IRCA S.p.A. with registered office in San Vendemiano (TV), viale Venezia no. 31, VAT code 01168660262, certified e-mail firstname.lastname@example.org (hereinafter the “Controller”), acting as Data Controller within the meaning envisaged in EU Regulation no. 679/2016 (“GDPR“) and privacy legislation applicable, undertakes to safeguard the privacy of the users (“User/s“) who consult the website www.zoppasindustries.com (hereinafter the Site“) taking appropriate technical and organizational measures to guarantee the security and confidentiality of information obtained from the User.
1. Source of data, purposes for which data are collected and legal bases of processing
1.1 Data provided voluntarily by the User
The discretionary, express and voluntary transmission by User of electronic mail to the addresses indicated on the Website, in the “Contacts” section, results in the acquisition of the sender’s address, necessary for requests and queries to be dealt with, as well as any other personal data included by the User in the message.
1.2 Navigation data
The data processing systems and software procedures responsible for running this Website obtain, during normal operations, certain personal data whose transmission is implied when Internet communications protocols are used.
This information is not collected to be associated with the subjects concerned, but, by its very nature, may, through processing and association with data kept by third parties, allow the User to be identified.
These are for example IP or MAC addresses of computers with which Users connect up to the Website, addresses in notation URI (Uniform Resource Identifier) of the resources requested, the time of the request, the method adopted to submit the request to the server, the size of the file obtained in reply, the numeric code indicating the state of the reply given by the server (successfully completed, error, etc.) and other parameters relating to the operating system and the User’s computer environment.
These data are used solely for the purpose of obtaining anonymous statistical information on the use of the Website and of ensuring that the site functions correctly.
1.3 Information collected via cookies
The Website uses first-party technical cookies that are necessary for the Website to work, such as session and functionality cookies, which are used by the Controller to collect information, in aggregate form, on the number of Users and the methods used to move around the Website, to save navigation preferences, such as the layout and color of the Website page, or to recognize a User when he revisits the site.
The cookies described above may be:
- temporary, when they are automatically deleted as soon as the browser is closed;
- permanent, when they remain stored on the User’s hard disk, until the User himself deletes them;
- first-party, when they are set and managed directly by the operator of the site being visited;
- third-party, when they are handled by a domain differing from that visited by the User.
To disable the use of first-party technical cookies, the User must modify his own preferences on the browser, following the procedure indicated below.
Whilst the User’s consent is not required for technical cookies to be used, his optional consent must always be obtained before profiling cookies can be used; in addition the User may choose which profiling cookies to authorize. The Website does not use profiling cookies.
Cookies can be managed and disabled directly by regulating the settings of the following browsers:
The cookies used by the Website are listed in the table set out below:
|NOME DEL COOKIE||SCOPO||TIPO|
|_gat||Technical: Google Analytics Cookie||persistent, first party|
|_ga||Technical: Google Analytics Cookies||persistent, first party|
|__utma||Technical: Google Analytics Cookie||persistent, first party|
|__utmb||Technical: Google Analytics Cookie||persistent, first party|
|__utmc||Technical: Google Analytics Cookie||session, first party|
|__utmt||Technical: Google Analytics Cookie||persistent, first party|
|qtrans_cookie_test||Technical: relating to multi-lingual functions||session, first party|
|wordpress_||Technical: tracks the navigation session for an authenticated User||session, first party|
|viewed_cookie_policy||Technical: stores your consent to receive cookies||persistent, first party|
1.4 Basi giuridiche del trattamento
The legal bases of data processing on the part of the Controller for the purposes described above, are as follows: (i) to satisfy an express request made by a User, (ii) to perform a contractual obligation, (iii) to comply with a legal obligation, (iv) in the Controller’s legitimate interests to prevent fraud and to establish liability when it is possible that computer crimes may been committed against it.
2. Mandatory or optional nature of data provision
Apart from the information specified above for navigation data, the User is free to provide his personal data by sending e-mails that also contain specific personal data, for example, when requesting information, and/or asking for informative material or other communications to be sent, or when reporting/requesting information relating to the existing contractual relationship with the Controller. It is intended that, failure to provide the Controller with certain data may prevent the User from obtaining what he has requested.
3. Methods adopted to process and store data
Personal data are processed lawfully and correctly, adopting automated tools whose logics are strictly linked to the purposes indicated and, in any event, in a manner that safeguards the security and confidential nature of the data. Processing operations may include collection, preparation, recording and/or filing of personal data. The personal data of the User who requests informative documents or material (replies to inquiries, dispatch of supplementary documentation, etc.) are used exclusively for the purpose of supplying the service required and are only transferred to third parties when strictly necessary to satisfy the User’s requests.
Personal data, collected in databases set up for this purpose, are stored in servers owned by the Controller.
Personal data will be processed exclusively for the period of time strictly necessary to achieve the purposes described above, that is, in order to carry out the operations requested and, in any event, not for a length of time exceeding that specified by current legislation. Pursuant to the Regulation, the Controller has taken specific security measures to prevent the loss, improper and/ or incorrect use of data and/or unauthorized access to the databases.
4. Subjects to whom data may be transferred
The User’s personal data will only be processed by subjects who have already been named and authorized to process data, that is to act as data processors. More precisely, data may be transferred to the following categories of third parties: suppliers of services (professional and technical) and legitimate recipients, as defined by law. Recipients of data act as controllers, data processors and subjects authorized to process data, in accordance with the provisions of the GDPR and other legislation applicable.
To receive an up-to-date list of external data processors, it is possible to contact the following e-mail address: email@example.com. The Users’data will not be transferred and/or conveyed outside the European Union.
Personal data are collected and kept securely, adopting technical and organizational measures and procedures that are able to safeguard and guarantee the security of the information and data obtained via the Website. These measures are designed to protect the User’s personal data and to prevent their loss, unauthorized access, disclosure, alteration or destruction. The Controller may, for example, use encryption systems, firewalls, anti-virus tools, physical blockage, protection with the use of passwords, as well as other security measures, to prevent unauthorized access to the User’s personal information.
In the event of a “data breach” that is capable of prejudicing the rights and freedoms of the User, the Controller will promptly inform the Users of the violation in keeping with and in the manner envisaged in the GDPR and other legislation applicable.
6. User’s rights
As an interested party, the User may exercise the rights referred to in art. 15 of the GDPR and may therefore lodge a complaint with the competent supervisory authority, get the access to his personal data, obtain confirmation from the Controller as to whether or not his data are being processed, request that his personal data are revised, obtain from the Controller the rectification of personal data, demand erasure of personal data, demand restriction of the processing of his personal data, ask for the portability of his data and also object to the processing of his personal data. The User may exercise his rights without any formality by contacting the Controller at the following e-mail address: firstname.lastname@example.org or fax number: 0438919370.
Upon the understanding that the Controller will not, in any event, carry out any processing operations other than those expressly authorized and/or requested by each individual User, this Privacy Notice may be amended in order to bring it into line with newly introduced legislative provisions or changes in data processing policies adopted by the Controller.
Every revised version of this Privacy Notice will be made available on the Website in the reserved section. The Controller therefore invites all Users to consult the Website on a regular basis in order to be kept up-to-date on the latest version in force.