PRIVACY POLICY
Pursuant to EU Regulation no. 2016/679 (hereinafter “GDPR 2016/679”), laying down provisions for the protection of persons and other subjects with regard to the processing of personal data, we wish to inform you that the personal data you provide will be processed in compliance with the aforementioned legislation and the confidentiality obligations to which Restart Engineering srl is bound. This privacy policy (hereinafter also only “Policy”) relates to the processing of data communicated by the user.
Data Controller and Data Processors
The data controller is Restart Engineering Srl, with registered office in Novellara (RE), Italy, via N. Sauro no.22. The list of persons identified as Data Processors can be requested by sending an e-mail to the following address: bellini@restart-progetti.it.
Data processed, purpose of processing and nature of providing data
The Controller collects and processes the following data:
- Navigation data: the computer systems and software procedures used to operate the company's website acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This category of data includes IP addresses, the type of browser used, the operating system, the domain name and addresses of websites from which access was made, information on the pages visited by users within the site, access time, the length of time spent on the individual page, internal path analysis and other parameters relating to the user's operating system and computer environment. In this regard, the user is invited to read the Cookie Policy on the company's website, which governs this type of data.
- Data provided voluntarily by the user online: the personal data provided voluntarily by the user through the use of the format on the company's website are: personal data and contact data. This data will be processed exclusively for the purpose of contacting you and responding to your request. The provision of personal data and authorisation to process them for this purpose is optional, however, failure to provide such data and consent prevents the user from being contacted by the Controller.
- Data provided voluntarily by the user to the Company: the personal data provided voluntarily by the user to the Company are: first name, surname, place and date of birth, residence, tax code, PEC (Certified Electronic Mail)/SDI (Exchange System) code for electronic invoicing. The provision of such data is optional, but failure to provide it, or the provision of partial or incorrect data, prevents the provision of the requested services.
- Contact data provided voluntarily by the user to the Company: the user may also provide the Company with further contact data, such as telephone number, e-mail, mobile phone for communications concerning the provision of the requested services. The provision of such data is optional and a refusal to provide it, or a revocation thereof, does not affect the provision of the services requested.
Data processing methods
Except for the reference to navigation data, which is governed by the cookie policy, the personal data collected are provided voluntarily by the user by entering them in the form on the company's website or directly at the premises, as specified above. The personal data provided may be processed by paper, electronic, computerised and automated means. However, the data is protected in such a way as to ensure security, confidentiality and access to authorised personnel only.
Legal basis of processing and storage period
With the exception of navigation data, with regard to processing carried out for the purposes of: - referred to in points 2) - 4), the legal basis of the processing resides in the respective consents possibly given by the user; - referred to in point 3), the legal basis of the processing resides in the relationship existing between the parties for the provision of the services requested from the Controller. In compliance with the principles of legality, purpose limitation and data minimisation, pursuant to Article 5 GDPR 2016/679, data will be kept for the period of time necessary to fulfil legal obligations, as well as to achieve the purposes for which they are collected and processed and as required by the relevant regulations.
Data recipients
The user's personal data shall not be disclosed to unspecified persons, but may instead be disclosed or communicated to public and private persons, bodies and institutions for the achievement of the purposes specified above and in the cases provided for by law or regulation. By way of example, the following are some of the parties to whom the Controller may/must communicate your data:
- any employees, consultants or collaborators of the Controller, in the course of their work, who act as authorised processors and are instructed to do so by the Controller;
- external consultants and third-party suppliers assisting the company in various capacities, with particular reference to suppliers of technical and technological services, credit and banking institutions, suppliers of services instrumental to the management/maintenance of the site, legal, accounting and organisational aspects, as well as any other person to whom the data must be communicated on the basis of an express provision of law or regulation.
Data transfer abroad
The user's personal data collected by the Data Controller will be processed mainly in Italy and, in any case, in states that are part of the European Union.
Rights of data subjects
Pursuant to Articles 15 to 22 of EU Regulation No. 2016/679, in connection with the processing of personal data provided, the user has the right to request at any time:
- access: the data subject may request confirmation as to whether or not data relating to him/her are being processed, as well as further clarification of the information referred to in this Policy, and to receive the data themselves, within reasonable limits;
- rectification: the data subject may request that the data provided be rectified or supplemented if they are inaccurate;
- erasure: the data subject may request that the data acquired or processed be erased if they are no longer necessary for the purposes indicated or if there are no longer any disputes or controversies outstanding, if the data subject withdraws consent or objects to processing, if processing is unlawful, or if there is a legal obligation to erase;
- restriction: the data subject may request the restriction of the processing of their personal data when one of the conditions set out in Article 18 of the GDPR applies;
- objection: the data subject may object at any time to the processing of their data on the basis of a legitimate interest, unless there are legitimate grounds for the Controller to proceed with the processing that prevail, for example, for the exercise or defence of legal claims; an objection by the data subject will always prevail over the legitimate interest of the Controller to process their data for marketing, promotional purposes;
- portability: the data subject may request to receive the data, or have them transmitted to another named data controller, in a structured, commonly used and machine-readable format. In addition, pursuant to article 7, paragraph 3, GDPR, the data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Finally, he or she has the right to lodge a complaint before the Supervisory Authority, which in Italy is the “Garante per la Protezione dei Dati Personali”.