INFORMATION ON THE PROCESSING OF PERSONAL DATA
of users who consult the website www.moroso.it
pursuant to Article 13 of the GDPR (EU) 2016/679
WHY THIS INFORMATION IS PROVIDED
Pursuant to Regulation (EU) 2016/679 (the “GDPR”), information is provided below on the processing of the personal data of users who navigate on the website accessible at the URL www.moroso.it (the “Website”), as consultation of the Website may entail the acquisition and processing of data relating to identified or identifiable natural persons (the “data subjects”).
The information does not regard other websites, pages or online services reached through any hypertext links available on the Website, but referring to resources outside the above-mentioned company domain.
The Data Controller is Moroso S.p.a., with registered office at via Nazionale 60, 33010 Cavalicco (Udine), Italy (email: firstname.lastname@example.org, main number +39 0432 577111).
LEGAL BASIS OF THE PROCESSING
The personal data referred to on this page are processed by the data controller as they are required to manage the website and on the basis of specific disclosures, and when necessary on the basis of consent, to offer and perform the services offered by the website.
TYPES OF DATA PROCESSED AND PURPOSES OF THE PROCESSING
The IT systems and software procedures responsible for the functioning of this website acquire some personal data in the course of their normal functioning, the transmission of which is implicit in the use of internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit requests to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.
Such data, which are necessary to make use of web services, are also processed in aggregate form in order to:
– obtain statistical information on the use of the services (most visited pages, number of visitors by time of day or day, geographical areas of origin, etc.);
– check that the services offered are functioning properly.
Navigation data are not saved for more time than is necessary to ensure that the website is functioning, and are deleted immediately after they are aggregated (without prejudice to any need by the Judicial Authority to investigate offences).
Data provided by the user
The optional, explicit and voluntary sending of messages to contact addresses, as well as the completion and forwarding of the forms present on the websites, entail the acquisition of the sender’s contact data, which are required to respond, as well as all personal data included in the communications.
Specific disclosures will be published on the pages made available for the provision of specific services.
The personal data collected will be used to subscribe to our newsletter; this will be done following your optional consent in the manner specified on the data collection page.
Personal data collected may be disclosed to the data controller involved in the management of the company newsletter and the related services or in its technical management (limited to cases where this proves to be essential).
Moroso s.p.a. manages the newsletter service through the MailChimp platform, whose information on personal data processing is published on the following page: https://mailchimp.com/legal/privacy/
Since MailChimp is managed by the U.S. company named The Rocket Science Group LLC, subscribing to the newsletter means that your personal data will be processed by this party (as “Data Processor”) and may involve the transfer of this data to a third Country.
This transfer is made with your express consent, after you have been informed of the possible risks due to the lack of an adequacy decision and adequate guarantees, considering the fact that, based on the U.S. Law, The Rocket Science Group LLC may be required to disclose processed personal information in response to legitimate requests from Public Authorities (e.g. where there is a need to ensure national security).
The Data Processor declares that they adopt appropriate and adequate security measures, both at technical and organizational level, to protect personal data from loss, abuse, unauthorized access, unlawful disclosure, alteration and destruction, having assessed the risks related to processing activities and the nature of the personal data managed.
Further safety information is available here: https://mailchimp.com/about/security/
In addition, data provided through subscription to the newsletter will not be disclosed to third parties, only remaining known within the company.
The data will be kept until the termination of the newsletter service or a cancellation request, and, in the event of organizational needs or regulatory obligations, it may be stored in specific archives for the period strictly necessary for these purposes.
The data collected following consultation of the website mentioned above may be sent to the parties designated pursuant to Article 28 of the GDPR as data processors for the performance of development, distribution and operating management services for the technological platforms used.
The personal data collected are also processed by the Data Controller’s personnel and associates, who act on the basis of specific instructions provided with respect to the processing purposes and methods.
RIGHTS OF THE DATA SUBJECTS
In applicable cases, the data subjects are entitled to access their personal data or have them rectified or erased or their processing limited or object to their processing (Arts. 15 et seq. of the GDPR). The relative request may be submitted using the contact information provided above.
RIGHT TO LODGE A COMPLAINT
Data subjects who believe that the processing of their personal data performed through this website is taking place in violation of the provisions of the GDPR are entitled to lodge a complaint with the Data Protection Authority, as set forth in Art. 77 of the GDPR, or obtain an effective judicial remedy (Art. 79 of the GDPR).