1. Dear User, Ghimas spa (CF and VAT number 00499021202), with registered and administrative office in 40133 Casalecchio di Reno (BO), at via Domenico Cimarosa 85, registration number in the Bologna Business Register 00290990373, as owner of the processing of personal data wishes to inform you about the purposes and methods of processing your personal data.
2. This information is provided in accordance with art. 13 of Legislative Decree. n. 196/2003, Code regarding the protection of personal data, and in accordance with art. 13 of the EU Regulation n. 2016/679 (GDPR), concerning the protection of individuals and the processing of personal data as well as the free circulation of such information.
3. The purpose of this document is to provide information on the methods, timing, and nature of the information that the data controllers must provide to users when connecting to the web page of www.ghimas.it, regardless of the purpose of the connection itself, according to the Italian and European legislation.
II- DATA PROCESSING
1. Data Owner
1. The data controller is Ghimas s.p.a (Tax Code and VAT number 00499021202), with registered and administrative headquarters in 40133 Casalecchio di Reno (BO), at via Domenico Cimarosa 85, registration number in the Bologna Business Register 00290990373.
2. Responsible for data processing
1. The personal data manager (DPO) can be contacted for questions concerning the processing of your data, at the e-mail address email@example.com.
3. Place of data processing and data transfer
1. The management and storage of personal data will take place on servers, located within the European Union, of the Data Controller and / or third-party companies appointed and duly appointed as Data Processors. The servers are currently located in Italy. The data are not currently being transferred outside the European Union.
2. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to Italy, within the European Union and / or to non-EU countries.
3. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in accordance with Articles 44 ff. of the Regulations and the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection.
III- DATA PROCESSED
1.Data processing method
1. Personal data are processed with automated tools for the strictly necessary time to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
2. For security purposes (anti-spam filters, firewalls, virus detection), the automatically recorded data may also include personal data such as the IP address, which could be used, in accordance with the laws in force on the subject, to block attempts of damage to the site itself or of causing damage to other users or activities that are harmful or constituting a crime. These data are never used for the identification or profiling of the user, but only for the purpose of protecting the site and its users. Such information will be used based on the legitimate interests of the owner.
2. Purpose of data processing
1. The data collected by the site during its operation are used exclusively for the following purposes:
- deliver, develop and improve our services.
- allow us to improve, customize or modify our services and offers.
- verify the effectiveness of our marketing campaigns.
- improve data protection.
2. The collected data are kept for the time strictly necessary to carry out the specified activities.
3. The data used for security purposes (blocking attempts to damage the site) are kept for the time strictly necessary to achieve the purpose previously indicated.
3. Data provided by the user
1. As indicated above, the optional, explicit, and voluntary sending of e-mails to the addresses indicated on this website, the possible compilation of forms prepared for information and contact requests, registrations and / or newsletters involve the subsequent acquisition of the e-mail address of the sender, necessary to respond to requests, as well as any other personal data included in the message or according to the requested service.
2. Specific summary information will be progressively reported or displayed on the pages of the site set-up for services requested.
V- USER RIGHTS
1.The user, with reference to the data processed by the Company, can exercise the rights referred in Articles 15 to 22 of the GDPR at any time.
2. In particular, the interested party can:
- ask the owner for access to personal data (Article 15 EU Regulation), their updating (Article 7, paragraph 3, letter a of Legislative Decree 196/2003), correction (Article 16 EU Regulation), integration (art.7, co. 3 lett. to Legislative Decree 196/2003), the limitation of the treatment that concerns him (art.18 EU Regulation) or to oppose, for legitimate reasons, their treatment (art.21 EU Regulation), in addition to the right to data portability (art.20 EU Regulation)
- request cancellation (Article 17 of the EU Regulation), transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed (art. 7 co. 3, lett. b of Legislative Decree 196/2003)
- obtain the attestation that the updating, rectification, integration of data, cancellation, data blocking, transformation operations have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right (art. 7 co. 3, lett. c of Legislative Decree 196/2003).
3. Requests can be addressed to the data controller at his email address firstname.lastname@example.org.
4. Likewise, in the event of violation of the law, the user has the right to lodge a complaint with the Guarantor for the Protection of Personal Data, as the authority responsible for monitoring the processing in the Italian State.
5. For additional examination of the rights that belong to you, see articles 15 and ss. Of EU Regulation 2016/679 and art. 7 of Legislative Decree. 196/2003.
VI - SECURITY OF THE DATA PROVIDED
1. Ghimas spa undertakes to protect the safety of the user and respects the provisions on security provided by the applicable legislation to avoid data loss, illegitimate or illicit use of data and unauthorized access to them, with particular attention non-exclusive reference to articles 25-32 of the Regulation. Ghimas s.p.a. uses advanced security technologies and procedures to promote the protection of users' personal data.
2. In addition to the owner, in some cases, categories of employees involved in the organization of the site (administrative, marketing, commercial, legal, system administrators) or external subjects such as (as suppliers of third-party technical services, postal couriers, hosting providers, IT companies, communication agencies).
VII - CHANGES TO THIS DOCUMENT
1.This information may be subject to changes. It is therefore advisable to check this information regularly and refer to the most updated version.
2. The document was updated on 30.11.2020 to comply with the relevant regulatory provisions and with EU Regulation 2016/679.