INFORMATION ON THE PROCESSING OF PERSONAL DATA
made pursuant to art. 13 of Regulation (EU) 2016/679
General Regulation on the protection of personal data
NAVIGATION ON THE CASAGRANDE.COM INTERNET SITE
Below we provide to subjects who come into contact with our Company (the “Interested”), a brief description of the essential characteristics of the processing of their personal data carried out by Casagrande SpA , based in Fontanafredda (PN), Via Malignani 1 , acting as Data Controller (hereinafter the ” Controller “). The processing will take place in compliance with Regulation (EU) 2016/679 – General Data Protection Regulation (the ” Regulation “) and Legislative Decree 30 June 2003, n. 196 as amended by Legislative Decree 101/2018 hereinafter the ” Code “).
By “data” we mean ” any information concerning an identified or identifiable natural person ” and by “treatment” ” any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data , such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available , comparison or interconnection, limitation, cancellation or destruction “.
For further details, please refer to the detailed information below.
The information on the processing of personal data concerning navigation on the Company’s website is made available, summarized in the following summary table on the processing, which will allow you to easily find the essential information relating to the processing of personal data. However, the detailed information is subsequently available, in which a complete picture of the information that we are required to provide pursuant to art. 13 GDPR.
|Who is the Data Controller?||Casagrande SpA , with registered office in Fontanafredda (PN), Via Malignani 1; contact details are [email protected] ;|
|What personal data do we process?||· Navigation data;
· Data possibly collected by means of cookies.
|Why do we process Personal Data?
|1. To allow you to browse our website;
2. To carry out research and / or statistical analysis on aggregate or anonymous data, without the possibility of identifying the user;
3. To fulfill legal obligations or to comply with orders from public authorities .
4. For the need to ascertain, exercise or defend a right in court or whenever the Authorities exercise their functions;
|What is the treatment based on?
|How do we process personal data?||In computer and paper form, with the observance of every precautionary measure applied by the Data Controller that guarantees its security, confidentiality and control.
The data may also be stored and processed on servers located outside the European Community in compliance with the regulations in force.
|Who do we disclose personal data to?
(Categories of Recipients)
|a. Employees, collaborators, persons appointed and authorized by the Data Controller;
b. Service providers, who act as data processors pursuant to Article 28 of the GDPR, such as, for example, the person who manages the website;
c. Subjects legally entitled to access the data;
d. Subjects to whom communication is necessary for the fulfillment of contractual obligations;
e. Public authorities;
f. Third Parties.
The personal data processed by the Data Controller are in no way subject to disclosure.
|How long do we keep personal data?||Personal data will be kept for the time necessary to pursue the purposes listed above. In any case, the processing cannot last longer, for each data processed, than the limitation period for the exercise of the rights connected to that data.
Criteria used to determine the further retention period of the data:
a. Pursuit of the purposes related to the processing.
b. Retention time required by law.
c. Withdrawal of consent by the interested party (in case of treatment based on consent).
d. Maximum term allowed by current legislation to protect the rights and / or interests of the Data Controller
|Is the provision of personal data mandatory or optional? What happens in case of refusal to communicate personal data?||If you want to browse the site, you must provide us with the navigation data and the data contained in some cookies (technical cookies). If you do not provide it, you may have a non-optimal browsing experience on this website, and we may not be able to satisfy your requests.|
|What rights has the interested party?||The interested party has the right to:
a. Access the data in our possession and request its communication in an intelligible form;
b. Request updating, rectification and / or integration;
c. Request cancellation (“right to be forgotten”);
d. Request the limitation of the processing;
e. Request notification of the update, rectification, cancellation, limitation;
f. Request data portability;
g. Oppose the treatment;
Submit a complaint to a supervisory authority.
1 – Identity and contact details of the Data Controller
The Data Controller is Casagrande SpA , with registered office in Fontanafredda (PN), Via Malignani 1 . The contact details of the Data Controller are indicated here for the management of the requests of the interested parties, as specified in point 8: contact details [email protected] .
2 – Type of data processed
The visit and consultation of the site generally involve the collection and processing of the user’s common personal data, connected to the navigation data;
3 – Purpose and legal basis of data processing
The Data Controller will carry out the processing for the following purposes:
- allow the user to use services and features present on the site, based on the legitimate interest of the Data Controller;
- research and / or statistical analysis on aggregate or anonymous data, without the possibility of identifying the user, aimed at measuring the functioning of the site, measuring traffic and evaluating usability and interest of the site (without data processing by the owner), on the basis of the legitimate interest of the Data Controller;
- fulfillment of legal obligations to which the Data Controller is subject;
- need to ascertain, exercise or defend a right in court or whenever the Authorities exercise their functions, on the basis of the legitimate interest of the Data Controller.
4 – Methods of data processing
The data will be processed with the support of IT or telematic means, in compliance with the Regulations and the Code, and, in any case, in order to guarantee the security and confidentiality of the data and prevent unauthorized disclosure or use, the alteration or destruction through efficient physical, logical and organizational security measures .
Where necessary for the pursuit of the purposes referred to in paragraph 3, the Data of the interested party could be transferred abroad, to non-EU countries / organizations that guarantee compliance with the processing methods provided for by the GDPR.
5 – Data recipients
The data may be disclosed (limited to the respective area of competence and for the sole purpose of implementing the purposes described):
- a) subjects to whom the communication of data is necessary for the functioning of the website, who act as Data Processors, by virtue of written agreements entered into with the Data Controller, such as for example the manager of the website ;
- b) persons in charge and persons authorized by the Data Controller who are committed to confidentiality or are subject to an adequate legal obligation of confidentiality (e.g. employees and collaborators of the Data Controller);
The data will not be disseminated.
In order to fulfill legal obligations, regulations, community legislation or contractual obligations, as well as to exercise any rights in court, the following third parties may have access to the data of the interested party (i) tax, legal or accounting consultants ; (ii) companies that provide the Owner with services that are instrumental to the management of the contractual relationship (eg suppliers of management applications); (iii) public and private supervisory and control authorities and bodies (eg Revenue Agency, judicial authority, etc.).
6 – Data retention period
As part of the purposes indicated above, the data will be kept for the time strictly necessary to achieve the purposes for which they were collected and processed. The criterion for determining the actual data retention period will be represented by the limitation period of the actions deriving from the relationship with the interested party. Without prejudice to the need to keep data for the purpose of fulfilling legal obligations in the head of the owner or to ascertain, exercise or defend the rights of the owner in court, the data of the interested party will not be kept for a period exceeding 10 years from the termination of the relationship, except for specific interruption of the prescription, after which the same data will be irreversibly destroyed or made anonymous, unless their further conservation is necessary to fulfill legal obligations or to fulfill orders given by Public Authorities and / o Supervisory Bodies.
- Compulsory and optional nature of providing personal data
In order to browse the site, the user must provide navigation data and the data contained in some cookies (technical cookies). In case of failure to provide, the user may have a non-optimal browsing experience on this website, and we may not be able to satisfy the related requests.
8 – Rights of the interested party
By sending a communication to the registered office of the owner or to the address [email protected] , each interested party may at any time exercise the rights referred to in Articles. from 15 et seq. of the Regulation, including: (i) obtain confirmation as to whether or not data concerning him is being processed; (ii) obtain access to their data and information indicated in art. 15 of the Regulation; (iii) obtain the correction of inaccurate data concerning him without undue delay or the integration of incomplete data; (iv) request the cancellation of data concerning him without undue delay; (v) request the limitation of the processing of data concerning him; (vi) be informed of any corrections or cancellations or limitations of the processing carried out in relation to the data concerning him; (vii) receive the Data concerning him in a structured format, commonly used and readable by an automatic device; (viii) oppose at any time, for reasons connected with their particular situation, to the processing of data concerning them carried out on the basis of the legitimate interest of the Data Controller; The complete list of the data subject’s rights can be found on https://www.garanteprivacy.it/Regolazioneue/diritti-degli-interessati .
The exercise of the aforementioned rights is not subject to any formal constraint and is free. The interested party’s request is replied to within one month of receiving it. In case of particular complexity, the deadline could be extended; in these cases, the Data Controller undertakes to provide at least one interlocutory communication within one month of receiving the request.
In case of exercise of one of the rights provided for by the Regulations, the Data Controller reserves the right to verify the identity of the requesting interested party, requesting to send a photocopy of an identity document certifying the legitimacy of the request. Once the identity of the applicant has been confirmed, the photocopy received will be immediately destroyed.
9 – Complaint to the Supervisory Authority
If the interested party considers that the processing that concerns him violates the provisions of the Regulation, he can always lodge a complaint with the Guarantor for the protection of personal data ( www.garanteprivacy.it ), or with the Guarantor of the country in where he habitually resides, works or the place where the alleged violation has occurred.