Effective date of this Policy: 25/05/2018
Why this note.
This page describes how to manage the website with reference to the processing of personal data of users who consult it.
This information is also provided pursuant to art. 13 of the European Regulation 2016/679 to those who interact with web services accessible electronically from the address: www.drmsrl.it.
The information is provided only for the site in question and not for other websites that may be consulted by the user through links.
The “Data Controller”.
Following consultation of this website, data relating to identified or identifiable persons may be processed.
The data “Controller" is D.R.M. S.r.l. with registered office in Via Piva, 2 - 46025 Poggio Rusco (MN).
Luogo di Trattamento dei Dati.
Data processing connected to the web services of this website takes place at Data Center IT1 of ARUBA Spa - Via Gobetti, 96 52100 Arezzo ITALY and is carried out only by employees, collaborators, technical staff of the Office in charge of processing. Users' data may also be processed by DIREZIONE 22, which has been appointed as data processor for operations aimed at the maintenance and assistance of the website.
No data deriving from the web service is communicated or disclosed.
The personal data provided by users who request information material (bulletins, CD-ROMs, newsletters, annual reports, answers to questions, actions and measures, etc.) are used only to perform the service or provision requested and are communicated to third parties only if this is necessary for this purpose.
Types of processed Data.
The computer systems and software procedures used to operate this website collect, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and computer environment of the user.
These data are used for the sole purpose of obtaining statistical information on the use of the website and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the website.
Data provided voluntarily by the user
In the Contact page, the user can communicate with the company to ask for information and clarifications on D.R.M. products/services. Users are informed that the website will not process special categories of data such as racial and ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health and sex life data as well as genetic and biometric data. We therefore invite users not to send in their communications sensitive data mentioned above as well as identification data of third parties (in this case it is better to use fictitious names).
Purpose of the processing
The data controller, through access to the website and consultation of its contents may collect user data for these purposes:
- Access to the website and its pages and consultation of its contents;
- Execution of pre-contractual, contractual and post-contractual obligations with respect to the data collected in the “Contacts” page;
- Pursuit of legal obligations;
- Fulfilment of management, administrative, accounting and tax obligations;
- Elaboration of statistics of non-identifying nature
For the processing of data for the above purposes, your consent is not required as the processing is necessary for the execution of a contract of which you are a party or for the execution of pre-contractual measures taken at your request (Article 6 paragraph 1 letter b) of GDPR) in addition to complying with legal obligations (Article 6 paragraph 1 letter c) of GDPR). The provision of mandatory data (marked with an asterisk “*”) in the “Contacts” page is necessary to receive a response to the sent requests, so any failure to provide them will prevent the form from being sent and, therefore, the impossibility of receiving and satisfying the request of the interested party. Failure to provide data in the optional fields should not compromise the response to the requests of the interested party.
Data transfer outside the EU
The data may be transferred outside the European Union through backup on Google Drive environment. Google, in its contractual commitments with the customer, guarantees an adequate level of protection as indicated by GDPR through the Privacy Shield EU-US certification and the signing of standard contractual clauses.
The data controller will process personal data for the time necessary to fulfil the above purposes and in any case for no longer than 10 years after the termination of the relationship.
Personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected and in any case for no longer than 10 years from the termination of the relationship.
Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorised access.
We inform you that, in order to provide a complete service, our portal contains links to other websites, not managed by us. We are not responsible for errors, content, cookies, publications of illicit moral content, advertising, banners or files that do not comply with the regulations in force and the respect of the Privacy regulations by websites managed by us to which reference is made. In order to improve the service offered, an immediate report of malfunctions, abuse or suggestions is welcome at the following e-mail address: firstname.lastname@example.org.
Rights of the data subjects.
The data subject has the right to ask the data controller for access to the data, correction, deletion, limitation of data processing or to object to the processing of data, as well as the right to data portability, under the conditions set out in Articles 15, 16, 17, 18, 20, 21 of EU Regulation 2016/679.
Furthermore, the data subject has the right to revoke his/her consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.
Finally, the data subject has the right to lodge a complaint with a Supervisory Authority if he or she considers that the processing of his/her data is in breach of the European Regulation.
Requests should be addressed to the Data Controller by writing to email@example.com.
If you have any doubts regarding this Policy, first contact the Data Controller by sending an e-mail to: firstname.lastname@example.org.