PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA
pursuant to Article 13 of Regulation (EU) 2016/679
This notice is provided pursuant to Regulation (EU) 2016/679 (hereinafter “Regulation” or “GDPR”) and describes how the personal data of users who browse and use this website—accessible at https://torneriacontrollonumerico-ori.com/ (hereinafter also “Site”)—are processed when they use the services offered through the Site.
In compliance with the GDPR, the collection and processing of personal data will always follow the principles of lawfulness, fairness, and transparency.
After visiting the Site, data relating to the user who accesses it (defined as the “data subject,” i.e., an identified or identifiable natural person) may be processed.
A. DATA CONTROLLER
The Data Controller is Ori S.r.l., with registered office in Castenaso (BO), Via Rossini 14-16, 40050, Tax Code 02271230373, VAT 00565861200, e-mail: amministrazione@orisrl.it (hereinafter “Controller”).
B. CATEGORIES OF DATA, PURPOSES, LEGAL BASIS, AND RETENTION PERIOD
1. Browsing Data
Personal data may be collected by the Controller autonomously or through third parties.
In this case, the IT systems and software procedures used to operate this Site acquire certain personal data of users of a technical-informatic nature (e.g., IP address, browser type, operating system, domain name, and addresses of websites from which access or exit occurred, etc.), the transmission of which is inherent to the normal functioning of the Internet.
Purpose: these data are processed solely to obtain anonymous statistical information on Site use and/or to check its correct operation.
Retention: such data are deleted immediately after processing.
Legal basis: processing is carried out on the legitimate interest of the Controller to make the Site usable and ensure safe navigation (Art. 6 (1)(f) GDPR). For profiling activities, processing is based exclusively on the data subject’s explicit consent (Art. 6 (1)(a) GDPR).
2. User Contacts via E-mail, Telephone, or Contact Form
The voluntary, explicit, and optional sending of communications via e-mail to the addresses indicated on this Site results in the subsequent acquisition of the data provided by the user, including name and surname, e-mail address, telephone number, and consent to receive any response messages to their requests.
Providing an e-mail address and any other requested data is optional but essential to use the service and receive a reply; otherwise, we will be unable to process the request.
Purpose: the personal data provided are used solely to satisfy or respond to the requests submitted and are disclosed to third parties only when necessary for that purpose.
Retention: data are kept for the time necessary to process the request and in compliance with applicable regulations.
Legal basis: processing is necessary to perform a contract or pre-contractual measures taken at the data subject’s request (Art. 6 (1)(b) GDPR).
3. This Site uses technical, tracking, and profiling cookies. For details, please refer to the dedicated cookie policy.
C. DATA RECIPIENTS
The personal data collected are processed by the Controller’s personnel, who act under specific authorization and instructions regarding purposes and methods of processing.
In addition, processors designated under Art. 28 GDPR—or sub-processors—engaged by the Controller for service provision and to carry out activities within their competence may receive the data collected through the Site within the limits of their assignment.
The relevant list may be requested from the Controller using the contact details in section A.
Where a processor or sub-processor is designated through the services offered by the Site, the data will be disclosed to their own Controller and/or processor.
D. DATA TRANSFER
No transfer of the personal data provided is envisaged outside the EU/EEA.
E. DATA SUBJECT RIGHTS
Data subjects—identified or identifiable natural persons—may exercise specific data-protection rights, listed below:
a) Right of access: to obtain confirmation whether personal data concerning them are being processed and, if so, access to such data and detailed information (origin, purposes, categories, recipients, etc.).
b) Right to rectification: to obtain without undue delay the correction of inaccurate personal data and completion of incomplete data, including by providing a supplementary statement.
c) Right to erasure (“right to be forgotten”): to obtain deletion of personal data without undue delay if: i) the data are no longer necessary for the purposes; ii) consent is withdrawn and no other legal basis exists; iii) the data have been unlawfully processed; iv) the data must be erased to comply with a legal obligation.
d) Right to object: to object at any time to processing based on the legitimate interests of the Controller.
e) Right to restriction: to obtain limitation of processing where the accuracy of personal data is contested (for the period necessary to verify accuracy), if processing is unlawful and/or the data subject has objected.
f) Right to data portability: to receive personal data in a structured, commonly used, machine-readable format and transmit those data to another controller, where technically feasible, only where processing is based on consent or contract and carried out by automated means.
g) Right to lodge a complaint: without prejudice to any other administrative or judicial remedy, the data subject who considers that processing infringes the Regulation has the right to lodge a complaint with the supervisory authority of the Member State where they reside or work habitually, or where the alleged infringement occurred.
Rights may be exercised by contacting the Controller at: amministrazione@orisrl.it
This notice was last updated on 07/11/2023.
“`