PRIVACY POLICY
Spalla srl, as the Owner of the company, having its registered office at Circ. Ovest CO.IN.OR L 14BB 15048 VALENZA (AL) , is the Data Controller of the personal data collected on this site pursuant to and for the purposes of EU Regulation 679/2016 (hereinafter GDPR):
- Personal browsing data
Spalla srl is committed to protecting your personal data and asks that you take a few minutes to read how we collect, use, disclose and transfer personal data provided to us through our website www.spallasrl.com or by interacting through data transmitted to Spalla srl by third party companies that provide technological and/or IT, logistics and commercial services.
In addition, this policy explains how we collect data through the use of cookies and related technologies using our Platforms.
- Personal data processed for contractual purposes, legal obligations, holder’s rights
- Personal data, contact details.
- Personal data processed for generic marketing purposes of the Owner
- Biographical data, contact data.
- Personal data processed for marketing and profiling purposes
- Personal data, contact data, data collected by cookies installed by the Sites.
- Personal data processed for sending Newsletter
- Contact data.
- Personal data processed for the operation of the Sites
- The IP addresses or domain names of the computers used by users connecting to the Sites, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc. ), other parameters relating to the operating system and the user’s computer environment, are all included in the information relating to the user’s behavior on the Sites, the pages that have been visited or searched, in order to select and make specific announcements to the user of the Sites and the data relating to the browsing behavior held on the Sites, for example, using cookies.Ensuring the safety and privacy of children, it is not in our interest to knowingly collect and use personal data from anyone under sixteen (16) years of age or any age limit set by the law of their country of residence.
By registering on the Site, you confirm that you have reached the age of majority in your country of residence.
- The IP addresses or domain names of the computers used by users connecting to the Sites, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc. ), other parameters relating to the operating system and the user’s computer environment, are all included in the information relating to the user’s behavior on the Sites, the pages that have been visited or searched, in order to select and make specific announcements to the user of the Sites and the data relating to the browsing behavior held on the Sites, for example, using cookies.Ensuring the safety and privacy of children, it is not in our interest to knowingly collect and use personal data from anyone under sixteen (16) years of age or any age limit set by the law of their country of residence.
- Purposes and legal bases for processing
The data and cookies received will be processed by Spalla srl exclusively with methods and procedures necessary to provide the services requested and for the additional purposes for which consent has been given.
– Generic marketing purposes of the Owner: by way of example sending – by automated means of contact (e-mail) – promotional and commercial communications relating to services/products similar to those already used offered by the Owner by way of example but not limited to reporting of company events or webinars or whitepapers or subscription to newsletters.
– Marketing purposes of third parties (with data communication) belonging to the service sector (in particular ICT and digital) and consulting, manufacturing, trade, Public Administration: sending – by automated contact methods (such as sms, mms e-mail) and traditional (such as telephone calls with operator) – promotional and commercial communications, advertising material related to service/product offers, company event reporting, as well as carrying out market studies and statistical analysis by third parties specified above, with respect to the Controller, to whom the data are communicated.
– Marketing Purposes by the Data Controller in favor of third parties (without data communication) belonging to the service sector (in particular ICT and digital) and consulting, manufacturing, trade, Public Administration: sending – by automated means of contact (such as sms, mms e-mail) and traditional (such as phone calls with operator) – promotional and commercial communications, advertising material related to offers of services/products, reporting of company events, as well as carrying out market studies and statistical analysis by the Data Controller on behalf of third parties.
– Profiling purposes: analysis of preferences, habits, behaviors, interests inferred, for example, from online clicks on articles/sections of Spalla srl’s websites, in order to send personalized commercial communications/ carry out targeted promotional actions, business intelligence.
The processing of personal data for profiling purposes will take place, in case of consent, with data processing tools that, following cross-referencing, will create a personal commercial and behavioral profile on the web. This data processing tool will relate the data collected during navigation on the Sites through the use of personally accepted first-party profiling cookies to the data collected through registration with Spalla srl through the appropriate forms. In addition, such data and/or information, will be associated with any and/or additional data and/or information already in our possession as a result of ‘membership to our services.
– Legal obligations: to fulfill obligations under applicable national and international regulations and legislation.
– Sending Newsletters: if explicitly requested with registration for such service.
– Rights of the Owner: if necessary, to ascertain, exercise or defend the rights of the Holder in court.
– Operation of the Sites: the computer systems and software procedures used to operate the Sites acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified interested parties, but which, by its very nature, could, through processing and association with data held by the Owner or by third parties, allow the identification of users of the Sites.
- Dissemination, communication and subjects accessing the data
The data may be processed by external subjects operating as data controllers such as, by way of example, Authorities and supervisory and control bodies and, in general, subjects, including private ones, entitled to request the data, Public Authorities that make an express request to the Data Controller for administrative or institutional purposes, in accordance with the provisions of current, national and European regulations, as well as persons, companies, associations or professional firms that provide assistance and consulting activities.
Data may also be processed, on behalf of the Data Controller, by external subjects designated as Data Processors pursuant to Article 28 of the GDPR, to whom appropriate operational instructions are given. These subjects are essentially included in the following categories:
– companies that offer maintenance services for websites and information systems;
– companies that offer support in carrying out market studies;
– companies that perform database management and maintenance services for the Data Controller;
– companies that offer e-mailing services;
– companies that offer marketing automation platform management services;
– companies that perform organizational support and event hosting services.
Personal data may be processed, if given under explicit consent, by third parties to whom the data are disclosed.
Personal data will not be disseminated.
- Transfer the data abroad
Data may be transferred abroad to non-European countries, and in particular to the United States, only upon verification of the standard contractual clauses (Standard Contractual Clauses) adopted and approved by the European Commission pursuant to Article 46(2)(c) and (d) of the GDPR or the binding rules for the company referred to in Article 47 of the GDPR or, in the absence thereof, by virtue of one of the derogatory measures referred to in Article 49 of the GDPR.
A copy of the safeguards referred to in Article 46(2)(c) and (d) of the GDPR adopted by the Controller may be obtained by emailing [email protected].
- Duration of processing and storage of personal data
In accordance with Art. 5.1 e) of the GDPR, Spalla srl will process the data provided for the period necessary to fulfill the purposes for which it was collected. Generally, we will retain personal data for one year from the end of our relationship or last contact, unless local legislation requires otherwise. In some cases it may be necessary for us to retain personal data for a longer period, for example, if we are required to do so for legal, tax or financial reasons:
– Contractual Purposes, Legal Obligations and Newsletter Sending: throughout the contractual period and, after termination, for 10 years.
– Generic Marketing Purposes of the Data Controller: until the exercise of the right to object exercisable via special unsubscribe button (“Click here”) or by contacting the Data Controller directly.
– Marketing and profiling purposes: until consent for such purposes is revoked.
– Rights of the Owner: in the case of judicial litigation, for the entire duration of the same, until the exhaustion of the terms of esperibilità actions of appeal.
– Operation of the Sites: for the duration of the browsing session on the Sites.
– After the aforementioned retention periods have expired, personal data will be destroyed, deleted or anonymized, consistent with the technical procedures for deletion and backup.
- Security
In Spalla srl, personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected and in accordance with the principle of necessity and proportionality, avoiding the processing of personal data if the operations can be achieved through the use of anonymous data or by other means.
We have adopted specific security measures to prevent the loss of personal data, illicit or incorrect use and unauthorized access, but it is essential, for the security of personal data, that the device is equipped with tools such as constantly updated antivirus and that the provider, which provides the connection to the Internet, guarantees the secure transmission of data through firewalls, spam filters and similar safeguards.
- Rights of the data subject
By contacting the Data Controller by e-mail at [email protected], you can request access to the data concerning you, their deletion, the rectification of inaccurate data, the integration of incomplete data, the restriction of processing in accordance with Article 18 GDPR.
In addition, if the processing is based on consent or contract and is carried out by automated means you may request portability of the data and to receive them in a structured, commonly used and machine-readable format, as well as, if technically feasible, to transmit them to another data controller without hindrance.
One has the right to revoke the consent given at any time for marketing and/or profiling purposes, as well as to propose an objection to the processing, for reasons related to one’s particular situation, of the data in the hypotheses of the exercise of a public interest or legitimate interest of the Data Controller as well as for marketing purposes, including profiling related to direct marketing. This is without prejudice to the possibility of being contacted for the aforementioned purpose exclusively through traditional means, to express opposition only to the receipt of communications through automated means. The Data Controller shall refrain from processing except for legitimate reasons that override the interests, rights and freedoms of the data subject, or for ascertaining, exercising or defending a right in court.
You have the right to lodge a complaint with the competent supervisory authority in the Member State where you habitually reside or work or in the State where the alleged violation occurred.
- Data Protection Officer
The data may be processed by employees of the business functions of the Owner deputed to the pursuit of the above-mentioned purposes, who have been expressly authorized to the processing and have received appropriate operational instructions.
Personal data processed for the operation of the Sites, collected while browsing on the Sites, will be processed by employees, contractors of the Data Controller or external parties, in their capacity as data processors and persons in charge of processing, duly instructed by the Data Controller, who perform tasks of a technical and organizational nature of the Sites on behalf of the Data Controller.