WEBSITE DATA PRIVACY INFORMATION MODEL updated to EU Reg. 2016/679
(European regulation on the protection of personal data)
The company Cfc S.r.l., in the person of its pro tempore legal representative, with registered office in Via Minghetti, 29 40057– Granarolo dell’Emilia (BO); VAT number: 06761220968 takes the user’s privacy seriously and undertakes to respect it. This privacy policy (“Privacy Policy”) describes the personal data processing activities carried out by Cfc S.r.l. through the website www.cfcele.com and the related commitments undertaken in this regard by the Company. Cfc S.r.l. may process the user’s personal data when they visit the Site and use the services and features on the Site. In the sections of the Site where the user’s personal data are collected, specific information is normally published pursuant to art. 13 /15 of EU Reg. 2016/679. Where required by EU Reg. 2016/679, the user’s consent will be requested before proceeding with the processing of his personal data. If the user provides personal data of third parties, he must ensure that the communication of the data and the subsequent processing for the purposes specified in the applicable privacy information complies with EU Reg. 2016/679 and with the applicable legislation.
We therefore inform you, pursuant to art. 13 of the European Regulation 2016/679 (“Regulation”) that the processing of your personal data takes place according to methods suitable for guaranteeing security and confidentiality, and is carried out, using paper, computerized and/or telematic supports, as detailed in this information.
We therefore invite you, before communicating any personal data to the Data Controller, to read this Privacy Policy carefully because it contains important information on the protection of your personal data.
This Privacy Policy:
is understood to be made for the site www.cfcele.com (hereinafter: “Site”);
forms an integral part of the Site and the services we offer;
is made pursuant to Article 13 of the Regulation, to those who interact with the web services of the Site, both through simple consultation and through the use of specific services made available through the Site
The Data Controller can be contacted at the address: info@cfcele.com
This document was drawn up pursuant to art. 13 of EU Regulation 2016/679 (hereinafter: “Regulation”) in order to allow you to know our privacy policy, to understand how your personal information is managed when you use our sites (https://www.istitutoitalianoprivacy. it/ hereinafter collectively referred to as the “Site”) and, where appropriate, to give express and informed consent to the processing of your personal data. The information and data you provide or otherwise acquired in the context of using the services provided by Cfc S.r.l. through the website www.cfcele.com will be processed in compliance with the provisions of the Regulation and the confidentiality obligations that inspire the activity of the company Cfc S.r.l.
According to the provisions of the Regulation, the treatments carried out by the company Cfc S.r.l. through the website www.cfcele.com will be based on the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality.
INDEX
- Data controller
- The personal data being processed
- Navigation data
- Special categories of personal data
- Data provided voluntarily by the interested party
Purpose of the treatment - Legal basis and mandatory or optional nature of the treatment
- Recipients of personal data
- Retention of personal data
Rights of the interested party - Changes
- Cookies
- Security measures
Data Controller and Personal Data Protection Officer
The owner of the treatments carried out through the Website is the company Cfc S.r.l., in the person of its pro tempore legal representative, with registered office in Via Minghetti, 29 40057 – Granarolo dell’Emilia (BO); VAT number: 06761220968 as defined above, reachable at www.cfcele.com
The personal data being processed
Following navigation of the Site, we inform you that Cfc S.r.l. will process your personal data which may consist of an identifier such as a name, an identification number, an online identifier or one or more characteristic elements of your physical, economic, cultural or social identity suitable for making the interested party identified or identifiable ( hereinafter only “Personal Data”).
The Personal Data processed through the Site are as follows:
Contact details such as name, surname, email and telephone. Particular data freely provided by you “in your request” could be processed
to. Navigation data The computer systems and software procedures used to operate the Site acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, to identify anomalies and/or abuses, and are canceled immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site or third parties: except for this eventuality, the data on web contacts do not currently persist for more than seven days.
b. Special categories of personal data When using the “Contact” section of the website, there may be a transfer of your Personal Data falling within the category of special categories of Personal Data referred to in art. 9 of the Regulation, literally data suitable for revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data relating to the person’s health or sex life or sexual orientation”. We invite you to communicate such data only when strictly necessary. Indeed, we remind you that in the event of the transmission of special categories of Personal Data, but in the absence of specific manifestation of consent to process such data (which in any case obviously allows you to send a curriculum vitae), Cfc S.r.l. cannot be held responsible in any way, nor will it be able to receive disputes of any kind, since in this case the treatment will be permitted as it relates to data made manifestly public by the interested party, in accordance with the art. 9(1)(e) of the Regulation. However, we specify the importance, as already indicated above – of expressing explicit consent to the processing of special categories of Personal Data, should you decide to share such information.
c. Data provided voluntarily by the interested party In the use of some Website Services, the processing of Personal Data of third parties sent by you to Cfc S.r.l. through the website www.cfcele.com. With respect to these hypotheses, you act as an independent data controller, assuming all legal obligations and responsibilities. In this sense, it grants the widest indemnity on this point with respect to any objection, claim, request for compensation for damage from treatment, etc. which should reach Cfc S.r.l. by third parties whose Personal Data have been processed through your use of the Website’s functions in violation of the applicable personal data protection regulations. In any case, if it provides or otherwise processes Personal Data of third parties in the use of the Site, it guarantees from now on – assuming all related responsibility – that this particular hypothesis of treatment is based on an appropriate legal basis pursuant to art. . 6 of the Regulation which legitimizes the processing of the information in question.
Purpose of the treatment
Your personal data, once collected, is processed for the following purposes:
Purpose Legal basis
A. Execution, management and/or fulfillment of contractual obligations, also with reference to pre-contractual agreements, or subsequent agreements or specific orders/orders (including the fulfillment of the related administrative, accounting, tax and legal obligations). The treatments put in place for these purposes are necessary for the fulfillment of contractual obligations, and do not require a specific consent from the interested party.
B. Fulfilling obligations established by laws, regulations, European legislation, or by provisions issued by Authorities and Supervisory and Control Bodies The treatments put in place for these purposes are necessary for the fulfillment of legal obligations and to make the service / good requested, and do not require a specific consent from the interested party.
C. Detect your experience of using our web services, as well as the products and services we offer, as well as ensure the correct functioning of the web pages and their contents. The treatments put in place for these purposes are based on a legitimate interest of the Data Controller, and do not require a specific consent from the interested party.
D. Send you commercial communications relating to promotions and/or other offers, in the interest of the Data Controller or of other Companies connected to the Data Controller. The treatments put in place for these purposes are carried out with the specific consent provided by the user, with the exception of commercial communications relating to products and/or services similar to those already purchased and/or subscribed to by the user for which the treatment is based on a legitimate interest of the Data Controller.
E. Carry out profiling activities, i.e. analysis and processing of information relating to the customer, your preferences, habits, consumption choices and/or web browsing experiences. The treatments put in place for these purposes are carried out with the specific consent provided by the user, with the exception of an activity of analysis of elementary information relating to your consumption preferences.
Personal data may be processed by personnel of Cfc S.r.l. specifically authorized pursuant to art. 4 paragraph 10 of the EU Regulation which processes data under specific indications by the Data Controller. Your personal data will also be transmitted to third parties we use to provide our services; these subjects have been adequately selected by us and offer a suitable guarantee of compliance with the rules on the processing of personal data. These subjects have been appointed as data controllers pursuant to art. 28 of the EU Regulation, and are required to carry out their activities according to the specific instructions given by the Data Controller and under his control. These third parties may belong to the following categories: financial operators, internet providers, companies specializing in IT services; couriers; companies that carry out marketing activities; companies specialized in market research and data processing. A specific and updated list of these subjects is available at the headquarters of the Data Controller, and can be consulted at the request of the interested party. Your data may also be transmitted to the police forces and to the judicial and administrative authorities, in accordance with the law, for the investigation and prosecution of crimes, the prevention and protection against threats to public security, as well as to allow Cfc S.r.l. to exercise or protect one’s own right or that of third parties before the competent authorities, as well as for other reasons related to the protection of the rights and freedoms of others.
Legal basis and mandatory or optional nature of the treatment
The legal basis for the processing of Personal Data for the purposes referred to in section 3 (a-b-c) is art. 6(1)(b) of the Regulation as the treatments are necessary for the provision of the Services or for the response of requests from the interested party. The provision of Personal Data for these purposes is optional but failure to provide it would make it impossible to activate the Services provided by the Site. The purpose referred to in section 3.c represents a legitimate processing of Personal Data pursuant to art. 6(1)(c) of the Regulation. Once the Personal Data has been provided, the processing is indeed necessary to fulfill a legal obligation to which Cfc S.r.l. it is subject. For the treatments carried out for the purpose of direct sending of one’s own advertising material or one’s own direct sale or for carrying out one’s own market research or commercial communications in relation to products or services of Cfc S.r.l. similar to those requested by you, Cfc S.r.l. you can use, without your consent, e-mail and paper mail addresses pursuant to and within the limits permitted by the provision of the Guarantor Authority for the protection of personal data of 19 June 2008; the legal basis for the processing of your data for this purpose is art. 6.1.f) of the Regulation. In any case, pursuant to art. 21 of the Regulation, you have the possibility to oppose this treatment at any time, initially or during subsequent communications, easily and free of charge, also by writing to the Data Controller or to the DPO at the addresses indicated above, as well as to obtain immediate feedback confirming the interruption of this treatment (art. 15 of the Regulation).
Recipients of personal data
Your Personal Data may be shared, for the purposes referred to in section 3 above, with:
subjects who typically act as data controllers pursuant to art. 28 of the Regulation, i.e.: i) persons, companies or professional firms that provide assistance and consultancy services to Cfc S.r.l. in accounting, administrative, legal, tax, financial and debt collection matters relating to the provision of the Services; ii) subjects with whom it is necessary to interact for the provision of the Services (for example hosting providers) iii) or subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communication networks); (collectively “Recipients”); the list of data processors who process data can be requested from the Data Controller.
subjects, bodies or authorities, independent data controllers, to whom it is mandatory to communicate your Personal Data pursuant to the provisions of the law or orders from the authorities;
persons authorized by Cfc S.r.l. to the processing of Personal Data pursuant to art. 29 of the Regulation necessary to carry out activities strictly related to the provision of the Services, who are committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. employees of Cfc S.r.l.)
Data Retention
We inform you that your data will be kept for a limited period of time, which varies according to the type of processing activity and the specific purposes of the same, as exemplified below:
data collected to conclude and execute contracts for the purchase of goods or services: the data will be kept until the administrative-accounting formalities are completed. The billing data will be kept for ten years from the billing date;
data of the User registered on a portal/website: the data will be kept until you request cancellation of your profile;
payment data: the data will be kept until payment is received and the relative administrative-accounting formalities are concluded;
data collected in the context of using the services offered by Cfc S.r.l. these data are kept until the termination of the service or the cancellation of the subscription to the service by the User;
data connected to user requests to the Customer Service – Contacts: the data useful to assist you will be kept until your request is satisfied;
CV: for six months from receipt;
data provided for commercial communications activities, opinion polls and market research: up to the request by the user to interrupt the activity and in any case within 2 years from the last interaction of any kind of the interested party with Cfc S.r.l. At the end of these periods, your data will be definitively canceled or in any case irreversibly anonymised by Cfc S.r.l.
Rights of the interested parties
You can formulate a request for opposition to the processing of your data pursuant to article 21 of the GDPR in which to give evidence of the reasons justifying the opposition: the Data Controller reserves the right to evaluate the request, which would not be accepted in the event of the existence of binding legitimate reasons to proceed with the treatment which prevail over your interests, rights and freedoms. Requests must be addressed in writing to the Data Controller.
We inform you that you have the right to exercise the following rights in relation to the personal data covered by this information, as provided for and guaranteed by the Regulation:
Right of access and rectification (Articles 15 and 16 of the Regulation): you have the right to access your personal data and to request that they be corrected, modified or integrated. If you wish, we will provide you with a copy of the data we hold about you.
Right to data deletion (Article 17 of the Regulation): in the cases provided for by current legislation, you can request the deletion of your personal data. Once your request has been received and analysed, we will take care of discontinuing the processing and deleting your personal data, where found to be legitimate.
Right to limitation of treatment (Article 18 of the Regulation): you have the right to request the limitation of the processing of your personal data in the event of unlawful processing or dispute of the accuracy of personal data by the interested party.
Right to data portability (Article 20 of the Regulation): you have the right to request that the Data Controller obtain your personal data in order to transmit them to another Data Controller, in the cases provided for by the aforementioned article.
Right to object (Article 21 of the Regulation): you have the right to object at any time to the processing of your personal data carried out on the basis of our legitimate interest, explaining the reasons that justify your request; before accepting it, he will have to evaluate the reasons for your request.
Right to lodge a complaint (Article 77 of the Regulation): you have the right to lodge a complaint with the competent Guarantor Authority for the protection of Personal Data if it believes that a violation of your rights has occurred, or is in progress, with reference to the processing of your personal data. Further information about the rights of the interested party can be obtained by asking the Owner for a complete extract of the articles referred to above.
Changes
This privacy policy has been in effect since 25 May 2018. Cfc S.r.l. reserves the right to modify or simply update its content, in part or completely, also due to changes in the applicable legislation. Cfc S.r.l. will inform you of these changes as soon as they are introduced and they will be binding as soon as they are published on the Site. Cfc S.r.l. therefore invites you to regularly visit this section to read the most recent and updated version of the privacy policy in order to always be updated on the data collected and on the use made of it by Cfc S.r.l..
Cookies
This cookie policy refers exclusively to the site (“Site”) and must be understood as an integral part of the same’s Privacy Policy.
Definitions, characteristics and application of the legislation
Cookies are small text files that the sites visited by the user send and record on his computer or mobile device, to then be re-transmitted to the same sites on the next visit. Precisely thanks to cookies, a site remembers the user’s actions and preferences (such as, for example, login data, the chosen language, font size, other display settings, etc.) so that they do not have to be indicated again when the user returns to visit said site or navigates from one page to another of it. Cookies, therefore, are used to perform computer authentication, session monitoring and storage of information regarding the activities of users who access a site and can also contain a unique identification code that allows you to keep track of user navigation within of the site itself for statistical or advertising purposes. While browsing a site, the user can also receive cookies from sites or web servers other than the one he is visiting on his computer or mobile device (so-called “third-party” cookies). Some operations could not be performed without the use of cookies, which in some cases are therefore technically necessary for the site to function. There are various types of cookies, depending on their characteristics and functions, and these can remain on the user’s computer or mobile device for different periods of time: c.d. session cookie, which is automatically deleted when the browser is closed; CD. persistent cookies, which remain on the user’s device up to a pre-established deadline. According to the legislation in force in Italy, the express consent of the user is not always required for the use of cookies. In particular, this consent is not required for “technical cookies”, i.e. those used for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary to provide a service explicitly requested by the user.
In other words, these are cookies that are essential for the site to function or necessary to perform activities requested by the user. Among the technical cookies, which do not require express consent for their use, the Italian Guarantor for the protection of personal data (see Provision Identification of simplified procedures for the information and the acquisition of consent for the use of cookies of the 8 May 2014, hereinafter referred to as the “Provision”) also includes:
“cookie analytics” when used directly by the site manager to collect information, in aggregate form, on the number of users and how they visit the site,
navigation or session cookies which guarantee normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas);
functionality cookies, which allow the user to navigate according to a series of selected criteria (for example, the language, the products selected for purchase) in order to improve the service rendered to the same.
Conversely, for “profiling cookies”, i.e. those aimed at creating user profiles and used to send advertising messages in line with the preferences expressed by the user while surfing the net, the prior consent of the user is required. ‘user.
Types of cookies used by the Site
The Site uses the following types of cookies, and offers the possibility of de-selecting them, except for third-party cookies for which the user must refer directly to the relative selection and de-selection methods of the respective cookies , indicated by means of links:
Technical cookies – navigation or session – strictly necessary for the functioning of the Site or to allow the user to take advantage of the contents and services requested by them.
Analytics cookies, which allow the site manager to understand how it is used by users. These cookies do not collect information on the identity of the user, nor any personal data. The information is treated in aggregate and anonymous form.
Functionality cookies, used to activate specific features of the Site and a series of selected criteria (for example, the language, the products selected for purchase) in order to improve the service rendered.
Profiling cookies, aimed at creating user profiles and used to send advertising messages in line with the preferences expressed by the user while surfing the net.
Security measures
We are committed to protecting your personal data with specific technological and organizational security measures, aimed at preventing your personal data from being used illegitimately or fraudulently. We proceed to regularly test, verify and evaluate the effectiveness of the security measures, in order to guarantee continuous improvement in the security of the treatments.