PRIVACY POLICY

PRIVACY

In accordance with European Regulation 679/2016 on the protection of personal data

Argos G.M. Cataforesi Srl intends to provide on this page information regarding the processing of personal data collected during navigation on the website www.gmcataforesi.it (hereinafter referred to as the “Website”) or following contact with the Data Controller.

Argos G.M. Cataforesi Srl, as Data Controller pursuant to EU Regulation 679/2016 (hereinafter also referred to as “GDPR”), operates in full compliance with national and European regulations on the protection of personal data and pays great attention to the confidentiality of its users’ personal data, observing the appropriate security measures to ensure the protection of the information collected.

  1. DATA CONTROLLER

The Data Controller is Argos G.M. Cataforesi Srl with registered office in Via della Meccanica 44/44a – 41031 Camposanto (MO) – VAT number 02683510362.

You can also contact the Data Controller at the following email address:info@gmcataforesi.it to exercise your rights as a data subject or for any request relating to the protection of personal data.

  1. PURPOSE OF THE PROCESSING

Browsing data and cookies

In principle, you can browse the Website without providing any personal data. The Website is divided into distinct sections, some of which may require the entry of data, while others do not.

The computer systems used to operate the Website acquire, during normal operation, some Data that are then implicitly transmitted when using Internet communication protocols. This may include information about the geographical area from which you are browsing, the device used, the type of browser, and the pages visited by the user during the session. Browsing data is stored anonymously and is used primarily for statistical information, to check the proper functioning of the site and to improve its use. For more details on tracking tools, please refer to the specific Cookie Policy.

Data provided voluntarily by users

When users provide certain data to access specific services of the Data Controller or to make requests via email, Argos G.M. Cataforesi acquires such data and processes it exclusively to respond to the request, to identify the user and to provide the service (e.g. sending a quote or signing a contract). The Data provided may include, for example: name, surname, email address, telephone number, address, profession, etc.

  1. PURPOSE OF PROCESSING and LEGAL BASES

Personal data is processed for various purposes, which we describe below with the relevant legal bases.

  1. To ensure the functioning of the Website, provide assistance on the Website, improve and personalise the user experience (legal basis: performance of a contract and pre-contractual measures; legitimate interest of the Data Controller)

  2. Managing requests for information on the Data Controller’s products and services (legal basis: performance of a contract or pre-contractual measures)

  3. To comply with contractual obligations, requirements and conditions, as well as to manage credit protection, any disputes and to enforce the rights of the Data Controller (legal basis: performance of a contract, legal obligation)

  4. Managing accounting, administrative, tax and other obligations required by Italian, European or international law (legal basis: legal obligation)

  5. Sending customers appropriate communications about products, services and company initiatives, sending periodic newsletters, surveying customer satisfaction, including via email, text message and telephone (legal basis: legitimate interest of the Data Controller)

  6. Sending commercial communications by post, email, telephone calls and carrying out marketing and market research activities to recipients who are not customers of the Data Controller (legal basis: specific consent)

The Data Controller does not currently carry out profiling or processing involving automated decision-making processes.

Should the Data Controller add other processing purposes other than those described, it will adapt this policy and request consent for processing (if required) in the most appropriate manner.

You will always and in any case have the option to withdraw your consent and/or object to any marketing and/or unwanted communications.

  1. METHOD AND DURATION OF PROCESSING

Personal data is processed using electronic and/or manual procedures and media (e.g. on paper) for the time strictly necessary to achieve the purposes for which the data was collected and, in any case, in accordance with the provisions of current legislation.

Furthermore, the company is required to retain certain information in accordance with legal requirements and for a period of time reasonably necessary to meet legal requirements, resolve disputes, prevent fraud and abuse, and enforce its terms and conditions. Personal data processed for administrative, contractual and legal purposes is therefore retained for at least ten years.

In relation to all processing, the Data Controller and any Data Processors undertake to adopt appropriate physical, logical and organisational security measures at all times to ensure the integrity, confidentiality and availability of the data.

  1. PROVISION OF DATA

In general, the provision of data processed for legal obligations and contractual performance is necessary. Any objection to the processing, in whole or in part, may make it impossible for Argos G.M. Cataforesi to proceed with the contractual relationship.

For all other purposes, apart from what has already been specified for navigation data, users are free to provide their personal data. Failure to provide such data may only make it impossible to obtain what has been requested or to remain informed in the best possible way.

  1. SCOPE OF COMMUNICATION OF PERSONAL DATA

Personal data may be made accessible for the purposes mentioned above to employees and collaborators of the Data Controller, who are formally appointed and authorised to process the data and receive adequate operating instructions in this regard.

Furthermore, in order to carry out certain activities that also involve the processing of personal data, the Data Controller is required to communicate the data to other parties, within the limits relevant to the obligations, tasks and purposes described above. These parties may include, but are not limited to:

  • Third parties appointed to perform technical or administrative activities on behalf of the Data Controller (e.g. legal, tax and notarial advice, IT services, communication agencies, etc.) in their capacity as external data processors pursuant to Article 28 of the GDPR, where applicable, or as independent data controllers.

  • Parent companies, subsidiaries, associated companies and/or affiliates, business partners

  • Third parties who must perform activities related to regulatory and contractual obligations, institutional purposes or in the context of investigations and controls (e.g. law enforcement agencies, tax authorities, ministerial bodies and competent authorities, local authorities, regional and provincial tax commissions, etc.).

  1. DATA TRANSFER

The Data Controller uses IT tools for processing activities that are located within the European Union. If, for technical or organisational reasons, it is necessary to transfer data abroad to countries outside the EU, the regulatory requirements set out in Chapter V of the GDPR will be complied with (e.g. adequacy decisions issued by the European Commission, adequate guarantees from the recipient, standard contractual clauses).

  1. RIGHTS OF THE DATA SUBJECT

The GDPR (Articles 15-22) recognises the data subject’s right to exercise certain rights by contacting the Data Controller, such as:

  • right of access

    • confirmation as to whether or not personal data concerning the data subject are being processed;

    • communication of the transfer of data to a third country or to an international organisation;

    • obtaining a copy of the personal data being processed (only if this does not adversely affect the rights and freedoms of others).

  • right to rectification

  • right to restriction of processing

  • right to data portability

  • right to object (not exercisable if the Data Controller demonstrates legitimate grounds for processing that override the interests, rights and freedoms of the data subject or for the defence of a right in court)

  • right to erasure (right to be forgotten)

  • right to object to direct marketing and/or profiling

  • right to withdraw consent

The data subject also has the right to receive timely notification in the event of a personal data breach that could damage their dignity and freedom (so-called Data Breach).

Finally, the data subject has the right to lodge a complaint with the Italian Supervisory Authority – Garante per la protezione dei dati personali (Data Protection Authority) – Piazza Venezia 11 – 00187 Rome – . protocollo@gpdp.it

Contact Us

For information and quotes

info@gmcataforesi.it

+39 0535 80301