This web page describes how www.bfu.it (the “Site”) is managed in terms of processing of personal data of the users who view it and which are collected through this Site.
This policy is provided, in accordance with Art. 13 of Legislative Decree 196/2003 (Personal Data Protection Code) and Art. 13 of Regulation (EU) 2016/679 (European Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter “EU Regulation”), to those who interact with the services available online on the Site.
This policy is provided exclusively for this Site, and not for any other site that a user might connect to via hyperlink, which are in fact beyond the control of BFU A.D..
The information is also based on Recommendation No. 2/2001 adopted on 17 May 2001 by the European Authorities for personal data protection in order to identify some minimum requirements for collecting personal data online, and, more specifically, the methods, timing, and nature of the data that a controller would need to provide to users when they connect to a web page for whatever purpose.
TYPE OF PERSONAL DATA COLLECTED
The IT systems and software procedures utilised to run this Site acquire some user-derived personal data as part of their normal functioning; the transmission of such data is implicit in internet communication protocols.
These data are not collected to be associated with identified data subjects, but, by their very nature, they might make users identifiable after being processed and matched with data held by third parties.
This data category includes IP addresses or domain names of the computers used to connect to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used to submit the request to the server, the size of the returned file, the numerical code of the server response status (completed, error, etc.) and other parameters related to the user’s operating system and IT environment.
Data Voluntarily Submitted by the User
The user’s personal data collected through the online form on the Site are: first name, surname, address, email address, country of origin.
BFU A.D. will process your personal data:
1. to respond to requests for information submitted by Site visitors using the enquiry form;
2. to provide technical assistance;
3. to comply with statutory, regulatory requirements (for both Italian and EU legislation)
4. once they are anonymized, to collect anonymous statistical data on use of the website, and to monitor its proper functioning;
5. to email informational and promotional messages, as well as newsletters from BFU A.D. with respect to its own marketing campaigns.
Please note that for the purposes listed under 1), 2) and 3), supra, consent is not required for BFU A.D. to process your personal data, as the processing is performed pursuant to requests made by you, or in compliance with the law. The purpose listed under point 4), supra, does not involve personal data processing, whereas your consent is required to process data with regard to point 5), supra.
OPTIONAL AND REQUIRED DATA SUBMISSION
It is mandatory to provide your data for the purposes of points 1), 2) and 3), supra. Their processing is required so we can respond to requests for information, provide technical assistance and comply with legal obligations. Any refusal to provide such consent will make it impossible for BFU A.D. to respond.
DATA PROCESSING METHODS AND SECURITY MEASURES
Data will mainly be processed using electronic or, in any case, automated (manual, IT, and/or online) tools, using methods and resources that assure the security and privacy of the data. Moreover, all technical, IT, organisational, and security-protocol measures will be taken to ensure appropriate data protection as required by law. Only Data Processors appointed by the Data Controller or by any Data Protection Officers may access the data.
Data subject to processing shall be relevant, complete, and limited in scope to the purposes for which they were collected or thereafter processed and will only be stored in a format that allows the data subject to be identified as long as necessary for the purposes for which they were collected, in compliance with applicable law.
The Controller states it does not use automated processes to profile the data subject.
RECIPIENTS OF PERSONAL DATA
Personal data shall be processed onsite at BFU A.D. and may be disclosed to its employees and/or contractors, as well as to the following entities:
a) Third-party companies in the same corporate group as BFU A.D.. in order to respond to requests you have submitted using the online form;
b) Third-party companies, in order to provide the technical assistance requested;
c) Any government authority with access to the data pursuant to any court or administrative order;
d) Entities who provide services for the management of the IT system, and the telecommunications network (including email).
PERIOD OF DATA STORAGE
The Controller informs users that any personal data collected shall be stored as long as necessary to provide the requested services, including technical assistance. When used for marketing, data shall be stored for two (2) years. Once that period has elapsed, the data will be destroyed or rendered anonymous.
DATA SUBJECT’S RIGHTS
Pursuant to Italian Legislative Decree no. 196 of 30 June 2003 and Regulation (EU) 2016/679, you may exercise your rights vis-à-vis the Controller as follows:
- Pursuant to Art. 15, 16, 17, 18, 19, 20 and 21 of the EU Regulation and in accordance with Art. 7 of Italian Legislative Decree n. 196, 30 June 2003, request the Controller to access your personal data, and to request that such data be rectified or erased, or restrict processing involving the data subject, or object to processing of the data, in addition to the right of data portability. Data that the Controller is required to store by law cannot be erased.
- Withdraw consent at any time, pursuant to Art. 7 of the EU Regulation, without prejudice to the lawfulness of earlier processing based on consent provided prior to this.
It shall remain understood that where requests have been submitted electronically, the information shall be supplied free of charge, and in a commonly used electronic format.
RIGHTS TO LODGE A COMPLAINT WITH THE DATA PROTECTION AUTHORITY
Should you believe that Controller’s processing of your personal data breaches your privacy rights, you may lodge a complaint with the Garante (Italian Data Protection Supervisor), following the instructions available at their website: www.garanteprivacy.it.