Disclosure for www.boema.com
art. 13-14 del Reg.to UE 2016/679
The disclosure is a general obligation that must be fulfilled before or at the latest when initiating the direct collection of personal data. In the case of personal data not collected directly from the interested party, the information must be provided within a reasonable time, or at the time of communication (not registration) of the data (to third parties or to the interested party). Pursuant to the General Data Protection Regulation of natural persons (GDPR - Reg. (EU) 2016/679), the undersigned organization, data controller, informs of the following:
The personal data held by the undersigned organization are collected directly from the interested parties. This site does not collect sensitive data, for which we mean those suitable for revealing racial or ethnic origin, philosophical or other religious beliefs, political opinions, joining trade unions, associations or organizations of a religious, philosophical or political nature or union, health status and sexual life.
The computer systems and software procedures used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (good purpose, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
Profiling data are not directly acquired regarding the habits or consumption choices of the person concerned. However, it is possible that such information can be acquired through independent links or by incorporating third-party elements. See the third-party Cookies section.
Like others, this website saves cookies on the browser used by the user concerned for the transmission of personal information and to enhance their experience. In fact cookies are small text strings that the sites visited by the user send to his terminal (usually to the browser), where they are stored, sometimes even with characteristics of wide temporal persistence, to be then re-transmitted to the same sites at the next visit.
As explained below, it is possible to choose whether and which cookies to accept, bearing in mind that refusing to use them may affect the ability to perform certain transactions on the site or the accuracy and adequacy of some proposed customizable content or the ability to recognize the user from a visit to the next one. If no choice is made in this regard, the default settings will be applied and all cookies will be activated: however, at any time, you can communicate or change the decisions in this regard.
In particular, so-called session cookies are used, which are not stored permanently on the user's computer and disappear when the browser is closed and whose use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site and avoid the use of other IT techniques potentially prejudicial to the privacy of users' browsing and do not allow the acquisition of personal identification data of the user. Then analytics cookies are used to help understand how visitors interact with the site's contents, collecting information (geographical and web origin, technology used, language, entry pages, visits, exit times, etc.) and generating website usage statistics without personal identification of individual visitors. All these are to be considered technical cookies for which, since consent is not required, the opt-out mechanism applies. Technical cookies are not communicated to third parties as they are necessary or useful for the functioning of the site; therefore they are processed only by persons qualified as appointees, processors or system administrators.
Finally, the site incorporates cookies and other elements (tags, pixels, etc.) of third parties (autonomous and over which the Data Controller has no responsibility) that also carry out profiling activities and for which reference is made to the respective sites:
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the email. The sending, explicit and voluntary of the fillable forms on the site containing data of the interested party also involves the treatment to give effect to the pre-contractual obligations or to the execution of the services provided with the dispatch of the forms. This information in the forms may relate to personal data, contact details, telephone numbers, e-mail addresses of the interested parties and identified and identifiable third parties who are the cause of the site user. However, specific summary information will be progressively reported or displayed on the site pages set up for particular services on request.
Personal data is used (rif. artt.6(b) del GDPR):
- to allow navigation on the site and
- possibly to perform the service or provision requested in the normal activity carried out by the undersigned organization (cod.ateco 28.93, manufacture of machines for the food, beverage and tobacco industries including parts and accessories).
Furthermore, all personal data can be processed:
- for purposes related to obligations established by law, as well as provisions issued by authorities legitimated by the law (ref. articles 6 (c) and 9 (b, g, h) of the GDPR);
- for the ascertainment, exercise or defence of a right in judicial and extrajudicial (legitimate interest) of the undersigned organization (ref. articles 6 (f) and 9 (f) of the GDPR);
- for direct marketing purposes according to the legitimate interests of the Data Controller in particular; for cookies, advertising ids used to display advertisements and announcements; for e-mail addresses for sending the newsletter; for navigation and usage logs to protect the site and the service from cyber-attacks; in these cases the interested party can always deny consent so that the Data Controller will abstain from processing (ref. art. 6 (f) of the GDPR);
- for purposes functional to the activity for which the interested party has the faculty to express or not the consent, as for example subscription to the newsletter to receive informational messages and to promote and sell products and services, to measure satisfaction, to communicate data to third parties for the purpose of sending information and promotional communications and marketing (GDPR art.6 (a))
The provision of data collected from the interested party is optional, but indispensable for the purpose of processing the same for the purposes of letters a) and b). In the event that the interested parties do not communicate their essential data and do not allow the treatment, it will not be possible to proceed with the performance and implementation of the proposed services and follow the contractual obligations undertaken, with consequent prejudice for the correct fulfilment of legal obligations , such as accounting, tax and administrative, etc.
Apart from what has been specified for navigation data, the user is free to provide personal data for cookies and specific requests using forms, for example. on products and / or services. Failure to provide such data may make it impossible to obtain what is requested.
For all non-essential data, including sensitive data, the provision is optional. In the absence of consent or incomplete or incorrect conferment of certain data, including sensitive data, the required fulfilments could be as incomplete as to cause prejudice or in terms of penalties or loss of benefits, and for the impossibility of guaranteeing the adequacy of the processing same to the obligations for which it is carried out, both for the possible mismatch of the results of the treatment itself to the obligations imposed by the laws to which it is addressed, meaning that the undersigned organization is exempt from any and all liability for penalties or afflictive measures.
The processing operations connected to the web services of the site are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected; they take place at the server in Italy or in the EU and are only handled by technical personnel in charge of processing, or by possible persons in charge of maintenance and administration operations. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access and the loss of confidentiality. The structure is equipped with anti-intrusion devices, firewalls, logs and disaster recovery. Specific mechanisms of encryption and segregation of data and authentication and authorization of users are used.
Data processing means the collection, recording, organization, storage, processing, modification, cancellation and destruction or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data takes place through manual, computerized and telematic tools, with logic strictly related to the same purposes and, in any case, so as to guarantee the security and confidentiality of personal data will therefore be treated in compliance with the methods indicated art. 5 EU Reg. 2016/679, which provides, among other things, that the data be processed in a lawful and correct manner, collected and recorded for specific, explicit and legitimate, exact, and if necessary updated, relevant purposes complete and not excessive in relation to the purposes of the processing, in respect of fundamental rights and freedoms, as well as the dignity of the data subject with particular reference to confidentiality and personal identity, through protection and security measures. The undersigned organization has prepared and will further improve the security system for access and data storage.
An automated decision-making process (example profiling) is not carried out.
The treatment does not take place in countries outside the EU and outside the EEA.
Personal data will be stored, in general, as long as the purposes of the processing continue depending on the category of data processed.
The data (only the indispensable ones) are communicated
• to processors and person in charge, both internal to the organization of the writer, and external, who perform specific tasks and operations (site administration, analysis of navigation data, traffic, profiling, management of emails and forms sent voluntarily by the user, processing of e-commerce requests and orders, etc.)
• in the cases and subjects provided for by law
The data will not be disseminated unless otherwise provided by law or after anonymisation. Without prejudice to what is specified for cookies and third-party elements, without the general prior consent of the interested party to communications to third parties, it will be possible to process only those services that do not provide for such communications. In case of necessity specific and punctual consents will be required and the subjects that will receive the data will use them as autonomous holders.
In some cases (not object of the ordinary management of this site) the Authority can request news and information, for the purpose of controlling the processing of personal data. In these cases the answer is mandatory under penalty of administrative fine.
At any time you can: exercise your rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision processes) when required against the data controller, pursuant to articles from 15 to 22 of the GDPR (link to the standard); make a complaint to the Guarantor (www.garanteprivacy.it); if the processing is based on consent, revoke this consent given, bearing in mind that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before the revocation.
Almost all browsers offer the possibility to manage and not enable cookies, in order to respect users' preferences. In some browsers it is possible to set rules to manage cookies on a site by site basis, an option that offers more precise control over user privacy; another function available on some browsers is the incognito mode, so that all cookies created in this mode are deleted after closing.
The data controller owner is Boema S.p.A., in the person of its legal representative pro tempore.
The headquarter is in Corso Scagliola 197, zip code 12052, city Neive (CN).
The contact details are: telephone +39 0173 678711; fax +39 0173 67626; e-mail firstname.lastname@example.org
The complete list of data responsible controllers is available upon request.