Information on the Processing of Personal Data Collected from the Data Subject/User and Article 130 – Unwanted Communications of Legislative Decree 196/2003 – Contractor..
In compliance with the General Data Protection Regulation (EU) 2016/679, we provide detailed information regarding the processing of the personal data. This document is issued pursuant to Art. 13 of EU Reg. 2016/679 (European Regulation for the Protection of Personal Data – GDPR)
For data and cookies, please refer to the cookie policy available in the footer of the website.
1.DATA CONTROLLER As defined under Art. 4 and 24 of the GDPR, the Data Controller isBoffi S.p.A.Via Oberdan, 70, 20823, Lentate sul Seveso (MB), represented by its legal representative pro tempore. Contact email: privacy@boffi.com
2. DATA PROTECTION OFFICER (DPO)The DPO, designated in accordance with Arts. 37-39 of EU Reg. 2016/679, can be reached atdpo.boffi@dpoprofessionalservice.it
3. PURPOSE AND LEGAL BASIS OF PROCESSING, DATA RETENTION
| PURPOSE | LEGAL BASIS OF PROCESSING | DATA RETENTION |
| A) Access to dedicated areas through user ID credentials
|
Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract,
in accordance with Art. 6(1)(b) GDPR (C44) |
A maximum of 12 months from the deactivation of the user ID credentials. |
| B) privacy@boffi.com
There will be no transfer of personal data to third-party partners for this purpose. The Data Controller may utilise newsletter distribution systems and promotional communication tools that generate reports to evaluate and enhance the effectiveness of communications. These reports provide insights such as: the number of readers, unique openers, and clicks; the devices and operating systems used to access the communication; detailed user activity metrics; Information on emails sent, delivered, forwarded, or bounced. This data is solely used to analyse and improve the effectiveness of communications. |
Processing of personal data is based on consent,
in accordance with Article 6 (1)(a) GDPR (C42, C43) |
Personal data will be retained until consent is withdrawn
(Opt-out) |
| C)Profiling: personal data will be entered into the company’s CRM platforms for internal analysis. This process groups individuals based on specific company activity characteristics, enabling improved service management and targeted promotional communications. | Processing of personal data is based on consent,
in accordance with Article 6 (1)(a) GDPR (C42, C43) |
Personal data will be retained until consent is withdrawn or, in any case, for a maximum of 12 months |
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA
Personal data may be disclosed to recipients acting as Data Processors (Art. 28 GDPR) or as natural persons acting under the authority of the Data Controller or Data Processor (Art. 29 GDPR). It may also be shared with recipients serving as independent Data Controllers for the purposes outlined in Section 3. Specifically, data may be communicated to: providers of services for the management of the information system used by Boffi S.p.A. and telecommunications networks (including email and platforms); firms or companies offering assistance and consultancy services; social media platforms; Companies within the Boffi Group, including subsidiaries, affiliates, or entities contractually linked to Boffi S.p.A. and its distribution and sales network (such as branches, importers, distributors, resellers, and shippers), potentially located in non-EU countries; competent authorities to comply with legal obligations or respond to requests from public bodies. The list of Data Processors is regularly updated and is available upon request toprivacy@boffi.comor at the headquarters of Boffi S.p.A. – Via Oberdan, 70, 20823, Lentate sul Seveso.
5. TRANSFER OF DATA TO A THIRD COUNTRY AND / OR AN INTERNATIONAL ORGANISATION AND SAFEGUARDS
The website is hosted in EU countries. However, personal data may be transferred to non-EU countries to fulfil the purposes associated with data processing activities. Such transfers will comply with the following GDPR provisions: Article 44 – General principles for data transfers; Article 45 – Transfers based on an adequacy decision; Article 46 – Transfers subject to appropriate safeguards. For further details about the safeguards in place for data transfers outside the EU, please contact us atprivacy@boffi.com
6. NATURE OF DATA PROVISION AND REFUSAL
Users and contractors are free to provide their personal data. However, failure to do so may result in the inability to obtain the requested information or services offered through this website. Providing personal data for purposes B (direct marketing) and/or C (profiling) is entirely optional and will not impact the processing activities outlined under point A (website functionality). Marketing activities will only be conducted with the specific consent of the data subject. Entering personal data into the CRM system is also optional. Once entered, this data will automatically become visible to authorised processors and personnel at sales points worldwide.
7. DATA SUBJECTS’ RIGHTS(Natural Persons)
You may exercise your rights under the GDPR contacting the Data Controller via email at privacy@boffi.com or writing or contacting the Data Protection Officer at dpo.boffi@dpoprofessionalservice.it Specifically, you may, at any time, ask the Data Controller to access your personal data (Art. 15), to rectify it (Art. 16), to erase it (Art. 17), to restrict the processing (Art. 18), or to object to the processing of your personal data (Art. 21), including when based on legitimate interest. Where applicable, you may also request data portability (Art. 20). For processing based on consent, you may withdraw your consent at any time, without affecting the lawfulness of the processing carried out prior to withdrawal. To withdraw consent for non-automated profiling, send an email to dpo.boffi@dpoprofessionalservice.it with the subject “No Profiling”.
You have the right to lodge a complaint with the Autorità Garante Privacy (https://www.garanteprivacy.it) or to pursue remedies through the appropriate judicial offices.
For legal persons or contractors who wish to stop receiving automated direct marketing communications (e.g., email, SMS, social media), simply send an email to dpo.boffi@dpoprofessionalservice.it with the subject “Delete by Automated” or use the automatic cancellation options provided in email communications. To opt out of traditional direct marketing communications (e.g., telephone calls with operators, postal mail), send an email todpo.boffi@dpoprofessionalservice.itwith the subject “Cancellation from Traditional”.
8. CHANGES TO THE PRIVACY POLICY
The Data Controller reserves the right to modify, update, add, or remove parts of this privacy statement. Data subjects are encouraged to periodically review the policy for any changes. To facilitate this process, the privacy notice will include the date of its last update. Continued use of the website following the publication of changes constitutes acceptance of the updated terms.
Last updated: 30 June 2020
