Privacy Policy

PRIVACY POLICY pursuant to Italian Legislative Decree 196/2003 and EU Regulation 679/2016 (General Data Protection Regulation) According to the regulations indicated, the processing of data will be based on principles of correctness, lawfulness, transparency and protection of confidentiality and user rights. This policy is issued pursuant to Art.13 of Italian Legislative Decree196/2003 (Personal Data Protection Code), to users/visitors who interact with the www.barbanti.it website and has been updated in accordance with EU Regulation 2016/679 concerning “individuals with regard to the processing of personal data and the free movement of such data” and the regulations on cookies on the network and in particular the issue of the Provision issued by the Italian Data Protection Authority of 8 May 2014 “Identification of simplified methods for the privacy policy and the acquisition of consent for the use of cookies” and the subsequent “Clarification on the implementation of the regulations on cookies” issued on 5 June 2015. It only describes how the site is managed, with reference to the processing of personal data of the users/visitors who consult it, and not of external websites that can be consulted by users by clicking on the links on that site. Additional information may be provided within specific sections.

1. TYPE OF DATA PROCESSED AND PURPOSE OF PROCESSING 

1.1. Browsing data The computer systems and applications dedicated to the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Data Subjects but by its very nature could, through processing and association with data held by third parties, enable users/visitors to be identified. Among the data collected are the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and computer environment of the user. This data is processed for the time necessary to achieve the purpose for which it is collected, for the sole purpose of obtaining anonymous statistical information on the use of the site (access to the same) and to check its regular operation. This data could be used to determine responsibility in the event of possible computer crimes against the website.  1.2. Data provided voluntarily by the user Sending e-mail messages to the addresses indicated on this site (for example in order to request information) involves the acquisition of the sender’s address, as well as any other personal data included in the messages. Such data will be processed solely for the purpose of processing the request and communicated to third parties only in cases where this is necessary for the fulfilment of the same (e.g. delivery service of the requested documentation). We inform you that we may send you commercial and/or promotional communications relating to products and services similar to those covered by the contractual relationship unless you disagree. If users/visitors are required to provide their personal data to access certain services, specific and detailed information on the relative processing will be published on the pages relating to the individual services, pursuant to Art. 13 of Italian Legislative Decree 196/03, which will specify the limitations, purposes and methods of the processing itself.  1.3. Cookies Cookies are small text files that are sent from the website visited by the user to the user’s device (usually to the browser), where they are stored so that the device can be recognised the next time the user visits the website. In fact, on each subsequent visit, cookies are sent back from the user’s device to the site. See Cookie Policy 

2. METHODS OF PROCESSING 

The processing of personal data is carried out using automated means (e.g., using electronic procedures and media) and/or manually (e.g., on paper media) for the time strictly required to fulfil the purposes for which they were collected and, in any event, in compliance with the regulations in force on the subject. The data processing will also be carried out with organisational logic and processing strictly related to the purposes and in any case in such a way as to ensure the security, integrity and confidentiality of the data in compliance with the organisational, physical and logical measures provided for by the regulations in force. 

3. OPTIONAL NATURE OF DATA PROVISION 

Except as specified above for browsing data and cookies, the visitor is free to provide his or her own personal data, as in the case of requests for information or contact sent by e-mail or requests for access to freely chosen services, utilities and applications. Their absence may make it impossible to obtain what has been requested and may preclude Barbanti srl from fulfilling its contractual obligations as provided for in the mandate contract. 

4. DATA CONTROLLER, DATA PROCESSORS AND CATEGORIES OF OFFICERS 

The Data Controller of personal data processing is Barbanti srl with registered office in Via di Mezzo no. 78 – 41037 Mirandola (MO) The processing operations connected to the web services of this site are carried out exclusively by technical personnel responsible for the processing. In addition to the Data Controller’s employees, some personal data processing operations may also be carried out by third parties, to whom the company entrusts the management/maintenance of the site. In this case, the same subjects will be appointed as Data Processors. Information regarding data processors can be easily found by sending an email to  barbanti@barbanti.it The data shall not be disclosed. 

5. RIGHTS OF DATA SUBJECTS 

The subjects to whom the personal data refer have the right, at any time, to obtain confirmation of the existence or non-existence of such data and to know its content and origin, verify its accuracy or request its integration or updating, or correction pursuant to Art.7 of Italian Legislative Decree196/2003.Pursuant to the same article, Data Subjects also have the right to request that data concerning them which has been processed in violation of the law be deleted, transformed into anonymous form or blocked, and to oppose in any case, for legitimate reasons, its processing. Pursuant to Art. 13 EU GDPR, Data Subjects have the right at all times to know the identity and contact details of the Data Controller and, where necessary, his representative, the contact details of the Data Protection Officer, the purposes of the processing for which the personal data are intended and the legal basis of the processing, the legitimate interests pursued by the Data Controller or third parties appointed as Data Controllers, any recipients or categories of recipients of personal data, the data retention period and the Data Controller’s intention to transfer personal data to a third country or an international organisation. Pursuant to Art. 13 EU GDPR 679/2016, the Data Subjects may also at any time exercise the right to: – have access to personal data; – obtain the correction of personal data or the deletion of the same or the restriction of the processing concerning them; – object to the processing of the data; – use data portability; – withdraw consent at any time, without affecting the lawfulness of any processing based on consent given prior to revocation; – lodge a complaint with a Supervisory Authority, (for Italy, the Italian Data Protection Authority); – be informed about the possibility that the disclosure of personal data may be a legal or contractual obligation or a necessary requirement for the conclusion of a contract, and know whether the Data Subject is under an obligation to provide personal data as well as the possible consequences of not disclosing such data; – be informed about the existence of an automated decision-making process, including profiling, and in such cases, receive significant information about the logic used, as well as the importance and expected consequences of such processing for the Data Subject.  Pursuant to Art. 14 EU GDPR if the data have not been obtained from the Data Subject, the Data Controller Barbanti srl will provide the Data Subject with the following information:  1. a) the identity and the contact details of the Data Controller and, where applicable, of the Data Controller’s representative; b) the contact details of the Data Protection Officer, where applicable; c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; d) the categories of personal data concerned; e) the recipients or categories of recipients of the personal data if any; f) where applicable, the intention of the Data Controller to transfer personal data to a recipient in a third country and the existence or absence of an adequacy decision by the European Commission or, where necessary, reference to adequate or appropriate safeguards and the means of obtaining a copy of such data or the place where they were made available.  2. In addition to the information referred to in paragraph 1, the Data Controller shall provide the Data Subject with the following information necessary to ensure fair and transparent processing with regard to the Data Subject: a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period; b) the legitimate interests pursued by the Data Controller or third parties; c) the existence of the right to request the Data Controller for access to and rectification or erasure of personal data or the restriction of processing concerning the data subject and to object to the processing as well as the right to data portability; d) the existence of the right to withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation; e) the right to lodge a complaint with a Supervisory Authority, for Italy the Italian Data Protection Authority; f) from which source the personal data originate, and if applicable, whether it came from publicly accessible sources; g) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the Data Subject;  3. The Data Controller Barbanti srl shall provide the information referred to in paragraphs 1 and 2: a) within a reasonable period after obtaining the personal data, but at the latest within one month, having regard to the specific circumstances in which the personal data are processed; b) in the event that the personal data is intended for communication with the Data subject, at the latest at the time of the first communication to the Data Subject; or if communication to another recipient is envisaged, no later than the first communication of personal data.  4. Where the Data Controller intends to further process the personal data for a purpose other than that for which the personal data were obtained, the Data Controller shall provide the Data Subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2. For any information regarding the processing of data, users can send an email to barbanti@barbanti.it

6. CHANGES TO THIS PRIVACY POLICY This Privacy Policy may be subject to change. We, therefore, recommend that you regularly check this Policy and refer to the latest version.