DATA CONTROLLER AND DATA HANDLER
The Data Controller for processing the personal data collected through our websites, www.processfactory.it and www.4sustainability.it (hereinafter collectively referred to as “Website”) is Process Factory S.r.l. (hereinafter referred to as “Process Factory”), with registered office in Antonio da Noli no. 4/6, and is the company that designed and manages the website, deciding upon its configuration and evolution based on its activity and services.
The personal data collected through the website may also be processed by third-party suppliers of services, acting on behalf of Process Factory, who are appointed as Data Handlers and who will process the data in compliance with the purpose for which they were collected.
NECESSITY AND ESSENTIALITY OF THE DATA
Personal data are collected and stored through this website only when it is essential for fulfilling the purposes stated in this Policy. Users are able to consult the website without registering and without being identified. Process Factory’s policy is to avoid the collection of personal data when the purpose in each case can be achieved through the use of anonymous data (e.g., in the aggregate analysis of site navigation, carried out on a statistical basis with web analytics tools and avoiding analysing the navigation traces of individual users).
PROCESSING METHODS AND SECURITY MEASURES
The user’s personal data will be processed automatically for the amount of time and to the extent necessary to achieve the individual purposes for which they were collected.
The website is protected against potential computer attacks and unauthorized access by appropriate security measures aimed at ensuring the integrity, confidentiality, and availability of both the data of operators having pages on the website and with the data of registered users who consult the website.
Despite our strong commitment to ensuring adequate security, Process Factory cannot guarantee its users that the measures taken for the security of the website and the transmission of data and information completely prevent any risk of unauthorised access or loss of data. Users are asked to make sure that their computer or device (e.g., smartphone, tablet) is equipped with suitable technological devices to protect both incoming and outgoing data transmission over the network (such as an updated antivirus systems) and that their Internet service provider has taken appropriate measures for the security of data transmission over the network.
PURPOSE OF THE PROCESSING
The users’ personal data will be processed in order to:
1) respond to the users’ requests for information and materials
2) allow newsletters to be sent upon request from the users
3) put users in contact with the company’s commercial departments
4) fulfil any legal obligations
LEGAL BASIS AND MANDATORY OR VOLUNTARY NATURE OF DATA CONFERMENT
For the purposes set forth in numbers 1 to 3, processing is necessary to execute a contract with the Data Subjects or to execute pre-contractual measures adopted upon their request, per Art. 6, Chap. 1, Letter b) of EU Regulation 2016/679 (hereinafter referred to as “GDPR”). Data conferment by the user is voluntary, but without it requests for information, materials, contact, or the newsletter cannot be fulfilled.
The purpose of number 4 is based on Art. 6, Chapter 1, Letter c) of the GDPR and the data, if provided, must be processed to fulfil a legal obligation.
TYPE OF DATA
The personal data of users who write to Process Factory are the contact data (such as name, last name, company, email address) and any data contained in the freeform message field.
User data is information that allows you to identify the data subject only indirectly and when necessary, e.g., for a request from the court and the police (e.g., for data that allows you to associate an anonymous user’s activities and navigation on the website to the IP address, i.e., the Internet Protocol that is an identifier of the computer or device (smartphone, tablet, etc.) from which they were made, or the activities on the website).
CATEGORIES OF DATA RECIPIENTS
For the purposes described above, the user’s personal data may be shared with the following categories of recipients:
- data handlers duly appointed by the Data Controller, such as subjects that provide administrative, legal, technological services etc.;
- employees and partners of the Controller who are subject to mandatory confidentiality;
- various subjects to whom communication is required by law (e.g., public authority)
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
The user’s personal data are not normally shared with subjects outside the European Economic Area.
Whenever this does occur, Process Factory ensures that the transfer will occur based on an adequacy decision adopted by the European Commission, the Standard Contractual Clauses approved by the European Commission, or another appropriate legal basis.
DATA RETENTION TIMES
In relation to the purposes set forth in numbers 1, 2, and 3, the personal data will be retained for the time strictly necessary to achieve those purposes and to allow Process Factory to protect its legal rights and interests for the maximum amount of time set forth in the applicable regulations and which coincides with the statute of limitations of available legal actions.
With regard to the data collected for purpose number 4, they will be kept for the time provided by the specific obligation or applicable legal standards.
ACCESS TO THE DATA AND EXERCISING RIGHTS RELATED TO DATA PROTECTION
Pursuant to EU Regulation 679/2016, data subjects have the right at any time to obtain confirmation of the existence of their data and to know the content and origin, to verify its accuracy or request its integration, updating, or correction. The subjects to whom the personal data refer also have the right to request its deletion, transformation into anonymous form, or limitation of processing, portability of data in a readable and commonly used format, and to oppose processing.
Whoever wishes to exercise the aforementioned rights may contact the Controller by writing to the registered office at Antonio da Noli n.4/6, 50127, or sending an email to firstname.lastname@example.org.
Anyone who notices a violation of their rights may apply to the competent Supervisory Authority in accordance with Article 77 of EU Regulation 679/2016. Appealing to the Judicial Authorities is also possible.