Pursuant to art. 13 of the EU Reg. 2016/679
(General Data Protection Regulation, so-called GDPR)
- DATA CONTROLLER
The Data Controller is GMT ITALIA SRL based in Via Francesco Sforza 14, 20122 – Milan (Italy), Tel. 02/72080537 and e-mail address: firstname.lastname@example.org
- DATA PROCESSOR
The Data Processor is Mattia Corvo Santini based in Milan, tel 02/8597981 and e-mail address email@example.com
- TYPES OF PROCESSED DATA
3.1 Navigation data
The visit and consultation of the Site do not generally involve the collection and processing of the user’s personal data. The processing of personal data of the user who visits and consults the Site is limited to the so-called “navigation data”, the transmission of which is necessary for the functioning of computer systems and programs essential for the operation of the Site despite the fact that, by their nature and jointly with other data, they may allow the identification of the user. This category includes, for example, the IP (Internet Protocol) addresses or the domain names of the computer used to visit the Site, as well as other parameters relating to the operating system used by the user to connect to the Site. The collection of browsing data takes place automatically and unavoidably and can only be used to obtain statistical information on the use of the Site and to verify its correct functioning. If expressly requested, such data may be used by the Public Authority to ascertain responsibility in case of computer crimes committed against the Site and/or third parties, according to the procedures in force with the competent Authorities. Except for this possibility, the above described navigation data are only temporarily maintained in compliance with the applicable regulations.
3.2 Data voluntarily provided by individual users
GMT ITALIA SRL collects and processes personal data voluntarily provided by individual user if he/she, by connecting to the Site, fills in the contact form on the Website and send your personal data to GMT ITALIA SRL. The user must fill in the contact form correctly and in its entirety. This involves the mandatory acquisition by GMT ITALIA SRL of the e-mail address, the sender’s name and / or other personal data contained in the e-mail. The provided personal data will be processed exclusively to respond to the user’s requests. In the event that the form is not filled out correctly and completely, the user will not be able to use the contact service. The Personal Data that GMT ITALIA SRL collects and processes may therefore include name and surname, e-mail address, telephone number, address, tax code, etc.
The Company does not knowingly process “sensitive” personal data capable of revealing racial and/or ethnic origins, religious beliefs, philosophical convictions, political opinions, membership of political parties, trade unions, religious or philosophical, political or trade union organizations, the health status or sexual orientations of the person concerned. Therefore, please do not provide these types of data.
- PURPOSES and LEGAL BASIS OF DATA PROCESSING
GMT ITALIA SRL collects and processes user’s personal data for the following purposes:
- a) to get in touch with customers or potential customers, answer and manage their requests for information, questions and communications. The consent to the personal data processing for this purpose is necessary to allow the user to use the contact service available on the Site and, consequently, to allow GMT ITALIA SRL to respond to requests for information, questions and communications from customers or potential customers and provide them the required services. In case of lacked consent to the processing of personal data for this purpose, the user will not be able to use the contact service available on the Site and GMT ITALIA SRL cannot respond to requests for information and provide the services requested by the user;
- b) to be able to satisfy user’s requests for products and services, to manage sales activities and after-sales assistance, including administrative, accounting and tax activities necessary to fulfill legal obligations, as well as warranty services (repairs or replacements). The provision of data with respect to these purposes is mandatory and in case of refusal, GMT ITALIA SRL will not be able to process the requested contractual services. It is not necessary that GMT ITALIA SRL obtains the explicit consent to the personal data processing for these purposes: the consent is in fact implicit in the request for contractual services and in the legal obligations;
- c) to carry out promotional initiatives, such as sending information about new products, events, presentations, etc. This information may be transmitted using traditional methods (calls by telephone, shipment of printed advertising material by post, etc.) or by automated means (SMS, e-mail). In this case, GMT ITALIA SRL will require explicit and specific user consent to the personal data processing for promotional purposes, consent that the user may revoke at any time.
DATA PROCESSING METHODS AND SECURITY MEASURES
The processing is carried out using IT and/or paper tools, with organizational methods and with logic strictly related to the purposes indicated above. GMT ITALIA SRL takes appropriate security measures to prevent personal data unauthorized access, disclosure, modification or destruction.
Therefore the treatment will be carried out in compliance with the provisions of art. 32 GDPR regarding security measures, also possibly by the employees of the GMT ITALIA SRL specifically appointed and instructed in compliance with the provisions of art. 29 GDPR.
The collected data are processed only for the achievement of the purposes referred to in point 4). GMT ITALIA SRL uses security technologies and procedures that guarantee the protection of user’s personal data and uses constantly updated devices for the processing security and personal data storage.
- PERSONAL DATA DISCLOSURE
They will have access to the personal data: the Data Processor, the other persons acting as External Data Processors appointed by GMT ITALIA SRL, such as professionals (lawyers, accountants) or service providers (credit institutions, insurance companies, etc.) and the employees of GMT ITALIA SRL specifically authorized and instructed.
The personal data collected may be communicated to the Judicial Authority in the cases expressly provided for by law without the consent of the user as well as to all the subjects whose right of access to the data is recognized by virtue of regulatory provisions.
Personal data collected and processed by GMT ITALIA SRL will not be disclosed to third parties, unless the user authorizes, by explicit and express consent, GMT ITALIA SRL to communicate his personal data to third parties, independent data controllers.
Except for the above, personal data in no case will be subject to disclosure.
- TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY
GMT ITALIA SRL does not transfer personal data to third countries that do not provide adequate guarantees, as required by art. 46 GDPR. In any case, GMT ITALIA SRL must acquire the explicit and express consent of the user in order to proceed with the transfer of data to a third country. GMT ITALIA SRL reserves the right to use cloud services and in this case service providers will be selected among those providing adequate guarantees.
- DATA RETENTION MODE AND DURATION
The data collected for the purposes referred to in letter B) of point 4) are stored in a SQL database, an integral part of the management and billing software installed on a server with secure access inside the GMT ITALIA SRL offices in Milan. This data is kept for at least 10 years, after which it will be deleted from the database.
The data collected for the purposes referred to in letters A) and C) of point 4) are currently registered in an excel file on dropbox shared with the two GMT ITALIA SRL stores in Milan but modifiable only by authorized personnel. This data is kept for 5 years, after which it will be deleted from the database.
- USER’S RIGHTS
The interested party to the processing of personal data has the right:
- a) to access the personal data provided;
- b) to rectify, limit, modify, supplement, delete, anonymous the personal data provided;
- c) to transfer the data to another data controller;
- d) to oppose the processing of personal data provided.
The interested party can exercise these rights by sending a communication via e-mail to the following e-mail address: firstname.lastname@example.org. The interested party also has the right to file a complaint to the Authority for the Protection of Personal Data (www.garanteprivacy.it)
- CONSENT REVOCATION TO THE PERSONAL DATA PROCESSING
The user may revoke consent to the personal data processing by sending an e-mail to the following address: email@example.com. In this case the personal data will be removed from the archives as soon as possible.