Gruppo Mati S.r.l. considers very important the protection of personal data of its actual and/or potential customers and users ensuring that the personal data processing, performed through any method, both automated and manual, occurs in full observance of the protection and rights recognised by the (EU) Regulation 2016/679 of European Parliament and Council of 27 April 2016 (GDPR No. 679/2016), as well as by the laws in force in our legal system, relative to the protection of individuals, with regard to personal data processing and free movement of such data (hereinafter referred to as “Regulation”).
DATA PROCESSING CONTROLLER
The data processing Controller of this web site is: Gruppo Mati S.r.l. with headquarters in Pistoia, via Bonellina n. 49, telephone +39 0573380051 email firstname.lastname@example.org
PROCESSORS AND PERSONS IN CHARGE OF DATA PROCESSING
The Controller reserves the right to appoint personal data Processors for the management of the purposes listed in this policy and for all the activities necessary to perform the services required by the person concerned, whose references can be sent on request to the addresses indicated above.
The Controller and the Processor perform the processing of the concerned persons’ data also with the help of the Persons in charge duly appointed and instructed to process personal data correctly, even orally.
THIRD PARTIES DATA PROCESSING PROCESSORS
We incorporate third parties services and widgets that imply personal data processing in their platforms. These third parties act in compliance with the law set forth in section 2 of the Regulation and they are all located in the United States:
Google Analytics (To disable only Google Analytics cookies, the user can use the additional component provided by Google at the following link, following the opt-out procedure indicated by Google)
Moreover, online you can choose a different setting of the cookies used for personal data processing – after having given your consent – from third companies unknown to Gruppo Mati S.r.l., through the service available at the following link: www.youronlinechoices.com
TYPES AND PURPOSES OF THE PROCESSED DATA RELATIVE TO THE BROWSING OF THE WEBSITE
While browsing the website, information about the user can be acquired in the following ways:
- Browsing data
The information systems and software procedures used to operate the website acquire, while operating, some personal data whose transmission is implicit in the communication protocols of the Internet.
In this data category are included the IP addresses, URI (Uniform Resource Identifier) addresses of the requested resources, type of browser used, operating system, domain name and other addresses of accessed or exited websites, information about web pages visited by the users within the site, access time, time spent on each page, method used to submit the request to the server, size of the file obtained, code number indicating the status of the answer given by the server (successful, error, etc.), analysis and other parameters regarding the operating system and the user ‘s IT environment.
Said technical/IT data are collected and used exclusively all together and in an unidentifiable way, and they could be used to ascertain responsibility in the event of computer crimes damaging the website.
- Data provided voluntarily by the visitor
They include all those personal data freely provided by the website visitor, for example, to sign in and/or access a reserved area, ask for information about a specific product or service, send an email to a specific address, satisfy the requests of the user (including but not limited to: when you send information or clarifications request to the email addresses indicated on the website either in the home page or in the internal pages or when curriculum vitae are spontaneously sent for the purpose of applying as a candidate, or when direct calls are made or fax sent to the numbers indicated in the “contacts” section. The personal data processing will be performed according to all the information contained in the specific policies made, pursuant to articles 13 and 14 of the Regulation, by the Data Controller Gruppo Mati S.r.l. at the time of personal data granting, while subscribing, as required by the specific forms, if active.
A “cookie” is a small text file created by some websites on your computer when you visit a specific website; its purpose is to store and transfer information. Cookies are sent by a server (that is the computer through which the website has been visited) to the browser of the user (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored in the computer of this latter. They are then re-sent to the website at the time of subsequent visits.
Cookies are used by the www.piantemati.com website for the following purposes:
- Allow the user to efficiently browse through the different pages of a website.
- Measure the use of services by the users to optimise the browsing and the same services.
DATA PROCESSING METHODS FOR THIS WEBSITE
The Controller adopts appropriate security measures aimed at preventing any unauthorised access, disclosure, modification, or destruction of Personal data.
The data collected through the website are processed through IT and telematic procedures, for the time strictly necessary to fulfil the purposes for which they were collected, in accordance with the provisions of the “data retention limitation principle” as set forth in article 5 of the privacy security Regulations in force and in observance of the obligations of confidentiality to which the activity of the Controller is inspired. Data may be processed also on paper supports or any other type of suitable support, in observance of the appropriate security measures pursuant to article 5 paragraph 1 letter F of the Regulation.
We have adopted all the security measures provided for by the Regulation to protect the data collected, in order to prevent loss or theft of data, unauthorised accesses, and illegal use. The data conferred by the Person concerned will be retained until the same person expressly withdraws consent and for the technical time necessary to perform the functions for which it was collected in observance of law obligations.
REDIRECT TO EXTERNAL WEBSITES
Website can use social plug-ins.
Social plug-ins are special instruments that allow to incorporate the functionalities of the social network directly inside the www.piantemati.com website (for example, Facebook “I like” function).
All the social plug-ins present inside the www.piantemati.com website are marked with the logo belonging to the social network platform.
When you visit a web page and interact with the plug-in (for example, clicking the “I like” button) or you decide to leave your comment, the corresponding information is transmitted by the browser directly to the social network platform (in this case Facebook) by which it is stored.
LINKS TO/BY THIRD PARTY WEBSITES
From the website, through specific links, you can connect directly to third party websites.
In this regard Gruppo Mati S.r.l. shall not be held responsible for any personal data processing by third party websites as well as for the management of authentication credentials provided by third parties.
MONITORING OF THE WEBSITE VISITS
The services included in this section allow the Data Controller to monitor and analyse the traffic data and they are used to keep track of the User’s behaviour.
We use these data to calculate the number of people that use our website, to better understand how they find and use our web pages and to monitor their movements within our website.
Even if Google Analytics detects data such as geographical position, device, web browser, and operating system, none of this information identifies you personally. Google Analytics also records your computer IP address, which could be used to identify you, but it does not allow us to access it. We consider Google as a third party data processor (see the specific section).
COMMENTS TO OUR BLOG
If you choose to add a comment to any of the posts on our blog, the name and email you provide with your comment will be stored in the database of this website, together with your computer IP address, as well as the time and date when the comment was sent.
Your comment and relative personal data will be retained by this website until we will consider necessary to, 1.) remove the comment or 2.) remove the blog post. If you want your comment and relative personal data to be removed before any of the above-mentioned events occurs, send an email to email@example.com using the same email address through which you sent your comment.
If you are under 16, you need your parents’ authorisation before posting a comment on our blog.
NOTE: if you write a comment to the posts of the blog, do not give any personal information that could make your identification possible.
CONTACT FORMS AND EMAIL LINK
If you choose to contact us using the contact form on our website or an email link, none of the data you have provided will be stored in this website or transferred/processed by any of the third party data processors (see section 6 of the Regulation). The data will be collected in an email and sent to us through the SMTP protocol (Simple Mail Transfer Protocol). Our SMTP servers are protected by TLS (also known as SSL). This means that the content of the email was encrypted using the SHA-2, 256 bit encryption before being sent through Internet. The content of the email is therefore decrypted by our local computers and devices. The provision of data through the forms present in our website, that is, communications transmitted voluntarily by the same user, is always optional; however, failing to provide the compulsory data as required by our request forms, we will not be able to provide to the user the service required.
If you choose to subscribe to our newsletter, the email address you send us will be forwarded to MailChimp that provides us email marketing services. The email address you send us will not be stored in the database of this website or in any of our internal computer systems. We consider MailChimp as a third party data processor.
Your email address will be retained by MailChimp database until we will continue to use MailChimp services for email marketing or until you will specifically request to remove it from the list. You can do this by cancelling your subscription using the unsubscribing link contained in any of the emails we sent you or requesting its removal via email using the email account registered in the mailing list.
If you are under 16, you need your parents’ authorisation before subscribing to our newsletter.
Since your email address will be stored in our MailChimp database, you will receive our periodical newsletter.
HOW WE STORE PERSONAL INFORMATION
If you will send a comment to any of the posts of this website, some personal information will be archived in the database of the same website. Currently, this is the only occasion that personal data are archived in this website in an identifiable way, through the Content Management System (CMS) with which this website has been developed (WordPress).
RIGHTS OF THE PERSONS CONCERNED
As provided for by article 15 of the Regulation, the person concerned can access his/her own personal data, ask for their correction and updating, if incomplete or incorrect, ask for their cancellation in case the collection was performed in violation of law or regulation, as well as oppose to the processing for legitimate and specific reasons.
In particular, following are reported all the rights that you can exercise, anytime, against the Data Controller and/or persons in charge of the processing:
Right of access: is the right to obtain from the Data Controller, pursuant to article 15, paragraph 1 of the Regulation, the confirmation that there is, or there is not, an ongoing of personal data processing, and in this case, to obtain the possibility to access said personal data, as well as the following information: a) purposes of the processing; b) categories of said personal data; c) recipients or categories of recipients to whom the personal data were or will be communicated, in particular the recipients of third countries or international organisations; d) if possible, the expected personal data storage period or, if not possible, the criteria used to calculate said period; e) the actual right of the person concerned to ask the Data Controller for the correction or cancellation of personal data, and to restrict or oppose to their processing; f) the right to lodge a complaint with a supervisory authority; g) all the information available about their origin, in case personal data have not been obtained from the concerned person; h) existence of an automated decision-making process, including profiling as set forth in article 22, paragraphs 1 and 4, of the Regulation and, at least in such cases, important information about the logic used, as well as the importance and consequences for the concerned person for said processing.
Right of correction: right to obtain, in compliance with article 16 of the Regulation, the correction of personal data that may result incorrect, keeping into account the purposes of their processing; moreover, it is possible to obtain their integration in case they result incomplete, also by providing a supplementary declaration.
Right of cancellation: right to obtain, pursuant to article 17, paragraph 1 of the Regulation, the cancellation of personal data, without undue delay, and the data Controller has the obligation to cancel your personal data, in case there is even only one of the following reasons: a) personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) you have withdrawn consent on which the processing of your personal data is based and there is no other legal ground for the processing c) the concerned person opposed to the processing pursuant to article 21, paragraph 1 or 2 of the Regulation and there are no other legitimate reasons for the processing; d) he personal data have been illegally processed; e) The personal data must be cancelled to comply with a Communitarian legal obligation or national law. In some cases, as provided for by article 17, paragraph 3 of the Regulation, the data controller is entitled to not cancel your personal data if their processing is necessary, for example, to exercise the right of freedom of expression and information, to fulfil a law obligation, for reasons of public interest, for public interest archiving purposes, for scientific, historical, or statistic purposes, for the establishment, exercise or defence of legal claims.
Right of restriction of processing: right to obtain the restriction of the processing, in compliance with article 18 of the Regulation in any of the following hypotheses: a) the person concerned contested the accuracy of the personal data (the restriction will last until the Data Controller has verified their accuracy); b) the processing is illegal but the person concerned opposed to their cancellation and requested instead the restriction of their use; c) even if the Data Controller no longer needs the personal data for the purposes of the processing, personal data are required by the person concerned for the establishment, exercise, or defence of legal claims; d) the person concerned opposed to the processing pursuant to article 21, paragraph 1, of the Regulation pending the verification whether the legitimate grounds of the controller override his/hers. In case of processing restriction, the personal data will be processed, except for storage, only with consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person, or for important public interest reasons.
Right to data portability: right to request anytime and receive, in compliance with article 20, paragraph 1 of the Regulation, all the personal data processed by the Controller and/or persons in charge of the processing, in a structured, commonly used, and readable format, or request their transmission to another Controller without hindrance. In this case, the person concerned shall provide us all the details of the new Data Controller to whom the personal data must be transferred, as well as written authorisation to do so.
Right to oppose: in compliance with article 21, paragraph 2 of the Regulation and with the provisions of its recital 70, it is possible to oppose, anytime, to your own personal data processing in case they are processed for direct marketing purposes, including profiling to the extent that it is related to said direct marketing, without express consent by the user.
Right to lodge a complaint with a supervisory authority: without prejudice to the right to lodge a complaint with any other administrative or judicial authority, if the person concerned considers that the personal data processing performed by the Data Controller and/or the persons in charge of their processing has been performed in breach of the Regulation and/or applicable law, he/she can lodge a complaint with the specific Personal data protection supervisory authority.
In order to exercise all the above-mentioned rights, it is necessary to contact the Data Controller in one of the following ways:
- Writing to the following address: Gruppo Mati S.r.l. Via C. Levi, 15/A — Loc. Ferruccia — 51031 Agliana (PT);
- sending an email to firstname.lastname@example.org
- calling +39 0573 380051
NOTIFICATION OF DATA BREACH
We will signal any breach that should come to our attention, of the data contained in the database of this website or third parties database, to the specific supervisory authority within 72 hours from the same breach, in case there is any evidence that risks for rights and freedom of the persons concerned should derive from said breach.
Latest update 25 May 2018.