Information on the processing of personal data collected from the data subject/user – and Art. 130 – Unsolicited communications Legislative Decree 196/2003 contractor.
In compliance with the General Data Protection Regulation (EU) 2016/679 we are to provide the necessary information regarding the processing of the personal data. The information is not to be considered valid for other websites that may be consulted through links on the Data Controller’s domain websites, which is not to be considered in any way responsible for third party websites. This is an information that is made pursuant to art. 13 of EU Reg. 2016/679 (European Regulation for the protection of personal data – GDPR) and is also inspired by the provisions of Directive 2002/58 / EC, as updated by Directive 2009/136 / EC, on the subject of Cookies, Provision of the Garante Privacy of 08.05.2014 regarding cookies and EDPB Guidelines 05/2020 on consent according to the GDPR, adopted on 04.05.2020
Personal data:
For the purposes of this information, personal data (art. 4 GDPR) means: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; (C26, C27, C30).
Contractors / users data.
Browsing data
During their normal operation, the IT systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
Data communicated by users
The optional and voluntary sending of personal data (e.g. sending email messages to the addresses indicated on this site or filling in data collection forms on this site) involves the collection and processing by the Data Controller of the data voluntarily provided by users / contractors, necessary to respond to requests, as well as any other personal data included in the communication
Specific information
Specific information will be presented on the pages of the Site in relation to particular services or processing of the Data provided.
Cookies
For more information on the cookies used by this website, see the cookies policy at the following link.
1. THE DATA CONTROLLER pursuant to art. 4 and 24 of the GDPR, is Boffi spa Via Oberdan, 70 – 20823 Lentate sul Seveso (MB), in the person of its pro tempore legal representative. The contact email of the owner is privacy@boffi.com
2. DATA PROTECTION OFFICER (DPO / RPD-Responsabile della protezione) is identified pursuant to art. 37 – 39 of EU Reg. 2016/679. The contact email of the DPO is dpo.boffi@dpoprofessionalservice.it
3. PURPOSE AND LEGAL BASIS OF PROCESSING
PURPOSE | LEGAL BASIS |
Browsing on this website, with the use of cookies and equivalent technologies as per cookie policy and cookies and other third-party technologies | Art. 6 c. 1 letter f) GDPR Legitimate interest of the Data Controller: to allow correct browsing of the website
For profiling cookies, the processing is based on consent; (C42, C43) art. 6 par. 1 letter a) of the GDPR. Consent given through the site’s banner cookies |
Processing of personal data through forms on this site | See specific information under the form of the specif area |
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA
The personal data provided will be communicated to recipients, who will process the data as Data Processor (art.28 of the EU Reg. 2016/679) or as natural persons acting under the authority of the Data Controller or Data Processor (art.29 of EU Reg. 2016/679), or to recipients who hold the role of independent Data Controllers, for the purposes listed above in point 3. Specifically, the data will be communicated to: recipient that provide services for the management of the information system used by Boffi spa and telecommunications networks (including e-mail and platforms); – studies or companies in the context of assistance and consultancy relationships; – social networks platforms; – Boffi group companies, associated, controlled or contractually linked by Boffi spa and / or part of its distribution and sales network (such as branches, importers, distributors, resellers, shippers, etc …), possibly also based in countries not belonging to the European Union; – competent authorities for the fulfillment of legal obligations and / or provisions of public bodies, on request. The list of Data Processor is constantly updated and available on request to privacy@boffi.com or at the headquarters of Boffi spa Via Oberdan, 70, 20823 Lentate sul Seveso.
5. TRANSFER OF DATA TO A THIRD COUNTRY AND / OR AN INTERNATIONAL ORGANIZATION AND SAFEGUARDS
The site is hosted in EU countries. The personal data provided can be transferred to non-EU countries, in order to fulfill related purposes based on the data processing purposes. The data will be transferred according to Article 44 – General principle for the transfer; Article 45 – Transfer based on an adequacy decision; Article 46 – Transfers subject to appropriate safeguards, specifically the data will be transferred. For information about the safeguards regarding the transfer of data outside the EU, write to privacy@boffi.com .
See specific information on the basis of data processing in specific areas.
6. DATA RETENTION PERIOD OR CRITERIA TO DETERMINE THE PERIOD
The processing will be carried out in an automated and manual form, with methods and tools aimed at guaranteeing maximum security and confidentiality, by subjects specifically authorized for this. In compliance with the provisions of art. 5 paragraph 1 lett. e) of EU Reg. 2016/679 the personal data collected will be kept in a form that allows the identification of the data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed. The retention of personal data depends on the purpose of the processing:
– for cookies, the cookies policy in the footer of the site;
– for other purposes, specific information should go according to the form of the reference area
The list of Data Processor is constantly updated and available on request to privacy@boffi.com or at the Headquarters of Boffi spa Via Oberdan, 70, 20823 Lentate sul Seveso.
7. DATA SUBJECTS’ RIGHTS (natural persons)
You can exercise your rights as expressed in the GDPR by sending an e-mail to Data Controller at privacy@boffi.com or writing or contacting the Data Protection Officer at dpo.boffi@dpoprofessionalservice.it. In particular you can, at any time, ask the Data Controller to access your personal data (art.15), to rectify it (art.16), to erase it (art.17), to restrict the processing (art.18) or to object to processing of your personal data (art.21) also based on Legitimate interest. If Applicabile you can ask for data portability (art.20). For the processing based on consent, you can withdraw the consent at any time without prejudice to the lawfulness of the processing based on consent before withdrawal. To withdraw consent to non-automated profiling, simply write an e-mail to dpo.boffi@dpoprofessionalservice.it with the subject “no profiling” at any time
The data subject has the right to lodge a complaint with the Autorità Garante Privacy (https://www.garanteprivacy.it), or to appeal to the appropriate judicial offices
Even for legal persons / contractor, to no longer receive automated direct marketing communications (eg E-mail, sms, social) it will be sufficient to write an e-mail at any time to the address dpo.boffi@dpoprofessionalservice.it with the subject “Delete by automated” or use our automatic cancellation systems intended for e-mail only. To no longer receive traditional direct marketing communications (telephone calls with operator and paper mail), simply write an e-mail to dpo.boffi@dpoprofessionalservice.it at any time with the subject “cancellation from traditional”. See specific information on the basis of data processing in specific areas
8. NATURE OF DATA PROVISION AND REFUSAL
With the exception of the navigation data, which are necessary at the end of the navigation of the website, the users are free to provide their personal data and their failure to provide it may involve the absolute need to obtain the information of the services requested and provided through this website.
See specific information on the basis of data processing in specific areas.
9. CHANGES TO THE PRIVACY POLICY
The Data Controller reserves the right to modify, update, add or remove parts of this privacy statement. The Data subject is required to periodically check for any changes. In order to facilitate this check, the information notice will contain the date to update the information. The use of the site, after the publication of the changes, will constitute the acceptance of the same.
Update date: June 30, 2020