PROCESSING OF PERSONAL DATA
MANAGED BY THE WEBSITE OF OFFICINE MALAGUTI SRL
(GDPR REG EU 2016/679)
(Legislative Decree 196/2003 as amended by Legislative Decree 101/2018)
OFFICINE MALAGUTI SRL, headquartered in Sant'Agata Bolognese (BO), Via XXI Aprile, 1945, No. 60 - VAT: 03520240379 - (hereinafter referred to as MALAGUTI or the "Data Controller"), in its capacity as the data controller, pursuant to art. 13 EU Regulation no. 2016/679 (hereinafter, "GDPR") and the amendments introduced by Legislative Decree 30.6.2003 no.196 as updated by Legislative Decree 101/2018 (hereinafter, "Privacy Code"), takes the privacy of the user seriously and is committed to respecting it.
Where required by EU Regulation 2016/679, user consent will be requested before processing their personal data. If the user provides personal data of third parties, they must ensure that the communication of the data to MALAGUTI and the subsequent processing for the purposes specified in the applicable privacy notice complies with EU Regulation 2016/679 and applicable regulations.
2) Identification details of the data controller, data processor, and Privacy Officer
The data controller is OFFICINE MALAGUTI SRL, headquartered in Sant'Agata Bolognese (BO), Via XXI Aprile, 1945, No. 60 - VAT: 03520240379, PEC: email@example.com.
3) Types of data processed
Visiting and consulting the Site generally does not involve the collection and processing of user personal data, except for navigation data and cookies as specified below. In addition to the so-called "navigation data" (see below), MALAGUTI may process personal data voluntarily provided by the user when interacting with the Site's features or requesting to use the services offered on the Site. In compliance with the Privacy Code, MALAGUTI may also collect user personal data from third parties in the course of its business.
4) Cookies and navigation data
Technical cookies are necessary for the proper functioning of a website and to allow user navigation; without them, the user may not be able to view pages correctly or use certain services.
Profiling cookies are designed to create user profiles in order to send advertising messages in line with the preferences expressed by the user while browsing.
Cookies can also be classified as:
"session cookies," which are deleted immediately when the browsing browser is closed;
"persistent cookies," which remain within the browser for a certain period. They are used, for example, to recognize the device connecting to a site, facilitating user authentication operations;
"first-party cookies," generated and managed directly by the website manager on which the user is browsing;
"third-party cookies," generated and managed by subjects other than the website manager on which the user is browsing.
5) Cookies used on the site
The Site uses the following types of cookies:
Own cookies, session, and persistent, necessary to allow navigation on the Site, for internal security purposes, and system administration;
Third-party cookies, session and persistent, necessary to allow the user to use multimedia elements on the Site, such as images and videos;
Third-party cookies, persistent, used by the Site to send statistical information to the Google Analytics system, through which the Data Controller can perform statistical analysis of access/visits to the Site. The cookies used exclusively serve statistical purposes and collect information in aggregate form. Through a pair of cookies, one persistent and the other session (expiring when the browser is closed), Google Analytics also saves a log with the start and end times of the visit to the Site. Google can prevent data detection via cookies and subsequent data processing by downloading and installing the browser plug-in from the following address: http://tools.google.com/dlpage/gaoptout?hl=en;
Third-party cookies, persistent, used by the Site to include buttons from some social networks (Facebook, Twitter, and Google+). By selecting one of these buttons, the user can post the contents of the Site's web page they are visiting on their personal page of the respective social network.
6) How to disable cookies in browsers
If desired, the user can manage cookies directly through their browser settings. However, deleting cookies from the browser may remove preferences set for the MALAGUTI site, so it would be advisable to periodically visit this page to review preferences.
For further information and support, it is also possible to visit the specific help page of the web browser being used: Internet Explorer; Firefox; Safari; Chrome; Opera.
7) Storage of personal data
Personal data is stored and processed through computer systems owned by MALAGUTI and managed by third-party technical service providers; for more details, please refer to the "Scope of Accessibility of Personal Data" section that follows. Data is processed exclusively by specifically authorized personnel, including personnel responsible for extraordinary maintenance operations. Personal data will be stored for the duration of the contract and after the end of the contract to fulfill MALAGUTI's legal obligations, including claims for any complaints, in accordance with applicable law, and will then be deleted or anonymized.
If the user agrees to be contacted for the purpose of direct marketing of our products and services, after the expiration of the contract, the Data Controller will process the data until the user revokes their consent and in any case within the predetermined retention policy.
8) Purposes and methods of data processing
MALAGUTI may process user common and sensitive personal data for the following purposes: use by users of services and features on the Site, management of requests and reports from its users, sending newsletters, management of applications received through the Site, etc.
Furthermore, with the additional and specific optional consent of the user, MALAGUTI may process personal data for marketing purposes, i.e., to send the user promotional material and/or commercial communications related to the Company's services, at the contact details provided, both through traditional contact methods (such as postal mail, operator phone calls, etc.) and automated methods (such as internet communications, fax, email, SMS, applications for mobile devices such as smartphones and tablets - so-called APPS -, social network accounts - e.g., via Facebook or Twitter -, automated operator phone calls, etc.).
Personal data is processed both in paper and electronic form and entered into the company's information system in full compliance with EU Regulation 2016/679, including security and confidentiality profiles and following the principles of fairness and lawfulness of processing. In accordance with EU Regulation 2016/679, data is stored and kept for the time necessary to achieve the purposes for which it is processed and in any case for the entire time you decide to be registered on our website.
9) Security and quality of personal data
MALAGUTI is committed to protecting the security of user personal data and complies with the security provisions required by applicable regulations to prevent data loss, unlawful or illicit use of data, and unauthorized access. Additionally, the information systems and computer programs used by MALAGUTI are configured to minimize the use of personal and identifying data; such data is processed only for the achievement of specific purposes pursued from time to time. MALAGUTI uses multiple advanced security technologies and procedures to promote the protection of user personal data; for example, personal data is stored on secure servers, located in places with protected and controlled access, or on Cloud Servers managed by subjects appointed as data processors under art. 28 GDPR. The user can help MALAGUTI update and maintain their personal data by communicating any changes to their address, qualification, contact information, etc.
10) Scope of communication and access to data
User personal data may be communicated at least to:
All subjects to whom the right to access such data is recognized by regulatory measures;
Our collaborators, employees, within the scope of their duties;
All those natural and/or legal persons, public and/or private, when communication is necessary or functional to the performance of our business and in the ways and for the purposes illustrated above.
Regarding the sharing of data, it is advisable to carefully read the text of the Information on the processing of data collected by MALAGUTI and present in the footers and/or banners and/or on the individual reference pages to the service requested by the user to MALAGUTI.
11) Nature of provision of personal data
The provision of some personal data by the user is mandatory to allow the Company to manage communications, requests received from the user, or to contact the user to follow up on their request. This type of data is marked with the asterisk symbol [*], and in this case, the provision is mandatory to allow the Company to follow up on the request, which, in the absence of this information, cannot be processed. On the other hand, the collection of other data not marked with an asterisk is optional: failure to provide it will not have any consequences for the user.
The provision of personal data by the user for marketing purposes, as specified in the section "Purposes and methods of processing," is optional, and the refusal to provide it will have no consequences. The consent given for marketing purposes is considered extended to communications made through both automated and traditional contact methods, as exemplified above.
12) Rights of the data subject
12.1 Art. 15 (right of access), 16 (right to rectification) of EU Regulation 2016/679
The data subject has the right to obtain from the data controller confirmation of whether or not personal data concerning them is being processed and, in that case, to obtain access to personal data and the following information:
The purposes of the processing;
The categories of personal data concerned;
The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
The envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
The existence of the data subject's right to request from the data controller rectification or erasure of personal data or restriction of processing concerning the data subject or to object to such processing;
The right to lodge a complaint with a supervisory authority;
The existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
12.2 Right pursuant to Art. 17 of EU Regulation 2016/679 - Right to erasure ("right to be forgotten")
The data subject has the right to obtain from the data controller the erasure of personal data concerning them without undue delay, and the data controller has the obligation to erase personal data without undue delay if one of the following grounds applies:
The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
The data subject withdraws consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) and there is no other legal ground for the processing;
The data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
The personal data have been unlawfully processed;
The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject;
The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of EU Regulation 2016/679.
12.3 Right pursuant to Art. 18 Right to restriction of processing
The data subject has the right to obtain from the data controller the restriction of processing where one of the following applies:
The data subject contests the accuracy of the personal data, for a period enabling the data controller to verify the accuracy of such personal data;
The processing is unlawful, and the data subject opposes the erasure of the personal data and requests instead the restriction of their use;
Although the data controller no longer needs the personal data for the purposes of the processing, the data subject needs them for the establishment, exercise, or defense of legal claims;
The data subject has objected to processing pursuant to Article 21(1) of EU Regulation 2016/679 pending the verification whether the legitimate grounds of the data controller override those of the data subject.
12.4 Right pursuant to Art. 20 Right to data portability
The data subject has the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another data controller without hindrance from the data controller.
13. Withdrawal of consent to processing
The data subject has the right to withdraw their consent to the processing of their personal data by sending a registered letter with return receipt to the following address: OFFICINE MALAGUTI SRL, headquartered in Sant'Agata Bolognese (BO), Via XXI Aprile, 1945,