BRESKUI SRL
PERSONAL DATA PROCESSING – COOKIES POLICY
FOREWORD
This Policy, issued pursuant to Article 13 of the European Regulation GDPR 2016/679, is intended for those who communicate their personal data in order to use the web services accessible in the various sections of the site.
DATA CONTROLLER
BRESKUI SRL represented by its pro-tempore Legal Representative, with registered office in via dell’Artigianato, 25 – 24068 Seriate (BG) – Italy, hereinafter also referred to as the “Company” and/or the “Undersigned”.
DATA COLLECTED
The Company collects, stores, uses, communicates, or otherwise processes personal data collected from its customers, its suppliers, its employees and/or any natural and/or legal persons, entities and organisations it comes into contact with, including, but not limited to, users of the Site (“Users”).
Data can be:
– provided directly by the User: all Personal Data provided by the User to the Undersigned (including data entered on the Site and/or provided to telephone operators to browse, request information, register as a User/Client);
– communicated during organised events or events participated in by the Undersigned Company, or in any case provided to it in any way directly by the User (such as, for example, filling in forms or in correspondence);
– collected automatically such as Personal Data collected through, but not limited to, “cookies” (as better described in the Cookies Policy section); they are – as a rule – data relating to the User’s browsing that the IT systems and software procedures used to operate the Site acquire, in the course of their normal operation: some Data, for example, which must be transmitted for the use of Internet communication protocols. This information is generally not collected in order to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, allow Users to be identified. This category of Personal Data includes the IP addresses, Mac-address, or domain names, of the computers used by Users who connect to the Site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User’s operating system and IT environment. This Data is mainly used to obtain statistical information on the use of the Site and to check that it is working properly. The Data could also be used to ascertain liability in the event of hypothetical IT crimes perpetrated against the Site.
PROCESSING LOCATION
Data Processing usually takes place at the company’s operational headquarters and/or at its local units and/or branches.
EXTERNAL PARTIES RESPONSIBLE FOR PROCESSING
Personal Data may be processed not only by the Undersigned, but also by third parties carrying out activities necessary for its regulatory compliance, who have been duly selected for their reliability and competence and formally appointed as External Parties Responsible for Data Processing. They have been given specific instructions regarding the standards of processing that the Undersigned considers appropriate in order to ensure compliance with the provisions of GDPR 2016/679.
In any other case, except as required by law, Personal Data is NOT transferred and/or disclosed to third parties. The exact list of External Parties to whom Personal Data may be communicated, which is regularly updated, can be found at the registered office of the undersigned company.
DATA PROCESSING METHODS
Personal Data is processed, in compliance with the obligations and guarantees provided for, both in analogue form with paper supports and with IT systems by our employees and collaborators whom the Undersigned company appoints as Persons Authorised to Process Data, when hiring or updating internal documents.
SECURITY MEASURES – TRAINING AND INFORMATION FOR THOSE IN CHARGE OF PROCESSING DATA
The Undersigned company ensures that suitable security measures for data protection are constantly updated and that specific procedures and instructions are observed by employees and collaborators in order to prevent data loss, illicit use or data theft.
The Undersigned has specifically defined a wide-ranging training plan which includes a series of Basic and Specific training courses for individual departments that also deal with specific data and a permanent information system to spread the culture of data security, information confidentiality and company Know-How with the aim of minimising interruptions in Business Continuity.
Regular refresher courses will be held for already trained employees, in order to improve the level of data security.
DATA COLLECTION CRITERIA AND COLLECTION DURATION
The data collected and processed by the Undersigned for the stated purposes will be stored in paper and/or digital archives, located in premises with access restricted to Persons Authorised to Process Data only, based on the tasks assigned during the hiring phase or during the existing employment relationship.
As soon as Personal Data is no longer required for the purposes set out in this Policy, the Undersigned will delete it immediately, unless the law does not provide for archiving obligations or unless the User has consented to its processing for a longer period of time or to its archiving for other purposes, with specific consent.
CVs – just to give an example – are collected and stored until the end of the current recruitment process or, in the case of spontaneous submissions, they are stored until 31 December of the year following the year of receipt, and are subsequently destroyed and/or deleted depending on whether they are in paper and/or digital format.
PURPOSE OF PROCESSING AND NATURE OF CONSENT
Personal Data is processed exclusively for the following purposes:
– provision of services offered by the undersigned company to fulfil any contractual obligations entered into with the User;
– statistics, market research;
– sending of information and advertising material, notification of promotional initiatives and commercial offers and other information services on the activities of the undersigned company, if the user has given specific consent and/or subscribed to the service;
– definition of the user profile in order to personalise and individualise the commercial offers of the undersigned company and of the companies belonging to its group, if the user has given specific consent and/or subscribed to the service;
HYPERLINKS – DISCLAIMER
The Site may contain links to other third-party sites (“Links”), which are deemed to be of interest to the User. When connecting to these sites, the Undersigned INFORMS the users that they are leaving this Site by choice and that they are accessing a site owned by third parties, where the Undersigned cannot ensure any correct processing by its Controller.
Consequently:
– the undersigned assumes no responsibility and does not provide any guarantee as to the nature and contents of any third-party site connected to this site via links;
– this Policy is not applicable or related to data processing by other sites, even if visited by the user through links on this site;
– Users alone are responsible for connecting to other sites, and the Undersigned advises Users to take the utmost care when doing so.
DATA COLLECTED THROUGH CHAT/BOT/FORM SERVICES FOR REAL-TIME SUPPORT SERVICES
BRESKÜÌ SRL shall keep the information exchanged between the Customer and the operators of the chats and/or assistance forms confidential and it shall proceed to delete the data immediately in the event that the request for assistance is promptly resolved or to process them for the time necessary to resolve the request itself, also communicating them to the relevant departments. In these cases, however, data and/or information will be retained for a maximum of 30 days and for the sole purpose of improving the service in terms of efficiency and reducing the time taken to resolve Customer and User requests.
RIGHTS OF DATA SUBJECTS
As of 25 May 2018, pursuant to the GDPR, the Data Subject (i.e. the person who provides his/her data to the Undersigned) has the right:
– to access personal data;
– to ask for the rectification of personal data or for the erasure thereof or for the limitation of related data processing;
– to object to the processing of his/her data;
– di chiedere ed ottenere la portabilità in un formato strutturato, di uso comune e leggibile da dispositivo automatico dei dati personali che siano trattati con mezzi automatizzati e richiederne il trasferimento ad altro titolare del trattamento;
– di revocare il proprio Consenso (l’informazione da rendere all’interessato circa il diritto di revoca del consenso non può ovviamente concernere i casi in cui il trattamento, ad esempio, necessario per adempiere un obbligo legale al quale è soggetto il titolare del trattamento o per l’esecuzione di un compito di interesse pubblico o connesso all’esercizio di pubblici poteri di cui è investito il titolare del trattamento);
– to revoke his/her Consent (the information to be given to the data subject about the right to revoke consent may obviously not apply to cases where the processing is, for example, necessary for compliance with a legal obligation to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller);
– to lodge a complaint with the Italian data protection supervisory authority (Garante della Privacy) http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.
ISTANZE DEGLI INTERESSATI AL TITOLARE DEL TRATTAMENTO
Tali istanze potranno essere indirizzate, da parte degli Interessati, rivolgendo la propria richiesta a:
– BRESKÜÌ SRL via dell’Artigianato 25 – 24068 Seriate (BG) – Italy, and providing, attached to the request, an identity document in order to allow the Undersigned to verify its origin.
DATA PROTECTION OFFICER (DPO)
We hereby inform you that the Company has appointed a Data Protection Officer.
DPO e-mail: dpo@ivsitalia.com
You can write to the DPO by e-mail or traditional mail, addressing your request to BRESKÜÌ SRL via dell’Artigianato 25 – 24068 Seriate (BG) – Italy – FAO the DPO.