Privacy Statement on the processing of personal data
Privacy Statement on the processing of personal data
Pursuant to Art. 13 of European Regulation No. 2016/679 (hereinafter " GDPR"), Biesse S.p.A. provides the information relating to the processing of your personal data required in order to send requests, request information and provide suggestions, in relation to the digital events and webinars organised by us.
Data Controller
The Data Controller is Biesse S.p.A., with registered office at Via della Meccanica, 16, Pesaro, Italy, phone number: +39 0721 439100, Tax Code and VAT number IT 00113220412 Companies Register Pesaro Urbino No. 1682(hereinafter referred to as the 'Company' or ‘ Controller’).
DPO contact details
The DPO can be contacted at dataprotectionofficer@biesse.com
Purposes and legal basis of the processing, and storage times
The data you provide when completing the appropriate form will be processed for the purposes indicated below.
Processing purpose | Legal basis of processing | Data retention period |
Purposes linked to the establishment and execution of the contractual relationship between the data subject and the company, in order to provide a response (by email) to any requests by the latter for contact/ information. | Processing necessary to fulfil specific requests of the data subject. The legal basis for processing is therefore the performance of a contract to which the data subject is a party. | This data will be kept for the time necessary to respond to individual requests for information, up to a maximum of 24 months. |
Once the above term has concluded, your data will be destroyed or made anonymous in accordance with the technical procedures of erasure and back-up.
Data conferral
Pursuant to Art. 13, par. 2, letter e) of the GDPR, we inform you that the provision of data marked with an asterisk is mandatory; therefore, any refusal to provide this data makes it impossible to proceed with your request.
The provision of other data, not marked with an asterisk on the form, is optional.
Parties authorised to process the data
Your personal data will be processed by company employees and/or outside staff who have received adequate operating instructions and who the company has expressly authorised to process it.
Data recipients and transfer outside the EU
The data are processed by the company Acanto, which manages the Digital Arena website, in its capacity as data processor.
The data may also be processed by parties appointed by the company as data processors, including those based outside the EU, such as the company that provides the CRM software (and in particular the Salesforce Services - i.e. Sales Cloud, Service Cloud, Chatter and Communities – and Marketing Cloud services), currently salesforce.com EMEA Limited, with registered office in UK.
Salesforce.com has adopted the Binding Corporate Rules ("BCR") for Processors to legitimise the transfer of personal data outside the European Union to companies within its group that process such data on behalf of Data Controllers established in a member state in their capacity as Data Processors and/or Sub-Data Processors.
Salesforce’s Processor Binding Corporate Rules are available at the following link https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf
For further information, please consult the following links https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/EU-Data-Transfer-Mechanisms-FAQ.pdf and https://help.salesforce.com/articleView?id=000314281&type=1&mode=1 (“Where is my Salesforce instance located?”)
Your data may be communicated to independent data controllers such as supervisory and control authorities and bodies and, in general, public or private parties entitled to request/receive the data.
Rights of the data subject
Data Subjects may exercise the rights recognised by Articles 15-22 of the GDPR and in particular may request access to data concerning them and the information referred to in Art. 15 of the GDPR (processing purpose, categories of personal data, etc.), the erasure thereof, the rectification of inaccurate data, the integration of incomplete data and the restrictionof processing in the cases provided for by Art. 18 of the GDPR [1], as well as the right to receive the data in a structured format, which is commonly used and readable by an automatic device, and, if technically feasible, to have it sent to another data controller without impediment (“right to data portability”).
In order to exercise their rights, the Data Subject may contact the Data Controller by sending a written communication to the above address or an email to privacy@biesse.com
At any time, the Data Subject may submit a complaint to the Italian Data Protection Authority (Article 77 GDPR), as well as to bring the matter before the appropriate courts (Article 79 GDPR).
[1] Pursuant to Art. 18 of the GDPR, data subjects have the right to obtain restriction of processing from the data controller
if:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests the restriction of its use;
c) although the controller no longer needs the personal data for the processing purposes, it is required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Art. 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.