Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

Regulations concerning the protection of natural persons with regard to the processing of personal data
GDPR (General Data Protection Regulation – EU Regulation 679/2016)
Privacy Code Legislative Decree 196/2003 (amended by Legislative Decree 101/2018).

Information provided pursuant to Article 13 of EU Regulation 2016/679 (General Data Protection Regulation – “GDPR 2016/679”), containing provisions for the protection of individuals and other subjects with regard to the processing of personal data; personal and particular data processed by G.E.A. SRL

G.E.A. SRL provides the following information regarding the processing of personal data – common and, if applicable, particular – as they relate to the services provided and pertain to customers or those who browse the web pages and occasionally send information requests through the accounts listed on the “Contacts” page.

1) Purpose of Processing

Personal data is used by G.E.A. SRL:
a) For activities related to the internal organizational management of the services provided;
b) For the issuance of payment titles (invoices, receipts) to users and for all fiscal and administrative obligations;
c) To communicate data, even partially, as necessary upon specific request, to public entities or competent authorities;
Personal data will be used by G.E.A. SRL, only following specific consent:
d) For the performance of the requested services, if necessary in collaboration with external parties appropriately appointed.

Additionally, personal data is processed as a result of the contractual and commercial relationships the Company maintains with its suppliers or external collaborators.
The personal data that the data subject provides through the methods indicated on the “Contacts” page of the website are mainly acquired and processed:
– To send responses to the requests of the data subjects;
– For the possible sending of informational material to the indicated email address;
– For the elaboration of statistical reports.

It is also noted that by browsing our website, the system may acquire technical navigation data related to the IP address, identification codes of the devices used by the user to access the pages or services, data related to browser characteristics and access times, and other anonymized navigation data.

No personal data of users utilizing the website is acquired through software systems. No cookies are used for the transmission of personal information, nor are persistent cookies of any kind or user tracking systems used. The use of session cookies (which are not permanently stored on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable safe and efficient site exploration.

Within the scope of the purposes for which personal data is collected, G.E.A. SRL processes said data according to the principles of fairness, lawfulness, transparency, and the protection of the privacy rights of the data subject.

2) Nature of Provision

The provision of personal data necessary for the purposes mentioned in points 1 a), b), c), and d) of this document is essential for the execution of the services requested by the users.
Failure to provide the requested data will result in the impossibility of fully delivering the offered services or an obstacle/impediment to the continuation of ongoing relationships.

3) Data Processing Methods

Personal Data is processed – according to the principles of fairness, lawfulness, and transparency – both in paper and electronic form. The availability, management, access, storage, and usability of the data are ensured by the adoption of technical and organizational measures to guarantee appropriate levels of security pursuant to Articles 25 and 32 of the GDPR. Data, whether in paper or electronic form, is protected and accessible only to authorized personnel.

4) Storage of Personal Data

Personal Data will be retained only for the time necessary for the purposes for which they are collected, respecting the principle of data minimization as per Article 5, paragraph 1, letter c) of the GDPR, as well as the legal obligations to which the Data Controller is subject. More information on the storage and processing times is available from the Data Controller.

5) Categories of Data Recipients

In the course of its activities and for the purposes mentioned in the previous paragraph 1, the Data Controller may communicate Personal Data, including, when necessary, data concerning health, to:
– Natural persons authorized by the Data Controller to process personal data pursuant to Article 29 GDPR in the course of their work duties;
– Third parties under contractual or conventional relationships with the Data Controller;
– Public administration bodies, public security authorities, judicial authorities, insurance entities, and other subjects, entities, or authorities acting as autonomous data controllers, to whom it is mandatory to communicate Personal Data by law or by order of the authorities;
– Service providers (such as consultants, credit institutions, certifying bodies, etc.) who typically act as data processors pursuant to Article 28 of the Regulation, strictly related and functional to the activities of the Data Controller.
The data will not be transferred to third countries and will be stored at the Data Controller’s premises or, in the case of data recorded in paper form (documents), in recognized and appointed facilities by the Data Controller.

6) Rights of the Data Subject

The data subject has the right to access their personal data at any time, pursuant to Articles 15-22 of the GDPR. In particular, the data subject may request the rectification, deletion, or restriction of processing of their data in cases provided for by Article 18 of the GDPR, withdraw consent given pursuant to Article 7 of the GDPR, obtain data portability in cases provided for by Article 20 of the GDPR, as well as lodge a complaint with the competent supervisory authority pursuant to Article 77 of the GDPR (Garante per la Protezione dei Dati Personali). The data subject can submit a request to object to the processing of their personal data pursuant to Article 21 of the GDPR, providing reasons that justify the objection: the Controller reserves the right to evaluate the request, which would not be accepted if there are compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject. Requests should be addressed in writing to the Controller.

7) Data Controller

The data controller is G.E.A. SRL, whose details are provided in this notice, represented by its Legal Representative.
You can contact the data controller at privacy@geafonderia.it.