Dear user, we welcome you to our website (the “Site“) and invite you to pay attention to the following policy (the “Policy“), issued pursuant to article 12 of European Regulation 2016/679 regarding the protection of individuals with regard to the processing of personal data, as well as the free movement of such data (“GPDR“).
WHO IS THE DATA CONTROLLER?
The data controller (or rather the subject who determines the purposes and methods with which the personal data is processed) is CAVIT S.C., with registered offices in 38123 Trento, via Dal Ponte, 31 – F.R. Ravina, VAT number 00107940223, telephone number 0461-381711.
WHAT DATA DO WE PROCESS?
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data, the transmission of which is implicit in the use of Internet communication protocols.
This is information is not collected so that it can be associated with identified subjects, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
These types of data include IP addresses, the domain names of the computers utilized by the users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code that indicates the status of the response provided by the server (successful, error, etc.) and other parameters relating to the user’s operating system or IT environment.
These data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain liability in case of hypothetical computer crimes against the site: except for this eventuality, at present the data of web contacts do not persist for more than seven days.
Data provided on a voluntary basis by the user
The optional, explicit and voluntary sending of messages to the e-mail addresses indicated on this site involves the subsequent acquisition of the e-mail address, necessary to respond to requests, as well as any other personal data entered.
Moreover, to use the other site features (online shop), the Data Controller may process the following personal data of the user:
- personal and contact data (name, surname, date of birth, address, tax code/VAT number, telephone number, e-mail address);
- bank and payment data;
- data relating to e-commerce purchases.
ARE YOU OBLIGED TO PROVIDE THE DATA IN QUESTION?
Apart from what is specified for browsing data, we remind you that the provision of data is optional, but in the absence of such, it may not be possible for us to respond to your requests or provide the requested services.
WHY (PURPOSE AND LEGAL BASIS) AND HOW LONG WE PROCESS YOUR DATA
Management of requests made through the site
We will process your data to satisfy your requests made by writing to the e-mail address available on the Site.
The legal basis of this processing is the need to execute your request, in compliance with article 6, paragraph 1, letter b) GDPR. Therefore, the acquisition of your prior consent to the processing is not necessary.
We will process this data for this purpose for the time strictly necessary to satisfy your request and will keep it for a year thereafter.
If you use the section of the site dedicated to online purchases (“shop”), your personal data will be processed for:
- execution of the order,
- accounting, administrative and tax obligations.
The legal basis of the processing for the purposes a) and b) is the execution of a contract, in compliance with article 6, paragraph 1, letter b) GDPR.
The legal basis of the processing for the purpose c) is the fulfilment of regulatory obligations.
In this case, your personal data will be kept until the expiry of the ordinary ten-year term provided for by Article 2946 of the Italian Civil Code for contractual liability.
Your contact data will also be used for the promotion of products offered by the Data Controller.
The legal basis of the processing is the Data Controller’s legitimate interest in the marketing activity.
In fact, consent is not necessary in case of transmission, through the email coordinates provided in the context of a previous purchase, of communications relating to the direct sale of products similar to those already purchased, provided that the properly informed recipient does not refuse such use, initially or on the occasion of subsequent communications.
In this case, your personal data will be kept until you send a request to no longer receive promotional communications or for the maximum period of twelve months from your last purchase.
Use of browsing data
The Data Controller will process the browsing data:
- for technological maintenance of the site;
- to ascertain liability in the case of possible computer crimes against the Site.
The legal basis of this processing is the Data Controller’s legitimate interest to guarantee the correct use of the Site and to prevent any possible computer crimes.
We will keep this data in the terms established by law for a maximum period of 12 months
HOW WE PROCESS YOUR DATA?
Your data will be processed using paper and IT, manual and automated means adequate to guarantee its protection, security and compliance with the principles of the GDPR, in particular those of transparency, lawfulness, correctness.
TO WHOM WILL WE COMMUNICATE YOUR DATA?
For the pursuit of the purposes described above, your personal data will be made known to our employees and collaborators.
For management or assistance needs in the context of our IT systems, moreover, your data may be made known to subjects who assist us in these sectors.
Beyond these cases, your personal data will not be disclosed.
WHERE WILL WE PROCESS YOUR DATA?
Your personal data will be processed on the EU territory.
WHAT ARE YOUR RIGHTS?
We have the obligation to respond to your requests to know how and why your data is processed; to correct incorrect data, integrate incomplete data, and update data; if you require, to delete data and limit processing; to provide your personal data in a commonly used and readable electronic format or to send your data to another Data Controller that you indicate. Moreover, since you have given consent to specific processing, you can request that it be interrupted if you no longer agree.
HOW CAN YOU EXERCISE YOUR RIGHTS?
If you need to contact us specifically regarding your protection of personal data or to exercise the rights indicated, send an e-mail to firstname.lastname@example.org to which you are kindly requested to address any requests.
WHO CAN YOU CONTACT IN CASE OF OUR SHORTCOMINGS?