In compliance to what prescribed by the GDPR 2016/679, ITALFIT MAGNETI SRL wishes to inform you that your own personal data, which you provided us or that we acquired during the course of the activity, necessary for the execution of our services, will be processed in accordance with the Regulation concerning privacy, with respect towards the principles of fairness, lawfulness, transparency and protection of your confidentiality and your rights.
In addition, we wish to provide you with the following information:
- The controller coincides with the writer, identified as , ITALFIT MAGNETI SRL, company whose main offices reside VIA FRANCESCO COMELLI 39, 33034 FAGAGNA (UD) available for inquiry at the following contacts: Telephone: +39 0432 801675, E-Mail: firstname.lastname@example.org; Data Processor is the DPO (Data protection Officers), if appointed.
Processed Data, Purpose, Legal Reference:
The IT systems and the software used for the correct functioning of the website www.supermagneticshop.com require some personal data in compliance with Internet’s information protocols (e.g. domain name, IP address). Such data don’t require additional information and are needed to perform anonymous statistics regarding the use of the site, to monitor the activities on the site itself and to ascertain possible responsibilities in case of data breach. The legal reference justifying the data processing is the use of the site’s functionalities, following access by the User.
The data which the User willingly provides are instead needed by the Controller to provide the available services and are treated in accordance to the law and fairness. In addition, they are collected and processed for the purposes as written below and are utilised only in operations compatible with those same purposes. The personal data (identification data, such as: name, surname, business name, national insurance number (EN GB)/social security number (EN US)/Italian fiscal code (IT), address, telephone/fax number, e-mail address, IBAN) are collected and processed:
To perform the services related to the customer as prescribed by terms defined before and during the contract;
For internal administrative, fiscal and accounting purposes related to pacts made with customers and providers, and to comply to the obligations imposed on the Controller by state laws, regulations, European norms, requests made by the jurisdictional Authority, or to exercise the Controller’s own rights (for example the right of defence during a trial);
In the presence of the specific and distinct consent given by the User, for the following marketing purposes: newsletter (sent by way of e-mail, post service, SMS or telephone contact), updates regarding the Controller’s activities, marketing material or communications – eventually customised around the User’s habits (profiling) – regarding products or services offered by the Controller, which the User might evaluate as interesting, and to measure the level of satisfaction about the quality of the services, including requests of participation to analyses or market researches;
In the presence of the specific and distinct consent given by the User for the following purposes: newsletter (sent by way of e-mail, post service, SMS or telephone contact), updates, marketing material or communications – eventually customised around the User’s habits (profiling) – regarding products or services offered by third parties as, for example, business partners or other businesses;
In case of the forwarding of Curriculum Vitae, exclusively for the purposes of personnel selection and for the beginning of a work relationship.
The legal basis that legitimises the data processing in relation to paragraphs “a” (arrangements before and during the contract) and “b” (administrative, accounting or fiscal purposes) is the fulfilment of the contract terms, or the execution of precontractual activities on the User’s request. In the situations expressly indicated at paragraphs “c” (marketing and profiling), “d” (marketing and profiling by third parties) and “e” (curriculum vitae) the legal basis is the consent, willingly given by the User.
The User’s personal data processing is carried out through the following operations: gathering, registration, organisation, conservation, consultation, elaboration, modification, selection, extraction, comparison, utilisation, interconnection, block, communication, deletion and destruction of data.
The User’s personal data are gathered after the direct forwarding to the Controller, through the compiling of forms or modules generally made for this purpose. These forms can also be inserted in contractual documents or gathered telephonically by an operator during precontractual activities. The data are processed either through manual elaboration on paper or with electronic devices, be they automatic, informatic or telematic. The gathered data are registered and conserved by the Controller in computer or paper archives and safeguarded and controlled in order to reduce to the minimum the risks of destruction or loss, even accidentally, to reduce the risks of unauthorised access and processing unauthorised or not expressed by the purpose of the gathering.
The data are treated by the employed personnel or by the Controller’s collaborators, who are duly instructed in such regard.
NATURE OF THE COMMUNICATION OF DATA
The provision of personal data is optional. However, the denial, partial or complete, of the data may entail the partial or complete impossibility to establish or continue the contract with the User, as far as such data are necessary for its execution.
The provision of personal data is optional also in regard to marketing purposes. The User may thus decide not to give any data or to deny processing of already given data: in this event, they will not be able to receive newsletter, marketing communications and material usually inherent to the services provided by the Controller.
PERSONAL DATA RECIPIENT OR POSSIBLE CATEGORIES OF RECIPIENTS
The data processing regarding the User is carried out by the Controller’s staff (employees, collaborators, system administrators), identified and authorised to the processing, under the instructions that are given in accordance with the General Data Protection Regulation.
In case of necessity as detailed by article 2, the personal data of the User will be processed by third parties nominated as Data Processors (in accordance to article 28 of the GDPR) or as “autonomous” Controllers, and precisely:
ITALFIT MAGNETI SRL for the purposes detailed in article 2.2. paragraph “d”;
By freelance experts, businesses, associations or professional studios that assist or counsel the Controller regarding administrative, accounting, fiscal purposes, or as legal protection or personnel selection;
By all the Public Institutions sanctioned by the law, and more broadly by all the Bodies identified by the ruling normative as recipients of compulsory communication regarding accounting and fiscal matters;
By banking groups for takings and payments and by possible freelance professional – singularly, in association or corporate form – for services regarding analysis and market research, for the management of payments by credit card or other electronic payment methods, by postal couriers, for eventual debt collection or for the certification of the Controller’s financial report.
The updated list of the Processors and of other authorised personnel is kept in the Controller’s legal head office.
In any case, the User’s personal data are not subject to distribution.
DATA TRANSFER TOWARDS THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS In the contractual relationship management scope, there are no expected transfers of the User’s data towards third countries outside the EU nor towards international organisations.
PERSONAL DATA CONSERVATION PERIOD OR PARAMETERS USED TO DEFINE SUCH PERIOD
In accordance to the purposes defined at paragraphs “a” (arrangements before and during the contract) and “b” (administrative, accounting or fiscal purposes) of article 2.2., the User’s personal data will be processed and kept by the Controller for the entire duration of the contract between the User and the Controller and, at the end of the contract due to any reason, they will be kept for the time period – relative to each data category – established by the regulations in effect regarding accounting, fiscal, civil and legal matters.
In accordance to the purposes defined at paragraphs “c” (marketing and profiling) and “d” (marketing and profiling by third parties) the User’s personal data will be processed and kept by the Controller until the revoke of the consent by the User or until the end of the exercise, on part of the User, of the right to opposition to the processing or the right to erasure of their own personal data.
In accordance to the purposes defined at paragraph “e” (curriculum vitae) the User’s personal data may be processed and kept by the Controller for a duration of up to 12 months after the time of reception.
As a concerned party and in relation to the processing described in the present policy, the User has the rights described at articles 7, from 15 to 21, and 77 of the GDPR, and in particular:
Right of access – article 15 of GDPR: right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data, included the right to obtain a copy of those data;
Right to rectification – article 16 of GDPR: right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her, and the right to have incomplete personal data completed, including by means of providing a supplementary statement;
Right to erasure (“right to be forgotten”) – article 17 of GDPR: right to obtain for the Controller the erasure of personal data concerning him or her without undue delay;
Right to restriction of processing – article 18 of GDPR: right to obtain for the Controller restriction of processing where one of the following applies: the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restrictions of their use instead; the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; the data subject as objected to processing pursuant article 21 of the GPDR, pending verification whether the legitimate grounds of the Controller override those of the data subject;
Right to data portability – article 20 of GDPR: right to receive the personal data concerning him or her which he or she has provided to a Controller, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided, where the processing is based on consent and the processing is carried out by automated means;
Right to object – article 21 of GDPR: right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of the legal claims. Where personal data are processed for direct marketing purposes the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing;
Right to withdrawal – article 7 GPDR: right to withdrawal his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
Right to complaint – article 77 of GPDR: right to lodge a complaint with the supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
Modalities of exercising the rights
The User may exercise their own rights at any time, by sending a registered mail to:
ITALFIT MAGNETI SRL
In order to exercise the rights as stated in the present policy and to receive any kind of information about them, the User may contact the Controller or the DPO who, even through the appointed structures, will take charge of the request and provide to the User the information relative to the action undertaken concerning the inquiry, without undue delay and, at the latest, within one month from the reception of that same inquiry.
The User can exercise their rights freely, pursuant article 12 of the GPDR. However, in case of unfounded or excessive requests, even for their repetitiveness, the Controller may charge a reasonable fee, in light of the administration costs sustained to carry out the request, or they may deny such request.
The Cookies are formed by code segments installed inside the browser, which assist the Controller in providing the service according the prescribed purposes. Some Cookie installation purposes may additionally require the consent of the User. When the Cookies’ installation is carried out on the basis of consent, such consent may be withdrawn freely at any time, following the instruction contained in this document.
Technical cookies and cookies of aggregate statistics
Activities strictly connected to the operation
Activities of preferences saving, optimisation and statistics
Other types of Cookies or third-party programs that may install Cookies
Some of the services listed below collect statistic data in aggregate and anonymous form and may not require the consent of the User or may be directly managed by the Controller – depending on the descriptions – without help of third parties. In the presence of services managed by third parties among the following programs, these might – in addition to what is specified and even without the Controller’s knowledge – carry out tracking activities of the User. For additional information on the subject, we suggest consulting the privacy policies of the services listed.
Interactions with social network and external platforms
How can I consent to the installation of the Cookies?
“Personal Data” means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as an identification number.
“Processing Data” are the information collected automatically by www.supermagneticshop.com (even by applications integrated by third parties www.supermagneticshop.com), such as: IP addresses or domain names of the computer utilised by the User accessing www.supermagneticshop.com, URI (Uniform Resource Identifier), time of request, modality of forwarding the request to the server, dimension of the file received as answer, numerical code identifying the state of the answer provided by the server (success, error, ecc.), country of origin, characteristics of the browser and of the operative system utilised by the visitor, various temporal connotations regarding the visit (e.g.: time of permanence on each page) and details relative to the route followed inside the Application, with particular reference to the order of the opened pages, to the parameters relative to the software and to the User’s IT environment.
The natural person utilising www.supermagneticshop.com that, save differently indicated, coincides with the concerned party.
The natural person identified by the personal data.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, included the security measures relative to the functioning and the use of the site www.supermagneticshop.com. The controller, save when differently specified, is the owner of www.supermagneticshop.com
Hardware or Software instrument used to collect and process the Users’ Personal Data.
The service provided by the business, as defined in the relative terms of service (if present) on this site/application.
European Union (EU)
Save when otherwise specified, every reference to the European Union in this document is to be intended with extension toward all the current Member States of the European Union and of the European Economic Area.
Small portion of data preserved inside the User’s device.