PRIVACY POLICY

Given the services and products offered by our organization, the Data Controller processes personal, identifying and non-particular data (for example: name, surname, tax code, email, telephone number (hereinafter, “personal data” or even “data”) from communicated to you when requesting services from our organization and/or when defining contractual agreements and/or promotional initiatives and for the purposes set out below.For some services it may be necessary to process particular data, i.e. suitable personal data to detect some sensitive information for example: racial and ethnic origin, membership of parties, trade unions, associations or organizations also of a religious, philosophical, political or trade union nature, state of health and sex life (hereinafter particular data Judicial data may be necessary for certain legislative requirements.

Your personal data are processed:

A) Without your express consent, because deriving from legal and/or contractual obligations or referring to legitimate interests (Privacy Code and art. 6 – GDPR), for the following purposes:

● To manage and maintain the services requested by the interested party and to find the interested party for the organization of the requested services;
● Fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships with you;
● Fulfill the obligations established by law, by a regulation, by community legislation or by
an order from the Authority, including for Accounting and Tax aspects;
● Prevent or discover fraudulent activities or harmful abuses and/or for the purposes established by current legislation
anti-money laundering legislation.
● Compulsory obligations deriving from the requirements of the organizational and management models based on
specific recognized standards (for example ISO, UNI, etc) required by law and/or by specifications
contractual requirements requested by the data subject and/or specified as a requirement for the services.
● Exercise the rights of the Owner, for example the right of defense in court.
● Availability of the interested party for information relating to the services requested and their management;
● Allow you to register for the services and allow the sending of useful information to the interested party in operation
of the services requested;
● Processing of particular data for the services requested and included in the cases listed in article 9
paragraph 2 from the letter “b” to “j”.
● For legitimate interest related to commercial updates on initiatives of the
our organization.

Regarding the data collected by the WEB site

● Allow registration to the website
● Allow your questions to be answered in the contact “form”;
● Manage and maintain the website;
● Prevent or detect fraudulent activity or abuse harmful to the website; For needs related to
operation and maintenance, and any third party services used by it could collect system logs, i.e. files that record the interactions and which may also contain Personal Data, such as the User IP address.
● For legitimate interest related to communications (including commercial) updating on the initiatives of our organization and/or deriving from applicable regulatory / legislative requirements

B) Only with your specific and distinct consent (art. 7 GDPR and as per Legislative Decree 196/03), for the following Purposes

B.0 Treatment of other particulate data necessary and with exclusive use for the provision of the requested service, but which require consent as provided for by art. 9 paragraph 2 of the reg. 679/16.
B.1 Processing of data to improve services and not necessary for carrying out the operations indicated in point 2A, but aimed at improving the services requested, and in any case always obtained directly from the interested party. Fulfillments for the development of processes and services required by the management systems and organizational models implemented, but not mandatory and not referred to specific standards. The data will be used to expedite subsequent requests for services to our organization
B.2 Marketing and/or commercial: Commercial communications and/or advertising material on products or services that do not fall within the legitimate interest. We point out that if you are already our customer, we will be able to send you commercial communications relating to services and products similar to those you have already used, unless you disagree (Privacy Code).

For other purposes, it will be the responsibility of the owner to define specific information and related needs for consent and/or additions for the treatment.

This information does not include any treatments by other subjects who can be reached through any links on the site and for which reference must be made to the specific information.

The processing of your personal data is carried out by means of the operations indicated by Legislative Decree 196/03 and in art. 4 no. 2) GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data is subjected to both paper and electronic and automated processing.
The Data Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the Purposes referred to in point 2.A (except for other legislative requirements). For the purposes referred to in point 2B, on the other hand, it will process the data until consent is revoked or after 5 years from the interruption of relations/communications with the interested party from the first collection.
Profiling: data profiling is not carried out

You may have access to your data at any time by making a simple request to the addresses indicated in this statement.

Your data may be made accessible and/or communicated for the purposes referred to in art. 2.A) and 2.B):
Without prejudice to communications and disclosures made in compliance with legal obligations, the Data Controller may communicate your data, in Italy and/or abroad (as indicated in the following points) to:
● To employees and collaborators of the Data Controller, in their capacity as persons in charge and/or data processors and/or system administrators;
● To technicians and/or collaborators for administrative, fiscal and accounting management and/or to fulfill specific legal obligations or for which external suppliers have been identified.
● To our network of agents; factoring company; credit institutions; debt collection companies; credit insurance company; commercial information company for the services requested; professionals and consultants; companies operating in the transport sector; technicians and collaborators appointed to provide the requested services/products, to supervisory bodies, judicial authorities as well as to all other subjects to whom the communication is mandatory by law for the accomplishment of the aforementioned purposes. To legal entities entrusted with the services referred to in this disclosure.

● To companies or other legal entities, qualified and appointed pursuant to art. 28 of Regulation 679/16, for support activities including: management and development of communication, management and development of company processes and projects, communication and promotion systems, for the storage of personal data. Access may be granted to third parties and associated companies, which provide services deemed necessary and/or useful by the owner for the management of company activities and related support processes or requested by you. Suppliers include computer system maintenance companies; credit institutions, professional studios, companies that provide services on IT systems/platforms that the Data Controller deems useful to use, to companies that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
● It may be necessary to communicate data to recipients for legislative obligations and/or deriving from the organizational structures of the owner which involve the presence of independent subjects with the possibility of being recipients of data to fulfill the legislative obligations deriving from the role held. Among these recipients we could identify supervisory bodies, third-party inspectors, people who carry out AUDITS on our organization, subjects and/or bodies that carry out checks on our organization.

The management and storage of personal data will take place on servers located within the European Union of the Data Controller and/or of third-party companies appointed and duly appointed as Data Processors. Currently our internal servers are located in Europe. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to non-EU countries. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses envisaged by the European Commission. For some mailing or “storage” services, we rely on “cloud” platforms, which may have servers in non-EU countries, but the data is only temporarily stored for the requested service.

The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we could not guarantee you the services referred to in point 2.A). The provision of data for the purposes referred to in point 2.B) is instead optional.
You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive commercial communications and advertising material relating to the Services offered by the Data Controller. In any case, you will continue to be entitled to the Services pursuant to art. 2.A).

In your capacity as an interested party, you have the rights referred to in Legislative Decree 196/03 and art. 15-22 GDPR and precisely the rights of: A) Obtain confirmation of the existence or not of personal data concerning you, even if not yet
recorded, and their communication in an intelligible form;
B) Obtain the indication: of the origin of the personal data; of the purposes and methods of the treatment; of logic
applied in case of treatment carried out with the aid of electronic instruments; of the identification details of the owner, of the managers and of the designated representative pursuant to the Privacy Code and art. 3, paragraph 1, GDPR; and of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as designated representative in the territory of the State, managers or agents;
C) Obtain: updating, rectification or, when interested, integration of data; the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; the certification that the operations pursuant to art. 8.A) and B) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right;

D) Oppose, in whole or in part: for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of the collection; to the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator via email and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the right of opposition of the interested party, set out in point B) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the interested party to exercise the right of opposition also only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.

Where applicable, he also has the rights referred to in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to limitation of treatment, right to data portability, right to object), as well as the right to complain to the Guarantor Authority.

You can exercise your rights at any time by sending:
● A registered letter with return receipt addressed to: GHELLER S.p.A., with registered office in Via Monte Grappa, 7 – 36020 SOLAGNA (VI)
● An e-mail to privacy@gheller.it or PEC to gheller@pec.keyworld.it

The services of the Data Controller are not intended for minors under the age of 14 and the Data Controller does not intentionally collect personal information relating to minors. In the event that information on minors is involuntarily recorded, the Data Controller will promptly delete it, at the request of the users. For any treatment needs of minors, specific consent and authorization will be required from the person exercising parental authority and/or from the holder of parental responsibility (as required by Article 8 of Regulation 679/16).

The Data Controller is GHELLER S.p.A. – in the person of the pro-tempore legal representative. The data controller can be reached at the addresses indicated above. The updated list of data processors and persons in charge of processing is kept at the headquarters of the Data Controller.

The Data Protection Officer (D.P.D.) or Data Protection Officer (D.P.O.) is not applicable to our organization.