INFORMATION ON WEBSITE AND COOKIES AS PER GDPR (GENERAL DATA PROTECTION REGULATION) No. 679/2016
Registered Office: Via Nicola Fabrizi, 44 – 10143 Torino, Italy
Operational Headquarters: C.so Svizzera, 185 – 10149 Torino, Italy
The purpose of this general provisions document is to inform visitors of the internet website (from now on referred to as the “User” and the “Consentee”) on how the information obtained is used, how personal data are treated and generally how cookies are handled, in accordance with Document No.679/2016 – GDPR, General Data Protection Regulation and applicable standards.
- DATA TREATMENT OWNER
- COLLECTION OF PERSONAL DATA AND LEGAL BASIS
- PURPOSE OF DATA TREATMENT
- SECURITY OF PERSONAL DATA
- DATA HOLDING PERIOD
- INTERNATIONAL TRANSFER OF DATA
- SHARING OF PERSONAL DATA
- OBLIGATION TO SUBMIT DATA AND ANY CONSEQUENCES IN CASE OF REFUSAL
- TYPES OF PERSONAL DATA COLLECTED
- RESPONSIBILITY FOR DATA PROTECTION
- DATA PROTECTION RIGHTS
- CHANGES TO INFORMATION ON PRIVACY
- ERASURE, OBJECTION AND RECTIFICATIONS
Personal data protection is an opportunity for shared transparent compliance between Betacom s.r.l. (from now on also the “Employer”) and the employee supplying the personal data.
Betacom s.r.l. undertakes to protect, preserve from damage, save and dispose of the data according to data treatment lines linked to the relationship established with the User.
By “personal data” (also known as IPI – Identifiable Personal Information) is meant anagraphic data, in case of registration when requesting services, and identification data for website navigation in applying control systems, security and data analytics.
By data “treatment” is meant any single or multiple operations performed with or without automated processes and applied to personal data or clusters of personal data, including collating, registration, organisation, structuring, conservation, adaptation or alteration, extraction, consultation, use, communication by transfer, dissemination or otherwise making available, comparison or interconnection, limitation, cancellation or suppression.
2) DATA TREATMENT OWNER
Betacom s.r.l. is the Owner of personal data treatment and may be contacted at the following email address: firstname.lastname@example.org or Tel. No. 39.011.43.32.064, or by writing to the postal address:
C.so Svizzera, 185 – 10149 Torino, Italy.
The Owner, as specified in the GDPR, decides depending on the purpose and modalities of personal data treatment, security and instruments used.
3) COLLECTION OF PERSONAL DATA AND LEGAL BASIS
The Owner handles User personal data if at least one of the following conditions exists:
- The User has given consent to data treatment for one or more purposes.
- Data treatment is necessary for the provision of services, i.e. for performing a contract agreed with the user.
- Data treatment is necessary to meet a legal requirement to which the Owner is subjected.
Betacom s.r.l. website collects user data as follows:
- Data obtained by automated means, i.e. provided directly by the User when navigating in the website and therefore leaves behind digital traces (IP, browser, name of network provider) which are stored by servers mainly for reasons of security, control and data analysis.
- Data provided on a voluntary and optional basis, i.e. given directly by the User with the intention of registering to the website to access services.
Betacom s.r.l. guarantees that the data acquired are also pertinent and not excessive, ensuring that the process is lawful and correct, i.e. for the purpose of data treatment, explicit ad legitimate.
Data treatment always occurs with hardcopy and digital tools and supports, both according to criteria based on security procedures, conservation and accessibility, within the strict domain of the purposes specified.
The legal basis of data treatment is the permission given by the Consentee to the treatment of personal data for one or more specific purposes as specified in this document. Moreover, the Owner may exercise a legitimate interest to defend his/her own legal rights in case of claims or disputes vis-a-vis the Consentee.
Betacom s.r.l. addresses a target of subjects with full legal, fiscal and contractual powers, which therefore excludes minors.
3) PURPOSE OF DATA TREATMENT
User data are collected from the internet website for the following purposes:
- To contact the User.
- To present and promote Employer activities.
- To promote website services and offers through commercial messaging.
- To develop custom services based on User needs.
- To handle registration and transmittal of website newsletter and other information services.
- To enable interaction with social platforms, blogs and forums.
- To promote participation in events and initiatives.
- To acquire User opinions on the satisfaction about services rendered.
- To carry out statistical analyses on navigation data.
- To facilitate communication and exchange of experiences with users.
- To provide service assistance.
- To gather User feedback for website improvement.
- To inform the Authorities about any instances of fraud, unlawfulness and misconduct.
- To meet legal obligations.
4) SECURITY OF PERSONAL DATA
Betacom s.r.l. handles personal data with the utmost care, adopting security and protection measures in strict accordance with the requirements of the GDPR, in line with ISO 9001 and ISO 27001 standards.
Moreover, Betacom s.r.l. implements effective and suitable practices and techniques to ensure that all data treatment processes meet the following conditions:
– Confidentiality, i.e. protection from unauthorized access.
– Integrity, to prevent loss or damage.
– Availability, to ensure continuous access of employees to their data.
Even if information is disclosed to trusted third parties, and for the purposes specified in this document, the Employer makes sure that the latter adopt similar security, technical and operational measures in line with the criteria outlined above.
5) DATA RETENTION PERIOD
Data are treated and held for the time needed to provide services and treatments according to the purposes outlined in this document.
For all other purposes linked to legal requirements, data are to be held for a period not exceeding that necessary and requested for meeting such obligations.
The retention period for personal data and employer information is based on the following criteria:
- Nature and purpose of data treatment.
- Regulatory obligations.
- Disputes on claims (if applicable).
- Management of services linked to the website.
On the expiry of all applicable terms, User data will be suppressed and destroyed according to adequate technical procedures according to best practices of Information Security.
6) INTERNATIONAL TRANSFER OF DATA
As of today, Betacom s.r.l. does not operate any international data transfer to Third Countries outside the European Union.
Owing to continuous changes and business expansion beyond European boundaries, it may happen that also company processes, followed by User personal data, are transferred to third-party suppliers in other non-EU countries.
Consequently, in the future User data might be shared and/ or transferred to third-party suppliers in such countries.
If an international transfer occurs, the process would take place according to the legitimacy requirements specified by the articles of the Regulation in force, by the applicable standards on privacy and by the procedures governing the transfer, and the Owner meets the conditions as per CAPO V (Transfer of personal data to third countries or international organizations – articles 44,45,46,47,48,49,50), in addition to the other directives of this Regulation. All directives of this CAPO will be applied to ensure that the protection level of individuals guaranteed by Regulation GDPR is not adversely affected.
7) SHARING OF PERSONAL DATA
Personal data of employees will not be shared with other parties unless this is compulsory, in all other cases consent is optional, explicit and voluntary.
Personal data may be accessed by in-house data treatment officers for all operations covering administration, management and provision of internal services. This personnel is from Betacom s.r.l. functions including administration, HR, legal and IT systems.
Personal data may also be accessed by some external entities including service providers, qualified as responsible for data treatment.
The Owner guarantees training of all in-house personnel under his/her supervision who have access to personal data according to current data treatment specifications.
As regards designated third parties with responsibility for data treatment, Betacom s.r.l. follows GDPR rules, ensuring conformity and adequacy to current standards.
8) OBLIGATION TO SUBMIT DATA AND ANY CONSEQUENCES IN CASE OF REFUSAL
During navigation and when using website services, the User may elect to give or withhold consent to transfer of personal data
Total or partial refusal would adversely affect the activities linked to the supply of internet website services, preventing provision of such services.
9) TYPES OF PERSONAL DATA COLLECTED
Data collected by automated means are information stored in website servers and held in log files, i.e.:
- IP, address “internet Protocol
- Parameters of the device used to connect to the site (PC, tablet, smartphone)
- Anonymous traceability of pages viewed and clicks
- Name of the internet service provider (ISP)
- Type of browser
- Date and time of start and end of the navigation
- References to a source web page (referral) and output web page
Data collected are used in aggregate form and for merely statistical purposes, to enable the Employer to proceed with market analyses linked to website management and development strategies.
The IP address, identifying the connection device to the internet network, is treated for security purposes excluding aggregations with other User identification data.
Conversely, as regards data given on a voluntary and optional basis, the website User may request contacts to receive information material supplying personal data and consent to data treatment. Such data treatment needed to supply services offered by the website, uses registration forms filled out by the User who enters personal anagraphic and identification data including email account and other addresses.
10) RESPONSIBILITY FOR DATA PROTECTION
The Owner nominates a Data Protection Officer (DPO).
11) DATA PROTECTION RIGHTS
The Consentee has a right to know what personal data are collected and treated by the Owner, its content and source, to verify the accuracy and to alter them if necessary or to add other information, to request suppression or conversion to an anonymous form, to deny use in case of presumed infringement of the law or withhold consent to treatment.
All requests for information and any claims may be submitted to the Owner at the addresses mentioned in this Document.
12) CHANGES TO INFORMATION ON PRIVACY
This Document is subject to possible changes and updating to reflect modifications of national and/or EU regulations, to incorporate new technology, or for Betacom s.r.l. organizational reasons, in which case the latter will inform the User accordingly through notices using company communication means, or promptly update this Document and the website interaction tools (registration forms, cookies consent software, extended cookie info., etc.).
Changes such as this one, in order to reflect the new GDPR code, will continue to be subject to the regulations in force, unless the Consentee objects to the proposed changes and requests termination of data treatment with the consequent removal of personal data.
In any case, it is the User’s responsibility to periodically check the updating status of this Document and refer to it whenever informed that changes have been introduced.
13) ERASURE, OBJECTION AND RECTIFICATIONS
At any time, the User may object in whole or in part, request rectifications or withdraw consent to data treatment and obtain erasure.
On expiry of the data holding period, the User personal data will be erased and destroyed using adequate technical procedures.
Cases of erasure include the following:
- Personal data are no longer necessary following termination of the relationship with the Owner.
- The Consentee withdraws consent.
- the Consentee objects to data treatment.
- Data holding terms have expired.
The Consentee has the right to make claims as per GDPR articles 13 and 14.
Date of latest revision: May 10, 2018.