PRIVACY DISCLAIMER
EXTENDED INFORMATION PURSUANT TO ART. 12, 13 AND, IF NECESSARY, 14 OF THE GDPR – REGULATION (EU) 2016/679 RELATING TO THE PROTECTION OF INDIVIDUALS, WITH REGARD TO THE PROCESSING OF PERSONAL DATA (HEREIN THE GDPR)
The data controller reports, below, the information pursuant to Articles 12, 13 and, if necessary, 14 of the GDPR relating to the processing of personal data provided by the Customer / interested party by completing and signing the Contract to purchase the products / services offered for sale by the data controller, spontaneously uploading data to this website personal data (in particular by filling in forms) or simply by browsing it.
1. Data controller and contact details
The data controller is Torgim dei Fratelli Giana, with registered office in, Via Manzoni, 14 – 20020 Magnago (MI), VAT number 00043950153, tel. +39 0331-658151, e-mail torgim@torgim.it, web www.torgim.it.
2. Principles applicable to processing
In accordance with the provisions of the GDPR, the data controller constantly strives to ensure that personal data are:
(a) processed lawfully, fairly and transparently;
(b) collected for specific, explicit and legitimate purposes, and subsequently processed in a way that is not incompatible with those purposes;
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
(d) accurate and, if necessary, updated;
(e) kept for a period of time not exceeding the achievement of the purposes for which they are processed;
(f) processed, by means of adequate technical and organizational measures, in such a way as to guarantee their security;
(g) processed, if by virtue of consent, by decision freely taken by the Customer / interested party, on the basis of the request presented in a clearly distinguishable way from the rest, in an understandable and easily accessible form, using simple and clear language.
The data controller adopts adequate technical and organizational measures in order to ensure the protection of personal data from the design stage and to ensure that, by default, only the data necessary for each specific processing purpose are processed.
The data controller collects and takes the utmost account of the indications, observations and opinions of the Customer / interested party transmitted to the addresses indicated above, in order to implement a dynamic privacy management system that ensures effective protection of people, with regard to the processing of their data.
3. Methods of processing personal data
The processing of personal data is carried out manually and with electronic tools, with logic strictly related to the purposes indicated below and, in any case, in order to guarantee the security and confidentiality of the data.
4. Purpose of the processing of personal data
(4a) Purposes for which the data processing is necessary
The personal data provided by the Customer / interested party are mainly processed for the execution of the Contract and credit management and, more generally, for the relationship arising from the Contract itself.
In addition to this possibility, the data can be processed for the selection of new personnel, for the distribution of products / services, management of suppliers and other cases arising from the request of the customer / interested party or normal business administration.
The provision of data in the Contract or later, during the contractual relationship, for the purposes of the processing in question is mandatory; therefore, the failure, partial or incorrect provision of such data makes it impossible to stipulate and / or execute the Contract and, for the Customer / interested party, to take advantage of the products / services offered by the data controller, potentially exposing the Customer / interested party himself a liability for breach of contract.
The personal data provided by the Customer / interested party may also be processed if this is necessary to fulfill a legal obligation to which the data controller is subject, for the protection of the vital interests of the Customer / interested party or of another person. physical, for the performance of a task in the public interest or connected to the exercise of public authority vested in the data controller, or for the pursuit of the legitimate interest of the data controller himself or of third parties, provided that they do not prevail the interests or fundamental rights and freedoms of the Customer / data subject; even in these cases, the provision of data is mandatory and, therefore, failure, partial or incorrect communication of data may expose the Customer / interested party to any liability and penalties provided for by the legal system.
(4b) Further purposes of the processing following the specific and express consent of the Customer / interested party
In addition to the aforementioned processing purposes, the personal data provided / acquired may be processed, with the prior consent of the Customer / interested party, to be expressed by selecting the << Give consent >> box on the Contract or on the Site (or using other applications social or web of the data controller), also for carrying out market surveys and for making commercial and promotional communications, by telephone (also using the mobile number provided) and automated contact systems (e-mail, sms, mms, fax, etc.), on products / services of the data controller or companies of the Group to which the data controller belongs.
Consent for the processing purposes referred to in this point (4b) is optional; therefore, following any refusal, the data will be processed only for the purposes indicated in the previous point (4a), except as specified below with reference to the legitimate interests of the data controller or third parties.
5. Categories of personal data processed
The data controller mainly processes identification / contact data (name, surname, addresses, type and number of identification documents, telephone numbers, e-mail addresses, of a fiscal / billing nature, except for others) and, if applicable commercial transactions, financial data (of a banking nature, in particular identification of current accounts, credit card numbers, except for others connected to the aforementioned commercial transactions).
The processing that the data controller carries out, both for the execution of the Contract and under the express consent of the Customer / interested party, does not generally concern particular categories of personal data, known as sensitive (which reveal racial or ethnic origin , political opinions, religious beliefs, health or sexual orientation, etc.), or genetic and biometric data or so-called judicial data (relating to criminal convictions and offenses).
However, it cannot be excluded that the data controller, in order to carry out the obligations deriving from the Contract, must keep and / or need to process sensitive, genetic and biometric or judicial data, of the Customer / interested party or third parties, of which the Customer / interested party has the capacity of data controller; in the case in question, the processing by the data controller takes place under the conditions and within the limits set out in the appointment of the data controller as data processor, by the Customer / interested party.
The data controller treats, as the data controller with reference to the Site, and, potentially, as the data processor appointed to do so (in the terms above) by the Customer / interested party, also the so-called navigation data. The computer systems and software procedures used to operate the websites acquire, during their normal operation, some personal data, the transmission of which is implicit in the use of internet communication protocols. This is information that is not collected to be associated with identified subjects, but which, by its very nature, could allow the data subject to be identified. This category of information includes geolocation data, IP addresses, browser type, operating system, domain name and addresses of websites from which access or exit was made, information on the pages visited by users within of the site, access time, stay on the single page, analysis of the internal path and other parameters relating to the operating system and the user’s IT environment. It is, therefore, information which, by its very nature, allows users to be identified through processing and association also with data held by third parties.
The Site can then use cookies, both session (which are not stored on the computer of the interested party and disappear when the browser is closed) and persistent, for the transmission of information of a personal nature, or in any case systems for tracking of interested parties.
6. Source of personal data
The personal data that the data controller processes are collected directly by the data controller from the Customer / interested party at the time of, and during, navigation of this on the Site (or using other social or web applications of the data controller), or , also through its own sales representatives, on the occasion of, or subsequent to, the signing of the Contract, in the execution phase of the same, or from public sources.
As specified above, the data controller, as the data processor appointed to do so, in order to carry out the obligations deriving from the Contract, can store and / or process data, in particular navigation, potentially even sensitive, genetic and biometric or judicial data, of third parties, of which the Customer / interested party has as data controller, acquired, with the consent of said third parties, at the time of, and during the navigation of the same third parties on the Site (or using other social or web applications referable to the owner of the treatment).
7. Legitimate interests
The legitimate interests of the data controller or third parties may constitute a valid legal basis for the processing, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. In general, such legitimate interests may exist when there is a relevant and appropriate relationship between the data controller and the data subject, for example when the data subject is a client of the data controller. In particular, it is the legitimate interest of the data controller to process personal data of the Customer / interested party: for fraud prevention purposes, for direct marketing purposes, to ensure the free circulation of the same data within the business group to which the owner of the treatment possibly belongs to, or relating to traffic, in order to guarantee the security of networks and information, i.e. the ability of a network or system to withstand unforeseen events or illegal acts that may compromise the availability, authenticity, integrity and confidentiality of data.
8. Circulation of personal data
(8a) Disclosure of personal data – categories of recipients
In addition to the employees and collaborators in various capacities of the data controller (who are authorized by the data controller to process the processing by virtue of adequate written operating instructions, in order to guarantee the confidentiality and security of the data), some processing operations may also be carried out by third parties, to whom the data controller entrusts certain activities, or part of them, functional to the purposes referred to in point (4a), therefore both in execution of contractual and legal obligations, among which they deserve mention, to however, unavoidably, non-exhaustive title: commercial and / or technical partners; companies that provide banking and financial services; companies that perform document archiving services; debt collection company; auditing firm and certification of financial statements; rating company; subjects who carry out professional assistance and consultancy activities for the data controller; companies that carry out customer care activities; factoring, credit securitization or credit transfer companies for other reasons; company of the Group to which the data controller may belong; subjects who provide commercial information; IT services company. The subjects belonging to the aforementioned categories process the personal data themselves as independent data controllers, or as data controllers, with reference to specific processing operations that fall within the contractual services that the same subjects perform in favor / in the interest of the data controller; to the data processors, the data controller gives adequate written operating instructions, with particular reference to the adoption of minimum security measures, in order to guarantee the confidentiality and security of the data.
Some processing operations may be carried out by third parties, to whom the data controller entrusts certain activities, or part of them, also functionally to the purposes referred to in point (4b), among which they deserve mention, however, inevitably, not exhaustive: commercial and / or technical partners; companies that institutionally provide marketing services; advertising agencies; subjects who provide assistance and advice with reference to competitions and prize operations. The subjects belonging to the aforementioned categories process personal data as independent data controllers, or as data controllers, with reference to specific processing operations that fall within the contractual services that the same subjects perform in favor / in the interest of the data controller; to the data processors, the data controller gives adequate written operating instructions, with particular reference to the adoption of minimum security measures, in order to guarantee the confidentiality and security of the data.
Upon written request to be sent to the data controller’s office, the list, subject to periodic updating, of the data processors with whom the data controller maintains relations is available.
Personal data may also be disclosed, in the event of a request, to the competent authorities, in fulfillment of obligations deriving from mandatory provisions of law.
(8b) Transfer of personal data to third countries
The personal data of the Customer / interested party may also be transferred abroad, both to countries of the European Union and to countries outside the European Union and, in the latter case, or on the basis of an adequacy decision, or within the scope and with the adequate guarantees provided by the GDPR (therefore, in particular, in the presence of standard contractual clauses of data protection approved by the European Commission), or, outside the aforementioned hypotheses, using one or more of the exceptions provided by the GDPR (in particular, by virtue of the explicit consent of the Customer / interested party, or for the execution of the Contract concluded by the Customer / interested party, or for the execution of a contract stipulated between the data controller and another natural person or legal in favor of the Customer / interested party, in particular for the execution of activities delegated to it by the data controller for the execution of the Contract concluded with the Customer / interested party). For the hypothesis of data transfers to countries outside the European Union, the Customer / interested party is allowed, upon written request to be sent to the headquarters of the data controller, to know the adequate guarantees, or the exceptions, which legitimize cross-border processing. It is understood, in the event of data transfer to countries outside the European Union, that for any request concerning the data, including for the exercise of the rights recognized by the GDPR to the Customer / interested party, this can always validly contact the owner of the treatment.
9. Criteria for determining the retention period of personal data
For the purposes referred to in point (4a) above, the retention period of personal data released by the Customer / interested party, and their consequent potential processing, coincides with the prescription period of rights / duties (legal, fiscal, etc. ) descendants from the Contract: basically 10 years, therefore, except for the occurrence of interrupting events of the prescription that could actually extend said period.
For the purposes referred to in point (4b) above, the retention period of the data released by the Customer / interested party, and their consequent potential processing, ends with the revocation of the consent previously issued by the Customer / interested party himself or, in the absence of this, however, after one year from the termination of any relationship between the data controller and the Customer / interested party.
10. Rights of the Customer/data subject
The data controller recognises – and facilitates the exercise by the Customer/data subject of – all the rights granted by the GDPR, especially the right to request access to the personal data that concern him/her and to obtain a copy thereof (article 15 of the GDPR), the right to rectification (article 16 of the GDPR), and to the erasure of the data (article 17 of the GDPR), the rights of restriction of the processing that concerns him/her (article 18 of the GDPR), the right to the portability of the data (article 20 of the GDPR, if the requirements are met) and the right to object to the processing that concerns him/her (articles 21 and 22 of the GDPR, for the cases mentioned above and, in particular, in case of processing for marketing purposes or that is carried out via an automated decision-making process, including profiling, which produces legal effects that concern him/her, if the requirements are met).
The data controller also recognises, in cases where the processing is based on consent, the right of the Customer/data subject to withdraw said consent at any time, without prejudice to the lawfulness of the processing based on the provided consent prior to the withdrawal. In order to do this, the Customer/data subject may at any time unregister from the Site (or other social or web applications of the data controller) either by using the link at the bottom of all commercial communications received, or by contacting the data controller at the aforementioned addresses.
The data controller shall also inform the Customer/data subject of the right to lodge a complaint with the Personal Data Protection Authority in its capacity as supervisory authority in Italy and to bring court proceedings both against a decision of the Data Protection Authority and against the data controller and/or a data processor.
11. Security of systems and of personal data
Bearing in mind the state of the art and the implementation cost, as well as the nature of the subject, the scope and the purposes of processing, as well as the risk, in terms of probability and severity, to the rights and freedoms of natural persons, the data controller shall adopt the technical and organisational measures that can guarantee a security level appropriate to the risk presented, especially by ensuring, on a permanent basis, the confidentiality, integrity, availability and resilience of the processing systems and services (also through the encryption of the personal data, where necessary) and the ability to promptly restore the availability of the data in case of physical or technical incident, and by adopting internal procedures aiming at regularly testing, verifying and assessing the efficacy of the technical and organisational measures adopted.
In assessing the adequate level of security, the data controller shall take into account the risks presented by the processing and which arise, in particular, from the unauthorised destruction, loss, modification, disclosure of or the accidental or illegal access to the personal data transmitted, stored or in any way processed.
The data controller shall endeavour to ensure that any one who acts under his authority and has access to personal data does not process them unless he/she has been authorised to by the data controller.
Having said this, the Customer/data subject understands and accepts that no security system guarantees certain and absolute security; therefore, the data controller shall not be liable for acts or deeds by third parties who may access the systems while not duly authorised, despite the adequate protections that have been adopted.
12. Automated decision-making processes, including profiling
The data controller may carry out automated processing, including profiling, in relation to the purposes under point (4b) above, to optimise the browsability of the Site (or the usability of other social or web applications of the data controller) and to improve the purchasing experience, without prejudice to what has been mentioned above with regard to the rights of objection and withdrawal of consent by the Customer/data subject.
The term “profiling” shall mean any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s personal preferences, interests, location, also in order to create profiles, or homogeneous groups of persons by characteristic, interest or behaviour.
The data controller shall not carry out any automated processing that produces legal effects which concern the Customer/data subject or which impinge significantly on his/her person, except where this is necessary for the conclusion or the performance of the Contract, is authorised by the law or is based on the explicit consent of the Customer/data subject, always recognising the latter’s right to obtain human intervention, to express his/her opinion and to appeal against the decision.
EXTENDED INFORMATION ON COOKIES
1. What are cookies
This site uses cookies, including from third parties, to improve the browsing experience and allow those who surf to take advantage of our online services and view advertising in line with their preferences.
Cookies are small text files that are automatically placed on the browser’s PC within the browser. They contain basic information on Internet browsing and thanks to the browser they are recognized every time the user visits the site.
Within our site we have provided a system to allow you to express a preference on first access, consenting or not to the installation of some cookies.
The preference can be changed at any time if the tool allows it, while the cookies on your computer can be deleted at any time through a procedure provided by the browser you use to browse the internet (for instructions, please consult the guide of the its specific software).
Below you will find all the indications of the cookies installed by this site and the necessary information on how to manage your preferences.
2. Cookies used by this site
The cookies used on this site fall into the categories described below.
(2a) Technical cookies
The technical cookies described below do not require consent and are therefore installed automatically following access to the site.
Cookies necessary for operation: cookies that allow the site to function properly while also allowing the user to have a functional browsing experience. For example, they keep the user logged in while browsing, preventing the site from requesting to log in several times to access subsequent pages.
Cookies for saving preferences: cookies that allow you to remember the preferences selected by the user while browsing, for example, they allow you to set the language.
Cookies for Statistics and Audience Measurement: cookies that help to understand, through data collected in anonymous and aggregate form, how users interact with the website by providing information relating to the sections visited, the time spent on the site, any malfunctions.
(2b) Third party cookies
Through this site cookies managed by third parties are also installed, with various utilities and functions.
Statistical and third-party audience measurement cookies
These cookies provide anonymous / aggregate information on how visitors navigate the site. Below is the list of cookies of this type, with: company name, service offered, type of cookies and link to the service’s cookie policy.
- Google
Google Analytics: statistics system
Analytical cookies
privacy policy - Social media sharing cookies
These third-party cookies – if there are links on the site – are used to integrate some common features of the main social media and provide them within the site. In particular, they allow the registration and authentication on the site via facebook and google connect, the sharing and comments of pages of the site on social networks, enable the functions of the “like” on Facebook and “+1” on G +.
Below are the links to the respective cookie pages with: company name, type of cookies, link to the cookie policy.
- Youtube
social media
privacy policy
Remarketing cookies
These third-party cookies allow you to send advertising to users who have visited the site both while browsing the websites of the Google Display Network and / or using the apps of the Google Display Network and while browsing on Google.
Below are the links to the respective cookie pages with: company name, type of cookies, link to the cookie policy.
- Google
Remarketing
privacy policy
3. Management of cookie preferences through the browser
Any browser used allows the user, through a specific procedure, to manage cookie preferences.
Generally, to activate this procedure, simply click on “Help” in the browser window at the top, from which you can access all the necessary information.
Alternatively, you can refer to the guide of your navigation browser.
VALIDITY OF THE INFORMATION
This Information may undergo changes, in line with the evolution of the relevant legislation and the technical and organizational measures gradually adopted by the data controller; the Customer / interested party is therefore requested to periodically visit this section of the Site, to view the updates and information in the text in force from time to time.