This document describes how to manage the website inthezon.com (“Site”), with reference to the processing of personal data of users (“User/Users”) who consult it.
It is an information provided pursuant to art. 13 of the EU Regulation 679/2016 (“GDPR”), to all those who communicate with Bebit S.r.l. (“Bebit” or the “Company”) by filling out the special telematic form for requesting information about the services of the Data Controller, available in the “Contact Us” section of the Site, or by sending an email message to the email address on the Site.
The information is provided only for the Site and not for other websites that may be consulted by the user through links on the Site.
- Data controller
The data controller of the processing of personal data is the company Bebit S.r.l., with registered office in 10152 Turin, Cortile del Maglio, Via Andreis 18/16/M (“Data Controller”).
- Types of data processed and purposes of processing
2.1 Personal data
The completion of the electronic form for requesting information about the services of the Data Controller, in the “Contact Us” section, involves the acquisition of the User’s personal data, i.e. name, surname, reference company, telephone and email.
2.2 Navigation data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the communication protocols of the Internet.
This information is not collected to be associated with identified data subjects, but by their very nature could, through processing and association with data held by third parties, allow Users to be identified.
This category of data includes IP addresses or domain names of the computers used by Users who connect to the Site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the User’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site: except for this possibility, at present the data on web contacts do not persist for more than seven days.
2.4 Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the email address indicated on the Site or the requests for information sent through the use of the “Contact Us” section of the Site itself, imply the subsequent acquisition of any other personal data of the Users included in such communications, which will be processed by the Data Controller for the purposes indicated in the following paragraph 3.
- Purpose and legal basis of the processing
The processing of the User’s personal data by the Data Controller is aimed at:
- a) pursue its own legitimate interest, consisting in ensuring the security of the Site and the information exchanged on the same, i.e. the ability of said Site to resist, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and the security of the related services offered or made accessible, pursuant to Article 6.1, letter f) of the GDPR;
- b) allow the User to request information from the Data Controller regarding the services promoted by the latter on the Site and to process requests for information from Users sent to the e-mail address of the Data Controller (e.g.: provide the User with the requested quote), pursuant to art. 6.1, lett. b) of the GDPR.
- c) sending newsletters and promotional communications to Users who sent information to the Data Controller, based on the legitimate interest of the Data Controller in keeping such data subjects updated on the activities carried out by itself and on the services offered as part of its communication and marketing activities, pursuant to Article 6.1(f) of the GDPR”.
- Modalities of processing
Personal data are processed with manual, computerized and automated systems for the time necessary to achieve the purposes for which they are collected.
The Data Controller adopts specific security measures in order to ensure the processing of data in compliance with the GDPR, with particular regard to the prevention of loss of such data, unlawful or incorrect use or unauthorized access to databases.
It should also be noted that the User’s personal data are processed by persons duly appointed to carry out these tasks, constantly identified and / or appointed, properly trained and made aware of the constraints imposed by law.
- Nature of the data and consequences of a possible refusal to answer
The provision of data for the purposes referred to in paragraph 3 is optional.
The processing of data is necessary to forward requests for information to the Data Controller, to allow the latter to fulfill the requests of users, to communicate to users any quote required for the use of the services of the Data Controller. The refusal to the above processing, therefore, would make it impossible for the User to communicate with the Data Controller and/or for the latter to process the User’s request.
- Rights of the data subjects
The User, as data subject (i.e. subject to whom the Data refer), is entitled to the rights conferred by the GDPR. In particular, according to art. 15 and ss. of the GDPR, at any time and free of charge, the User has the right to request information regarding the existence of the Data processing, the period of conservation of the same, to obtain a copy, to rectify, integrate, update, cancel. The User has the right to obtain the limitation of the processing of the Data and to receive a copy of them in a common and machine-readable format. The User also has the right to oppose the processing and to complain to the competent data protection authority.
To exercise these rights, simply write to Bebit, at the registered office indicated above or at the e-mail address firstname.lastname@example.org.
If the data subject believes that his rights had been violated, by the Data Controller and / or a third party, he has the right to complain to the Italian Data Protection Authority and / or other competent supervisory authority.
- Communication of data
Personal data collected on the Site will not be communicated, sold or transferred to third parties, except in cases provided for by law.
This is without prejudice, in any case, of the communication of data to companies specifically charged with the carrying out of certain services as part of the activities carried out by the Data Controller and / or, in general, in his favor, which will operate as independent Data Controllers and / or data processors, and the communication and / or dissemination of data required, in accordance with the law, to the police, the judiciary, information and security organizations or other public entities for purposes of defense or state security or prevention, detection or prosecution of crime.
- Duration of processing
The data processing will have a duration not exceeding that necessary for the purpose for which the data were collected, after which they will be stored only in the performance of legal obligations in force, for administrative purposes and / or to assert or defend their rights, in case of litigation and pre-litigation.
*** *** ***
Previous version: 14 October 2016