Circular letter on personal data processing performed by the website: www.rossellisnc.com,in compliance with art. 13 of the European General Data Protection Regulation (GDPR – 2016/679)
Off.Meccaniche Rosselli S.N.C. di Rosselli Ciro Renzo e Eros, as data controller, notify to data subjects the following information on data processing.
This circular letter is referred to and is valid only for this website (www.rossellisnc.com) and not for other external websites surfed by the user through links available in www.rossellisnc.com. The data controller isn’t responsible of processing performed by third part websites. Please take a look to data processing policy when you visit a third part website.
The data controller is Off.Meccaniche Rosselli S.N.C. di Rosselli Ciro Renzo e Eros, VAT number: IT00517110359 and established in Via Giovanni Boccaccio 2, 42024 Castelnovo Di Sotto (RE) – Italy. You can contact the data controller by the following mail address: firstname.lastname@example.org
PURPOSES OF PROCESSING, LEGAL BASIS AND RETENTION TIME
We process personal data only with a proper legal basis established by law. In the following list you can found all the information concerning the purposes of processing, the types of personal data processed, the legal basis and the data retention time.
|Purposes of processing||Categories of personal data||Legal Basis||Data retention time|
|To manage commercial and information requests received through the contact forms or other communication means available on the website||Identification data
Data concerning contact details and addresses
|Legitimate interest of Data Controller concerning the management of communications with data subjects to satisfy specific submitted requests
To perform a contract in which data subject is part or to manage pre-contractual requests submitted by data subjects
|This data will be processed for the time strictly necessary to manage your request.
After this process, data submitted to fulfill your enquiry will be deleted or further processed for other purpose, if a commercial agreement took place (ex. to manage the service provision).
|User sign in and login to website personal area||Identification data
Data concerning contact details and addresses
Other mandatory or optional data requested in sign in form.
|To the perform a contract in which the data subject is party or to manage pre-contractual requests submitted by data subjects||The data controller will keep this personal data until account cancellation.|
|To send newsletter and other commercial communications following your sign in through the newsletter form||Data concerning contact details and addresses||Data subjects explicit consent||Your e-mail address will be kept until the revocation of your consent, by sending an unsubscription request to our address or following the unsubscription link available in our communications.
After your unsubscription request we will interrupt the newsletter sending.
|To carry out promotional activities, sending advertisement material and completing market researches directly to the user;||Identification data
Data concerning contact details and addresses
Data related to purchasing and browsing habits
|Data subjects explicit consent
Legitimate interest of data controller regarding the communications sent with Soft Spam modalities (as described in following section “Type of data processed”)
|We will process your data for marketing purposes until your consent revocation.
If the recipient of promotion activities is already our partner, the data retention period will be the same as for business and administrative management (10 years after business relation end); however data subject may always exercise his rights to prevent data controller to further perform this data processing activity.
TYPES OF PERSONAL DATA PROCESSED
Surfing data – Systems and software procedures responsible for the functioning of this website acquire, during their normal operation, several personal data which transmission is implicit in the use of Internet communication protocols.
Those information is not collected to be associated with the purpose to identify data subjects, but them might allow users to be identified through further processing and association with other data held by data controller or third parties.
This category of data includes:
- IP addresses or domain names of computers utilized by users connecting to the site;
- the URI (Uniform Resource Identifier) addresses of the requested resources;
- the time of request;
- the method used in submitting the request to the server;
- the size of file obtained in response;
- the numeric code indicating the status of response given by the server (good result, error, etc.),
- other parameters relating to the operating system and the user’s IT environment.
This data are processed only to obtain anonymous statistical information on the use of the site and to check its proper functioning, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical cybercrimes that might damage the website or other users during the browsing session.
Personal data sent by the user: The user can submit his personal data to data controller by the following tools available on the website:
|a) Contact form: through contact forms available in the website the users can submit specific requests to data controller. It’s required to submit personal identification data and contact details as well as other information to allow data controller to manage the request. Data collected will be exclusively processed to answer to the submitted requests and would be further kept and processed only if a business relationship will take place between data subject and data controller.|
|b) Sign in and login to personal area: your information submitted through the sign in form of personal area are required to create the your account. All data sent and collected through the personal area will be processed to answer your specific requests (for ex. to recover sign-in credentials, to provide information concerning data controller’s activities, to manage business relations, etc.), as well as to simplify business relations. Sign in might be required to use E-Commerce functions if available on the website.|
|c) Newsletter and data processing to pursue marketing purposes: data controller may carry out promotional activities about his business to users and customers by sending e-mails or other communications containing commercial and marketing information. This processing will be performed in compliance with regulations on data protection and within the ethical limits, without causing damage to the rights and freedoms of the data subjects. To pursue the purpose of providing newsletter service or other direct and indirect marketing activities, the data processing is subject to your prior consent, provided checking the related tick during data submission.
Promotional communications may also be delivered to data subjects using Soft Spam modalities, without the specific consent of recipients. These communications will mandatory have the following features:
· the activity consists in sending e-mails to recipients which already have entertained commercial relationship with data controller and the e-mail addresses have been communicated to manage or within the business relations.
· the contents will concern products or services related to those whom the recipient has already purchased.
However, data subject has the faculty to exercise his rights, opposing or limiting the processing activities. Those rights may be exercised when personal data are collected or whenever a message with marketing purposes will be delivered from data controller.
Trasmission of PERSONAL TO THIRD PARTIES
Your personal data may be transmitted only to the following third parts:
|· Companies which provide IT systems and website management and development services (as e-commerce and secure payment infrastructure, web development consultants, etc.);|
|· Companies and professional offices which provide business assistance and consultancy (IT technologies, accounting, etc.);|
|· Companies which provide technical or consultancy services concerning market research, marketing and business promotion;|
|· Public institutions, for the fulfillment of legal obligations related to commercial relationship, to investigate on crime or cyber-attacks delivered or suspected to our systems or to other visitors, or to manage disputes.|
Further information related to the third parties who may process your personal data are available by submitting a specific request to the data controller.
PROVISION OF DATA AND CONSEQUENCES OF REFUSAL TO REPLY
The communication of your personal data is mandatory when the process is necessary to browse in the website, to carry out commercial and information requests received through contact forms or personal area, to provide the services and to perform a contract with customers. the denial to submit those data will affect our capability to carry out your requests.
In the other cases, such as for marketing purposes, the transmission of data it’s optional and when necessary dependent to your explicit consent.
RIGHTS OF DATA SUBJECTS
We inform you about the existence of your rights to access to your personal data, to rectify and/or cancel the same, restrict the process performed on your data, object to processing activities and to request data portability (Articles 15 to 22 of the EU Regulations 2016/679 GDPR);
You can exercise your rights and get acknowledge about third parties to whom data may be shared with by writing to the e-mail address: email@example.com
If data processing has as legal base your explicit consent (art. 6, § 1, lect. a), you may revoke that consent in every moment, without prejudicing the lawfulness of processing activities previously carried out.
You are entitled to file your complaints with the control authority at the Supervisory Authority address for the protection of personal data, by sending a certified e-mail to the address firstname.lastname@example.org, or with the control authority of another EU member country.
This circular letter was updated on 09-03-2022.