PRIVACY POLICY

Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data (hereinafter the “Regulation”), we inform you that this notice describes the methods of processing personal data of users who consult the website of Donati Holding S.r.l.

The Data Controller is:

Donati Holding S.r.l.
Via Europa 17 – 25050 Passirano (BS)
Tax Code and VAT No. 02785300985
E-mail: privacy.gruppodonati@donatiholding.it
Certified Email (PEC): asei@legalmail.it

 

1. TYPE OF DATA PROCESSED

A) Browsing data.
The IT systems and software procedures used to operate the website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category includes, by way of example:

• IP addresses or domain names of the devices used;
• URI addresses of the requested resources;
• time of the request;
• method used to submit the request to the server;
• size of the file obtained in response;
• numerical code indicating the status of the server response;
• parameters relating to the user’s operating system and IT environment.

B) Data provided directly by the user.
No provision of personal data by the user is required to consult the website. However, each user has the option to send, entirely spontaneously and voluntarily, communications and/or requests to one or more of the contact details available on the website. The data and information thus collected will be processed in compliance with the applicable regulations.

C) Cookies.
The website uses technical cookies and similar tools necessary for the proper functioning of web pages and for navigation security. Cookies are small text files that visited websites send to the user’s device, where they are stored to be then retransmitted to the same websites at the next visit.

For detailed information on the types of cookies used, the purposes, the management methods and the user’s rights, please refer to the specific Cookie Policy.

2. PURPOSES OF PROCESSING AND LEGAL BASES

The personal data collected through browsing the website are processed in order to ensure the correct technical functioning of the platform, the security of IT systems and the protection of networks. Such processing is based on the legitimate interest of the Data Controller in ensuring the security and operability of the website, pursuant to Article 6(1)(f) of the GDPR. The information collected may also be used in aggregated and anonymous form for statistical analyses relating to the use of the website, always on the basis of the legitimate interest of the Data Controller.

If the user sends spontaneous communications to the contact details indicated on the website (for example via e-mail), the personal data provided will be processed exclusively to manage and respond to the request received. In this case, the processing is based on the performance of pre-contractual measures adopted at the request of the data subject pursuant to Article 6(1)(b) of the GDPR. Browsing data may also be used to ascertain liability in the event of possible cybercrimes against the website, on the basis of the legitimate interest of the Data Controller in protecting its rights.

3. METHODS OF DATA PROCESSING

The processing of the personal data of the user-visitor is carried out by means of manual and/or IT tools, with organizational systems related to the purposes of the processing and in such a way as to guarantee the security, integrity and confidentiality of the data themselves. The processing may be carried out with or without the aid of electronic tools. The Data Controller does not in any way use automated decision-making processes concerning the personal data collected. The processing is carried out by the Data Controller, by persons authorized to process pursuant to Article 29 GDPR, and by external subjects appointed for this purpose as Data Processors pursuant to Article 28 GDPR.

4. PERSONAL DATA RETENTION PERIOD

Browsing data are retained for the time strictly necessary for the purposes indicated above and, in any case, in compliance with the applicable legal terms. The data contained in communications sent voluntarily are retained for the time necessary to manage the request.

5. DISCLOSURE OF DATA

Personal data may be disclosed to persons authorized to process (employees and collaborators of the Data Controller) for purposes connected with or related to the processing itself.

The data collected may also be disclosed to third-party companies formally appointed as Data Processors pursuant to Article 28 of the GDPR that operate on behalf of Donati Holding S.r.l. and according to its instructions, but exclusively for activities strictly connected to the purposes indicated above (e.g. to ensure the operability of the Internet service, the management of the IT and telematic system).

6. PLACE OF DATA STORAGE

Personal data are not transferred outside the European Economic Area. Should this become necessary for the use of IT or hosting services, the transfer will take place in compliance with Articles 44 et seq. GDPR.

7. RIGHTS OF THE DATA SUBJECT

Data Subjects may exercise the rights provided for in Articles 15-22 of the GDPR, which include:

  • access to personal data, as provided for by Article 15 of the GDPR;
  • rectification or integration of Personal Data held by the Company deemed inaccurate, as provided for by Article 16 of the GDPR;
  • erasure of personal data for which the Company no longer has any legal basis for processing, as provided for by Article 17 of the GDPR;
  • restriction of the manner in which the company processes personal data, where one of the cases provided for in Article 18 of the GDPR applies;
  • copy of the personal data provided to the company, in a structured, commonly used and machine-readable format, as well as transmission of such personal data to another data controller (so-called portability), as provided for by Article 20 of the GDPR;
  • the right to object at any time, for reasons related to his or her particular situation, to the processing of personal data for the pursuit of the Data Controller’s legitimate interest, as provided for by Article 21 of the GDPR;
  • the right not to be subject to automated decisions, including profiling, as provided for by Article 22 of the GDPR.

The data subject may exercise the rights pursuant to Articles 15–22 GDPR by writing to privacy.gruppodonati@donatiholding.it or via Certified Email (PEC) to asei@legalmail.it. If he or she considers that the processing of his or her personal data is carried out by the Data Controller in violation of the Regulation and/or the applicable legislation, he or she may lodge a complaint with the Data Protection Authority according to the procedures indicated on the website www.garanteprivacy.it, without prejudice to his or her right to take action before any other administrative and/or judicial authority.

8. UPDATES

This notice may be subject to modifications and updates, also in relation to regulatory changes, technological developments or changes in the organization of the Data Controller and in the processing carried out through the website. Users are invited to periodically consult this page to view the latest available version.