IN ACCORDANCE WITH THE GENERAL REGULATION ON DATA PROTECTION EU 2016/679 GDPR AND PURSUANT TO THE D.LGS N. 196/2003 (subsequently amended and integrated)
CONTROLLER OF THE DATA PROCESSING
Kilowatt Soc Coop – Via Castiglione 134 – 40136 Bologna – firstname.lastname@example.org
Dear User, we inform you that the processing of your personal data will be compliant with the current privacy legislation and it will be based on correctness, lawfulness, transparency and data protection. To this end, in accordance with article 13 of 2016/679 GDPR EU regulation, we indicate below the general information regarding the processing of personal data through this website, additional specific information will be presented where necessary directly on the web pages where data will be collected in order to provide you any type of service. This information is exclusively referred to data of those who interact with web services from this site’s home page without extending to other websites possibly reached by the user from external links.
The processing of personal data is any operation or complex of operations, carried out even without the aid of electronic tools, concerning the collection, registration, organization, storage, consultation, elaboration, modification, selection, estraction, comparison, usage, interconnection, block, communication, diffusion, cancellation and destruction of data, even if not registered in a database.
PURPOSE OF DATA PROCESSING
In case of acquisition of personal data, those, in compliance with current legislation on personal data protection, will be processed exclusively for the following purposes:
- strictly connected and instrumental purposes to allow access to and use of the site, its features and requested services;
- for operational and management needs within the Owner and related to the services offered through the site;
- communications related to the request sent to us. Such processing is necessary to respond to received requests for information and estimates;
- subscription to the newsletter. Such treatments are necessary for the periodic sending of the company newsletter;
- participation in projects. Such treatments are necessary to allow you to participate in the various projects developed by the organization (Workshops, Events, Capsula Design Market, Kilowatt Summer, VETRO, etc.)
- to comply with the obligations eventually required by law and by european legislation.
- in a completely anonymous and aggregate form, for statistical purposes.
LEGAL GROUNDS OF DATA PROCESSING
The treatment of your personal data will be carried out on the basis of one or more of the following conditions. In particular, the processing carried out for the purposes described above, which concern:
Sections a) b) c) d) e): have as legal basis the necessity to execute your requests to receive a directly available service through the website: is therefore providing strictly necessary data and connected to a requested service or functional to respond to your specific request, as such data collected from time to time are mandatory and if you do not intend to provide them, it will not be possible to erogate the service or to respond to your request;
section f): has as legal basis the necessity to comply with a legal obligation to which the Owner is subject;
section g): being anonymous data, that is data from which is impossible to re-identify, even indirectly, a physical person, such data are no longer personal information, therefore related treatments are removed from the application of privacy law and there is no need for a particular legal basis.
In the website pages where your personal data is explicitly collected, you will find listed where necessary further specific privacy information, as well as methods for the acquisition of your consent in cases in which the Owner uses that legal basis for processing.
TREATED PERSONAL DATA AND MODE OF TREATMENT
The processed personal data of the interested party consist of:
1) Navigation data. Informatic systems and software procedures in charge of the functioning of this website acquire, in normal operation, some personal data that will be implicitly transmitted in the use of internet protocols.
This is information that is not collected to be associated with identified interested parties, but by their very nature could, through elaboration and association with data owned by third parties, allow users to be identified. All our activities are regulated by strict ethical principles and we are committed to protecting the privacy of all the visitors to our website. For this reason the way we collect and memorize data is strictly linked to the mode of use of our website and related services.
2) Data provided voluntarily from users/visitors (name, surname, e-mail address, phone number, VAT number, TAX CODE, home/legal address). If users/visitors visiting the website send their personal information for:
- subscribing to the company newsletter
- request information
- request estimates
- participate/apply for projects (Workshop, Events, Capsula Design Market, Kilowatt Summer, VETRO, etc.)
3) Cookies. Various technologies can be used on our website for improving and making it easier to use, more effective and safe. These technologies allow us or third parties operating for us to automatically collect data. Examples of such technological solutions are cookies. For more information on the cookies used, the purposes and methods of disabling them you can consult the specific policy.
All data will be processed mainly electronically. Personal data and any other eventual information that may be directly or indirectly associated with a determined user, are collected and processed using technical and organisational security measures to ensure a level of security appropriate to the risk, considering the state of the art and implementation costs, or, where expected, safety measures required by appropriate legislation such as, for example, non-exhaustive: measures provided for by applicable provisions issued by the Guarantor Authority for the protection of personal data or by regulations and specific legislation to the banking/financial sector and will be accessible only to specifically authorized staff. In specific reference to the aspects of personal data protection, you are invited, pursuant to article 33 of GDPR to report to the Owner any circumstances or events from which a potential personal data breach can result, in order to allow an immediate evaluation and the adoption of any action to counter such event, sending a communication to email@example.com. Please note that personal data breach means a “breach of security that results in accidental or unlawful destruction, loss, modification, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed”.
Measures adopted by the Owner do not exempt the user/customer from paying attention to the use, where required, of password/PIN number of adequate complexity, which must be upgraded periodically as well as carefully store and make inaccessible to others, in order to avoid misuse and unauthorised use.
DATA STORAGE PERIOD
The processed personal data will be stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which they are processed, without prejudice to the need to keep them for a longer period following requests from the competent authorities for the prevention and prosecution of crimes or, in any case, to assert or defend a right in court. After the indicated storage terms, the data will be destroyed, deleted or anonymized, compatible with the technical procedures of deletion and backup.
MANDATORY NATURE OF THE PROVISION OF DATA
The processing of personal data is normally allowed only with the consent of the data subjects, which must be free, informed, expressed in specific form and documented in writing. The interested party is free to provide the personal data requested from time to time; their failed, partial or inaccurate conferment may make it impossible to provide the requested services (art. 7 GDPR). The acquisition of consent to the processing of personal data is necessary for all the aforementioned processing operations connected with and/or necessary to comply with legal obligations, Community legislation, to perform obligations arising from a contract to which the data subject is a party or to fulfil, before the conclusion of the contract, specific requests of the latter.
At any time you can revoke your consent to receiving commercial communications previously issued by sending a request to: firstname.lastname@example.org.
In addition to Kilowatt Soc. Coop. employees, some processing of personal data, to achieve the purposes listed above, may be carried out by third parties, whether they are Independent Owners or External Data Processors or Authorities. The categories of third parties that may be involved in the processing of you personal data are:
- IT Service Providers we rely on;
- Communication and Marketing service providers;
- Public Authorities, where required by law or at their request.
Kilowatt Soc Coop will take care of ensuring that Kilowatt Soc Coop employees and suppliers process your data in an appropriate and secure manner depending on the specific processing. To ensure that this happens, Kilowatt Soc Coop will ensure that employees and suppliers take appropriate measures to the treatment by providing precise instructions and supervising their work.
TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES
For the pursuit of the purposes described above, data may be transferred to non-EU countries to operators (such as Google, MailChimp, Dropbox, etc) that hold the data in compliance of European privacy law (GDPR).
RIGHT OF THE DATA SUBJECT, COMPLIANT TO THE SUPERVISORY AUTHORITY
You have several options for managing your personal data that you can excercise by writing to email@example.com. In particular, you may:
- Delete your personal data: you can ask us to delete personal data that concerns you (for example if you no longer need our services).
- Modify or correct your personal data: you can independently modify your personal data through the features present in each communication we send. You can also ask us for changes, updates and corrections of data, especially if they are not accurate;
- Limit the use of personal data: you can ask us to limit the use of your personal data;
- Right to access, recieve and/or have transferred your personal data: you may ask us to access your personal data stored by us and obtain and/or have transferred your personal data in a readable format;
- Oppose to the use of your personal data: you can ask us to stop using the whole or part of your personal data;
- Right to lodge a complaint: if you feel that your rights have not been respected, you can lodge a complaint with the competent authority according to the indication published on the website www.garanteprivacy.it.