With this document (“Policy”) the Data Controller, as defined below, wishes to inform you about the purposes and methods of processing your personal data and the rights recognized by Regulation (EU) 2016/679, as well as by Legislative Decree 101/18, which amends Legislative Decree 196/2003 relating to the protection of individuals, with regard to the processing of personal data and the free circulation thereof (“GDPR”). This Policy refers to the data collected from this website (www.bizeta.net) and may be integrated by the Data Controller if any additional services requested by you involve further processing.
1. DATA CONTROLLER AND DATA PROCESSING OFFICER, DPO
The Data Controller is BIZETA Retail Solution Srl VAT / FC: 07094210155 with registered office in Via Tognasca, 7 21013 Gallarate (VA), Italy
The Data Controller has appointed a Data Protection Officer, whom you can contact to exercise your rights, as well as to receive any information relating to them and/or this Policy, by writing to the attention of the Data Protection Officer of the company WB Trade-it GmbH by sending an e-mail to: firstname.lastname@example.org or alternatively if unable, by phone at: 0331-729010
The Data Controller and the DPO, also through the designated structures, will process your request and provide you, without undue delay and in any case, at the latest, within one month of receiving it, the information relating to the action taken regarding your request.
Categories of data subjects: natural persons, legal persons, public and private organizations.
2.1 Execution of a contract – use of the service: The processing of your personal data is necessary for the acquisition of preliminary information for the conclusion of the contracts that you will enter into with Bizeta Retail Solution Srl. Data Controller, for the completion and execution of the contract that provides for the provision of the requested service.
2.2 Web Processing (browsing data): The IT systems and software procedures for operation of this website acquire, during normal operation, some personal data the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with data subjects identified, but that by its very nature could, through processing and association with data held by third parties, allow identifying users. This category of data includes IP addresses or domain names of computers used by users that connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and the user’s IT environment. This data is only used to obtain anonymous statistical information regarding website use and to verify its correct operation and is deleted after processing. The data may be used to ascertain liability in the event of hypothetical computer crimes against the website.
2.3 Web Processing (Commercial newsletters): If you wish to be updated on the latest news of the products and services offered by the Data Controller or by third-party companies, it will be possible to join our marketing initiatives by allowing the Data Controller to send you the newsletter and further commercial communications.
2.4 Web Processing (Service use newsletters): If you wish to be updated on the latest news of the products and services offered by the Data Controller, it will be possible to join our marketing initiatives by allowing the Data Controller to send you the newsletter and further commercial communications.
2.5 Web Processing (requests made via the site): Your personal data may be processed by the Data Controller to fulfill your requests made by writing to one of the e-mail addresses available on the Site or by completing the registration and/or contact form on the Site.
2.6 Legal obligations: The processing of your personal data by the Data Controller may also be related to the fulfillment of obligations established by laws, regulations and/or community regulations, or by supervisory and control bodies or other authorities entitled to do so.
2.7 Profiling: The processing of your personal data and your consumption habits allows the Data Controller to propose the best offers in accordance with your personal needs.
2.8 Marketing (for legitimate interest): The Data Controller intends to process your personal data in order to send you commercial communications of the Data Controller’s products and services, including direct marketing conducted using the results of the analysis or profiling activity, as well as proceed with direct sales and completion of market surveys or research. Processing involves the processing of data for the simple purpose of sending users communications regarding additional features, products and services offered, strictly related to the relationship between the parties. The processing of personal data is necessary for the legitimate interests pursued by the Data Controller. Said legitimate interests include the case of sending users promotional material on their products and services. The Data Controller believes that users have a reasonable expectation for this type of data processing to be carried out. Data subjects, in fact, cannot but expect that the Data Controller will not process their personal data, precisely because this is aimed at pursuing a legitimate interest. This evaluation finds legislative recognition in Recital no. 47 of the GDPR and is placed at the basis of the processing in question, only following an appropriate balancing activity of the interests and rights involved. In fact, the Data Controller believes that the processing in question aims to strengthen a direct and lasting relationship with the customer and that this interest is prevalent.
3. PROCESSING PURPOSES
3.1 Contractual purpose: Provide information to potential interested customers, by telephone or e-mail, on the functioning of the services. Acquisition of preliminary information for the conclusion of a contract and/or provision of the service. Execution and management of the contract for the execution of the service.
3.2 Browsing data: Data analysis to carry out the evolution and technological maintenance of the website. To ascertain responsibility in the event of potential computer crimes against the site and/or the data subjects (illicit use) and to perform anonymous statistical analysis on the use of the site.
3.3 Web purpose: Sending commercial and service communications. Sending requests via web platform tools.
3.4 Legal obligations: Retention of documents, such as contracts, documents, invoices. Mandatory to fulfill legal obligations for document retention within the terms prescribed by the legal system.
3.5 Profiling purpose: Profiling to propose offers in line with customer interests. Processing of personal data as well as use of the service, with fully or partially automated methods, in order to identify and offer services or activities more appropriate to the individual.
3.6 Marketing purpose: Direct marketing based on profiling: promotion and sale of products and services through the use of the results of the analysis and/or profiling activity. Furthermore, the promotion and sale of products and services through the use of tools such as e-mail, fax, SMS, MMS, etc.
4. NATURE OF CONFERMENT:
The conferment of personal data referred to in points 2.1 – 2.6 and for the purposes referred to in points 3.1- 3.4 is mandatory. The conferment of personal data referred to in points 2.7 – 2.8 and for the purposes referred to in points 3.5 – 3.6 is optional and subject to consent.
Consequences of refusal to confer data: Failure to confer the data will make it impossible for the company to follow up on pre-contractual/contractual requests, to provide the service and/or execute the contract, to send commercial communications. Failure to confer consent to profiling, although it will also allow the Data Controller to carry out the activity requested, will prevent the Data Controller from identifying the services that are in line with personal qualities.
5. PERSONAL DATA RETENTION PERIOD
5.1 Contractual purpose, legal obligations and sending newsletters: For the entire duration of the contract and, after termination, for 10 years. In the case of judicial litigation, for the entire duration of the same, until the exhaustion of the terms of practicability of appeals.
5.2. Generic marketing and profiling purposes: up to the execution of the right to object or to the revocation of consent for this purpose.
5.3 Operation of the site: for the entire duration of the browsing session on the site.
6. MINIMUM DATA PROTECTION MEASURES: The operating system of the server, in which the web application and the database is located, is installed on a hardware infrastructure based on cloud computing provided by the company Netrising, capable of guaranteeing high levels of integrity, availability and confidentiality of information. Paper data is kept inside rooms with suitable safeguards.
7. DATA RECIPIENTS:
Data may be processed by external subjects operating as controllers such as, by way of example, authorities and supervisory and control bodies and in general, subjects, including private individuals, entitled to request data, Public Authorities that make an express request to the Data Controller for administrative or institutional purposes, in accordance with the provisions of current national and European legislation, as well as persons, companies, associations or professional firms that provide assistance and consultancy.
These parties are essentially included in the following categories:
a. companies that offer maintenance services for websites and information systems;
b. companies that offer support in carrying out market studies;
c. companies that offer e-mail sending services;
d. companies that offer marketing automation platform management services;
e. companies that perform organizational support and reception services for events.
Personal data will not be disseminated.
8. PROCESSING REFERENCE STANDARDS: European Regulation 679/2016 and Legislative Decree 101/18
The legal basis for registering on the site and providing related services is the need to execute the request, in compliance with article 6, paragraph 1, letter b), GDPR. Therefore, it is not necessary to acquire prior consent to processing.
9. TYPE OF DATA PROCESSED: Personal data, contact data, pseudonymized common data, data collected by cookies.
Information on minors: Pursuant to article 2-quinquies of Legislative Decree 196/2003, introduced by Legislative Decree 101/2018, minors who have reached the age of fourteen may express consent to the processing of their personal data in relation to the direct offer of information company services. With regard to these services, the processing of personal data of minors under the age of fourteen is lawful provided that consent is provided by the person exercising parental responsibility.
10. PARTIES AUTHORIZED FOR PROCESSING
Your data may be processed by employees of the company departments of the Data Controller responsible for the pursuit of the aforementioned purposes that have been expressly authorized for processing and have received adequate operating instructions.
The personal data processed for the operation of the site, referred to in point 3.2. collected during browsing on the same will be processed by employees, collaborators of the Data Controller or external subjects, as persons in charge of and responsible for processing, duly instructed by the Data Controller, who carry out tasks of a technical and organizational nature on the site on behalf of the Data Controller.
11. RIGHTS OF DATA SUBJECTS
By contacting the Data Controller by e-mail at email@example.com, you may ask the Data Controller for access to data related to you, the cancellation thereof, the correction of inaccurate data, the integration of incomplete data, the limitation of processing in the cases provided for by article 18 GDPR. Furthermore, if processing is based on consent or on the contract and is carried out with automated tools, you may request the portability of your data and receive it in a structured format, commonly used and readable by an automatic device, as well as, if technically feasible, send them to another controller without impediments.
You have the right to withdraw the consent provided at any time and with the same simplicity with which it was provided, for marketing and/or profiling purposes, as well as to propose opposition to processing of data, for reasons related to your particular situation, in the hypothesis of exercising a public interest or legitimate interest of the Data Controller as well as for marketing purposes, including profiling related to direct marketing.
You shall have the right to file a complaint with the competent Supervisory Authority in the Member State where they normally reside or work or in the State where the alleged violation has occurred. Italy: Guarantor for the protection of personal data, Piazza di Montecitorio 121, 00186, Rome (RM)
12. SHARING OF CONTENT VIA SOCIAL NETWORKS
If you decide to share some content through one or more social networks (Facebook, Twitter, LinkedIn, Instagram, WhatsApp), the site may access some of your account information if you have activated the sharing of your account data with third-party applications. You may disable the sharing of your account data with third-party applications by accessing your account settings. For further information, please consult the website of the social network/s to which you are registered (www.facebook.com, www.twitter.com, www.linkedin.com, www.whatsapp.com).
13. TRANSFER OF DATA IN COUNTRIES NOT BELONGING TO THE EUROPEAN UNION
Data may be transferred abroad to non-European countries, and in particular to the United States, only after verification of the Standard Contractual Clauses adopted/approved by the European Commission pursuant to article 46, paragraph 2, letters c) and d) of the GDPR or of the binding rules for the company referred to in article 47 of the GDPR or, in the absence thereof, by virtue of one of the derogating measures referred to in article 49 of the GDPR.
A copy of the guarantees referred to in article 46, paragraph 2, letters c) and d) of the GDPR, adopted by the Data Controller, may be obtained by writing an e-mail to the following address: firstname.lastname@example.org.
Last updated: March 2021.