INFORMATION ON THE PROCESSING OF PERSONAL DATA
of users visiting the Tonello Srl website pursuant to article 13 of the UE Regulation 2016/679
THE AIM OF THIS DOCUMENT
Pursuant to the Legislative Decree 196/03 and the UE Regulation 2016/679 (hereinafter "GDPR"), this page describes the methods for processing personal data of users visiting the website of the Data Controller specified here below which can be accessed electronically at the following address:
This information does not apply to any other websites, pages or web services that can be reached through hyperlinks published in this website.
As a consequence of the use of the websites listed above, the data relating to identified or identifiable natural persons can be processed.
The Data Controller is Tonello Srl, based in via della Fisica n. 1/3 – 36030 Sarcedo (VI) (Italy) – e-mail: firstname.lastname@example.org PEC: email@example.com – Tel. + 39 0445 343200 - Fax +39 0445 380166.
LEGAL BASIS FOR PROCESSING PERSONAL DATA
Personal data provided in this page are processed by Tonello Srl in the management of the business relationship and in the supply of the service offered.
TYPES OF DATA PROCESSED AND PURPOSES OF DATA PROCESSING
During their normal operation, the computer-based systems and the software procedures for running this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified Data Subjects, but by its own nature might lead to the identification of users by processing and associating data held by third parties.
This category of data includes IP addresses or the domain names of the computers used by those who access the site, the URI addresses (Uniform Resource Identifier) of the required resources, the time of the request, the method used to submit the request to the server, the size of the file received in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters about the operating system and the IT environment of the user.
These data are necessary for using the web services and processed for the following purposes:
- To obtain statistical information on the use of the services (the most visited pages, number of visitors by hourly or daily intervals, geographical origin area, etc.);
- To obtain anonymous statistical information about the use of this website and to monitor its correct operation. In this case the data are cancelled immediately after the processing. The data may be used to ascertain responsibility in case of hypothetical computer crimes against the site.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of personal data to access specific services (access registration to reserved areas), or to submit information requests to the e-mail addresses indicated on the website mentioned above, entails the subsequent acquisition of the sender’s personal data present in his/her request, which are necessary to answer it. The sending of e-mail messages to the e-mail addresses given in this website entails the subsequent acquisition of the sender’s address (which is required to respond to requests), as well as any other personal data present in the message.
This category of data includes first name, last name, e-mail address, geographical address, telephone number, trade name, etc.
* * * * *
In compliance with the Regulation issued by the Italian supervisory authority for data protection No. 229 dated 8 May 2014, containing “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies”, Tonello Srl has to inform users about the navigation cookies present in the website www.tonello.com. This information document applies only to the above-mentioned website, not to websites of third parties that can possibly be accessed by the user through links contained in the website.
What cookies are
Cookies are small files that are sent to the browser being used and stored on the user’s device when visiting a website, such as www.tonello.com. Cookies enable the website proper operation and improve its performance, provide the website’s owner with information for statistical and marketing purposes, above all in order to customize the navigation by remembering user’s preferences. The website www.tonello.com uses different types of first-party cookies (which are prepared and managed by Tonello Srl) and third-party cookies (which are prepared and managed by third parties according to their own privacy policies, and not under the control of Tonello Srl), as explained in the following table:
TYPE OF COOKIES
Technical cookies (session or navigation cookies)
They guarantee the normal navigation and use of the website and they are aimed at improving and optimizing the website navigation.
Tonello Srl uses this type of cookies as default.
They are strictly necessary to provide services which have been explicitly required by the user.
Tonello Srl uses this type of cookies as default.
Analytics cookies (first-party)
They are used exclusively by the Data Controller to collect (aggregated and anonymous) information on the number of users and on how they visit the website.
Tonello Srl uses this type of cookies as default.
Third-party analytics cookies (e.g. Google Analytics)
Tonello Srl has adopted the appropriate measures to limit the processing with these cookies to statistical purposes.
Tonello Srl does not use this type of cookies.
They are used to create user’s profiles and to send targeted advertising messages in line with the preferences shown by the user while navigating the Internet.
Tonello Srl does not use this type of cookies without the consent of the User/Data Subject.
PURPOSES OF PROCESSING DATA BY COOKIES
The purposes for which cookies are used on our website are the following:
- To facilitate user navigation
- To carry out computer authentications
- To monitor browsing sessions
NATURE OF DATA PROVISION AND CONSEQUENCES OF THE POSSIBLE REFUSAL
With reference to previous points 1, 2 and 3, the installation of such cookies is not subject to prior consent of Users/Data Subjects, since they are strictly necessary to accomplish the communication transmission on an electronic communication network.
The processing will be carried out with automated means that are used to store and manage data, while respecting the indicated purposes and guaranteeing data security and confidentiality.
Enabling and disabling cookies from the browser
Most of browsers are configured to accept, control and, if necessary, disable cookies through settings. Disabling navigation and functionality cookies may result in an unsatisfactory operation of the website www.tonello.com and/or limit the service offered.
Here below are the links to manage cookies from the following browsers:
Enabling and disabling third-part cookies
Here below are the links to web pages containing the procedures adopted by the third parties managing cookies in the web site www.tonello.com, where you can manage and, if necessary, disable them:
* * * * *
PURPOSES AND OPTIONAL NATURE OF THE PROCESSING
The personal data collected on the website www.tonello.com are used for the following purposes:
- For submitting a contact request to the company Tonello Srl
- For submitting commercial requests
- For the spontaneous application of potential workers, employees or collaborators
Specific summary information documents will also be sent directly to the user or provided or displayed in dedicated sections of the above-mentioned website, prepared for particular services upon user’s request and, if necessary, subject to the consent of the Data Subject.
Apart from what specified above, the user is free to provide his/her personal data, especially the data listed in the request forms present in the website www.tonello.com. Failure to provide such data may cause the impossibility to obtain the service required.
DATA PROCESSING METHODS
Personal data are processed by automated means for the time necessary to achieve the purposes for which they were collected.
Specific safety measures are in place to prevent loss of data, illegal or improper use and unauthorized access.
DATA RETENTION PERIOD
Personal data that were collected while browsing the website www.tonello.com are processed for the time needed to achieve the purposes for which they were collected and, after this period, for the time established by the existing regulations, if necessary.
For further details, please refer to the targeted information documents (clients, suppliers, employees, etc.).
SCOPE OF DATA COMMUNICATION AND RECIPIENT CATEGORIES
Exclusively for the purposes mentioned above, all data collected and processed may be communicated to company’s internal figures who have been duly authorized to process data by reasons of their duties, as well as to external subjects to whom data must be communicated. If these external recipients process data on behalf of Tonello Srl, they will be designated as External Processors through a dedicated contract or a legal act pursuant to art. 28 of the GDPR.
For further detail, please refer to the targeted information documents for particular services.
DATA DISCLOSURE TO A THRID COUNTRY AND/OR INTERNATIONAL ORGANIZATION
The user’s personal data will not be disclosed to extra-EU third countries.
Due to organizational purposes, some personal data may be disclosed to extra-EU countries, since the Data Controller uses Cloud services provided by selected suppliers, giving appropriate guarantees as specified by art. 46 of the GDPR.
RIGHTS OF THE DATA SUBJECTS
The Data Controller informs the users of the website www.tonello.com to which personal data are referred (‘Data Subjects’) about the following rights, which may be exercised at any time:
- Right to BE INFORMED (transparency in data processing)
The Data Subject has the right to be informed about how the Data Controller processes his/her personal data, for what purposes, and about other information established by art. 13 of the GDPR. To this end, the Data Controller conceived organisation processes that allow the issue of an information form specifically created according to the category to which the Data Subject belongs (employee, client, supplier, etc.) when acquiring or requesting personal data. This document allows to adequately inform all subjects to whom the data refer about how the Data controller processes his/her data. Upon specific request addressed to the Data Controller, the latter is entitled to provide the Data Subject with the model information document.
- Right to withdraw consent (art. 13, par. 2, lett. a) of the GDPR)
The Data Subject has the right to withdraw his/her consent at any time for all processing procedures that need explicit consent to be legitimate. The withdrawal of consent does not compromise the lawfulness of the processing carried out up to that moment.
- Right to access data (art. 15 of the GDPR)
The Data Subject has the right to be informed about: a) the processing purposes; b) the categories of processed personal data; c) the recipients or recipient categories to which personal data have been or will be communicated, especially if recipients in third countries or international organizations; d) the envisaged data retention period when possible or otherwise the criteria used to determine this period; e) the existence of the Data Subject right to ask the Data Controller for personal data rectification, deletion or for restricting the processing of personal data concerning him/him or object to the processing; f) the right to lodge a complaint to a supervisory authority; g) all information available about data origin, if they were not provided by the Data Subject; h) the existence of an automated decision process, including profiling, referred to in article 22, paragraphs 1 and 4, and at least in these cases significant information about the logic used, as well as the importance and the foreseen consequences of this processing for the Data Subject. The Data Subject has the right to request a copy of the personal data being processed.
- Right to rectification (art. 16 of the GDPR)
The Data Subject has the right to obtain the rectification of inaccurate personal data concerning him/her and the integration of incomplete personal data.
- Right to be forgotten (art. 17 of the GDPR)
The Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning him/her if they are not necessary for the purposes they were collected for anymore or processed differently; if he/she withdraws consent; if there is no legitimate overriding reason to carry out profiling processing; if data were processed unlawfully; if their erasure is required by a law; if the data are relating to web services provided minors without the relevant consent. Data can be erased only if the right to expression and information freedom is prevalent; if the data are kept for the fulfilment of a law obligation or of an assignment performed in the public interest or when exercising public power, for health purposes in the public interest, for archiving purposes in the public interest, for scientific or historical research purposes, for statistical purposes or to establish, exercise or defend a right in judicial proceedings.
- Right to restrict processing (art. 18 of the GDPR)
The Data Subject has the right to obtain from the Data Controller the restriction of processing when he/she contests the accuracy of personal data (for the period necessary to Data Controller to verify the exactness of such data) or if the processing is unlawful, but the Data Subject objects to the personal data erasure and asks for the restriction of their use or if they are necessary to establish, exercise or defend a right in judicial proceedings, whereas they are no longer necessary to the Data Controller.
- Right to data portability (art. 20 of the GDPR)
The Data Subject has the right to receive the personal data concerning him/her in a structured, commonly used and machine-readable format and has the right to transmit those data to another Controller if the processing is based on consent, on a contract or if processing is carried out by automated means, unless the processing is necessary for carrying out an assignment of public interest or connected with the exercise of public power and this transmission does not harm the rights of third parties.
- Right to lodge a complaint with the Italian supervisory authority for personal data protection (art. 77 of the GDPR).
Without prejudice to any other administrative or judicial remedy, for which the Data Subject may initiate proceedings before the competent judicial authorities pursuant to art. 79 of the GDPR, if the Data Subject considers that the processing of personal data relating to him/her infringes the regulation about personal data protection, has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his/her habitual residence, place of work or place of the alleged infringement.
Requests for confidentiality shall be sent to the Data Controller pursuant to the rights specified in art. 13-20 of the GDPR:
- by e-mail to the address: firstname.lastname@example.org
- by Certified email to the address: email@example.com
- by mail to the Data Controller: Tonello Srl based in via della Fisica n. 1/3 - 36030 Sarcedo (VI) (Italy)
Requests for legal protection shall be sent to the Italian Supervisory Authority for personal data protection pursuant to the rights of art. 77 of the GDPR:
- by mail to the “Garante per la protezione dei personali - Responsabile della Protezione dei dati personali”, Piazza Venezia, 11, IT-00187, Roma
- by e-mail to the address: firstname.lastname@example.org
* * * * *
Last update: May 2018.
This information document may be subject to variations. It is therefore recommended to regularly check this web page and consider the most updated version of the information document.