Registered Office: Via Nicola Fabrizi, 44 – 10143 Torino, Italy
Operational Headquarters: C.so Svizzera, 185 – 10149 Torino, Italy
The purpose of this general provisions document is to inform visitors of the internet website (from now on referred to as the “User” and the “Consentee”) on how the information obtained is used, how personal data are treated and generally how cookies are handled, in accordance with Document No.679/2016 – GDPR, General Data Protection Regulation and applicable standards.
- DATA TREATMENT OWNER
- COLLECTION OF PERSONAL DATA AND LEGAL BASIS
- PURPOSE OF DATA TREATMENT
- SECURITY OF PERSONAL DATA
- DATA HOLDING PERIOD
- INTERNATIONAL TRANSFER OF DATA
- SHARING OF PERSONAL DATA
- OBLIGATION TO SUBMIT DATA AND ANY CONSEQUENCES IN CASE OF REFUSAL
- TYPES OF PERSONAL DATA COLLECTED
- RESPONSIBILITY FOR DATA PROTECTION
- DATA PROTECTION RIGHTS
- CHANGES TO INFORMATION ON PRIVACY
- ERASURE, OBJECTION AND RECTIFICATIONS
Personal data protection is an opportunity for shared transparent compliance between Betacom s.r.l. (from now on also the “Employer”) and the employee supplying the personal data.
Betacom s.r.l. undertakes to protect, preserve from damage, save and dispose of the data according to data treatment lines linked to the relationship established with the User.
By “personal data” (also known as IPI – Identifiable Personal Information) is meant anagraphic data, in case of registration when requesting services, and identification data for website navigation in applying control systems, security and data analytics.
By data “treatment” is meant any single or multiple operations performed with or without automated processes and applied to personal data or clusters of personal data, including collating, registration, organisation, structuring, conservation, adaptation or alteration, extraction, consultation, use, communication by transfer, dissemination or otherwise making available, comparison or interconnection, limitation, cancellation or suppression.
2. DATA TREATMENT OWNER
Betacom s.r.l. is the Owner of personal data treatment and may be contacted at the following email address: email@example.com or Tel. No. 39.011.43.32.064, or by writing to the postal address:
C.so Svizzera, 185 – 10149 Torino, Italy.
The Owner, as specified in the GDPR, decides depending on the purpose and modalities of personal data treatment, security and instruments used.
3. COLLECTION OF PERSONAL DATA AND LEGAL BASIS
The Owner handles User personal data if at least one of the following conditions exists:
- The User has given consent to data treatment for one or more purposes.
- Data treatment is necessary for the provision of services, i.e. for performing a contract agreed with the user.
- Data treatment is necessary to meet a legal requirement to which the Owner is subjected.
Betacom s.r.l. website collects user data as follows:
- Data obtained by automated means, i.e. provided directly by the User when navigating in the website and therefore leaves behind digital traces (IP, browser, name of network provider) which are stored by servers mainly for reasons of security, control and data analysis.
- Data provided on a voluntary and optional basis, i.e. given directly by the User with the intention of registering to the website to access services.
Betacom s.r.l. guarantees that the data acquired are also pertinent and not excessive, ensuring that the process is lawful and correct, i.e. for the purpose of data treatment, explicit ad legitimate.
Data treatment always occurs with hardcopy and digital tools and supports, both according to criteria based on security procedures, conservation and accessibility, within the strict domain of the purposes specified.
The legal basis of data treatment is the permission given by the Consentee to the treatment of personal data for one or more specific purposes as specified in this document. Moreover, the Owner may exercise a legitimate interest to defend his/her own legal rights in case of claims or disputes vis-a-vis the Consentee.
Betacom s.r.l. addresses a target of subjects with full legal, fiscal and contractual powers, which therefore excludes minors.
4. PURPOSE OF DATA TREATMENT
User data are collected from the internet website for the following purposes:
- To contact the User.
- To present and promote Employer activities.
- To promote website services and offers through commercial messaging.
- To develop custom services based on User needs.
- To handle registration and transmittal of website newsletter and other information services.
- To enable interaction with social platforms, blogs and forums.
- To promote participation in events and initiatives.
- To acquire User opinions on the satisfaction about services rendered.
- To carry out statistical analyses on navigation data.
- To facilitate communication and exchange of experiences with users.
- To provide service assistance.
- To gather User feedback for website improvement.
- To inform the Authorities about any instances of fraud, unlawfulness and misconduct.
- To meet legal obligations.
5. SECURITY OF PERSONAL DATA
Betacom s.r.l. handles personal data with the utmost care, adopting security and protection measures in strict accordance with the requirements of the GDPR, in line with ISO 9001 and ISO 27001 standards.
Moreover, Betacom s.r.l. implements effective and suitable practices and techniques to ensure that all data treatment processes meet the following conditions:
– Confidentiality, i.e. protection from unauthorised access.
– Integrity, to prevent loss or damage.
– Availability, to ensure continuous access of employees to their data.
Even if information is disclosed to trusted third parties, and for the purposes specified in this document, the Employer makes sure that the latter adopt similar security, technical and operational measures in line with the criteria outlined above.
6. DATA RETENTION PERIOD
Data are treated and held for the time needed to provide services and treatments according to the purposes outlined in this document.
For all other purposes linked to legal requirements, data are to be held for a period not exceeding that necessary and requested for meeting such obligations.
The retention period for personal data and employer information is based on the following criteria:
- Nature and purpose of data treatment.
- Regulatory obligations.
- Disputes on claims (if applicable).
- Management of services linked to the website.
On expiry of all applicable terms, User data will be suppressed and destroyed according to adequate technical procedures according to best practice of Information Security.
7. INTERNATIONAL TRANSFER OF DATA
As of today, Betacom s.r.l. does not operate any international data transfer to Third Countries outside the European Union.
Owing to continuous changes and business expansion beyond European boundaries, it may happen that also company processes, followed by User personal data, are transferred to third party suppliers in other non-EU countries.
Consequently, in future User data might be shared and/ or transferred to third party suppliers in such countries.
If international transfer occurs, the process would take place according to the legitimacy requirements specified by the articles of the Regulation in force, by the applicable standards on privacy and by the procedures governing the transfer, and the Owner meets the conditions as per CAPO V (Transfer of personal data to third countries or international organisations – articles 44,45,46,47,48,49,50), in addition to the other directives of this Regulation. All directives of this CAPO will be applied to ensure that the protection level of individuals guaranteed by Regulation GDPR is not adversely affected.
8. SHARING OF PERSONAL DATA
Personal data of employees will not be shared with other parties unless this is compulsory, in all other cases consent is optional, explicit and voluntary.
Personal data may be accessed by in-house data treatment officers for all operations covering administration, management and provision of internal services. This personnel is from Betacom s.r.l. functions including administration, HR, legal and IT systems.
Personal data may also be accessed by some external entities including service providers, qualified as responsible for data treatment.
The Owner guarantees training of all in-house personnel under his/her supervision who have access to personal data according to current data treatment specifications.
As regards designated third parties with responsibility for data treatment, Betacom s.r.l. follows GDPR rules, ensuring conformity and adequacy to current standards.
9. OBLIGATION TO SUBMIT DATA AND ANY CONSEQUENCES IN CASE OF REFUSAL
During navigation and when using website services, the User may elect to give or withhold consent to transfer of personal data
Total or partial refusal would adversely affect the activities linked to the supply of internet website services, preventing provision of such services.
10. TYPES OF PERSONAL DATA COLLECTED
Data collected by automated means are information stored in website servers and held in log files, i.e.:
- IP, address “internet Protocol
- Parameters of the device used to connect to the site (PC, tablet, smartphone)
- Anonymous traceability of pages viewed and clicks
- Name of internet service provider (ISP)
- Type of browser
- Date and time of start and end of navigation
- References to source web page (referral) and output web page
Data collected are used in aggregate form and for merely statistical purposes, to enable the Employer to proceed with market analyses linked to website management and development strategies.
The IP address, identifying the connection device to the internet network, is treated for security purposes excluding aggregations with other User identification data.
Conversely, as regards data given on a voluntary and optional basis, the website User may request contacts to receive information material supplying personal data and consent to data treatment. Such data treatment needed to supply services offered by the website, uses registration forms filled out by the User who enters personal anagraphic and identification data including email account and other addresses.
11. RESPONSIBILITY FOR DATA PROTECTION
The Owner nominates a Data Protection Officer (DPO).
12. DATA PROTECTION RIGHTS
The Consentee has a right to know what personal data are collected and treated by the Owner, its content and source, to verify the accuracy and to alter them if necessary or to add other information, to request suppression or conversion to anonymous form, to deny use in case of presumed infringement of the law or withhold consent to treatment.
All requests for information and any claims may be submitted to the Owner at the addresses mentioned in this Document.
13. CHANGES TO INFORMATION ON PRIVACY
This Document is subject to possible changes and updating to reflect modifications of national and/or EU regulations, to incorporate new technology or for Betacom s.r.l. organisational reasons, in which case the latter will inform the User accordingly through notices using company communication means, or promptly update this Document and the website interaction tools (registration forms, cookies consent software, extended cookie info., etc.).
Changes such as this one, in order to reflect the new GDPR code, will continue to be subject to the regulations in force, unless the Consentee objects to the proposed changes and requests termination of data treatment with consequent removal of personal data.
In any case it is the User’s responsibility to periodically check the updating status of this Document and refer to it whenever informed that changes have been introduced.
14.ERASURE, OBJECTION AND RECTIFICATIONS
At any time, the User may object in whole or in part, request rectifications or withdraw consent to data treatment and obtain erasure.
On expiry of the data holding period, the User personal data will be erased and destroyed using adequate technical procedures.
Cases of erasure include the following:
- Personal data are no longer necessary following termination of relationship with the Owner.
- The Consentee withdraws consent.
- the Consentee objects to data treatment.
- Data holding terms have expired.
The Consentee has the right to make claims as per GDPR articles 13 and 14.
Date of latest revision: May 10, 2018.
II- DATA PROCESSING
With regard to this website the data controller is BETACOM SRL and for any clarification or exercise of rights of the user may be contacted at the following email address: firstname.lastname@example.org.
III – COOKIES
A cookie consists of a small set of data transferred to the user’s browser by a web server and can only be read by the server that carried out the transfer. It is not executable code and does not transmit viruses.
Cookies do not record any personal information and any identifiable data will not be stored. If you wish, you can prevent some or all cookies from being saved. However, in this case your use of the website and the services offered may be impaired. To proceed without changing your cookie options, simply continue browsing.
Below are the types of cookies that the website uses.
- There are numerous technologies used to store information on the user’s computer, which is then collected by other sites. The best known and most widely used of these is HTML. They are used for navigation and to facilitate access and use of the site by the user. They are necessary for the transmission of communications on the electronic network or for the provider to provide the service requested by the customer.
- The settings for managing or deactivating cookies may vary depending on the browser used. In any case, the user can manage or request the general deactivation or deletion of cookies by modifying the settings of their browser. This deactivation may slow down or prevent access to certain parts of the site.
- The use of technical cookies allows the safe and efficient use of the site.
- The cookies that are placed in the browser and transmitted through Google Analytics or through the statistics service of blogger or similar are technical only if they are used for the purpose of optimizing the site directly by the owner of the site itself, which may collect information in aggregate form on the number of users and how they visit the site. Under these conditions, the same rules on information and consent apply to Analytics Cookies as to technical cookies.
- From the point of view of duration, a distinction can be made between temporary session cookies, which are automatically deleted at the end of the browsing session and serve to identify the user and therefore avoid logging in each time a page is visited, and permanent cookies, which remain active on the computer until they expire or are deleted by the user.
- Session cookies may be installed in order to allow access and stay in the reserved area of the portal as an authenticated user. They are not memorised in a persistent manner but exclusively for the duration of navigation until the browser is closed and they disappear when the browser is closed. Their use is strictly limited to the transmission of session identifiers consisting of random numbers generated by the server and necessary to allow the safe and efficient exploration of the site.
- A distinction is made between cookies sent to your browser directly from the site you are visiting and third party cookies sent to your computer from other sites and not from the one you are visiting.
- Persistent cookies are often third-party cookies.
- Most third party cookies are tracking cookies used to detect online behaviour, understand interests and then tailor advertising to users.
- Third-party analytical cookies may be installed. These are sent from third party domains outside the site.
- Third-party analytical cookies are used to collect information about user behaviour. This information is collected anonymously in order to monitor the performance and improve the usability of the website. Third-party profiling cookies are used to create profiles on the users of this website in order to propose advertising messages in line with the choices made by the users themselves.
- The use of these cookies is governed by the rules laid down by the third parties themselves. Therefore, users are invited to read the privacy notices and the instructions for managing or disabling cookies published on the relevant web pages.
The list of third party cookies and the links through which Google Analytics with anonymised IP (Google Inc.) informs the user and can deactivate these cookies are listed here:
- link to information https://policies.google.com/technologies/partner-sites?gl=uk .
- deactivation link https://tools.google.com/dlpage/gaoptout?hl=en-GB
- These are profiling cookies that create profiles of the user and are used to send advertising messages in line with the preferences expressed by the user when browsing the web.
- When using these types of cookies, the user must give explicit consent in application of Article 22 of EU Regulation 2016/679 and Article 122 of the Data Protection Code.
IV- PERSONAL DATA PROCESSED
Data processing methods
- Like all websites, this site makes use of log files in which information collected automatically during user visits is stored. The information collected may be as follows:
- Internet Protocol (IP) address;
- Browser type and parameters of the device used to connect to the site;
- Name of the internet service provider (ISP);
- Date and time of visit;
- Visitor’s source (referal) and exit web pages;
- Browsing behaviour (number of clicks, pages visited).
- This information is collected in automated form and in aggregate form only in order to verify the proper functioning of the site and for security reasons. This information is collected on the basis of the legitimate interests of the owner.
- For security purposes (anti-spam filters, firewalls, virus detection), automatically recorded data may also include personal data such as the IP address, which could be used, in accordance with the laws in force, to block attempts to damage the site itself or to harm other users or activities that are harmful or constitute a crime. Such data is never used to identify or profile the user, but only for the purpose of protecting the site and its users, and used in accordance with the legitimate interests of the owner.
- The information that users of the site decide to make public by means of the services and tools made available to them is provided by the user knowingly and voluntarily, exempting this site from any liability regarding possible violations of the law. It is the user’s responsibility to verify that he or she has permission to enter personal data of third parties or content protected by national and international regulations.
Purpose of data processing
- The data collected by the site during its operation are used exclusively for the purposes indicated above and stored for the time strictly necessary to carry out the specified activities and, in any case, for no longer than 2 years.
- Data used for security purposes (blocking attempts to damage the site) are kept for the time strictly necessary for the purposes indicated above.
Data provided by the user
- As indicated above, the optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.
- Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.
Support in configuring your browser
The user can also manage cookies through the settings of his browser. However, deleting cookies from your browser may remove the preferences you have set for the site. For further information and support you can also visit the specific help page of the web browser you are using:
- Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
- Firefox: https://support.mozilla.org/en-us/kb/enable-and-disable-cookies-website-preferences
- Safari: http://www.apple.com/legal/privacy/
- Chrome: https://support.google.com/accounts/answer/61416
- Opera: http://www.opera.com/help/tutorials/security/cookies
Social Network Plugin
- The collection and use of information obtained by means of the plugin is governed by the respective privacy policies of the social networks, to which please refer:
- Facebook: https://www.facebook.com/help/cookies
- Twitter: https://support.twitter.com/articles/20170519-uso-dei-cookie-e-d-altre
- Google +: https://policies.google.com/technologies/cookies?hl=it&gl=it
- Linkedin: https://www.linkedin.com/legal/cookie-policy
V- RIGHTS OF THE INTERESTED PARTY
- Articles 15 to 20 of the EU Regulation of 2016/679 list the user’s rights. This website therefore intends to inform the user of the existence:
– the right of the data subject to request from the controller access to personal data, their updating, rectification, integration, restriction of processing concerning him or her or to object, on legitimate grounds, to their processing, as well as the right to data portability;
– the right to request the deletion, transformation into anonymous form or blocking of data processed in breach of the law, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed
– the right to obtain certification that the operations of updating, rectification, integration of data, cancellation, blocking of data, transformation, have been brought to the attention, also as regards their content, of those to whom the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate to the protected right.
- Requests may be addressed to the data controller at its above-mentioned email address (without formalities).
- With reference to EU Regulation 679/2016, where the processing is based on Art. 6 paragraph 1 letter a – express consent to use – or Art. 9 paragraph 2 letter a – express consent to use genetic, biometric, health-related data, revealing religious or philosophical beliefs or trade union membership, revealing racial or ethnic origin, political opinions -, the user has the right to revoke the consent at any time without affecting the lawfulness of the processing based on the consent given before the revocation.
- Similarly, in the event of a breach of the legislation, the user has the right to lodge a complaint with the Garante per la Protezione dei Dati Personali, as the authority in charge of controlling the processing in the Italian State.
VI – DATA SECURITY
- This website processes user data in a lawful and correct manner, adopting appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of data. The processing is carried out using computer and/or telematic instruments, with organisational methods and logics strictly related to the purposes indicated.
- In addition to the owner, in some cases, categories of authorised persons involved in the organisation of the site (administrative, marketing, commercial, legal, system administrators) and other external subjects (third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data.
VII – CHANGES TO THIS DOCUMENT
- This document may be subject to changes or updates. In the event of significant changes and updates, users will be notified accordingly.
- The document was updated on 02-05-2020.