The Data Controller is Biesse S.p.A., with registered office in Via della meccanica 16, Pesaro, Italy. Email firstname.lastname@example.org, telephone number: +39 0721 439100, tax code and VAT no. IT 00113220412 Pesaro Urbino Business Register no. 1682 (hereafter the "Company" or "Owner").
DPO contact details
The DPO can be contacted at email@example.com
Purpose of processing, legal basis and retention period
|Purpose of processing||Legal basis for processing||Data retention period|
The data you provide when filling out the appropriate form will be processed to respond (by email or telephone) to your contact/information requests.
The processing is necessary to fulfil specific requests from the data subject. The legal basis for the processing is therefore the fulfilment of a contract to which the data subject is party.
|These data will be stored for the time necessary to respond to individual requests for information, up to a maximum of 24 months.|
|General marketing purposes: carrying out market research and sending (via email) notices, information and advertising material relating in general to the Company’s products, using automated or telephone contact methods.||
Consent of the person concerned.
|IThe data are processed for 7 ____ years, subject to the withdrawal of consent.|
|Communication of your data (including your interests, as inferred from your navigation on our website) to those Biesse distributors who have been assigned - as an exclusive area - the country indicated by you on the form, so they can use those data in their role as autonomous Controllers for their own marketing purposes. Transfer of data outside the EU, in the case of a country outside the European Union.||
Consent of the person concerned.
|Until disclosure to third parties.|
After this time, your data will be destroyed or anonymised, subject to the technical erasure and back-up procedures.
Provision of data
Pursuant to Art. 13, para. 2, letter e) of the GDPR, we inform you that the provision of data marked with an asterisk is mandatory; refusal to provide such data will therefore make it impossible for us to follow up your contact request.
The provision of other data (not marked with an asterisk in the form) is optional.
Persons authorised to process data
Your personal data will be processed by Company employees and/or collaborators who have received appropriate operating instructions and who have been specifically authorised in this task by the Company.
Data recipients and data transfer outside the EU
The data may be processed by parties nominated by the Company as data processors, even if based outside the EU. These subjects provide the Company with services instrumental to the purpose indicated in this notice. For example: the company in charge of the maintenance/management of the Company's website and of the electronic and/or telematic tools used on the site; the company that manages the sending of responses to requests, and the company that provides the CRM software (and in particular the Salesforce Services - i.e. Sales Cloud, Service Cloud, Chatter and Communities - and Marketing Cloud services) to the country - salesforce.com EMEA Limited, with registered office in the UK.
salesforce.com has adopted the Binding Corporate Rules (“BCR”) for Processors, to legitimise the transfer of personal data outside the European Union to companies within its group that act as processors and/or sub-processors on behalf of the data controllers established in member states.
salesforce’s Processor Binding Corporate Rules can be viewed at the following link https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf
Further information can be found at the following links: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/EU-Data-Transfer-Mechanisms-FAQ.pdf and https://help.salesforce.com/articleView?id=000314281&type=1&mode=1 (“Where is my Salesforce instance located?”)
Your data may be communicated to autonomous data controllers such as authorities and supervisory/control bodies and, in general, subjects - public or private - entitled to request/receive the data.
Rights of the data subject
The data subject may exercise against the Data Controller the rights recognised by Articles 15-22 of the GDPR. In particular, the data subject may request access to data concerning him/her and to the information referred to in Article 15, the deletion of such data in the cases referred to in Article 17, the correction of inaccurate data, the integration of incomplete data, and the restriction of processing in the cases referred to in Article 18 of the GDPR .
 Pursuant to Article 18 of the GDPR, the data subject has the right to obtain from the Data Controller the restriction of processing
when one of the following occurs:
a) the data subject challenges the accuracy of the personal data (for the time needed for the Controller to verify their accuracy);
b) the processing is unlawful and the data subject objects to the deletion of his/her personal data and requests instead that their use be restricted;
c) although the Data Controller no longer needs them for the purposes of processing, the personal data are necessary for the verification, exercise or defence of legal claims by the data subject;
d) the data subject has objected to processing pursuant to Article 21, para.1, pending
To exercise their rights, data subjects may contact the Data Controller in writing at the above-mentioned physical address or by sending an email to firstname.lastname@example.org
In any case, the person concerned has the right to refuse promotional communications by clicking on the unsubscribe link at the bottom of every email.
The data subject may lodge a complaint at any time with the Data Protection Authority (Art. 77 GDPR), or take legal action (Art. 79 GDPR).