2) Identification details of the Data Controller
The Data Controller is .Engicam Srl, with registered office in Scandicci (FI), via dei Pratoni No.16, 50018 Scandicci (FI), VAT Registration Number 05389070482. In order to exercise your rights, you must submit a written request to the Data Controller by registered letter with acknowledgment of receipt at via dei Pratoni n. 16, 50018 Scandicci (FI) or by e-mail at email@example.com or via certified e-mail at firstname.lastname@example.org.
3) Type of data processed
When the site is only consulted, as a general rule, there is no collection and/or processing of personal data, except for browsing data and cookies, as is described below more in detail. In addition to these, the personal data provided by you on a voluntary basis may be processed when you interact with the functionalities featured on the site and/or ask to make use of the services provided.
4) Cookies and browsing data
Technical cookies are necessary for the proper functioning of a website and are used to allow the user’s navigation. In case of their absence, the user may not be able to properly view the pages or use certain services.
On the other hand, the aim of profiling cookies is to create user profiles. This will make it possible to send advertising messages according to the user’s preferences observed during navigation.
Also, there are:
- session cookies, which are deleted immediately while closing the web browser;
- persistent cookies, which remain within the browser for a certain period of time (used, for example, to recognize the device);
- first-party cookies, which are created and managed directly by the manager of the website;
- third-party cookies, which are created and managed by persons other than the manager of the website.
5) Cookies used on the Site
The Site uses the following types of cookies:
- first-party, session and persistent cookies, which are necessary to allow the Site navigation, with a view to ensuring internal safety and system administration safety;
- third-party, session and persistent cookies, which are necessary to allow the user to use any multimedia elements on the Site, such as images and videos;
- third-party, persistent cookies, used by the Site to transfer information for statistical purposes to the Piwik Analytics system. This system allows the Company to carry out anonymous statistical analyses of accesses and/or visits to the Site, since the saved IP address is not complete but cut in the last numbers;
- third-party, persistent cookies, used by the Site to incorporate the social-network buttons (Facebook, Twitter and Google+) into its pages. By selecting one of these buttons, the user can publish the contents of the web page of the Site he/she is visiting on his/her social-network personal page.
If the Site contains any links to other sites (the so-called third-party sites), the Company does not make/ makes (any) access to or control over cookies, web beacons and other user tracking technologies that could be used by third-party sites that the user can access from the Site. Also, the Company does not exercise any control over the contents and materials published by or obtained from third-party sites, nor over their procedures for the processing of users’ data and expressly declines any responsibility therefor.
6) Storage of personal data
Personal data are stored and processed via computer systems owned by Engicam Srl and are managed by the latter or by third-party technical service providers, as is better explained in a section hereinbelow. The data are processed exclusively by specially authorized personnel, including the personnel responsible for carrying out maintenance operations.
7) Data processing purposes and methods
The Company may process personal data for the following purposes: the use of services and functionalities featured on the Site by the user, the management of requests and reports from its users, newsletters, the management of job applications, etc.
If the user expresses an additional and specific consent, Engicam Srl may process personal data for marketing purposes – that is, to provide the user with promotional materials and/or commercial messages relating to the Company's services, at the addresses indicated, either through conventional procedures and/or contact means (such as, snail mail, phone calls with operators, etc.) and automated means (via the Internet, by fax, by e-mail, by sms, applications for mobile devices such as smartphones and tablets, etc.).
Personal data are processed in both paper format and electronic format and entered into the corporate information system in full compliance with Regulation (EU) 2016/679, including safety and confidentiality profiles, still in compliance with the principles of fairness and lawfulness of processing. In accordance with Regulation (EU) 2016/679, the data are stored and kept for 10 years.
8) Safety and quality of personal data
The Company is committed to protecting the safety of the personal data provided by the user, ensuring compliance with the safety provisions provided for by the regulations in force in order to prevent any loss, illegal and/or improper use and unauthorized access to the user’s personal data, with particular reference to the Technical Guideline for minimum security measures. In addition, the information systems and computer programs used are set up in such a way as to minimize the use of personal and identification data; such data are used only for the achievement of the specific objectives from time to time pursued. The Company uses multiple advanced safety technologies and procedures that promote the protection of personal data; for instance, personal data are stored on safe servers located in protected- and controlled-access places.
9) Scope of data disclosure and access
The personal data of the user may be disclosed to:
- any persons who have the right of access to such data according to the regulations in force;
- our collaborator and employees, only within the framework of and limited to their tasks;
- any natural and/or legal persons, public and/or private entities whenever disclosure is desirable for or instrumental to our business activity, according to the procedures and for the purposes described above.
10) Nature of personal data provision
The provision of some personal data by the user is mandatory in order to enable the Company to manage notices, user requests received or to re-contact the user to respond to his/her request. This type of data are marked with an asterisk [*] and, in such a case, data provision is mandatory in order to enable the Company to respond to the request that, failing this, cannot be processed. On the contrary, the collection of data not marked with an asterisk is optional: the failure to provide such data will not entail any consequences for the user.
The provision of personal data by the user for marketing purposes, as is specified under "Processing purposes and methods" is optional and any refusal will have no consequences. The consent given for marketing purposes is deemed to be extended to the sending of messages through both automated and traditional procedures and/or contact means, as was exemplified above.
11) Rights of the data subject
The data subject has the right to obtain from the data controller confirmation as to whether or not the personal data concerning him/her are being processed and, where that is the case, access to such personal data and to the following information:
- the purposes of the processing;
- the categories of personal data in question;
- the recipients or categories of recipients to whom the personal data have been or will be sent, especially in case of recipients from third countries or international organizations;
- the period of retention of personal data provided or, if this is not possible, the criteria used to determine that period;
- the existence of the data subject's right to ask the data controller to correct or delete personal data or to limit the processing of the personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- the existence of an automated decision-making process, including profiling and, at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based according to paragraph (a) of Article 6(1), or paragraph (a) of Article 9(2), and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1 of Regulation (EU) 2016/679.
The data subject shall have the right to obtain from the data controller restriction of processing where one of the following applies:
- the accuracy of the personal data is challenged by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
- the data subject has objected to processing pursuant to Article 21, paragraph 1 of Regulation (EU) 2016/679 pending the verification whether the legitimate grounds of the controller override those of the data subject.
The data subject has the right to obtain the data portability in a structured and commonly used format readable by an automatic device, and to send them to another data controller without hindrance.
You can exercise your rights by written request to be sent to the data controller by registered letter with acknowledgment of receipt at via dei Pratoni n. 16, 50018 Scandicci (Florence, ITALY) or by e-mail at email@example.com or by certified e-mail at firstname.lastname@example.org.
03 August 2018