PERSONAL DATA PROCESSING INFORMATION SHEET
Pursuant to Art.13 of Legislative Decree no.196 dated 30 June 2003 and subsequent legislation
The Group ALFAGOMMA S.p.A., in line with the current Italian data protection law, undertakes to guarantee the privacy and the security of each website Navigator’s personal data, even when the internet is accessed from abroad, consistently with the requirements of the Group Code of Conduct.
In compliance with the provisions of Legislative Decree no.196 dated 30 June 2003, the Group ALFAGOMMA S.p.A. (hereinafter also “Data Controller”) is to provide the necessary information regarding the purposes and the methods, as well as the field of data communication and dissemination, of personal data provided by the welcomed new/loyal Users, Visitors and Navigators of its website www.alfagomma.com, peculiarly in respect of Art.12 “Codes of ethics and good conduct” of quoted Legislative Decree.
The Data Controller is ALFA GOMMA S.p.A.
Via Torri Bianche, 1 – 20871 Vimercate (MB) – ITALY / Fiscal Code 00758920151 – VAT no.00689040962 – E.A.R. no. MB-482962
Users can exercise their rights under Art.7 of Legislative Decree no.196/2003 by sending written communication to:
ALFAGOMMA S.p.A. – Via Torri Bianche 1 – 20871 Vimercate (MB) – ITALY / to k.a. of Data Controller Officer
Type of data processed
The Data Controller collects personal data specifically and voluntarily provided by its welcomed Users during the website navigation.
As outlined by Legislative Decree no. 196/2003, “personal data” are all information that can identify a specific person, in particular the name and surname, the e-mail address.
These data are spontaneously provided by the new Users or Loyal Customers, who wish to receive information thru the website on the services offered by the Data Controller.
The Data Controller also collects personal data in automatic ways from the analysis of browsing performed by Users.
The Data Controller does not deal with “sensitive data”, as outlined by Legislative Decree no. 196/2003, like personal data revealing racial or ethnic origin of the Users, with their religious, philosophical or other beliefs, their political opinions, their membership of parties – unions – associations or organizations, their religious – philosophical – political opinion or trade union membership, as well as personal data disclosing Users’ health status and sex life.
All Users are expressly advised not to provide the Data Controller with any of their sensitive data.
Data from minor Users
Users under 18 years of age are expressly advised not to provide the Data Controller with any of their personal or sensitive data.
Aims of data treatment
The processing of data is performed exclusively to supply the products and services provided by the Data Controller through its commercial brands, for connecting to the institutional websites structure – pages – third level domains connected to them, and, mainly for complying with tax and administrative aspects related to the business relationship, that is: to achieve effective administrative management of the business.
Such treatment will be based on principles of fairness, legality and transparency, protecting Users’ privacy and Users’ rights and aims to:
- conclude, manage and execute contracts for the delivery of the requested products and services;
- to organize, manage and execute the delivery of products and services also through the communication of data to third party suppliers;
- to fulfill legal and financial obligations and all the obligations required by the relevant authorities.
For the data processing indicated purposes, the Data Controller will be aware of identifiable personal data concerning Users, as outlined by Legislative Decree no. 196/2003.
The data provided by Users will be only those strictly necessary to fulfill the declared purposes.
Data processing methods
The data processing will be carried out mainly with data processing tools, with logic strictly related to the purposes described above and in order to ensure the security and confidentiality of data, by selected Staff specifically appointed from the Data Controller as Trustees and/or Officers.
Personal data and documents collected for the purposes mentioned above, including released estimates and handed-over documents, will be retained even after the termination of the execution of contracts, in both paper and electronic formats, saved in specific databases with restricted and controlled access, owned by the Data Controller, for the completion of all legal obligations (in example, the ten-year storage of the commercial documents required by italian financial law).
Users can exercise their rights under Art.7 of Legislative Decree no.196/2003 to the limits and conditions foreseen by Art.s no.8, 9, 10 of quoted Legislative Decree.
Without prejudice to the mandatory communications made to comply with legal and contractual obligations, for the defense of rights and on request by the competent authority, the data may be disclosed:
- to the Data Controller’s dedicated Staff (employees and/or collaborators) to which the transfer of Users’ data is necessary for the conduction of the business activity;
- to Professionals and services Studies which work on behalf of the Data Controller for the business activity administration and management;
- to Suppliers/third parties for the execution of the contract, also domiciled abroad within the European Union, in accordance with and within the limits of Art.42 of Legislative Decree no.196/2003, and abroad in non-EU Countries in the framework and in accordance with Art.43 of quoted Legislative Decree;
- to banks involved for economic transactions.
In compliance with Art.25 of Legislative Decree no. 196/2003, the Data Controller is legally committed in respect of the rights of its Users to avoid the Users’ personal data diffusion: the data will not be disclosed to any other/external parties/subjects and will not be subject to dissemination in any case and will not be disclosed for market research or commercial communication (in example, the data will never be object of communication with an indistinct amount of other subjects).
The failure to communicate or the incorrect communication of the mandatory Users’ information/data, for all that is required by legal and contractual obligations, will determine the impossibility for the Data Controller to proceed with the contractual relationship itself.
Users’ failure to provide or incorrect provision of data that is not strictly related to legal and contractual obligations will instead be reviewed from time to time by the Data Controller, who will determine if the business relation is manageable also in the absence of these specific Users’ data.
Users’ right of access to personal data and other rights (Art.7 of Legislative Decree no. 196/03)
Personal data processing dedicated Staff designated by Data Controller is available for Users’ assistance and will welcome any request of data presence verification, updating, rectification, integration, cancellation and will provide Users with the updated list of all of the data processors, on demand, as reported above and in detail below.
Users can exercise, with regard to the data entered thru the website, the right to:
- know the existence or otherwise of their personal data among the Data Controller; the origin, the logic and purpose of treatment and the data communication in an intelligible form to other parties;
- know the identity of all designated data-processing Staff, the data Processors and Officers and any other party/representative to whom Users’ personal data will be disclosed, in compliance of Art.5, paragraph 2, of Legal Decree no.193/2003;
- obtain the cancellation, transformation into anonymous form or blocking of the data processed in violation of the law, including the data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
- obtain certification that their rights have been notified to those to whom the data were or will be communicated or disclosed, except if this proves impossible for the Data Controller or involves a manifestly disproportionate to the protected right;
- update, rectify or integrate the data;
- object to the processing of the data;
- to oppose, in whole or in part, the processing of personal data:
- for legitimate reasons, by mandatory reporting it to the Data Controller thru an official communication;
- for business management reasons, in example, the User can oppose the sending of advertising materials or direct selling or the aim of the Data Controller to transfer the Users’ data to third parties for market research or commercial communication, in the disregarded case this may happen against the obligation undertaken by the Data Controller, by the reporting the opposition thru an official communication.
Users’ Informed Consent
The manifestation of the consent from All welcomed website Users and Visitors in regards of the treatment of personal data by the Data Controller, which is performed for purposes related to the proper management of trade and business relations as described above, is unnecessary pursuant to Art.24, letter.s a) and b) and peculiarly d) [“the concearned Person’s consent is not required when their data treatment .. concerns the data relating to economic activities, processed in compliance with current regulations regarding business and industrial secrecy”] of Legislative Decree no.196/2003.
During normal operation, the Data Controller’s Information Technology systems and software procedures will collect minimum Users’ personal data, which are implicitly transmitted through the use of internet communication protocols. These informations are not collected in order to be associated with subjects’ identifying data, but could allow Users to be identified, due to their own nature, if processed and integrated with third-party data.
IP addresses, browser type, operating system, domain name and website referring or exit pages, informations on pages visited by the User within the site, access time, navigation length on each page, click-stream analysis and other parameters regarding the operating system and the IT Users’ environment, all fall under this category of data.
This technical/IT data are collected and used by the Data Controller on an aggregated and anonymous basis exclusively to improve quality of service and obtain statistics on website use.
The Data Controller is legally committed in respect of the rights of its Users to collect and hold this technical/IT data in an aggregated and anonymous way for the sole purpose of:
- improving the quality of the web-service and optimize the functionality of the website;
- understanding Users’ behavior in order to improve online communication;
- providing statistical information concerning the use of the site.