The consultation of this website can imply the processing of personal data so that Italamp, as Controller of the processing, can identify the Data Subjects or make them identifiable. “Processing” means, also pursuant to Article 4n. 2 of the Europen Regulation n. 679/2016 (from now on “GDPR”), any kind of operation, or group of operations, performed with or without the aid of automated processes applied to the personal data or group of personal data, such as the collection, the registration, the organization, the structuring, the conservation, the adaptation ot the modification, the estraction, the consultation, the use the communication by means of transmission, diffusion- or any other form of provision- the comparison or interconnection, the limitation, the cancellation or distruction. With “personal data” we mean, pursuant to Article 4 n.1 of the GDPR, any information regarding the identified or identifiable individual (Data Subject); a person is identifiable when he or she can be directly or indirectly be identified with particular reference to an identifier such as a name, an identification number, data regarding the location,an online identifier or to one or more characteristic elements of his/her physical, physiological, genetic, psychic, economic, cultural or social identity .
In this page, pursuant to article 13 GDPR, we give the informative realated to the procedures for dealing with personal data obtained by the users who interact with Italamp’s srl web services through the address www.italamp.com ( from now on only as “Site”). It is clarified that the present statement only refers to the Site and to the respective subdomains, and not to other sites eventually consulted by the user through hyperlinks or links. Moreover, the statement can be consulted in full by the user through a click on the item available on each page of the website.
1) The controller
The Controller of the processing is Italamp s.r.l. T.C and VAT: 00410170286 with headquarters in Cadoneghe (PD) in Via Fermi, n.8.
2) Type of data and purposes of processing.
2.1 Navigational data. The computer systems and the software procedures used for the operation of the Site acquire, during the normal exercise, some personal data whose transmission is implicit in the use of the protocols of Internet communication. It’s information which is not collected to be associated to identified parties, but could, for its own nature, allow the identification of the users through some processing and associations with data held by third parties. In this data category , there are, for example, the IP addresses or domain names of the computers used by those users who log on the Site , the addresses of URI notation (Uniform Resource Identifier) of the resources required, the hour of the request, the method used to submit the request to the server, the dimension of the file obtained as an answer, the numerical code which 2 indicates the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and to the IT environment of the user. These data are only used to get anonymous statistical information on the use of the Site and to check the proper functioning. In any event, it is also stated that the navigational data could be used for the declaration of penal liability in case of any cybercrimes.
2.2 Data deliberatily provided by the user.
This data stay on external softaware (Google analitics) and remains connected to its purposes. The optional, esplicit and voluntary mailing to the addresses on the Site o through the use of phone numbers involves the subsequent address acquisition by the sender, necessary to answer the requests, as well as the other possible personal data in the communication. This data will be used to answer questions or to gran the requests of the Data Sucject. For particular on request services, such as the registration to the newsletter service for marketing activities, the Data Subject will receive a statement that will give him the possibility of giving his possible consent also for any other activity.
3) Secutiy of the processing.
The Controller shall collect the data according to the directions of the legislation with particular regard to the security measures provided for by art. 32 GDPR for their processing by means of IT tools, both manual and automared and with logics closely correlated with the purposes shown in paragraph 2 and to guarantee the security and the privacy of the same data.
4) Legal basis of the processing.
It is clarified that the surfing data given by the Data Subject shall be treated on the basis of what established by art. 6 lett f) of GDPR, providing that the Controller will use the same in order to pursue his own, legitimate interest. This legitimate interest is made, for instance, by the necessity to get statistical anonymous information on the use of the Site in order to check its proper functioning. In addition, the surfing data could be used to ascertain the criminal liability in case of possile cybercrime.
The data provided by the user through the mailing of messages to the email addresses shown in the Site, that is through the contact of the phone numbers there displayed, shall be treated on the basis of art. 6 lett b) GDPR in accordance with a contract and with precontractual measures on request of the user.
It is so clarified that for both hypothesis previously indicated, the personal data can be used by the Controller in connection with the exercise of the activities which were collected for, without a preventive assent of the Data Subject.
5) Optionality of the conferment.
But for the previous terms in relation to the surfing data, to the cookies and for the data treated on the basis of the use on the soical networks, the user is free to give his personal data in the sending of emails to the addresses shown on the Site, that is during the phone contact to the numbers indicated. It is stated, all the same, that the nonconferment could bring to the impossibility of allocating the service and/or the service eventually required.
6) Procedures and place of processing.
The processing of personal data is marked, according to the rules of GDPR, by the principles, among others, of lawfulness,correctness, transparency, adequacy, pertinence, minimize and security. The personal data is, therefore, treated manually or by means of eletronic or computer-based tools for the strictly necessary time to reach the aims for which it was collected. Specific security measures are used In order to prevent the loss of the data, unlawful uses and unauthorised accesses.
The personal data will not be transferred to third countries ot to international organizations. Nevertheless, the Controller reserves the right to use cloud services inside the EU; in this case, the suppliers of the cloud computing service shall be selected among those who provide adequate guarantee as planned by arts 45 and ss. GDPR. In any case the Controller, if necessary, shall have the possibility to transfer the server also out of the EU, ensuring from the beginning that this data transfer will be in accordance with the applicable legal requirements, against the draw up of standard contractual clauses provided for by the European Commission.
7) Duration of the processing.
The Data subject’s personal data will be kept for the time required to satisfy the legitimate interest of the Controller, that means the advanced requests of the Data Subject, as defined by the previous point 4. In case some data was in excess compared with its aim, with due regard for the “minimize principle”, it will be eliminated by the Controller with no delay.
8) Categories of recipients.
Within the purposes for the data collection, the Controller can inform third parties about the acquired data. These third parties can use the data after the drawing up of specific agreements, conventions or protocols, as responsible of the processing. In particular, the information related to the data provided can be given, as example, to the providers of the IT services such as direct marketing, internet service and cloud computing. The data assembled after the emailing from the Data Subject can be communicated, for the purposes for which it eas collected, to the Controller’s collaborators, to offices and to other subjects who provide assistance and consultancy activities, for example legal, accounting, financial-economic, techincal-organizational, of data elaboration; subjects who provide bank, financial, insurance, and debt collection services, as well as public authorities, supervisory and control bodies. Personal data can also be provided to people authorized by the Controller or by the Managers of the processing as people in charge of the processing and, inter alia, employed in fulfillment of orders, administration, IT systems and in the Site management and, in addition, in the Site services allocation and in its technical and commercial personnel. The updated list of the Managers and of the Appointee of the processingt is available on specific request to the Managers from the Data subject in accordance with the arrangements indicated in the following paragraph n. 10. It is however clarified that non of the data collected on the Site is subject of diffusion.
9) Data subject’s rights.
As Data Subject, he has rights referred to in art. 15 GDPR and, in particular, the right to obtain from the Controller of the processing the confirmation that there currently is a processing of personal data that concerns of his and, in that case, the right to gain access to the personal data and to the further information: purposes of the processing, personal data categories, consignees or category of consignees to whom the personal data has been or will be communicated, in particular as consignees of third parties or of international organizations; when possible, he also has the right to know the period provided of the data storage and, if not possible, the criteria to determine such period. Moreover, the right to ask the Controller of the processing for the rectification or the limitation of the processing of personal data that concern him, or to object to the processing, as well as the right to make a complaint to a supervisory authority. In case the data was not collected from the Data Subject, he has the right to get all the available information on their origin, the confirmation of the existance of an automated decision-making, including the profiling referred to in art. 22 GDPR and, at least in these cases, significant information on the logic behind, as well as the importance and the intended consequences for the Data Subject for the same processing.
Where applicable, the Data Subject also has the right referred to in arts. 16-21 GDPR (right of reply, right to be forgotten, right of processing limiting, right of data portability and the right to object) as well as the right of complaint to the Competition Authority.
10) Detailed arrangements for the exercise of the right.
The Data Subject can exercise his right in any moment by sending:
– a registered letter to the registered office of Italamp s.r.l. ;
– an email to the address email@example.com
11) Controller’s Contacts.
The Controller of the processing is Italamp s.r.l. TC and VAT number: 00410170286 with headquarters in Campodarsego (PD) in Via Fermi, n.8.
The Controller of the processing can be contacted with a registered letter to the address of the registered office as well as with an email to the address firstname.lastname@example.org
The updated list of the Processors and of the persons in charge of the processing is kept in the Controller’s registered office.