BARALAN INTERNATIONAL SpA
Baralan International SpA is committed to protecting the privacy of visitors to the website: http://www.baralan.com/it/ ("Website"). In particular, Baralan International SpA will ensure that the information you provide (via website, written mail or email), will be processed only for the purposes described in this policy, which will provide you with the necessary information on the types of personal data we collect, the purposes for which we use them and the methods of processing in full compliance with the EU General Data Protection Regulation 2016/679 ("GDPR"), with Legislative Decree 196/2003, as amended ("Privacy Code") and, in general, the legislation on the protection of personal data.
1. DATA CONTROLLER
This website is the exclusive property of the company Baralan International SpA with registered office in Via Copernico 34, 20090 - Trezzano sul Naviglio, which is the Data Controller (hereinafter "Data Controller").
2. DATA PROCESSED, PURPOSE OF PROCESSING, LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE PROVISION
A. The Data Controller will acquire the data that you ("user") enter in the appropriate contact form and precisely name and surname, email address, country, name of the company you work for, as well as all personal data voluntarily included by the user in the communications in the "notes" section or sent by the user to the following email address on the website: email@example.com. The information provided voluntarily by the user will be necessary to respond to requests and to provide information by email. For the aforementioned purpose, the processing of data is carried out on the basis of the legitimate interest of the data controller to satisfy such requests (art. 6 par.1 lett. f of the GDPR), therefore, the acquisition of your consent is not necessary.
B. The Data Controller will process the data that the user will provide to register on the website through the special "login" section in order to configure, save on their account and purchase Baralan products. The legal basis of the processing is the need for the performance of a contract to which the data subject is party or the execution of pre-contractual measures taken at his/her request (art. 6 par. 1 lett. b of the GDPR); The provision of data by the user is mandatory in order to successfully conclude the registration process.
C. Only if the user has previously consented to the processing of personal data for marketing purposes by ticking the appropriate box in the "login" section, the personal data provided by the user may be used by the Data Controller to send promotional material, including newsletters. The Data Controller will examine the products present in the "Wishlist" or previously purchased in order to send personalized promotional material regarding specific products. The legal basis for the aforementioned processing is the user's consent (art. 6 par.1 lett. a of the GDPR).
D. If the user has sent a voluntary application to the address firstname.lastname@example.org the "Work with us" section, his/her personal data may be processed for the purpose of processing his/her application. The processing is carried out on the basis of the legitimate interest of the Data Controller to assess your professional profile (art. 6 par.1 lett. f of the GDPR).
E. In addition to the aforementioned data, the Data Controller will automatically acquire the IP address or domain names of the computers used by the users connecting to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment. This information is not collected to be associated with specific individuals but, by its very nature, could, through processing and association with data held by third parties, allow users to be identified. These data are however used by the Data Controller for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning and are deleted within 60 days of processing. In the event of cyber crimes, the aforementioned data could be processed for a longer period of time and handed over to the Public Authorities. The data will not be transferred to third parties and will be collected in the exclusive interest of the Data Controller and the companies of the group. The data collected is processed on the basis of our legitimate interest (Art. 6 letter f of the GDPR) in order to ensure the appropriate functioning of the website. Therefore, the collection of such data is necessary for the achievement of the mentioned objectives.
3. DURATION OF PROCESSING
The Data Controller will retain:
a) the personal data that the user enters in the contact form in order to make a request for information (purpose 2.A) for the time necessary to provide the requested information;
b) personal data collected for the purpose of allowing the user to register and purchase Baralan products (purpose 2.B) until the user cancels his/her account on the website; any data relating to the sale of a product will be retained for the terms of the law;
c) in the case of consent to processing for marketing purposes by the user (purpose 2.C), the user's personal data will be retained for 2 years, unless the user withdraws his/her consent to processing.
d) in case of consent to the processing for marketing purposes by the user (purpose 2.C), the data relating to the Wishlist will be retained for 1 year, unless the consent to the processing is withdrawn.
With reference to the personal data contained in the spontaneous application that may be sent by the user (purpose 2.D), if the Data Controller is interested in the user's professional profile, it will proceed by sending the user an appropriate information notice and asking, where necessary, for consent to retention of personal data. If, on the other hand, the user's professional profile is of no interest to the Data Controller, the personal data will be immediately deleted.
4. 1.CATEGORIES OF RECIPIENTS
The user’s personal data may also be processed by other companies in the Baralan Group, within the European Economic Area ("EEA"), for any or all of the following purposes:
The companies belonging to the Baralan Group will process the data as autonomous data controllers or data processors on the basis of the intra-group agreements entered into on the processing of personal data.
For 2.C marketing purposes only, personal data may be communicated to the Controller's agents, who may process them as data processors. Baralan International SpA has entered into a personal data processing agreement with its agents, to which, if necessary, the standard contractual clauses set out in the EU Commission Decision no. 2010/87/EC and the provision of the Italian Data Protection Authority of 27 May 2010 have been attached.
Without prejudice to the foregoing, your personal data will be processed exclusively by employees and/or collaborators of the Data Controller formally authorized to process them pursuant to Art. 29 of the GDPR, in compliance with the provisions of the law, also with regard to security measures to protect and safeguard your data. Your personal data will not be disseminated in any way.
5. 1.YOUR RIGHTS
5.1 Request for access, correction, erasure, restriction by the user - portability
Users may at any time request access to their personal data (i.e. confirmation as to whether or not such data exists and whether or not it is being processed and to know its content and origin), verify its accuracy or request that it be supplemented or updated, or corrected and erased or restricted pursuant to Articles 15 and subsequent of the GDPR.
In specific cases, users have the right to receive the personal data we retain in a structured, commonly used and machine-readable format. You may require us to transmit this information either to you or to a third party organization. The Data Controller does not guarantee the technical compatibility of its systems with those of third party organizations.
You may also withdraw your consent to the processing of your personal data for marketing purposes (purpose 2.C) at any time.
You may exercise any of the above rights by contacting us at the above email address or at the other company contacts listed at the end of this page.
The rights specified above may be subject to limits and exclusions in the cases provided for by law.
If we are unable to comply with a request to exercise these rights we will provide you with an explanation.
5.2 Right of objection
You have the right to object at any time to the processing of your personal data if it is based on our legitimate interests, unless the processing is justified on mandatory legitimate grounds.
5.3 Right to lodge a complaint
Finally, you have the right to complain to the Data Protection Authority (hereinafter referred to as the "Authority"), as provided by art. 77 of the GDPR, or to take appropriate legal action (Article 79 of the GDPR).
The Data Protection Authority contact details are:
· phone: +39 06 69677 1
· website: https://www.garanteprivacy.it/
· mail: Data Protection Authority, Piazza di Monte Citorio,121 - 00186 Rome
To obtain information on any subject or to contact us in relation to our processing of your personal data or to lodge a complaint with the Controller, as well as to exercise the rights listed above, you may use the following addresses
Mail: Via Copernico 34, 20090 – Trezzano sul Naviglio.
In the event of contact, we may ask you to confirm your identity.