Privacy Policy
Introduction
With this information, also made pursuant to art. 13 and 14 EU Reg. 2016/679, the management methods of the website www.graaltech.it are described with reference to the processing of the data of the users who consult it. Following consultation of this site, data relating to identified or identifiable natural persons may in fact be processed.
This information only concerns the data processed by the website referring to the domain name www.graaltech.it
Holder of the treatment
The data controller is Graal Tech.
The data controller can be contacted at the following e-mail address: info@graaltech.it
Types of data processed
We collects the following data during navigation on his site:
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. These data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
Data provided voluntarily by the user
The owner can collect the following personal data provided voluntarily by the user:
- name and surname of the user;
- your e-mail address, telephone number.
The collection can take place, for example, when the user contacts the owner for information regarding services and / or products by filling out the form on the site.
The sending of such data is optional and consent to the processing, where required, must be explicit and voluntary. Therefore, the owner must do what is necessary so that the communication of the data and the subsequent processing for the purposes set out in this privacy policy take place in compliance with the applicable legislation, in particular by informing the user before sending the data. The prior consent to the processing must be requested by the owner from the user if required by the aforementioned legislation.
Purpose and legal basis of the processing
The personal data collected on this site are aimed at:
To allow the user the best delivery and management of the service on the website
In order to process the data for the aforementioned purpose, the express consent of the interested party is not required. The lawfulness of the processing is based on its need to pursue the legitimate interest of the owner in the protection of their assets, their business and their rights, pursuant to art. 6, lett. f) EU Reg. 2016/679. Providing data for this purpose is necessary and a refusal by the user makes it impossible for the owner to perform his contractual obligations and provide the user with the required features, services and information.
Allow the response to the user’s contact attempts
In order to process the data for the aforementioned purpose, the express consent of the interested party is not required. The lawfulness of the processing is based on its need in order to execute the user’s request, a contract and / or pre-contractual measures requested by the latter, pursuant to art. 6, lett. b) EU Reg. 2016/679. Providing data for this purpose is necessary and a refusal by the user makes it impossible for the owner to perform his contractual obligations and provide the user with the required features, services and information.
Detect the user’s browsing behavior also by means of cookies (see the relevant paragraph) and the consequent profiling, i.e. the collection and processing of data concerning users, and their consequent subdivision into groups according to their behavior ( Statistics, Display of contents from external platforms, SPAM protection, TAG management).
In order to process the data for the aforementioned purpose, the consent of the interested party is required.
The data and cookies received by the user will be processed by the owner exclusively with methods and procedures necessary to provide the requested services and for the additional purposes for which the user has given consent. Apart from what is specified for navigation data, the user is free to provide their personal data using the communication systems indicated by the website, in order to receive information. Failure to provide them may make it impossible to obtain what is requested.
To fulfill obligations deriving from law, regulations or community legislation
In order to process the data for the aforementioned purpose, the express consent of the interested party is not required. The lawfulness of the processing is based on art. 6, lett. c) EU Reg. 2016/679. The provision of data for this purpose is automatic and implicit in the internet transmission protocols. Therefore, the processing of the user’s personal data has as justifications, pursuant to art. 6 of EU Reg. 2016/679, the user’s express consent, compliance with legal obligations, as well as the legitimate interest of the data controller.
Recipients, duration and methods of processing
The personal data of the users of the website are processed by the owner, also with the help of external subjects acting as web masters, or even third party technical service providers, postal couriers, hosting providers, IT companies, who may hire, a depending on the circumstances, the role of external data processors pursuant to art. 28 of EU Reg. 2016/679 or of persons authorized for processing pursuant to art. 29 Reg. 2016/679. Access to data is also allowed to categories of persons appointed by the owner involved in the organization for data processing (administrative, commercial, marketing, customer service, system administrators).
The updated list of managers may be requested from the data controller.
The right of communication to third parties remains unaffected if the user has given specific and optional consent.
The navigation data will be kept for a maximum period of three months.
The data collected through the contact forms will be kept by the owner for the time necessary to answer the questions posed by users and in any case for the time established by law in the competent jurisdiction. This could imply the retention of the data even after the conclusion of the contract. The owner undertakes to delete the personal data when they are no longer necessary for any of the purposes described above. Furthermore, the owner will keep personal data where it is necessary in relation to a legal action or an investigation involving it.
Any financial information that the site has will be protected under the terms of this Privacy Policy.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
Transfer of data abroad
Your personal data will be processed by the owner within the territory of the European Union.
If for technical and / or operational reasons it becomes necessary to make use of subjects located outside the European Union, or it becomes necessary to transfer some of the data collected to technical systems and services managed in the cloud and located outside the area of the European Union, the processing will be regulated in accordance with the provisions of Chapter V of EU Reg. 2016/679 and authorized on the basis of specific decisions of the European Union. All necessary precautions will therefore be taken in order to guarantee the most complete protection of personal data by basing this transfer:
on the adequacy decisions of the recipient third countries expressed by the European Commission;
on adequate guarantees expressed by the third party recipient pursuant to art. 46 of the Regulation;
on the adoption of binding corporate rules, so-called Corporate binding rules.
User’s right
With reference to the treatments described above, the user has the following rights.
- Right of access.
The user has the right to ask the owner at any time to confirm whether or not personal data concerning him is being processed and, in this case, to know the personal data concerning him, pursuant to art. 15 EU Reg. 2016/679. - Right of rectification.
The user has the right to obtain from the data controller the correction of personal data concerning him and the integration of incomplete ones, pursuant to art. 16 EU Reg. 2016/679. - Right to be forgotten.
The user has the right to delete data that are no longer necessary for the purpose for which they are processed, those processed on the basis of their consent when the latter is revoked, those unlawfully processed etc. To find out about the other cases in which cancellation can be obtained, the user can refer to art. 17 EU Reg. 2016/679. - Right to limitation of treatment.
The user has the right to obtain the limitation of the processing of his data right of limitation and / or opposition to the processing of data concerning him in case of inaccuracy of the same, of illegality of treatment, of previous opposition to the treatment by the interested, or in the cases described in art. 18 EU Reg. 2016/679. - Right to portability.
The user has the right to request and obtain personal data from the owner in a structured and readable format by an automatic device, also in order to communicate such data to another data controller, or in the cases described in art. 20 EU Reg. 2016/679. - Right to object.
The user has the right to object to the processing of his personal data in the event of particular situations concerning him, pursuant to art. 21 EU Reg. 2016/679. - Right of revocation.
The user, pursuant to art. 7 EU Reg. 2016/679, has the right to withdraw consent at any time, limited to the cases in which the processing is based on your consent for one or more specific purposes and concerns common personal data (for example date and place of birth or place of residence), or particular categories of data (for example data revealing your racial origin, your political opinions, your religious beliefs, your health or your sexual life). The treatment based on consent and carried out prior to the revocation of the same retains, however, its lawfulness. In the event that the user believes there has been a violation in the processing of his data, he can file a complaint with the Guarantor Authority for the processing of personal data (www.garanteprivacy.it). opposition to the processing of data necessary for the execution of the contract could make it impossible for the Data Controller to fulfill it.
Communications
For any communication or request or to exercise their rights regarding the processing of personal data, the interested party can contact the Data Controller using the contact details identified above.