ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679
Data Subjects: Browsers, service users, and newsletter subscribers
BURATTI MECCANICA S.R.L., as the Data Controller of your personal data, pursuant to and for the purposes of Regulation (EU) 2016/679, hereinafter ‘GDPR’, informs you that this regulation provides for the protection of data subjects regarding the processing of personal data and that such processing will be based on principles of correctness, lawfulness, transparency, and the protection of your privacy and rights.
To achieve its purposes related to managing the relationship, the Data Controller needs to acquire personal data, such as, for example, name and surname, phone or mobile number, email address, and tax code.
Purpose of Processing:
Service provision: Your data will be processed to respond to any requests that may come from forms available on the website or requests received by email.
Legal Basis: The legal basis for the processing is contractual, in terms of processing data in response to an information request followed by a reply.
Optional Purposes:
Marketing – newsletter service: Specifically, your data will be processed, with your free consent, for receiving newsletters by entering your email address in the appropriate text box regarding newsletter subscription, or by selecting/ticking the box indicating <newsletter subscription> present in a form.
Legal Basis: The legal basis for the processing is the consent of the data subject.
Consequences of refusal for optional purposes: Providing data is optional for the above purposes, and your refusal to process does not affect the continuation of the relationship or the appropriateness of the processing.
Your personal data will be processed according to the legislative provisions of the aforementioned regulation and the confidentiality obligations therein.
Consequences of non-communication: Processing data functional to fulfilling these obligations is necessary for the correct management of the relationship, and providing them is mandatory to achieve the purposes mentioned above. The Data Controller also informs you that any non-communication or incorrect communication of one of the mandatory information may cause the Data Controller’s inability to ensure the adequacy of the processing itself.
Processing Methods: The processing is carried out with manual and/or computerized and telematic tools to ensure the security, integrity, and confidentiality of the data in compliance with the organizational, physical, and logical measures provided for by the current provisions to minimize the risks of destruction or loss, unauthorized access, modification, and unauthorized disclosure in compliance with the methods of articles 5, 32 of the GDPR.
Recipients: For the performance of certain activities or to provide support to the functioning and organization of the activity, some data may be made known or communicated to recipients. These subjects are distinguished as:
Third Parties: (communication to: individuals or legal entities, public authorities, services, or other bodies that are not the data subject, the data controller, the data processor, and the persons authorized for data processing) including:
– Companies that manage traditional or computerized postal services
– Any other subjects whose data communication is necessary to achieve the above purposes
– Providers of IT, web, or other services necessary to achieve the purposes required for managing the relationship. Within the company structure, your data will be processed only by personnel expressly authorized by the Data Controller, ensuring the adoption of a confidentiality agreement, particularly by the following categories of personnel:
Data Processors: (the natural or legal person, public authority, service, or other body that processes personal data on behalf of the data controller)
– Administration
– Other personnel whose processing is necessary for the correct execution of the relationship
Dissemination: Your personal data will not be disseminated in any way.
Data transfer to third countries: The data controller does not transfer personal data to non-EU countries. Should it become necessary, data subjects will be informed in advance, and guarantee measures will be adopted for the transfer to recipients, which may include: verification of the existence of adequacy decisions for the recipient country by the Commission, signing standard contractual clauses, verification of the adoption of any supplementary measures in compliance with recommendation 01/2020 EDPB. In derogation of such guarantees, for data processing (with reference to Article 49 of the GDPR), where applicable, the existence of a contract or pre-contractual measures in favor of the data subject or consent to the transfer will be verified.
Retention Period: Please note that, in compliance with the principles of lawfulness, purpose limitation, and data minimization, pursuant to Article 5 of the GDPR, the retention period for your personal data is set for a time not exceeding the achievement of the purposes for which they are collected and processed. If a contract is signed, this retention period may cease with the termination or withdrawal from the contract. The same data may be retained, where applicable, for an additional period for the management of any disputes, with the legal basis for such retention being the legitimate interest of the data controller. The retention period for data processing related to marketing is functional to the purposes pursued by the data controller and, in any case, does not exceed 3 years from the last contact or response received.
Data Controller: The Data Controller of the data, pursuant to the regulation, is BURATTI MECCANICA S.R.L., with registered and operational office in Via Archimede, 535 – 47521 Case Castagnoli di Cesena (FC) and operational office in Via Archimede, 235 – 47521 Case Castagnoli di Cesena (FC), VAT number: 00338300403, in the person of its legal representative pro tempore. By sending an email to the following address info@burattimeccanica.com, you can request more information regarding the data provided.
Reg. (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22, 23 – Data Subject Rights
1. The data subject has the right to obtain confirmation of the existence or not of personal data concerning them, even if not yet registered, and their communication in an intelligible form.
2. The data subject has the right to obtain information about:
– the origin of personal data;
– the purposes and methods of processing;
– the logic applied in case of processing carried out with the help of electronic means;
– the identification details of the data controller, data processors, and the representative designated pursuant to Article 5, paragraph 2;
– the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it as designated representatives in the State’s territory, data processors, or persons in charge.
3. The data subject has the right to obtain:
– the updating, rectification, or, when interested, the integration of data;
– the deletion, anonymization, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
– the certification that the operations referred to in letters a) and b) have been brought to the attention, including their content, of those to whom the data have been communicated or disseminated, except when this proves impossible or involves a use of means manifestly disproportionate to the protected right;
– data portability.
4. The data subject has the right to object, in whole or in part:
– for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of collection;
– to the processing of personal data concerning them for sending advertising materials or direct selling or for carrying out market research or commercial communication.
Complaint: Data subjects, if the conditions are met, also have the right to lodge a complaint with the Data Protection Authority according to the procedures provided. For any further information and to assert the rights recognized by the European Regulation, you can contact the data controller at the above references.
Consent
Formula for acquiring the data subject’s consent
Your consent for receiving the newsletter will be recorded (IP address, email, date, and time) by ticking the box below the email entry or by clicking on the appropriate box and simultaneously pressing the send/ok button. This consent will be stored to prove its granting and allow you to unsubscribe at any time, along with all the other rights mentioned above.