This document describes the management procedures of the Site (hereinafter ‘Site’) with regard to the processing of the Site users’ personal data. This document is of a general nature and aims at providing information regarding the criteria of correct personal data processing carried out on or through the site, criteria which the user will find illustrated in detail also in the individual notices published in the various sections of the site, for the purpose of specifying the methods and aims of data processing associated with the disclosure of information of various types. In compliance with art. 13 of the general Data Protection Regulation (Regulation of the European Union 2016/679 passed by the European Parliament and Council on 27 April 2016 relating to the protection of individuals, as well as the free circulation of such data, hereinafter referred to as ‘Regulation’), this Notice is also addressed to those individuals who interact with the web services of the Site and does not apply to the processing activities carried out on other sites which users may consult through the links appearing on the Site itself. The Notice is also inspired by Recommendation no. 2/2001 which the European Data Protection Authorities, jointly represented by the Board instituted by Article 29 and established by Directive no. 95/46/EC, adopted on 17 May 2001 to identify certain minimum requisites for the acquisition of personal data online and, in particular, the methods, timing and nature of the information Data Controllers must provide to users whenever the latter consult web pages, regardless of their reason for doing so. Users must read such notices carefully before proceeding to provide any type of personal information.
The Data Controller
As a result of browsing activities on the Site, the personal data of identified or identifiable individuals may be subject to processing. The Data Controller is SIR Visual s.r.l. To date, all information regarding the data controller, together with an updated list of any appointed data supervisors or system administrators, may be consulted on the premises of SIR Visual s.r.l. in via Brescia, 41 in Castenedolo (BS).
Place of personal data processing
The processing activities associated with the web services of the Site take place on the premises of SIR Visual s.r.l. and on those of Evoluzione Telematica Srl, the company in charge of creating and maintaining the site. The processing activities associated with the web services of the Site are also handled by the technical staff in charge of processing, or by personnel in charge of occasional maintenance operations.
Purposes for which personal data are processed
The personal data supplied by Site users via email to the Data Controller (also using the form provided in the specific section of the site), will be used for the sole purpose of providing the service requested. The optional, explicit and voluntary forwarding of an email to the addresses indicated on the site, automatically entails the subsequent acquisition of the sender’s email address, without which the inquiry could not be satisfied, as well as any other personal data included in the message. The personal data processing activities effected by the data controller are limited to whatever action is strictly necessary to perform the functions for which the service is requested, excluding processing whenever the pursued objectives may be achieved by means of anonymous data or methods enabling the user’s identification only when strictly necessary. We invite our users, when sending inquiries by email, not to mention the names or other personal data pertaining to third parties, which are not strictly necessary, and least of all, data pertaining to special (sensitive and/or judicial) categories pursuant to article 9 of the Regulation. Whenever a user sends inquiries containing personal data and contacts of any third party individual, they acknowledge that such an operation represents a personal data processing activity in which the user acts as an independent data controller, with all the obligations and responsibilities contemplated by the Regulation. In this respect, the user ensures the data controller that any third party data has been acquired by the user himself in full compliance with the Regulation (documented written consent granted by the third party). With regard to this point, the user totally indemnifies the data controller against any claim, reimbursement or compensation request for damage ensuing from processing activities, presented to the data controller by any third party individual or entity, resulting from the disclosure of personal data effected by the user in breach of personal data protection laws. The lawfulness of personal data processing is based on the legitimate interest of the data controller to ascertain responsibility in the event of any cybercrimes against the Site, and on the legitimate interest to respond to the users’ inquiries.
The user’s personal data may be utilized to conclude an online sales contract (administrative and accounting purposes, shipment of goods, payment settlement) whenever the user takes advantage of this service by logging in to the dedicated section of the Site. The user is aware that the email address used to complete the online purchase may be used, in its turn, for the mailing of advertising messages concerning the direct sale of the products and services provided by Sir Visual Srl, which are analogous to those being sold online.
The user’s personal data may be utilized for registration purposes and to log in to the Reserved Area, by filling in the form in the dedicated section of the site.
Subject to express written consent (even in a digital form), the user’s personal data (name, surname, email address) may be used for the mailing of advertising messages to promote the direct sale of the products and services provided by Sir Visual Srl (registration in the Newsletter section).
Types of personal data subject to processing
The automated systems and software procedures set up to run the Site do acquire, in the course of their normal operations, certain personal data whose transmission is implicit in the use of Internet communication protocols (browsing data). Such information, though not gathered to be associated with identified users, could enable by way of its very nature the identification of users by processing and associations. Comprised in this data category are IP addresses or domain names of the computers utilized by users logging in to the site, addresses in URI (Uniform Resource Identifier) notation of the requested resources, request time, method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the request provided by the server (completed successfully, error, etc.) and other parameters related to the operating system and to the user’s computer environment. These data are used for the sole purpose of acquiring anonymous statistical information on how the Site is used and to monitor its correct working. The data in question could be used to verify liability in the case of any cybercrimes against the Site.
Cookies are short text files which are downloaded on the User’s device when visiting a website. On each subsequent visit, the cookies are resent to the website by which they are generated (first party cookies) or to another site which recognizes them (third party cookies). Cookies are useful because they allow a website to recognize the User’s device. They serve different purposes, such as making it easier and more efficient to navigate between pages, to memorize favourite websites and, in general, to enhance the browser experience. They also contribute to ensuring that the advertising contents visualized on line are more specifically targeted to users and their interests. According to the functions and purposes of their use, cookies may be classified as technical cookies, profiling cookies or third party cookies.
We inform you that by default almost all web browsers are set to automatically accept cookies. Nevertheless, visitors/users may modify the preset configuration. As specified above, the disabling or deletion of cookies could however impede an optimal fruition of some areas of the site or compromise the use of the services subject to authentication. Many of the cookies used are automatically deleted from the hard disk of the customer’s computer at the end of each browsing session (hence their name “session cookies”). Instead, there are some cookies which are stored on the hard disk. They are stored there for quite a long time (a few years) for practical reasons. Once an initial visit has been made to the site, on subsequent visits, the system will be able to recognize that the Customer has already visited a particular site and the Customer’s favourite data and inquiries will be recovered (persistent cookies). These cookies enable the customer not to have to re-enter a password or fill in forms whenever logging in. Cookies may also be disabled by selecting the corresponding parameters from the specific browser options. By disabling cookies, however, the Customer’s complete fruition of some site functions may be impeded.
Furthermore, cookies may be those pertaining to the site itself (those utilized, for example, to find out how many site pages are visited) or third party cookies (i.e. generated by other sites to distribute contents on the site you are visiting). This Site may use anonymous third party cookies for the purpose of managing the distribution of advertising messages in a dynamic and advanced form. The more widely used browsers contemplate the possibility to block third party cookies only, while solely accepting those of the site. Moreover, some companies which generate cookies on third party websites offer the possibility to disable and/or block simply and immediately their own cookies only, even when they are anonymous, that is to say, they do not entail the registration of personal identity data (such as, by way of an example, the IP address).
Cookies introduced for the purpose of analyzing website visits in an aggregate form
How to disable cookies
Most Internet browsers are initially set to accept cookies automatically. The user may modify these settings to block cookies or to prevent cookies from being sent to the user’s device. There are various ways in which cookies can be managed. Users may refer to their browser’s help page to find out how to regulate or modify browser settings. In the case of various different devices (for example, computer, Smartphone, tablet, etc.), users must make sure that each browser on each device is set to reflect their personal cookie preferences.
We remind you, however, that disabling browser or functional cookies may impede the correct working of the site and/or limit the service we provide.
For any third party cookies used by this site, here below we indicate the site links necessary should you wish to disable them. For further information about cookies and how to manage your third party profiling cookies, we invite you to visit http://www.youronlinechoices.com.
These essential cookies may not be deleted using the functions of this website. In general, cookies can be completely disabled on the user’s own browser at any time.
Here below, we indicate the name and function of each technical cookie used.
To quote the Data Protection Authority, profiling cookies are “aimed at creating user profiles for the purpose of sending advertising messages in line with the preferences expressed by the user when browsing the Internet”. Profiling cookies require an adequate notice and the user’s specific consent because both the Italian Data Protection Authority and European Legislation consider them to be intrusive.
Third party cookies
Here below, for each third party cookie on the Site, we indicate the name, function and name of the third party which stores the information and the relative link to the third party’s website.
Personal data processing methods
Personal data are processed using automated means. Specific security measures are in force to prevent the loss, unlawful and/or unfair use of data, as well as any non-authorized access to the aforesaid data. Personal data processing activities are limited to whatever is strictly necessary to perform the functions for which the service is requested, and are excluded whenever the aims pursued may be achieved using anonymous data or methods which allow for the identification of the user only in cases of necessity. No personal data are acquired or disclosed which might reveal the user’s racial or ethnic origin, religious beliefs, philosophy, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade unionist nature, health conditions or sexual preferences.
Disclosure and publication of personal data
Should it be necessary, personal data may be disclosed (by which we mean the sharing of personal information with one or more specified entities) to entities whose entitlement to access data is acknowledged by National and EU legal provisions and to third party entities in order to satisfy the inquiries forwarded by the user through the Site. In no event are personal data published (by which we mean the sharing of personal information in any way with a number of non-specified entities.
Optional provision of personal data
Apart from what has been specified for browser data, users are always free to provide their personal data for the purposes inherent in their log-in to the Site. Failure to provide personal data would impede the fulfilment of their requests.
Criteria used to determine the retention period of personal data
The users’ personal browsing data are retained for twelve (12) months. The users’ personal data (other than browsing data) which are processed for the purpose of undersigning and executing online contracts will be retained for as long as it is necessary to comply with the retention conditions stipulated by the Law and, in any case, no longer than is required for the management of contractual obligations and the handling of claims/disputes. The personal data processed for the purpose of logging in to the “Reserved Area” are retained until the user submits a written withdrawal from the service. The personal data processed for the purpose of sending advertising messages are stored until the user withdraws from the consent previously granted for such purposes.
Changes to the Data Protection Notice
The Data Controller reserves the right to modify this notice at any time, duly informing the user on the page of any changes. You are kindly invited, therefore, to consult this page frequently in order to be constantly updated.
Rights of the data subject (user)
At any time, users may exercise the following rights:
· right to withdraw consent to the processing of their data at any time, without detriment to the lawfulness of processing activities carried out prior to withdrawal, based on the consent provided;
· right to receive in a structured, commonly used and machine readable format their personal data and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided;
· right to have access to their personal data;
· right to obtain rectification of their personal data on condition that this is not in conflict with current legislation on data retention;
· right to obtain the erasure of their personal data, on condition that this is not in conflict with current legislation on data retention;
· right to obtain the restriction of data processing activities;
· right to object, at any time, on grounds relating to their particular situation, to the processing of their personal data pursuant to article 6, paragraph 1, letters e) or f), comprising profiling based on those provisions;
· right to object at any time to the processing of their personal data for direct marketing purposes, comprising profiling, whenever related to such direct marketing activities;
· right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly affects them.
The data subject may exercise the above rights by forwarding a simple request to the data controller, by hand, by post, by registered letter, fax or email to the following address: firstname.lastname@example.org
To facilitate data subjects wishing to exercise their rights, the Italian Data Protection Authority has drawn up a special form which may be downloaded from the site www.garanteprivacy.it
Right to present a claim
Users are hereby informed of their right to present a claim to the controlling authorities (in particular, the Italian Data Protection Authority).