Disclosure of personal data processing
- ➢ Directive 2002/58/EC - on "the processing of personal data and the protection of privacy in the electronic communications sector"
- ➢ Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/ec (General Data Protection Regulation).
THE DATA CONTROLLER
Following consultation of this site, data relating to identified or identifiable persons may be processed. The "Owner" of their processing is IWDT Italian Window Distribution & Trading Srl (P.IVA: 02558160418) with registered office in Via Ridolfina, sn, Loc. Barchi - (61038) Terre Roveresche (PU) email email@example.com.
TYPES OF DATA PROCESSED
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing.
Data voluntarily provided by the user
The optional, explicit and voluntary sending of personal data by the user in the registration forms on this site or by calling any telephone numbers listed within the site, involves the subsequent acquisition of the data provided by the sender, necessary for the provision of the service or information requested.
Anonymous or aggregate data
Anonymization takes the form of processing aimed at preventing the identification of the data subject. Anonymized data are outside the scope of data protection legislation. Aggregate data may be derived from personal data provided by the user but are not considered personal data because, as specified, they neither directly nor indirectly allow identification of the data subject.
VOLUNTARINESS OF DATA PROVIDING
Apart from what is specified for navigation data, the user is free to provide his/her own personal data. However, failure to provide them may make it impossible to obtain what has been requested.
CONTROL OVER ONE'S PERSONAL DATA
Please note that at any time you can choose to restrict the collection or use of your personal information. For example, if you previously gave consent for us to process your personal data for marketing purposes, you can change your mind at any time by writing or emailing us at firstname.lastname@example.org.
IWDT S.r.l. will not sell or distribute collected personal data to third parties unless it has collected explicit and free consent from data subjects or unless expressly required by law. However, after collecting consent from data subjects, personal data may be used to send promotional information about third parties as well.
LINKS TO OTHER WEBSITES
This site may contain links or references to access other sites. Please be advised that the Data Controller does not control the cookies or other tracking technologies on such websites to which this Policy does not apply. We therefore suggest that you consult the individual privacy policies relating to those websites.
METHODS OF TREATMENT and TIME OF STORAGE
Personal data are processed, including by means of automated tools for the time strictly necessary to achieve the purposes for which they were collected.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. The Data Controller has adopted all appropriate security measures and drawing inspiration from the main international standards to minimize risks pertaining to the confidentiality, availability and integrity of personal data collected and processed.
DATA SHARING, COMMUNICATION AND DISSEMINATION
Processing related to the web services of this site takes place at the aforementioned headquarters of the Data Controller and is handled only by personnel expressly authorized by the latter. The data collected may be shared, transferred or communicated to other companies for activities strictly related and instrumental to the operation of the service, such as the management of the computer system or to any third-party suppliers in charge of occasional maintenance operations. In the aforementioned cases, the Data Controller shall appoint such third parties as Data Processors pursuant to Article 28 of the GDPR. Outside of these cases, personal data will not be disclosed to third parties unless provided for by contract or law, or unless specific consent is requested from the data subject. In this sense, personal data could be transmitted to third parties, but only and exclusively in case:
- There is explicit consent to share data with third parties;
- There is a need to share information with third parties in order to provide the requested service;
- This is necessary to comply with requests from the Judicial or Public Security Authorities.
- No data from the web service is disseminated.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
Personal data will also not be transferred to Third Countries, by which is meant countries not belonging to the European Union or the European Economic Area. Should this occur, the Data Controller declares and guarantees to comply with the provisions of Articles 44 et seq. of the GDPR.
RIGHTS OF THE PARTIES CONCERNED
The legislation protecting personal data expressly provides for certain rights of the subjects to whom the data refer (so-called data subject). In particular, pursuant to Articles 15 et seq. of Regulation (EU) 2016/679, each data subject has the right to obtain confirmation of the existence or otherwise of data concerning him or her, to obtain an indication of the origin and the purposes and methods of processing, to object to the same, to update, rectify, supplement data as well as to have them erased if processed in violation of the law or if one of the reasons specified in Article 17 of Regulation (EU) 2016/679 exists.
STORAGE OF DATA
IWDT S.r.l. informs you that the Data collected will be kept only for the time necessary to fulfill the specific purposes indicated. Any further retention of Data or part of the Data may be arranged to assert or defend its rights in any possible forum and in particular in the courts as well as to respond to explicit requests from the interested party, such as requests to receive promotional material if express consent has been given.
Data collected through profiling cookies will be retained in full for 13 months from the date of collection and/or installation of the relevant cookie.
AMENDMENTS TO THESE PRIVACY POLICIES
The Owner periodically reviews its privacy and security policy and, where appropriate, revises it in relation to regulatory, organizational, or technology-driven changes. If the policy changes, the new version will be posted on this page of the site.
EXERCISE OF RIGHTS
For any communication regarding the privacy policies, how our Company processes personal data, as well as to assert their rights under the Data Protection Legislation, the data subject may contact the Data Controller by writing to the appropriate contact email addresses above.
Without prejudice to any other administrative or judicial remedy, a data subject who considers that the processing concerning him or her is in breach of the GDPR has the right to lodge a complaint with a supervisory authority, namely in the Member State where he or she normally resides, works or of the place where the alleged breach occurred.