DATA PROTECTION STATEMENT
TRANSPARENT COMMUNICATION AND MODALITIES FOR THE EXERCISE OF THE RIGHTS OF THE DATA SUBJECT
The user is asked to carefully read the following data protection statement in accordance with Articles 13 and 14 (if the personal data have not been obtained from the data subject but from other sources) of the General Data Protection Regulation (GDPR), and subsequent amendments and additions, to fully understand the basis on which personal data are collected, how they are used and stored and to whom they are disclosed, in particular with regard to:
· Website navigation data
· Website cookies
· Data provided voluntarily by the user while using the website
· Registration for access to the Spare Parts Catalogue - Website quotation request
· Processing of customer and supplier data
· Marketing, promotional and advertising activities
1. ABOUT US
In its capacity as Controller, this communication is made available by:
FREEFIELD S.r.l. a socio unico, with registered office in 43010 Fontevivo (PR), frazione Bianconese, Strada Romitaggio 27/A, C.F., P. IVA and Iscr. Reg. Impr. C.C.I.A.A. Parma N° 02952890347 (hereinafter also Company).
2. STATUTORY RIGHTS
The law guarantees a series of personal data rights. The Company undertakes to protect personal data and to comply with the data protection laws in force at any time. Further information and suggestions on rights can be obtained from the National personal data protection authority.
What does this mean?
1. Right to information
Users have the right to receive clear, transparent and easily understandable information on how their personal data are used and on their rights. That is why the information contained in this statement is provided.
2. Right of access
Users have the right to obtain access to their data (if these data are processed) and other information (similar to the information provided in this data protection statement). The purpose is to ensure users are aware and can check whether their personal data are used in accordance with the data protection law.
3. Right to rectification
Users have the right to have information corrected if it is inaccurate or incomplete.
4. Right to erasure
This is also known as “right to be forgotten” and, in short, allows users to ask for data to be erased or removed where there is no valid reason for continuing to use them. This is not a general right to erasure, since there are exceptions.
5. Right to restrict data processing
Users have the right to ‘stop’ or prohibit further use of their information. When data processing is restricted, the company can still store the information, but may not use it further. The company keeps lists of persons who have requested a "stop" to further use of their information to ensure compliance with this obligation in future.
6. Right to data portability
Users have the right to obtain and re-use their personal data for their purposes in various services. For example, if the user decides to change to a new supplier, this right allows the information to be easily moved, copied or transferred between the company's computer systems and their systems in a secure and protected manner, without compromising its usability.
7. Right to object to processing
Users have the right to object to processing for direct marketing purposes (carried out only subject to permission) and also to processing that is carried out to protect the company's legitimate interests.
8. Right to lodge complaints
Users have the right to make a complaint with the national data protection authority on the manner in which the company processes their personal data.
9. Right to withdraw consent
If the user has given his or her consent to the performance of any activity with his or her personal data, he or she has the right to withdraw his or her consent at any time (although, in that case, this does not imply unlawfulness of what has been done with the personal data up to that time with the user's consent). This includes the right to withdraw consent to the use of personal data for marketing purposes.
For further information on how to exercise rights, write to firstname.lastname@example.org
The Company may also transfer personal data to suppliers and third-parties that perform some services for it, always in compliance with data processing agreements and, in that case, on the basis of the user's consent. The data will be shared and made accessible to these external service suppliers only to the extent necessary to fulfil the purposes referred to in this statement. The user can request the list of suppliers and processors currently used by the Company.
3. WHAT PERSONAL DATA ARE COLLECTED AND HOW ARE THEY USED?
What are personal data?
Personal data refers to information that, directly or indirectly, allows the user to be identified as a natural person. “Directly” means, for example, name, surname and address; “indirectly” means when data are processed together with other information.
3.1. Navigation data
During their normal operation, the computer systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that has not been collected to be associated with identified data subjects, but which by its very nature could, through processing and associations with data held by third parties, allow users to be identified. This category of data includes the Internet protocol (IP) addresses or domain names of the computers used by users who connect to the website, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
Purpose and legal basis for processing
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct operation. The data may also be used to determine responsibility in the event of cybercrimes against the website (the Controller's legitimate interests).
As a rule, data are stored for short periods of time, with the exception of possible extensions connected with investigation activities.
Provision of personal data
The data are not provided by the data subject but acquired automatically by the technological systems of the website.
The Company does not collect cookies.
3.3 Data provided voluntarily by the user while using the website
The optional, explicit and voluntary sending by the user in connection with:
· Sending of e-mails and/or post sent to the contact details contained in the addresses on the website
· Sending of spontaneous candidates using the addresses indicated on this website
can entail subsequent acquisition and use of personal data to initiate the necessary purposes. The personal data will in any case be stored for a time that is consistent with the purpose of collection.
3.4 Processing of customer and supplier data
The data are processed to:
· conclude contractual/professional relations;
· fulfil pre-contractual, contractual and tax obligations arising from existing relations, and also manage the necessary communications connected with them;
· fulfil obligations provided for by the law, a regulation, EU regulations or order of the Authority;
· exercise a legitimate interest and also a right of the Controller (for example: the right to defence in court proceedings, protection of creditor positions; ordinary internal operating, management and accounting requirements).
Purpose and legal basis for processing
Administrative and accounting (contract and legitimate interest).
Times consistent with the purpose of collection.
Provision of personal data
Mandatory to come into contact with the Company.
3.5 Marketing, promotional and advertising activities
Purpose and legal basis for processing
Marketing, promotional and advertising activities regarding the Company's products and services through automated systems (fax, paper mail, e-mail). The legal basis consists of consent.
Stored until consent is withdrawn. Once consent has been withdrawn, the Controller will stop using the data for such purposes, but may store them in order to protect itself from possible responsibilities based on such processing.
Provision of personal data
Express and optional consent.
4. LEGAL GROUNDS FOR USING THE USER'S INFORMATION
In certain circumstances, personal data may be processed after obtaining the user's consent in order to send marketing communications. In most cases, it is in the Company's legitimate interest to collect and use the personal data, as described above in “What personal data are collected and how are they used?”, so as to provide the user with a service that is as useful as possible and to better understand customers in order to improve marketing activities. Personal data are processed using manual or computer tools, with adoption of logics strictly related to the purposes and, in any case, in such a way as to ensure the security and confidentiality of the data.
5. REQUESTS TO THE COMPANY
The Company is required by law to carry out requests and provide information free of charge, except in the case where requests are manifestly unfounded or excessive (especially because of their repetitive nature). In such a case, the Company may charge a reasonable fee (taking into account the administrative costs of providing the information or communication, or taking the action requested), or refuse to carry out the request. Please ponder your request responsibly before sending it. The Company will reply as soon as possible. Generally, a reply will be sent within a month of receiving the request. If more time is required, the Company will contact and inform the user.
This statement is in force from 24 May 2018. The Company reserves the right to change it or just update part or all of its content also because of changes in applicable regulations. The Company invites the data subject to regularly visit this section to take note of the most recent and updated version of the data protection statement so as to always be updated on the Personal Data collected and on the use the Company makes of them.
1) 'personal data' means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2) 'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3) 'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
4) 'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
5) 'recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
6) 'third party' means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
7) 'consent of the data subject' means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
8) 'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
9) 'supervisory authority' means an independent public authority which is established by a Member State pursuant to Article 51;
10) 'supervisory authority concerned' means a supervisory authority which is concerned by the processing of personal data because: a) | the controller or processor is established on the territory of the Member State of that supervisory authority; b) data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or c) a complaint has been lodged with that supervisory authority.