Information given in accordance with Article 13 of EU Regulation 2016/679 (hereinafter GDPR)
For Sepor SpA, personal data represents an extremely valuable asset and a value worth preserving through the implementation of procedures and behaviours capable of ensuring their protection. Transparency towards the interested parties is therefore a primary objective, pursued through effective communication tools aimed at making the basic information on the processing of their data available to interlocutors.
In this regard, this information page, created in accordance with the requirements provided for in EU Regulation 2016/679 "General Data Protection Regulation”, contains specific information referring to the following areas:
- 1. processing of data related to the functioning of this website;
- 2. processing of data related to relationships established with customers and suppliers.
We inform the interested parties (former Article 4 (1) of GDPR) of the following general profiles applying in every area of the processing of data:
- all data are processed lawfully, fairly and in a transparent manner in relation to the data subject, in compliance with the general principles established by Article 5 of the GDPR;
- Specific security measures are implemented to prevent data loss, illicit or incorrect use and unauthorised access.
References and rights of the parties concerned
The Data Controller is the undersigned Company (Contract details: tel. 0187/511535, e-mail: email@example.com)
You may refer to the above contact details to exercise all the rights provided for by Articles 15-21 of the GDPR (right of access, rectification, cancellation, limitation, portability, opposition,) as well as withdraw a previously granted consent; if no acknowledgement is received, the interested parties shall file a complaint to the data protection supervisory authority (GDPR – Article 13(2) (d).)
1)PROCESSING OF DATA RELATED TO THE FUNCTIONING OF THIS WEBSITE
1.1 Navigation data
During their normal operation, data-processing systems and software procedures responsible for the functioning of this website acquire some personal data whose transmission is implied in the use of Internet communication protocols.
The information is not collected to be associated with identified interested parties, but, by their own nature, might allow users identification through the processing and association with data held by third parties.
This category of data includes IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses on the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received as a response, the numerical code indicating the status of the response from the server (success, error, etc.) and other parameters related to the operating system and the user’s IT environment.
Purpose and legal basis of the processing (GDPR- Article 13 (1)(c)): These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning. The data might also be used to establish the responsibility in case of hypothetical cyber-crimes against the website (legitimate interests of the owner.)
Area of communication (GDPR – Article 13 (1) (e) and (f)): The data may only be processed by internal personnel, duly authorised and trained to the processing (GDPR – Article 29) or by the manager of the web-based platform (appointed external manager) and will not be disclosed to other parties, spread or transferred to non-EU countries. Only in case of an investigation they might be made available to the competent authorities.
Data retention period (GDPR-Article13(2)(a)): Data are usually kept for short periods of time, with the exception of any extensions connected to investigation activities.
Provision (GDPR – Article 13 (2)(f)): The data are not given by the interested party but automatically acquired by the website’s technological systems.
The page allows the interested party to request to be contacted by Sepor’s staff. Identification and contact details are necessary.
Purpose and legal basis of the processing (GDPR- Article 13 (1)(c)):The identification and contact details required to respond to the contact requests of the interested parties are necessary. The submission of the request is subject to the specific, free and informed consent (GDPR – Article 6 (1)(a)) documented through a dedicated checkbox (GDPR – Article 7 (1).)
Area of communication(GDPR – Article 13 (1) (e) and (f)): Data are only processed by duly authorised and trained personnel (GDPR—Article 29). Data will not be spread or transferred to non-EU countries.
Data retention period (GDPR-Article13(2)(a)): Data are kept for a period commensurate with the purpose of the collection.
Provision(GDPR – Article 13 (2)(f)): To be able to obtain a reply, data must be provided.
2)CUSTOMER/SUPPLIER DATA PROCESSING
È Click here to readthe policy.
Please note that this policy may be subject to a periodic review, also in relation to the relevant legislation and jurisprudence. Significant variations will be highlighted for an appropriate period of time on the website’s homepage. However, the interested parties should read the policy periodically.