Notice to data subject in relation to personal data processing pursuant to Regulation 2016/679 (GDPR)
“Personal Data” or “Data” means all the information concerning an identified or identifiable natural person (the “Data Subject”) processed by Data Controller to provide Services. “Personal Data Processing” means any operation or group of operations, performed with or without using automated processes, directed to the collection, registration, organisation, storage, consultation, elaboration, change, extraction, selection, comparison, use, interconnection, block, disclosure, dissemination, cancellation and destruction of data, even if not recorded in a database. “Data Protection Authority” means the Authority set forth in Article 153 of the Code that performs the duties indicated in subsequent Article 154. “Applicable Law” means (EU) Regulation 2016/679 of the European Parliament and the Council of April 27th, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “Regulation”), the Code as well as any other law or act having validity of law on personal data protection applicable in Italy, including the measures adopted by the Data Protection Authority.
Data Controller is C&P s.r.l, with registered office in Via Pirandello 23A, 10023 Chieri TO (hereinafter the “Company”) in the person of its pro tempore legal representative. Please find below the details that permit to swiftly contact Data Controller and directly and effectively communicate with him, by email at the following address: firstname.lastname@example.org
Data Protection Officer (DPO)
Please find below the details that permit to swiftly contact the DPO domiciled at this company and directly and effectively communicate with him, by email at the following address: email@example.com
Pursuant to Article 13 of EU Regulation No. 2016/679 (hereinafter “GDPR 2016/679”) containing provisions directed to protect natural persons and other subjects with reference to personal data processing, we wish to inform you that the personal data you have provided us and will provide us in the future will be processed in accordance with the provisions of the legislation in force and in compliance with privacy obligations.
Processed data is that provided by the data subject upon contractual proposals and/or offers, goods and/or service supply agreements, disclosures and transactions subsequent to orders, visits, and communications occurred by phone and/or email or through the company website portal, direct contacts during participations in shows, exhibitions, etc.
Data provided by users voluntarily
The optional, explicit and voluntary sending of emails to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary to reply to his/her enquiries, as well as of other personal data included in the message.
For enquiries related to specific services where the filling in of a specific form is proposed, with the obligation for the user to enter certain data, the explicit consent of the user will be requested.
Data processing purposes
The personal data that you provide us are necessary to fulfil the obligations provided for by law. The aforementioned data will be used solely for the purposes connected with the mutual obligations arising out of contractual relationships and the consequent legal fulfilments, to comply with the provisions of the legislation on Telecommunications, as well as to carry out an effective administrative management of the existing relationships with you and to send communications (newsletters) with your prior consent. Data provision is optional, but necessary to achieve the purposes indicated above and the unavailability of the same does not allow fulfilling the obligations mentioned above or the administrative and accounting management of the relationship.
Processing legal basis
Processing is carried out based on the existence of the legitimate interest since a relevant and appropriate relationship exists between the data subject and the data controller (contractual relationship).
Processing and storage procedures
Processing will be performed in automated and/or manual form with digital or paper means, in compliance with the provisions of Article 32 of GDPR 2016/679 by persons specifically entrusted and in accordance with the provisions of Article 29 of GDPR 2016/ 679. We bring to your attention that, in compliance with the principle of lawfulness, limitation of purposes and minimisation of data pursuant to Article 5 of GDPR 2016/679, upon your prior free and explicit consent expressly given at the bottom of this policy, your data will be stored for the time necessary for achieving the purposes for which it is collected and processed. Afterwards, personal data will be stored and not further processed for the time set out by the provisions on civil and fiscal matters and by those of the legislation on Telecommunications. For activities concerning administration, orders, management of budgeting and of the whole production flow, support and maintenance, shipment, invoicing, services and management of any disputes: 10 years as set out by Article 2220 of the Italian Civil Code, without prejudice to any delayed payments that justify their extension.
Scope of disclosure and dissemination
Furthermore, we inform you that collected data will never be disseminated and disclosed without your explicit consent, except for the necessary disclosures that may entail its transfer to public entities, authorities and supervisory and control bodies, consultants, providers or other parties to fulfil legal obligations, parties that handle on behalf of Data Controller administrative and fiscal fulfilments and management procedures of Data Controller’s computer system and telecommunication networks, officers appointed by Data Controller for the specific management of professional activities of administrative, computer, commercial, and marketing nature.
Transfer of personal data
The undersigned company does not transfer data to Member States of the European Union or to Third Party Countries not belonging to the European Union. However, it reserves the possibility of using cloud services located inside the European Union, in this case service providers will be selected among those who give adequate guarantees, as provided for by Article 46 of GDPR/679/16. It is in any case understood that, if necessary, the undersigned company, in its capacity as Data Controller, may move servers even in extra-EU Countries (Switzerland and USA) and ensures that extra-EU data transfer will be made in accordance with applicable law provisions, for which there are a Data Protection Authority’s adequacy decision (Switzerland) or eligible subjects being parties to Privacy Shield (USA) or upon stipulation of the standard contractual clauses provided for by the European Commission.
Particular categories of personal data
Pursuant to Articles 26 and 27 of Legislative Decree 196/2003 and to Articles 9 and 10 of EU Regulation No. 2016/679, you might provide data qualifiable as “particular categories of personal data”, i.e. data revealing “the racial or ethnic origin, political opinions, religious or philosophical beliefs, unions’ membership, as well as genetic data, biometric data aimed at identifying univocally a natural person, data concerning health or sexual life or orientation of the person”. These categories of data may be processed only with your prior free and explicit consent to be expressed in writing at the bottom of this policy.
Existence of an automated decision-making process, including targeting
The undersigned company does not adopt any automated decision-making process, including profiling, provided for by Article 22, paragraphs 1 and 4, of EU Regulation No. 679/2016.
Data Subject’s rights
Pursuant to Articles 15-22 of EU Regulation No. 2016/679, you may exercise at any time the right to:
a) request the confirmation of the existence of your personal data;
b) get indications about processing purposes, personal data categories, recipients or recipient categories to whom personal data has been or will be disclosed and, whenever possible, the storage period;
c) obtain data rectification and cancellation;
d) obtain processing limitation;
e) obtain data portability, i.e. receive it by a data controller, in a structured form, which is of common use and readable by an automatic device, and transmit it to another data controller without any impediments;
f) oppose to the processing at any time and even in the case it is processed for direct marketing purposes;
g) oppose to an automated decision-making process concerning natural persons, including profiling;
h) request data controller to give you access to your personal data and the possibility of rectifying or cancel it or of limiting its processing or to oppose to its processing, in addition to the right to data portability;
i) withdraw your consent at any time without prejudice to the lawfulness of the processing based on the consent given before your withdrawal;
j) submit a claim to a Data Protection Authority.
You may exercise your rights by written request sent to the mail address of the registered office, Via Pirandello 23A, 10023 Chieri TO, or the email address: firstname.lastname@example.org – the policy is available to the following link: https://www.candp.it/c-p-privacy-cookie-policy/
Claim to the Data Protection Authority
The Data Subject has the right to submit a claim to the Data Protection Authority in the case that his/her enquiries to Data Controller did not have satisfactory answers.
The relevant Authority is the Data Protection Authority:
Cookies are short text fragments (letters and/or numbers) that allow the server web to store on the client (the browser) information to be re-used during the same visit of the website (session cookies) o afterwards, even after some days (persistent cookies). Cookies are stored, based on the user’s preferences, by the single browser on the specific device used (computer, tablet, and smartphone).
Similar technologies, such as web beacon, transparent GIFs and all the forms of local storage introduced by HTML5, can be used to collect information on user’s behaviour and on his/her use of the services.
Below in this document we will refer to cookies and all similar technologies by simply using the term “cookies”.
Types of cookies
Strictly Necessary Cookies:
Analysis and Performance Cookies:
These cookies are used to collect and analyse the traffic and the use of the website in an anonymous manner. Even if these cookies do not identify the user, they permit for example to detect if the same user connects again to the website in different moments. They also permit to monitor the system and improve its performances and usability. Deactivation of these cookies can be made without losing any functionality.
Visiting a website you may receive cookies both from the visited website (“proprietary”) and from websites managed by other organisations (“third parties”). A remarkable example is represented by the presence of the “social plug-ins” for Facebook, Twitter, and LinkedIn. These are parts of the visited page directly generated by the above-mentioned websites and integrated in the page of the host website. The most common use of social plug-ins is aimed at sharing contents on social networks.
The presence of these plug-ins entails the transmission of cookies from and to all the websites managed by third parties. The management of the information collected by “third parties” is regulated by the relevant cookie policies, which you are invited to read. In order to ensure a greater transparency and convenience, please find below the web addresses of the various cookie policies and of the procedures for cookie management.
Facebook (configuration): login to your account. Section privacy.
Twitter (configuration): https://twitter.com/settings/security
LinkedIn (configuration): https://www.linkedin.com/settings/
Google+ (configuration): http://www.google.it/intl/it/policies/technologies/managing/
candp.it website also includes some components transmitted by Google Analytics, a service of web traffic analysis provided by Google, Inc. (“Google”). Even in this case, they are third-party cookies collected and managed in an anonymous manner to monitor and improve performances of the host website (performance cookies).
Google Analytics uses “cookies” to collect and analyse in an anonymous form the information on use behaviour of candp.it websites (including the user’s IP address). This information is collected by Google Analytics, which processes it in order to draw up reports for candp.it operators concerning the activities on the same websites. This website does not use (and does not allow third parties to use) Google analysis tool to monitor or collect identification personal information. Google does not associate the IP address to any other address owned by Google or seek to link an IP address to a user’s identity. Google may also disclose this information to third parties, if this is required by law or where such third parties process the above-mentioned information on behalf of Google.
For further information, please refer to the link below: https://www.google.it/policies/privacy/partners/
User may disable in a selective manner the action of Google Analytics by installing on his/her browser the opt-out component provided by Google. To disable the action of Google Analytics, please refer to the link below: https://tools.google.com/dlpage/gaoptout
Duration of Cookies
Some cookies (session cookies) remain active only until the browser is closed or the logout command is executed. Other cookies “survive” the closure of the browser and are available even in user’s subsequent visits.
These cookies are called persistent cookies and their duration is fixed by the server when they are created. In some cases, a deadline is fixed; in other cases their duration is unlimited.
candp.it website does not use persistent cookies.
However, navigating through candp.it website pages, you can interact with websites managed by third parties, which may create or change permanent and profiling cookies.
Warning: the full or partial disabling of technical cookies may jeopardize the use of the website functionalities reserved to registered users. On the contrary, the availability of public contents is possible even disabling cookies completely.
Disabling “third-party” cookies does not jeopardize user’s navigation in any manner.
You can specifically define cookie settings for the various websites and web applications. Furthermore, the best browsers allow defining different settings for “proprietary” cookies and for “third-party” cookies.
For example, in Firefox, through the menu Tools->Options->Privacy, you can enter the control panel where you can define whether accepting or refusing the various types of cookies and proceed with their removal.