Data protection statement (articles 7 and 13 of Legislative Decree 196/03 and articles 13 and 14 of Regulation (EU) 679/2016) for the website https://www.bmr.it/ owned by BMR S.p.A.
This document regarding BMR S.p.A’s privacy policies in relation to personal data describes in detail the methods of processing the personal data of the users of the portal.
This statement is not valid for other websites that may be accessible via our links.
Personal data: means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Navigation Data: is the information collected automatically by this Application (or by third-party applications that this Application uses), including: the IP addresses or the domain names of the computers used by the User connecting with this Application, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, the numerical code relating to server response status (successfully performed, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details relating to the itinerary followed within the Application, with particular reference to the sequence of pages viewed and the parameters related to the user’s operating system and computer environment.
User: The person who uses this web site, even if just browsing the web (coincides with the data subject).
Data subject: the natural person to whom the Personal Data refers.
Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
This Application, Platform or website: the hardware or software tool through which user’s Personal Data is collected.
1. THE DATA CONTROLLER
BMR S.p.A. (hereinafter also “Organization”) with registered office and place of business in via Giovanni Fattori, 6 – 42019, Scandiano (RE) Italy – Tax Code and VAT N° 01431820354, as the Data Controller of your personal data pursuant to Legislative Decree 196/03 and Regulation (EU) 679/2016 on the “protection of natural persons with regard to the processing of personal data and on the free movement of such data” hereby informs you that your personal data will be processed in compliance with the principles of fairness, lawfulness and transparency and that your privacy and rights will be safeguarded.
2. DATA CONTROLLER REPRESENTATIVE
There is no Data Controller representative in this Organization as it is not required under the Regulation.
3. DATA PROTECTION OFFICER
There is no Data Protection Officer (DPO) in this Organization as it is not required under the Regulation.
4. PURPOSE OF PERSONAL DATA PROCESSING
There are various reasons for processing your personal data but they are all aimed at providing you with the best possible service and they will only be implemented with your consent.
Specifically, on the following pages:
a) “CONTACTS”, that can be used to request information on new products and / or services or for making any other request for information by filling in the mandatory fields such as name, surname, e-mail, company name and telephone number (non-mandatory field).
b) “NEWSLETTER and COMMERCIAL COMMUNICATIONS”, in order to receive information about new products and/or services via e-mail and / or telephone.
We would also remind you that sending optional and voluntary e-mails to the addresses indicated on this website or, for example, using the “CONTACTS” service, by its very nature implies the subsequent acquisition of personal data. We therefore invite our users, when requesting services of making enquires, not to send the names or other personal data of third parties that are not strictly necessary nor special data and/or judicial data pursuant to articles 9 and 10 of Regulation (EU) 679/2016 or sensitive and / or judicial data pursuant to Italian Legislative Decree no. 196/03.
5. LAWFUL BASIS FOR PROCESSING
With reference to the lawfulness of the processing, the lawful basis for the processing is specified below:
a) For the purposes referred to in Point 4 letters a) and b) of this data protection statement it is only possible to process your personal data with your specific consent (article 6, paragraph 1, letter a) of the Regulation).
6. METHODS OF PROCESSING
All processing takes place after having adopted technical and organizational security measures that are appropriate for the processing as indicated in article 32 of the Regulation and Annex B of Italian Legislative Decree no. 196/03 that is still in force. All data is processed with or without the use of computer systems. We use a wide range of advanced security technologies and procedures to help protect personal data against the risks described above.
7. RECIPIENTS OF THE PERSONAL DATA
The recipients of the personal data referred to above will be only and exclusively the Owners of the undersigned Organization, the employees and direct collaborators of the Organization for the sole purpose of fulfilling the service requested by the user unless communication is required to fulfil statutory obligations or is strictly necessary in order to fulfil user requests. Information acquired via the CONTACTS page or sent by e-mail to the addresses indicated on the website are stored exclusively by the undersigned.
Processing connected to the web services is carried out at the Data Controller’s headquarters and the hosting service provider, Aruba SpA address – Data Center IT2 Via Sergio Ramelli 8, Arezzo (IT) and is stored at the locations in which the physical servers are located.
8. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY
Your personal data will not be transferred to third countries or international organisations outside the European Union (articles 44-49 of the Regulation). The data centre in which the data is stored is located in Arezzo (Italy).
9. RETENTION PERIOD
Specific personal information is not retained for longer than is necessary for the purposes for which it was collected, which are described here, unless longer or shorter retention periods are required by the laws in force.
a) For the purposes of the processing indicated in Point 4 letter a) of this statement, and only with your specific consent, your personal data will be kept for the duration of any service requested or any resulting contract thereof. In the event that a formal contractual relationship is established as a result of this contact, your data will be retained as required to fulfil legal obligations and comply with regulations in force regarding the keeping of accounting, tax and administrative records and more generally, for business relations.
b) For the purposes of the processing indicated in Point 4 letter b) of this statement, and only with your specific consent, the retention time for your personal data will be decided upon by you and you can unsubscribe from the newsletter at any time by following the simple procedure indicated in each individual communication, thereby withdrawing your consent or informing us that you no longer wish to receive commercial telephone communications by contacting us using the contact details indicated in the following section.
10. RIGHTS OF DATA SUBJECTS
It is your right to ask the Data Controller to have access to, delete, communicate, update, correct, oppose the processing, integrate, restrict, make portable and to be notified of any data breach regarding your personal data, as well as in general, you can exercise all the rights pursuant to article 13 and subsequent of EU Regulation 679/2016. The complete list of your rights contained in Article 13 of EU Regulation 679/2016 is indicated below.
If you wish to exercise your rights in relation to this policy, please contact BMR S.p.A., head office and place of business via Giovanni Fattori, 6 – 42019, Scandiano (RE) Italy – Tel. +39 0522 857868 – Fax +39 0522 856475 –, or contact us by e-mail: firstname.lastname@example.org
11. RIGHT TO WITHDRAW
You have the right to withdraw your consent to the processing of your data referred to in Point 4 letters a) and b) of this statement at any time by sending an e-mail directly to email@example.com or, in the case of the newsletter, by following the simple procedure indicated in each individual communication.
12. SUPERVISORY AUTHORITY
You have the right to lodge a complaint with the competent supervisory authority “Italian Data Protection Authority” if you believe that your rights under the data protection act might be infringed.
13. CONSEQUENCES OF THE REFUSAL TO ANSWER
In relation to the purposes of data processing referred to in Point 4 letters a) and b) of this statement, the provision of personal data by the user is optional and NOT “mandatory” (e.g. requesting information using the “CONTACTS” service or by subscribing to our newsletter).
14. AUTOMATED DECISION-MAKING
Your data will not be used in any automated decision-making process.
15. I SOCIAL BUTTON
This website uses social buttons. Social buttons are digital buttons or direct links to Social Network platforms that are configured in each individual “button”. By clicking on these links, you will be able to interact directly with the website owner’s account (social media pages). The operators of the Social Networks that are accessed via the buttons are independent data controllers. Further information on the individual privacy policies of the Social Network platforms and on the way to manage and disable the related cookies can be found on each Social Network platform.
A cookie is a text file that is stored on the hard disk of a computer only after permission has been given. If you give your consent, a small text file will be downloaded.
The purpose of cookies is to allow access to services by acting as security filters and allow Web applications to send information to individual users.