This policy, intended for all those who browse the https://digitalarena.biessegroup.com website (hereinafter, "Website"), is issued pursuant to Art.13 of European Regulation No. 2016/679 regarding the protection of personal data (hereinafter, "GDPR") and, in relation to cookies, also pursuant with Art. 122 of Legislative Decree 196/2003 (hereinafter, "Privacy Code"), as well as with the Provision of the Italian Data Protection Authority of 8 May 2014, "Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies" (hereinafter, "Provision"), as compatible with the GDPR.
1) Information on the Data Controller
The Data Controller is Biesse S.p.A., with registered office at Via della Meccanica, 16, Pesaro, Italy, phone number: +39 0721 439100, Tax Code and VAT number IT 00113220412 Companies Register Pesaro Urbino No. 1682 (hereinafter referred to as the "Biesse" or "Controller").
2) Types of data processed
2a) Browsing data
The IT systems and software procedures in place to ensure that the Website runs smoothly acquire, during their normal functioning, certain personal data which are implicitly sent when the Internet communication protocols are used. This information is not collected to be associated with identified Data Subjects, but instead consists of information which, by its very nature, when processed and associated with data held by third parties, could lead to the identification of the users. This data category includes the IP addresses or domain names of the computers used by those who connect to the Website, the URIs (Uniform Resource Identifiers) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relative to the user’s operating system and IT environment. These data are used for the following purposes:
This data is kept for 24 months.
2b) Data provided voluntarily by the user
On some sections of the Website it is necessary to provide your personal data to use certain services. In this case, you will be provided with ad hoc information pursuant to Art. 13 of the GDPR relating to the processing of personal data requested in relation to the specific purposes pursued.
What cookies are
Cookies (or markers) are small text files that are sent by the web server visited by the user to their device (usually to the browser), when the user accesses a specific website. Their purpose is to store and send information. They are memorised so that the device can be recognised the next time the website is visited. Indeed, at each subsequent visit, the cookies are re-sent by the user's device to the website.
Each cookie generally contains:
First-party and third-party cookies
Cookies can not only be installed by the manager of the website visited by the user (first party cookies), but also by a different website that installs cookies via the first website (third party cookies) and is capable of recognising them. This occurs because the visited website can host elements (images, maps, sounds, specific links to pages of other domains, etc.) that lie on different servers from the one on which it is hosted.
Technical, analytical and profiling cookies
Depending on their purpose, the cookies can be divided into technical cookies and profiling cookies.
Technical cookies are cookies used only to “send a communication on a digital communication network or, to the extent strictly necessary, to the supplier of a service who has been explicitly asked by the subscriber or user to provide said service”." (see Art. 122, paragraph 1 of the Privacy Act, as amended by Italian Legislative Decree 69/2012). In particular, these cookies are normally used to enable users to navigate efficiently through the pages, memorise their preferences (language, country, etc.), perform digital authentications, manage the shopping cart or enable users to make purchases online, etc.
Technical cookies can be divided into browsing cookies, used to record data useful for normal browsing and use of the website on the user's computer (e.g. allowing preferred page size in a list to be remembered) and functional cookies, which allow the website to remember the choices made by the user to optimise its functionality (e.g. functional cookies allow the website to remember a user's specific settings, such as country selection and, if set, permanent access status). Some of these cookies (known as essential or strictly necessary) enable functions without which it would be impossible to carry out certain operations.
Pursuant to the above-mentioned Art. 122, paragraph 1 of the Privacy Act, the users' consent is not required for the use of technical cookies, but there is an obligation to inform them.
Pursuant to the Provision, so-called analytical cookies are treated the same as technical cookies - and, therefore, user consent is not required for their installation - if:
Profiling cookies are used to track the user's browsing, analyse user behaviour for marketing purposes and create user profiles based on their tastes, habits, choices, etc. in order to send targeted advertising messages with reference to the user's interests and in line with the preferences expressed by the latter when browsing online. These cookies, pursuant to Art. 122 of the Privacy Code, can be installed on the user's terminal only if they have given their consent with the simplified procedures identified by the Italian Data Protection Authority in the Provision (publication on the website of a "short" notice in an immediate pop-up banner on the home page (or other page through which the user can access the website), which refers to an "extended" notice, which is accessed through a link that can be clicked by the user).
Persistent and session cookies
Based on their duration, cookies can be classed as persistent cookies, which remain memorised until their expiry on the user's device, unless the latter removes them, and session cookies, which are not persistently memorised on the user's device and disappear when the browser is closed.
Cookies used by this Website
Legal basis for the processing
Below are the legal bases for processing by type of cookie:
Methods for giving and withdrawing consent for the installation of analytical and identification cookies used for profiling purposes
However, you can also express your cookie preferences through your browser settings. Almost all web browsers are configured by default to automatically accept all cookies. However, it's possible to change this default configuration through your browser settings, which allow you to delete and/or remove all or some cookies, block the sending of cookies or limit it to certain websites. Deactivating/blocking or deleting the cookies could however preclude certain areas of the website from being used to optimum effect, prevent certain services from being used and slow down the browsing experience.
How the cookie management settings are configured depends on the browser used. Usually, the cookie settings can be adjusted from the "Preferences", "Tools" or "Options" menu.
The links to the cookie management guides for the main browsers are provided below:
For browsers other than those listed above, see the relevant guide for details on how to manage cookies.
3) Methods of processing
The processing of personal data is carried out with automated tools for the time strictly necessary to achieve the purposes for which the data was collected and, in any event, in compliance with current regulations on the matter.
4) Recipients and transfer outside the EU
Data may be disclosed to Biesse distributors who are assigned the country indicated by you on the form as an exclusive area, including those based outside the EU, who will process it, as autonomous data controllers, for their marketing purposes, if you have given your consent.
Data is processed by parties providing services Biesse, including those instrumental to the purposes noted in this policy. These parties are designated as data processors by Biesse, including those with registered offices outside the EU, and include: the Acanto Comunicazione S.r.l. company, which manages the Digital Arena website; sales agents; as well as the company that provides the CRM software (and in particular the Salesforce Services - i.e. Sales Cloud, Service Cloud, Chatter and Communities – and Marketing Cloud services), currently salesforce.com EMEA Limited, with registered office in UK.
Salesforce.com has adopted the Binding Corporate Rules ("BCR") for Processors to legitimise the transfer of personal data outside the European Union to companies within its group that process such data on behalf of Data Controllers established in a member state in their capacity as Data Processors and/or Sub-Data Processors.
Salesforce's Processor Binding Corporate Rules are available at the following link https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf.
For further information, please see the following links https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/EU-Data-Transfer-Mechanisms-FAQ.pdf e https://help.salesforce.com/articleView?id=000314281&type=1&mode=1 (“Where is my Salesforce instance located?”).
Your data may be communicated to independent data controllers such as supervisory and control authorities and bodies and, in general, public or private parties entitled to request/receive the data.
5) Your rights
In relation to the processing of personal data by the Data Controller, you can ask the Data Controller for the rights recognised by articles 15-22 of the GDPR and in particular you may request access to data concerning you and the information referred to in Art. 15 (processing purpose, categories of personal data, etc.), erasure in the cases provided for by Art. 17, rectification of inaccurate data, integration of incomplete data and restriction of processing in the cases provided for by Art. 18, as well as the right to receive the data in a structured format, commonly used and readable by an automatic device (“right to data portability”).
To exercise your rights you can send a written request, addressed to the Data Controller, to the physical address above or the following email address firstname.lastname@example.org.
At any time, you have the right to lodge a complaint with the competent supervisory authority in the Member State where you habitually reside or in the Member State where the alleged infringement has occurred (Art. 77 of the GDPR), as well as take legal action before the appropriate courts (Art. 79 of the GDPR).
6) Contact information for the Data Protection Officer (DPO)
Biesse has appointed a DPO who can be contacted at the following email address email@example.com.