Terms of personal data processing according to Art. 13 of Legislative Decree no. 196 of 2003 and Artt. 13 and 14 of Regulation EU 2016/679

 

  1. 1.Whereas 

We inform the data subject that Legislative Decree no. 196 of 2003 (so called “Codice in materia di protezione dei Dati Personali” – hereinafter also referred as “Code”) e il Regulation EU no. 2016/679 (hereinafter also referred “GDPR”) provide the protection of Personal Data Processing.

According to Code, GDPR and to others applicable laws on the subject, Personal Data Processing by OK’AM S.r.l. will be based on principles of propriety, lawfully and transparency, respecting the rights and fundamental freedom, the data subject dignity, with particular attention to confidentiality, to personal identity and to the right to Personal Data protection.

This informative document is given according to Art. 13 of the Code as well as according to Articles 13 and 14of GDPR and it is subject to updates which are published on the present web-site. Therefore, we advise You to regularly verify the informative document and to make reference to the updated version.

 

  1. 2.The Controller of processing 

OK’AM S.r.l. is the controller of processing, with registered office in Via Sudorno no. 30/A, 24129 Bergamo (Italy) guarantee the respect of the personal data protection regulations by giving the following information related to the processing of personal data communicated or in any case took in other way during the use of the present web-site.  

 

  1. 3.Personal data processed and relative purpose 

    1. 3.1Data generated by access to the site 

The computer systems and software procedures used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

These data (such as domain names, IP addresses, operating system used, type of browser device used for connection) are not accompanied by any additional personal information and are used to manage the control requirements of the modalities of use of the web-site and to ascertain responsibility in case of computer crimes.

The legal basis that legitimate the processing of such data is the necessity to make usable the functionality of the web-site after the user access.

    1. 3.2Data granted voluntary by the user 

The personal data provided by the user through registration forms are collected and processed for the following purposes:

  1. a)for carrying out the activities of relationship with the customer on the basis of the contractual agreements and for their execution; 

  2. b)for administrative purposes and for the fulfilment of legal obligations such as those of accounting or fiscal nature, or for the fulfilment of requests from the judicial authorities; 

  3. c)in case of specific consent, for the periodic sending, by e-mail, of newsletters for receive updates on our activities and invitations to events. 

The legal basis that legitimate the processing is the execution of a contract of which the data subject is a party or the execution of pre-contractual measures taken at the request of the latter. In the case expressly indicated, the legal basis is instead the consent freely provided by the data subject.

 

  1. 4.Nature of the data provision 

Except for what specified for navigation data, the provision of data:

 

  1. 5.Processing methods and data retention terms 

The collected data will be processed using electronic devices, or in any case automated, computerized and telematic, or through manual processing with logic strictly related to the purposes for which the personal data were collected and, in any case, in such a way to guarantee their security. The data are kept for the time strictly necessary for the management of the purposes for which the data are collected, according to current regulations and legal obligations.

In any case OK'AM S.r.l. applies rules that prevent the retention of data indefinitely and therefore limits the storage time in compliance with the principle of minimization of data processing.

 

  1. 6.Subjects authorized to process, processors and data communication 

The processing of the collected data is carried out by internal staff of OK'AM S.r.l. to this end identified and authorized for processing according to specific instructions given in compliance with current legislation.

The data collected, if necessary or suitable for the execution of the indicated purposes, may be processed by third parties, appointed as external processors, or, depending on the case, communicated to them as independent owners, namely:

(i) persons, companies, associations or professional firms that provide assistance and advice to our company, for the purposes referred to in point 3.2 lett. b);

(ii) companies and other associations that perform services connected and necessary to the execution of the above mentioned purposes (management of payments by credit card, maintenance of computer systems).

 

  1. 7.Place of data processing and transfer 

Data processing and storage are carried out on servers located within the European Union, also through third-party companies empowered and duly appointed as Data Processors. Currently, the servers are located in France.

Data are not transferred outside the European Union. The Controller keeps the right to change the location of servers even outside the European Union, ensuring, in this case, that the transfer takes place in accordance with applicable legal provisions, with the appropriate safeguards provided for by art. no. 46 of the GDPR. In any case, personal data will never be disclosed.

 

  1. 8.Rights of the subjects data 

Pursuant to articles 15 and following of the GDPR, the user has the right to ask at any time, the access to his personal data, the correction or cancellation of the same, the limitation of treatment in the cases provided for by art. no. 8 of the GDPR and to obtaining, in a structured format, of common use and readable by automatic device, the data concerning him, in the cases provided for by art. 20 of the GDPR. At any time, the user can revoke according to art. 7 of the GDPR the consent given; propose a complaint to the competent control authority pursuant to article 77 of the GDPR (Personal Data Protection Authority) and according to art. 77 of the GDPR, if he considers that the processing of the collected data is contrary to the applicable laws.

The user can apply a request for opposition to the processing of his personal data pursuant to Article 21 of the GDPR, giving evidence of the reasons which justify the opposition: the Controller reserves the right to evaluate the application, which would not be accepted in case of existence of legitimate and binding reasons to proceed with the processing that prevail over the interests, rights and freedom of the user.

The requests must be sent in writing to the Controller of the processing at the following e-mail address: privacy@danielagregis.it.

 

  1. 9.Cookie policy 

As usually applied on all websites, also this site uses cookies, small text files that allow you to store information on visitor preferences, to improve the functionality of the site, to simplify navigation by automating the procedures (e.g. Login, site language) and for the analysis of the use of the site.

Session cookies are essential in order to distinguish between connected users, and are useful to avoid that a required feature can be provided to the different user, as well as for security purposes to prevent cyber attacks on the site. Session cookies do not contain personal data and last only for the current session, until the browser is closed. No consent is required for them.

The functionality cookies used by the site are strictly necessary for the use of the site, in particular they are linked to an express request for functionality by the user (such as Login), for which no consent is required.

By using the site, the visitor expressly consents to the use of cookies.