the terms set forth applicable to browsing data, the conferral of data for any additional processing purposes is optional. However, the failure to provide these data may make it impossible for said additional processing purposes to be fulfilled.
5. Recipients of the personal data
Pursuant to Article 28 of the GDPR, the Data Controller must appoint the third party companies which process the Personal Data on its behalf as External Data Supervisors and provide them with adequate operating instructions (hereinafter collectively referred to as “Data Supervisors" or “Supervisors”). These parties can essentially be classed as follows:
- companies that perform data acquisition and data entry services;
- companies that perform market analysis and research;
- companies that perform IT system maintenance services;
Your data can also be processed by third parties, independent data supervisors, and specifically:
- authorities and supervisory bodies and, in general, public or private parties authorised to request the data;
- persons, companies, associations or professional studios that perform support and consultancy activities (lawyers, accountants, auditors…).
Your personal data will under no circumstances be disseminated except to the categories of parties mentioned above.
6. Parties authorised to process the data
The Personal Data will be processed by employees and collaborators of the Data Controllers/Supervisors who have received adequate operating instructions and have been expressly authorised to perform the processing by the latter.
Any additional indications about the scope of the communication and dissemination of your Personal Data will be provided in the individual sections of the Website.
7. Transfer of data outside the European Union
The data can be transferred abroad to countries outside the EU and in particular to the Republic of San Marino subject to the signing of the so-called Standard Contractual Clauses as drafted by the EU Commission in light of Article 46 paragraph 2 letter (c) of the GDPR.
8. Your rights
In relation to the processing of the personal data performed by the Data Controller, you can ask the Data Controller to access the data concerning you and to have them deleted, corrected if incorrect and integrated if incomplete. You can also request that the processing be limited in the cases envisaged by Article 18 of the GDPR, and object to the processing in cases of legitimate interest of the Data Controller.
When the processing is based on consent or a contract and is performed using automated means, you are entitled to receive your data in a structured, commonly used and machine-readable format, and if technically feasible, to freely send them to another Data Controller.
Without prejudice to your right to submit any other administrative or legal claim, you are entitled to submit a complaint to the competent supervisory Authority in the member state in which you live or in the country in which the alleged breach occurred.
To exercise your rights you can send a written request, addressed to the Data Controller, to the following email address firstname.lastname@example.org.
9. Contact data of Data Protection Officer (DPO)
The Company has designated a DPO who is contactable at the following e-mail address: email@example.com.
Updated on 08/06/2018