For the purposes of this policy, some of the definitions referred to in Art. 4 of the GDPR are here below recalled:
- “treatment”: any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data such as the collection, registration, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of disclosure, comparison or interconnection, limitation, cancellation or destruction;
- “personal data”: any information concerning an identified or identifiable individual (“Interested”); an identifiable individual can be identified, either directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online ID or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social;
- “data controller”: the individual or legal entity, public authority, service or other body that, individually or together with others, determines the purposes and means of processing personal data;
- “data protection officer”: the individual or legal entity, public authority, service or other body that processes personal data on behalf of the Data Controller;
- “profiling”: any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to individuals, in particular to analyze or predict aspects of professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement of said individuals;
- “pseudonymisation”: the processing of personal data in such a way that they can no longer be attributed to a specific individual without the use of additional information, provided that the same are kept separately and subject to technical and organizational measures to ensure that the data are not attributed to an identified or identifiable person;
- “consent of the interested party”: any manifestation of free, specific, informed and unequivocal consent of the interested party, by which he expresses his assent, through a declaration or unequivocal positive action, to allow the treatment of his personal data;
- “violation of personal data”: the security breach that involves accidental or unlawful destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.
2. Data Controller and Data Protection Officer (DPO), place of data processing
The data controller is the Company, and personal data processing will take place at its registered office.
3. Type of data being processed
a. Navigation data
The computer systems and software procedures used to operate the edgearch.pro website (Google Analytics and Firebase) acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. Such information is not collected to be associated with identified interested parties, but due to their nature they could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the website, the Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
In the processing of data for the purposes indicated above, BVW may transfer the data to third parties whose privacy policies, displayed on their respective webpages, would then apply; for some specific processing, where strictly necessary, BVW reserves the right to conclude data management agreements with co-controllers of data processing: in these cases, BVW will publish on its website a specific communication and interested parties may receive notifications of updates.
b. Data provided voluntarily by the user
The optional, explicit and voluntary provision of data by means of a specific form on the website entails the subsequent acquisition of the user’s e-mail address, necessary to respond to requests, as well as any other personal data entered by the user.
Failure to provide them, however, could preclude obtaining the requested service or services.
4. Legal basis of data processing
Personal data are processed for the fulfillment of operations instrumental for the execution of the contract between the parties, as well as based on the consent expressed for the “ancillary” purposes.
5. Purposes of data processing
The treatment is aimed at the execution of the service or activities requested by the visitor and/or potential user as well as for the related legal and contractual obligations as well as for commercial purposes. With particular reference to navigation data, these data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are kept for the time strictly necessary. The data might also be used to ascertain responsibilities in case of hypothetical computer crimes against the Company’s website.
With the users express consent, personal data are also processed for profiling activities as per Art. 22 of the EU Regulation and specifically: profiling based on data relating to the use of e-mail for the purpose of subscribing to mailing lists and participation in social networks.
The users consent can be revoked at any time by the methods indicated in the paragraph “Rights of the interested party”.
Among the personal data collected by this website, either independently or through third parties, there are: cookies, usage data, postal code, e-mail, surname, telephone number and province.
Personal Data may either be entered voluntarily by the user or collected automatically during use of the website.
Failure to provide the Company with some users personal data may prevent the Company from providing its services. The user assumes the responsibility of the personal data of third parties published or shared through this website and guarantees to have the right to communicate or disseminate them, freeing the owner from any liability towards third parties.
The data collected through this website will be processed for purposes related to the activities of the website edgearch.pro and for the services offered by the Company as well as for commercial, promotional, marketing and related services.
Furthermore the data will be collected and processed in order to:
- provide assistance with the use of the services and, in general, for the management of the services of the edgearch.pro website;
- send communications relating to the use of the services to which you are registered;
- send commercial communications relating to new edgearch initiatives;
- elaborate statistical studies and research or market analyses, only after data analyses on an aggregate and anonymous basis;
- carry out interactive commercial communications.
The duration of data processing is connected to the time needed to provide the services.
The edgearch.pro website reserves the right to use Linkedin, Tweet, Facebook plug-ins. The edgearch.pro website will only use technical cookies or third-party cookies connected to the provision of the services offered.
6. Data processing criteria and storage period
Your personal data are processed by the Data Controller only with methods, tools, softwares and procedures, computerized or telematic, for the time strictly necessary to achieve the envisaged purposes. Specific security measures are observed to prevent data loss, illicit or incorrect use, unauthorized access and any other violation of the same.
In addition to the Data Controller, in some cases, personal data may be disclosed to subjects involved in the organization of the website (administrative, commercial, marketing, legal, system administrators) or external subjects (as suppliers of third party technical services, mail carriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, data co-controllers or processors by the Data Controller.
The updated list of controllers can always be requested to the Company.
7. Personal data communication or disclosure to third parties
The data will be communicated exclusively to competent subjects duly appointed by the Data Controller for the performance of the necessary services, with guarantee of protection of the rights of the interested party.
In particular, the data may be disclosed to third parties duly appointed among public and/or private subjects for whom the communication of data is mandatory or necessary in compliance with legal obligations or is in any case functional to guarantee the provision of services requested.
No data is communicated or disclosed outside the aforementioned hypotheses.
8. Rights of the interested parties
The withdrawal of consent to the processing of personal data will result in the cancellation of the request for registration to the services or the cancellation of the registration to the services of the website edgearch.pro.