Privacy Policy

1. Premises

This notice will attempt to explain who and how processes the data of the data subject (also referred to as the User), what their data are, and what their rights are and how they can exercise them. For special clarifications, where the User does not understand or does not consider what is included in the notice sufficient, please write to the following address: info@industrialgommegroup.it

2. Some important notions about personal data

What is meant by personal data? Personal data is any information that relates to an identifiable natural person. An e-mail address is personal data. The text of a message, if it reveals information about a person, is personal data.

What does it mean to process data? The legal definition of processing includes any operation or set of operations concerning the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, erasure and destruction of data. Practically, then, everything that can be done with user data is processing. Already, therefore, collecting or reading data for example, that is, consulting them, is processing.

3. Who processes the data

Data controller is the subject who makes decisions on how to process the data, therefore – among other things – on what precautions to take to protect them, on where to house them (whether on a server or cloud, etc.), on what data to ask the user, on what to process and for what purpose, on what and to whom to transfer them, how to manage the relationships and rights of the users, on who to choose as a collaborator, manager or simply in charge of processing the data, on what instructions to give to the collaborators, etc. Therefore, given that the data controller is very important, the user should know that it is a question of:

Industrial Gomme Group
Head Office: Via Benaco 167 – Strada Statale, Bedizzole (BS);
VAT: IT06212810961
Phone: + 39 030 687 1580
E-mail: info@industrialgommegroup.it

Then, as regards any additional functions, the Data Controller may avail itself of internal subjects authorised to process data (also called persons in charge) or external subjects mostly as data controllers, as autonomous controllers or joint controllers, depending on the case.

3.1 To whom the data is communicated (or to whom access to it is granted)

The data is communicated to internal subjects of the Owner (employees) who collaborate in the executive and administrative management of the service.
They can be further communicated in compliance with communication obligations in the event of a request by a public authority (for example, a request by the Court, tax assessments, etc.).
Furthermore, the data is communicated to the hosting service, to third-party managers of cookies installed through the site (see the relevant information), social networks in the event of installation of widgets or the “like/share etc.” function inserted in the website;

It is important to know that Industrial Gomme Group can manage and control only the data stored and processed within its own system: data transferred or communicated to third parties will be, in the manner and to the extent, independently processed by the third parties to whom they are communicated according to their own privacy policies. In any case, where Industrial Gomme Group ceases to process a user’s personal data, it will also communicate the cessation to the subjects to whom such data have been communicated, but cannot guarantee the cessation of processing by these.

4. Where does he treat them?

The Owner processes the personal data of the Users at its headquarters. Furthermore, the data is processed at Serverplan located in the EU. For more information: datacenter.

5. What data is processed

Based on the significant quality of the data, the following can be identified:

• Contact details: email;
• Identification data: name, surname;
• Content data: the content of the communication sent by the User through the appropriate form;
• About navigation

6. For what purposes are they processed, and indication of the legal basis and duration of storage

The Data Controller processes user data for the following purposes:

I. Response to requests sent by the user (information, exercise of rights, etc.): consists in the response to contacts made by the customer/user (via email or other form of contact).
Legal basis: execution of the service requested by the user in the communication (such as the exercise of a right) or execution of pre-contractual measures if it is a request for quotes;

Duration: ten years (obligation to retain business correspondence).
Processed data: contact, identification and other data depending on the content of the request (for example, the information contained in the text of the request may refer to people, and as such are personal data).

Mandatory provision: the provision of data is mandatory. Failure to provide them will make it impossible to send the request or obtain a response from the Data Controller.

II. Create contact database: the Owner creates a database of contacts received via forms on the site. The database is used as a backup copy of the addresses from which the communications were received;
Legal basis: legitimate interest of the owner in the conservation of contact backup data (considered prevalent over contrary interests as it guarantees the availability of the data to the Owner and on the other hand – being data of little danger and significance – does not cause prejudice to the user). The interested party can always oppose (see Duration);
Duration: until deletion is requested by sending an email to info@industrialgommegroup.it;
Data processed: e-mail, identification, content.
Mandatory provision: in this case it is not possible to choose whether to provide the data or not, as this operation is carried out automatically when the user sends a communication to the Data Controller. However, the user has the right to request the deletion of his/her data, as indicated above.

III. Estimate preparation: upon request of the user during the contact phase, the Data Controller proceeds to prepare a quote with the information contained in the communication made by the user;
Legal basis: performance of a contract;
Duration: until the estimate expires or until it is approved;
Data processed: e-mail, identification, content;
Mandatory provision: the provision of data is mandatory. Failure to provide them will make it impossible for the Data Controller to prepare a quote.

IV. Sending promotional communications (newsletter): IGG may send the interested party (person or company) who has given consent periodic communications via email regarding promotions of its own or third-party products or services, online and offline events.
Legal basis: consent expressed by the interested party (always revocable);
Duration: until consent is revoked.
Processed data: contact, area of ​​interest, product of interest, name and surname.
Mandatory provision: consent for the newsletter is optional.

7. How the data is provided

The data is provided directly by the User by filling in the appropriate form on the site or by communicating it through other means of contact (e-mail and telephone).

8. How the service will “communicate” with the user

The Owner will communicate with the User in the following ways:

• You may receive emails, phone calls, messages or other communications from the Owner: these will be operational communications or in any case a response to the communication sent by the User. These communications are essential for the regular management of the relationship with the User;
• Send newsletters only to users who have given consent.

9. What are the rights of users?

Users are beneficiaries of a series of rights.

Information rights about:

• Categories of data are processed (see points 2 and 5);
• Origin of the data, i.e. knowing where the service got its data from (see point no. 7);
• Purpose of data processing, i.e. for what purposes the data is processed (see point no. 6);
• Details of the owner and any data controllers (see point no. 3);
• Subjects to whom the data is communicated (see point no. 3/a);
• Data retention and processing time (see point no. 6);
• Right to lodge a complaint with the Privacy Guarantor by accessing the following link: https://www.garanteprivacy.it/i-miei-diritti
• Existence or otherwise of a profiling process;
• Legal basis for processing (see point no. 6).

Then there are rights that are not simply informational but operational. They are of various kinds. In short:

• The interested party has the right to have a copy of the data he/she has provided. If the data has been processed with automated methods and on the basis of his/her consent or a contract, the user can ask – if technically possible – that the data be transmitted to the interested party or even to a possible new owner (portability), provided that this operation does not infringe the rights (and data) of other people. In this case, this right cannot be exercised in relation to communications that contain data of third parties, industrial secrets or in any case protected content. In this case, he/she can also ask for the deletion of the data (unless the law requires the Owner to retain it, as in the case of commercial communications).
• If the personal data are inaccurate or incomplete, the interested party may request to rectify or complete them, providing indications to this effect. If the Data Controller must verify the accuracy of the data contested by the interested party, the latter may in the meantime obtain the limitation of the contested data (limitation means that the data are only stored and no other processing is carried out unless with a specific consent of the interested party or if they are needed to exercise or defend a right in court).
• If the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, the interested party may request their deletion. However, if the data are needed by the interested party to exercise a right in court, they may request their limitation (i.e., only retention).
• If the processing is unlawful because the data is processed without consent, legitimate interest on the part of the Data Controller, contract for the execution of which the processing is necessary, legal obligation of processing by the Data Controller, the interested party may request its cancellation or limitation.

11. What are the duties and responsibilities of users?

The User is required to communicate truthful data.
It is the User’s responsibility to communicate to the Owner any changes that have occurred to the personal data previously communicated. Finally, it is the User’s responsibility, where the functions allow it, not to enter excessive data. For example, if the form requires the entry of non-mandatory data (usually marked with an asterisk), it is recommended to enter them only if it is deemed necessary. Similarly, if you write a message via the service, it is recommended to avoid explicit references to identifiable persons, if not necessary.

12. Data breach hypothesis

In the event that one or more of the following events should occur with respect to the Users’ data: unauthorized access, theft, loss, destruction, disclosure, modification (so-called Data breach), the Data Controller, without prejudice to the urgent technical measures to be implemented to block (as far as possible) the event and to reduce its harmful effects, undertakes to:

inform Users, directly if circumstances allow it or generically (via notice on the home page of the website or via communication sent to all users, including those for whom there have been no data events) of the type of event, the time in which it occurred, the measures adopted (without going into detail in order not to facilitate any new attacks) to reduce the damage and to avoid new similar events, as well as the measures and precautions that the user should – for his part – implement to reduce the probability of new events and limit the consequences of those that have already occurred.

restore the service as soon as possible in an efficient manner, recovering the available data from the last useful backup carried out;