Privacy Policy

PRIVACY NOTICE WEBSITE USERS SECTION

Mod.INF.UT.-PRI

Ed. 01/2024

Privacy Notice

Section Users

The Company BERNAZZOLI SRL, with registered office in Parma, Via Cremonese no. 95/A, VAT no.: 00860370345, email: bernazzoli@bernazzoli.com, certified email: bernazzoli@cert.rsnet.it, tel: +39 0521/647155, owner of the website https://bernazzoli.com (hereinafter, the “Site”), as data controller of the personal data of Site users (hereinafter, the “Users”), provides below the privacy notice pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, the “Regulation”, or the “Applicable Law”).

This Site and the services possibly offered through the Site are reserved for persons who have reached the age of eighteen. Therefore, the Controller does not collect personal data relating to persons under the age of 18. At the Users’ request, the Controller will promptly delete all personal data inadvertently collected and relating to persons under the age of 18.

The Controller gives the utmost consideration to the right to privacy and the protection of its Users’ personal data. For any information regarding this privacy notice, Users may contact the Controller at any time using the following methods:

• By sending a registered letter with return receipt to the Controller's registered office in Parma, Via Cremonese no. 95/A, 

• By sending an email message to the following addresses: PEC: bernazzoli@cert.rsnet.it,

e-mail: bernazzoli@bernazzoli.com

1. Category of data processed:

The data subject to this processing are the following:

a) all personal data whose transmission is implicit in the use of Internet communication protocols, which the computer systems and software procedures used to operate the Site acquire during their normal operation: the IP addresses or domain names of the computers used by Users, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User's operating system and IT environment;

b) identifying personal data (e.g. first name, last name, email address, telephone number, country, company name, position, IP address, log file, etc.);

c) all further data of the User possibly and voluntarily published in the “contact us” section.

2. Purpose of processing

The Users’ personal data will be processed lawfully by the Controller pursuant to art. 6 of the Regulation for the following purposes:

1. provision of the service, i.e. to allow the User to browse the Site. The User data collected by the Controller for this purpose include all data used solely to obtain anonymous statistical information on the use of the Site and to ensure its proper functioning. Without prejudice to what is otherwise provided in this privacy notice, under no circumstances will the Controller make Users’ personal data accessible to other Users and/or third parties.

2. fulfil the User's request: Users’ personal data are collected and processed by the Controller solely for the purpose of fulfilling their request. The User data collected by the Controller for this purpose include: first name, last name, email address and all further data of the User possibly and voluntarily published in the “contacts” section. No other processing will be carried out by the Controller in relation to Users’ personal data. Without prejudice to what is otherwise provided in this privacy notice, under no circumstances will the Controller make Users’ personal data accessible to other Users and/or third parties.

3. administrative and accounting purposes, namely to carry out organisational, administrative, financial and accounting activities, such as internal organisational activities and activities functional to the fulfilment of contractual and pre-contractual obligations.

4. legal obligations, namely to comply with obligations laid down by law, an authority, a regulation or legislation and for the ascertainment of liability in the event of hypothetical cybercrimes to the detriment of the Site.

5. performance of a contract, where processing is necessary for the performance of a contract with the User and/or for the performance of pre-contractual measures.

In any case, it is always possible to request the Controller to clarify the actual legal basis of each processing operation and in particular to verify whether the processing is based on the law, provided for by a contract or necessary to conclude a contract.

The provision of personal data for the processing purposes indicated above is optional but necessary, since failure to provide them will make it impossible for the User to make their request to the Controller.

3. Methods of processing and data retention times

The Controller will process Users’ personal data using manual and computerised tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure the security and confidentiality of the data.

The personal data of Site Users will be kept for the time strictly necessary to fulfil the primary purposes illustrated in point 2) above or otherwise as necessary for the civil-law protection of the interests of both Users and the Controller.

4. Scope of communication and dissemination of data

The persons in charge of managing the Site and Users’ requests may become aware of Users’ personal data. Such persons, who have been instructed to this effect by the Controller pursuant to art. 29 of the Regulation, will process the User's data exclusively for the purposes indicated in this notice and in compliance with the provisions of the Applicable Law.

Third parties who may process personal data on behalf of the Controller as “External Data Processors” may also become aware of Users’ personal data, such as, by way of example, IT and logistics service providers functional to the operation of the Site, outsourcing or cloud computing service providers, professionals and consultants..

Users have the right to obtain a list of any data processors appointed by the Controller by requesting it from the Controller using the methods indicated in point 6) below.

5. Data transfer

The data collected in relation to the aforementioned purposes are not transferred to countries outside the EU.  The Controller, however, reserves the right to use cloud services; in that case, the service providers will be selected from those that provide adequate guarantees, as provided for by art. 46 of EU Regulation 2016/679.

6. Rights of Data Subjects

Users may exercise the rights guaranteed to them by the Applicable Law by contacting the Controller using the following methods:

By sending a registered letter with return receipt to the Controller's registered office in Parma, Via Cremonese no. 95/A, 

• By sending an email message to the following addresses: PEC: bernazzoli@cert.rsnet.it

• e-mail: bernazzoli@bernazzoli.com

Users have the right to obtain:

• access to personal data in order to know (“reactive transparency”) the purposes of processing, the categories of personal data collected, the recipients of the data communication, in particular if recipients in third countries or international organisations, the envisaged data retention period (art. 15);

• obtain rectification (art. 16);

• the right to obtain the erasure of personal data, where they are no longer necessary in relation to the purposes for which they were collected and where there are no further legal requirements for retention (art. 17 GDPR); 

• request restriction of processing (art. 18);

• request data portability (art. 20);

• the right to object to processing on grounds relating to their particular situation (art. 21 GDPR). In such case, further processing of your data will be refrained from unless compelling legitimate grounds for proceeding with the processing are demonstrated (e.g. for the defence of their rights in court).

• not to be subject to an automated decision-making process, including profiling (art. 22);

• to withdraw consent at any time without prejudice to the lawfulness of processing based on consent given before withdrawal (art. 7).

Finally, the data subject shall have the right to lodge a complaint with the Supervisory Authority pursuant to art. 13 para. 2 lett. d) of the aforementioned regulation as well as pursuant to art. 77 of the regulation.

The Italian supervisory authority is the Data Protection Authority, with registered office at Piazza Venezia 11, 00186 – Rome (http://www.garanteprivacy.it/).

For everything not provided for in this notice, reference should be made to Regulation (EU) 2016/679 and Legislative Decree 196/03 as amended by Legislative Decree 101/2018 and subsequent amendments and additions, as well as any other measure issued by the Data Protection Authority (“Garante”).

The Controller is not responsible for updating all links viewable in this Notice; therefore, whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by that link. In the event of non-acceptance of the changes made to this privacy policy, the User must cease using https://bernazzoli.com  and may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to the Personal Data collected up to that point.