WEBSITE USER PRIVACY POLICY

As required by current legislation (art. 13 General Data Protection Regulation, hereafter also GDPR), Schalcon S.p.a. (hereafter also indicated as “Data Controller” or “Company”) provides the users who access the website www.schalcon.com (hereafter also “website”) with the information relating to the processing of their data.

ABOUT THE DATA CONTROLLER AND HOW TO CONTACT IT

The Data Controller is Schalcon S.p.A., with registered office in Viale Enrico Ortolani, 195 - 00125 Rome, VAT reg. no. 01137561005. Use the e-mail address info@schalcon.com to contact the Company.

WHICH DATA IS PROCESSED

The data processed is the browsing data and the data provided spontaneously by the user.

Browsing data

The IT systems and software procedures used to run this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet communication protocols. Such information is not collected to be associated to identified data subjects. However, because of its very nature, through processing and association with data held by third parties, it allows the users to be identified. Included in this data category are the IP addresses or domain names of the computers used by the users who connect to the website, the URIs (Uniform Resource Identifier) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.

Data provided directly by the user

Included in this category is all the personal data conferred by the user as an option (e.g. when information is required by writing to the e-mail addresses stated on the website). Should the user decide to contact the Data Controller by means of the specific forms available on the website, he/she may find out detailed indications on the processing of the requested data by accessing the specific policies reported on the pages concerned.

WHAT ARE THE PURPOSES AND LEGAL BASES OF THE PROCESSING?

Browsing data: purposes and legal bases

The browsing data is acquired to obtain statistical information on the use of the website, for security purposes and to check its correct operation, and could be used to ascertain liability in case of cyber crimes against the website. The legal base for the processing such data is the legitimate interest and, in the case of requests by the Authorities, the legal obligation. For the use of cookies or pixels for specific purposes, please refer to the cookie policy available at the footer of the website.

Data provided directly by the user: purposes and legal bases

The personal data provided by the user as an option by contacting the data controller, is only used to fulfil any requests put forward and to allow the use the services subscribed. Therefore, the legal base for the processing of such data is the execution of pre-contractual measures and the obligations deriving from the contract. Should it be deemed necessary, the data may also be used for the legitimate interest of the data controller to carry out defensive activities or to assert or defend a right in court.

HOW IS THE DATA MANAGED?

The data collected is processed with IT tools. Suitable security measures are adopted to prevent the loss of data, illicit or incorrect use and unauthorised access. For the processing of data connected to the services of the website, servers located inside the European territory are used. The data provided directly by the user is retained for the time strictly necessary to fulfil the requests and then erased, notwithstanding any defensive requirements (which may call for additional retention). The browsing data of the users who access the website is acquired and processed directly by the hosting provider without the Company having access to it. Regarding the data acquired by means of Google Analytics and other services that use cookies and similar tools, please refer to the cookie policy.

WHAT HAPPENS IF THE DATA IS NOT PROVIDED?

Except for the browsing data needed in terms of IT and electronic protocols, data provision by users through the various available methods is free and optional. However, failure to provide the data will make it impossible to continue with the requests forwarded or that the user intends to forward

WHO MAY KNOW THE DATA?

The data will be processed by the personnel of the Data Controller authorised for the processing. The data may be known by the competent Authorities in the case of specific requests that the data controller is obliged to fulfil by law, by the companies that provide IT services and by consultants for litigation management purposes and for legal assistance in case of disputes that need its involvement. It is hereby specified that some of the subjects stated above work as data processors and that the communication to those who work as independent data controllers is made to fulfil some legal obligations or because it is needed to comply with the obligations deriving from the contractual relationship or in the legitimate interest of the data controller, consisting in maintaining the security of the IT systems and performing the defensive activities through legal consultants. The data subject may request from the Data Controller the list of the external subjects that perform their activity as data processors. In any case the communication is limited only to those data categories whose transmission is necessary in order to carry out the activities and achieve the purposes pursued.

WHAT ARE THE DATA SUBJECTS’ RIGHTS?

The law grants the data subjects the right to ask the data controller to access the personal data and to adjust or erase it or to restrict the processing that concerns them or to object to its processing, in addition to the right to data portability.

The data subject may assert his/her rights at any time, without formalities, by contacting the data controller at the e-mail address privacy@schalcon.com

Reported below in detail are the rights recognised by the current legislation concerning personal data protection.

  • The right of access, i.e. the right to obtain from the data controller the confirmation that personal data that concerns him/her is being processed and in this case, to obtain access to the personal data and the following information: a) the purposes of the processing; b)  the data categories in question; c) the recipients or the categories of recipients to which the personal data was or will be communicated, in particular if these are recipients from third party countries or international organisations; d)  when possible, the set period of retention of the personal data or, if it is not possible, the criteria adopted to determine this period; and)  the existence of the right of the data subject to ask the data controller to rectify or erase the personal data or to restrict the processing of the personal data that concerns him/her or to object to its processing; f)  the right to put forward a complaint to a supervisory authority; g)  if the data is not collected at the data subject’s, all the information available on its origin; h)  the existence of an automated decision-making process, including profiling and, at least in these cases, significant information on the logic used, as well as the importance and the consequences that such processing has for the data subject. Should the personal data be transferred to a third country or to an international organisation, the data subject then has the right to be informed about the existence of appropriate safeguards relating to the transfer.
  • The right to rectification, i.e. the right to obtain from the data controller the rectification of the incorrect personal data that concerns him/her without undue delay. Considering the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.
  • The right to erasure, i.e. the right to obtain from the data controller the erasure of the personal data that concerns him/her without undue delay if: a)  the personal data is no longer necessary to achieve the purposes for which it was collected or otherwise processed; b) the data subject revokes the consent on which the processing is based and if there is no other legal principle for the processing; c)  the data subject objects to the processing carried out as this is necessary for the execution of a task of public interest or connected to the exercise of public powers granted to the data controller or to pursue the legitimate interest and there is no legitimate prevailing reason to proceed with the processing, or objects to the processing for direct marketing purposes; d)  the personal data was processed unlawfully; e)  the personal data must be erased to fulfil a legal obligation under the law of the European Union or of the Member State to which the Data Controller is subject; f)  the personal data was collected in relation to the supply of services of the information company to minors. However the erasure request may not be accepted if the processing is necessary: a)  to exercise the right to freedom of expression and information; b)  to fulfil a legal obligation that requires the processing required by the law of the European Union or of the Member State to which the Data Controller is subject or for the execution of a task performed in the public interest or in the exercise of public powers granted to the data controller; c) for reasons of public interest in the public healthcare sector; d)  for archiving purposes in the public interest, in the interest of scientific or historic research or for statistical reasons, to the extent that the deletion may risks making impossible or seriously jeopardising the achievement of the objectives for such processing; or e)  to ascertain, exercise or defend a right in court.
  • The right to restriction, i.e. the right to obtain that the data be processed, except that for retention purposes, only with the consent of the data subject to ascertain, exercise or defend a right in court or to protect the rights of another natural or legal person or for reasons of relevant public interest in the Union or another Member State if: a)  the data subject challenges the accuracy of the personal data, for the period needed by the data controller to verify the accuracy of such personal data; b) the data processing is unlawful and the data subject objects to the erasure of the personal data and instead asks that its use be restricted; c)  even though the data controller no longer needs it for processing purposes, the personal data is necessary for the data subject to verify, exercise or defend a right in court; d)  the data subject objected to the processing carried out because it is necessary for the execution of a task of public interest or connected to the exercise of public powers granted to the data controller or to pursue the legitimate interest of the data controller or of third parties, while awaiting the check concerning the possible prevalence of the legitimate reasons of the data controller over those of the data subject.
  • The right to data portability, i.e. the right to receive in a structured, commonly used format that can be read by an automatic device, the personal data concerning him/her, provided to the data controller, with the right to forward such data to another data controller with no barrier by the data controller it was provided to, as well as the right to obtain the direct transmission of the personal data from one data controller to the other, if technically feasible, should the processing be based on the consent or on a contract and the processing is performed with automated means. This right is without prejudice to the right to erasure.
  • The right to object, i.e. the right of the data subject to object at any time, for reasons connected to his/her particular situation, to the processing of the personal data that concerns him/her, performed because it is necessary in order to execute a task of public interest or connected to the exercise of public powers granted to the data controller or to pursue the legitimate interest of the data controller or of third parties. Should the personal data be processed for direct marketing purposes, the data subject has the right to object at any time to the processing of the personal data that concerns him/her carried out for these purposes, including profiling to the extent that it is connected to this direct marketing.

The data subject is then informed that, in the event he/she deems the processing of his/her personal data to be taking place in breach of GDPR provisions, he/she has the right to lodge a complaint before a supervisory authority, as provided for by art. 77 of the Regulation or to bring the issue before the competent courts (art. 79 of the Regulation).

ADDITIONAL INFORMATION

Concerning cookies and similar tools used by the website, please refer to the cookie policy.

This privacy policy was updated on 28/11/2018