Betonrossi SPA

Privacy Policy

Information provided pursuant to Article 13 of EU Reg. 2016/679 (hereinafter GDPR) and Italian Legislative Decree 196/2003 “Code regarding the protection of personal data” as amended by Italian Legislative Decree 101/18

 

 

  1. GENERAL INFORMATION

The interested parties are informed of the following general profiles, valid for all areas of processing:

  • all the data of the subjects with whom we interface are treated in a lawful, correct and transparent manner, in compliance with the general principles set out in Article 5 of the GDPR;
  • specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access, pursuant to Article 32 of the GDPR.

 

References and rights of interested parties

The Data Controller is the undersigned Organization, in the person of the pro-tempore legal representative. In order to guarantee adequate support to the interested parties, the Data Controller has appointed a DPO, to whom it is possible to contact (Contact details: Galli Data Service Srl Contact person: Dr. Claudio Inzani – 0523-497066 – dpo@gallidataservice.com) to exercise all the rights provided for in articles 15-21 of the GDPR (right of access, rectification, cancellation, limitation, portability, opposition), as well as revoke a previously granted consent; in case of non-response to their requests, interested parties can lodge a complaint with the supervisory authority for the protection of personal data (GDPR – Article 13, paragraph 2, letter d).

 

 

2) PROCESSING OF DATA CONNECTED TO THE OPERATION OF THIS SITE

 

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

Purpose and legal basis of the processing

(GDPR-Art.13, paragraph 1, letter c

These data are used for the sole purpose of obtaining statistical information on the use of the site and to check its correct functioning. The data could also be used to ascertain responsibility in the event of hypothetical computer crimes against the site (legitimate interests of the owner).

 

Communication scope

(GDPR-Article 13, paragraph 1, letter e, f)

The data can only be processed by internal personnel, duly authorized and trained in the processing (GDPR-Article 29) or by any persons in charge of maintaining the web platform (appointed in this case external managers) and will not be disclosed to other subjects, disseminated or transferred to non-EU countries. Only in the event of an investigation can they be made available to the competent authorities.

 

Data retention period

(GDPR-Art.13, paragraph 2, letter a)

The data are normally kept for short periods of time, with the exception of any extensions connected to investigation activities.

 

Conferment

(GDPR-Art.13, paragraph 2, letter f)

The data are not provided by the interested party but acquired automatically by the technological systems of the site.

 

Cookies: for cookie policy, please see  https://www.betonrossi.it/cookie-policy-ue/

 

 

Specific services

The site may contain data collection forms aimed at guaranteeing the navigator any services / features (eg: request information, local complaints, registrations, work with us, newsletters, etc.).

 

Purpose and legal basis of the processing

(GDPR-Art.13, paragraph 1, letter c

The identification and contact data necessary to be able to respond to the requests of the interested parties may be requested. The sending of the request is subject to specific, free and informed consent (GDPR-Article 6, paragraph 1, letter a)

 

Communication scope

(GDPR-Article 13, paragraph 1, letter e, f)

The data are processed exclusively by duly authorized and trained personnel (GDPR-Article 29) or by any persons in charge of maintaining the web platform or providing of the service (appointed in this case external managers). The data will not be disseminated or transferred to non-EU countries.

Data retention period

(GDPR-Art.13, paragraph 2, letter a)

The data are kept for times compatible with the purpose of the collection

Conferment

(GDPR-Art.13, paragraph 2, letter f)

The provision of data relating to the mandatory fields is necessary in order to obtain an answer, while the optional fields are aimed at providing the staff with further elements useful to facilitate contact.

 

Data provided voluntarily by the user

The optional, explicit and voluntary sending of electronic and / or ordinary mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. If the sender sends his CV to submit his professional application, he remains solely responsible for the relevance and accuracy of the data sent. It should be noted that any curriculum without authorization to process data will be immediately deleted.

 

3) PROCESSING OF DATA CONNECTED TO RELATIONSHIPS ESTABLISHED WITH CUSTOMERS AND SUPPLIERS, BOTH CURRENT AND POTENTIAL

 

3.1 Object of the treatment

The organization processes personal identification data of current or potential customers / suppliers (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment references) and their operational contacts (name surname and contact details) acquired and used in the provision of the services provided. As part of the orderly management of the mandatory documentation to be shown to the contractors, all the mandatory documentation that certifies the salary, contribution and health suitability of subcontractors is processed. As part of a better organization of work, the company processes geolocation data of the suppliers’ concrete mixers, and data of the telephone consumption of mobile phones entrusted on loan to some suppliers and used by their employees.

 

3.2 Purpose and legal basis of the processing

The data is processed for:

  • conclude contractual / professional relationships;
  • fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications connected to them;
  • fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
  • exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defense in court, the protection of credit positions; the ordinary internal needs of an operational, managerial and accounting nature).

Failure to provide the aforementioned data will make it impossible to establish a relationship with the Data Controller. The aforementioned purposes represent, pursuant to Article 6, paragraphs b, c, f, suitable legal bases for the lawfulness of the processing. If it is intended to carry out treatments for different purposes, a specific consent will be requested from the interested parties.

 

3.3 Processing methods

The processing of personal data is carried out by means of the operations indicated in Art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic and / or automated processing. The Data Controller will process personal data for the time necessary to fulfill the purposes for which they were collected and related legal obligations.

 

3.4 Scope of the processing

The data is processed by internal subjects duly authorized and trained in accordance with Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise information on any external subjects who operate as managers or independent data controllers (consultants, technicians, banks, transporters, etc.).

 

4) POLICY UPDATE

It should be noted that this information may be subject to periodic review, also in relation to the relevant legislation and jurisprudence. In the event of significant changes, appropriate evidence will be given on the home page of the site for a suitable time. However, the interested party is invited to periodically consult this policy.