Margilgomma S.r.l., with registered office in via Giorgio Perlasca, 9 – 40064 – Ozzano dell’Emilia (Bologna), Italy, (hereinafter “Margilgomma” or “Data Controller”) is constantly committed to protecting the online privacy of its users. This document describes every aspect relating to the processing of personal data concerning visitors and users of the services available from the website https://www.margilgomma.com (hereinafter the “Portal“), in accordance with the provisions of art. 13 of the EU Regulation n. 2016/679 (hereinafter the “Regulation“).
According to the above mentioned regulation, processing by the Data Controller must be based on the principles of fairness, lawfulness and transparency, data purpose and storage time limitation and minimisation, accuracy, integrity and confidentiality.
1. Data Controller
The Data Controller in charge of data processing via the Portal is Margilgomma S.r.l. as defined above who can be contacted in the ways indicated in the “Contact us” section (see art. 11 below.)
2. Processed data
- Navigation data: The IT systems and software procedures used to operate this Portal will automatically capture, during their normal operation, some personal data e.g.
- IP addresses;
- addresses in URI (Uniform Resource Identifier) notation of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the status of the response given by the server (success, error, etc.);
- other parameters relating to the operating system (e.g. browser user-agent string contained in the http request) and to the user’s computer environment, the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified entities, but by its very nature, it could, through processing and association with data held by third parties, allow users to be identified.
These data are used only to obtain anonymous statistical information on the use of the Portal and to check its correct functioning – to be able to detect any fault and/or illegal use. The data could be used to determine where responsibilities lie in hypothetical cases of computer crimes against the Portal or third parties: except for this case, these data will not persist for more than seven days.
- Data supplied voluntarily by the user: the following personal data are submitted by the user in order to allow the Data Controller to respond to inquiries received through the “Contact us” section of the Portal:
- Name and surname;
- Any personal information (including particular categories of personal data pursuant to Article 9 of the GDPR) voluntarily submitted by the data subjects through the Portal contact forms. In this regard, you are reminded to never enter information that may fall within sensitive categories of personal data pursuant to art. 9 of the Regulation ( “[…] personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data intended to uniquely identify a human being, data relating to the health or sex life or sexual orientation of a person”).
3. Data processing purpose
The Data Controller will use your personal data, collected through the Portal, for the following purposes:
- Respond to any queries and messages submitted by the user using the special form in the “Contact Us” section (“Supply of the service“);
- Prevent fraud committed through the use of the Portal and the Services offered by the Data Controller and allow the Data Controller to defend themselves in court (“Abuse/fraud”);
- Monitor the interactions of users with the portal content, understand how to improve the Services and make them evolve (“Statistics“).
4. Legal basis
The legal bases used by the Data Controller to process your personal data for the purposes indicated in the previous article 3. are the following:
- Supply of the service: processing of data for this purpose (art.3.a.) is necessary in order to be able to respond to your submitted inquiries. The legal basis of such processing is art. 6 (1) (b) of the Regulation (“[…] processing is necessary for the performance of a contract to which the data subject is party or in order to take pre-contractual steps at the request of the data subject“). The submission of Personal Data for this purpose is optional, but failing such data submission, it will not be possible to supply the Services through the Portal or to answer your questions and comments;
- Abuse/fraud: processing of data for this purpose (Article 3.b) is based on art. 6 (1) (f) of the Regulation (“[…] processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party“); the Personal Data collected for this purpose will be used to prevent and/or identify any fraudulent activity or abuse during the use of the Portal and to allow the Data controller to defend themselves in court
- Statistics: processing for this purpose (art.3.c.) is based on the granting of specific consent pursuant to art. 6(1)(a) (“[…] the data subject has given consent to the processing of his or her personal data for one or more specific purposes“). The submission of your personal data for this purpose is therefore entirely optional and will not affect the use of the Services. Should you wish, in any case, to object to the processing of your data for statistical purposes and withdraw your consent, you may do so at any time by editing your selection in the cookie preferences selection form on the Portal.
5. Data processing method
Processing will be carried out with manual and/or IT and telematic tools, in order to guarantee the security, integrity and confidentiality of the data in compliance with the technical and organisational security measures implemented by the Data Controller and its appointed Data Processors pursuant to art. 28 of the Regulations (hereinafter “Processors”), in order to minimise the risks of destruction or loss, unauthorised access, amendment and unauthorised disclosure in compliance with the procedures set out in articles 6, 32 of the GDPR.
6. Transfer of data outside the EU
The Data Controller will not transfer personal data outside the European Economic Area. If necessary, the data subjects will be informed in advance and guarantee measures will be introduced for transfer to the recipients, i.e. as the case may be: verification of the existence of adequacy decisions for the recipient country by the Commission, signing of standard contractual clauses, verification of the adoption of any additional measures in implementation of the 01/2020 EDPB recommendation. Notwithstanding these guarantees, data processing (with ref. to art. 49 of the Regulation), where applicable, shall be subject to the verification of existence of a contract or of pre-contractual measures in favour of the data subject or consent to the transfer.
7. Data storage period
The Data Controller shall only store personal information for the time necessary to pursue the purposes for which it was collected, or for the time provided for by specific regulations.
In particular, the following categories of personal data will be stored for the periods identified below:
- The Personal Data voluntarily submitted by the data subject when requesting information through the special form in the “Contacts” section of the Portal will be stored for a period of 2 years;
Once the retention periods specified above have elapsed, personal data will be deleted if not stored for other purposes on appropriate legal bases.
All of the above subject to the possibility for the Data Controller to store Personal Data for the period of time required and permitted by the Italian law to protect the Data Controller’s own interest (Article 2947(1)(3) of the Italian Civil Code.)
More information regarding the data retention period and the criteria used to determine it can be requested from the Data Controller in writing using the contact details indicated in the “Contacts” section of this policy.
8. Recipients of personal data
The data collected by the Data Controller may be notified or made accessible, for the purposes mentioned above, to the following categories of subjects:
- Employees and partners who assist the Data Controller in managing the Portal, expressly authorised to carry out processing after signing a specific confidentiality agreement;
- Subjects who typically act as Data Processors: freelancers, companies or professional firms that provide assistance and advice to the Data Controller in relation to the supply of the Services covered by the Portal (e.g. on administrative and legal matters), suppliers involved in the maintenance of Portal functions (e.g. hosting providers), in the management of statistics relating to the use of the Portal, or subjects appointed to carry out technical maintenance activities, including maintenance of network equipment and electronic communication networks;
- To subjects, entities or public authorities, in the event of data submission mandatory by law.
9. Rights of the data subject
At any time may the data subject access the information concerning them and request its updating, amendment and supplementing, as well as its deleting, anonymisation or freezing. The data subject may also object to data processing in whole or in part.
To exercise these and the other rights referred to in articles 15-22 of the GDPR, the data subject may contact the Data Controller in the ways indicated in the “Contacts” section (see Article 11).
In any case, the data subject will always be entitled to file a complaint with the competent Supervisory authority (Personal data protection authority) pursuant to art. 77 of the Regulation if they believe that the processing of their personal data is in violation of the regulations in force.
For more information about the processing of personal data carried out through the Portal, or to inquire about the exercise of rights, please contact the Data Controller at the e-mail address firstname.lastname@example.org.