Below we describe how the site is managed in relation to the processing of personal data of users who visit it.

The information is provided in accordance to art. 13 D.lgs. 196/2003 of the Italian Privacy Protection Code and of the European general regulation on the protection of personal data n. 679/2016 (GDPR) to those who interact with the web services of Poly3, accessible electronically from the address:

www.poly3.it

In the following, information is provided about the data in question, how Poly3 manages such data and the means in which users can exercise the rights granted by the law.

CONTROLLER OF PERSONAL DATA

The controller of personal data is Poly3 Srl , with registered office in Via Delle Rimembranze, 7, 25012 Calvisano (BS) – ITALIA – VAT number 00718650989, tax code 03013460179, in the person of its legal representative Zappettini Floriano .
The updated list of data processors is kept at the registered office of the Data Controller.

DATA PROCESSING LOCATION

The processing operations connected to the web services of this site take place at the aforementioned Poly3 offices and third parties designated as Data Processors, or operating as independent data controllers and are handled by technical personnel in charge of processing, or by persons in charge of occasional maintenance operations.

No data deriving from the web service is communicated or shared.

Personal data provided by users who send requests for information material (bulletins, CD-ROMs, newsletters , annual reports, requests, brochures and documents, reports relating to services or to the site itself, etc.) or proposals for applications (” curriculum vitae “, etc.) are used only to perform the service or manage the requested service and are communicated to third parties, only if this is necessary for this purpose.

TYPES OF DATA PROCESSED AND PURPOSE

Navigation data

The computer systems and software procedures used to operate this website, during their normal operation, acquire some personal data of users who connect to the site and whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified interested parties, but due to its very nature could, through processing and association with data held by third parties, allow identification of the aforementioned users.

This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in the case of computer crimes against the site: apart from this possibility, the data on web contacts do not persist for more than 30 days.

Data provided voluntarily by the user

Sending e-mails to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

Personal data provided by the customer will be processed:

  1. without your express consent (Article 24 letter a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
    1. conclude the contracts for the services offered by the Controller;
    2. fulfill the pre-contractual, contractual and tax obligations deriving from relations with you in existence;
    3. fulfill the obligations established by law, by regulation, by community legislation or by an order of the Authority (such as procedures against money laundering);
    4. exercise the rights of the Controller, for example the right to defense in court;
  2. Only subject to your explicit consent (articles 23 and 130 of the Privacy Code and article 7 of the GDPR), for the following Marketing Purposes:
    1. send via e-mail, mail and / or sms and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Controller and detection of the degree of satisfaction on the quality of services;
    2. send via e-mail, mail and / or sms and / or telephone contacts commercial and / or promotional communications of third parties (for example, business partners, insurance companies).
    3. Please note that if you are already a customer, we may send you commercial communications relating to services and products of the Controller similar to those you have already used, subject to your disagreement (Article 130 paragraph 4 of the Privacy Code).

PROCESSING METHODS

The processing of your personal data is carried out by the means indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR, more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data are subjected to both paper and electronic and / or automated processing.

The Data Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the purposes of service and no later than 2 years from the collection of data for marketing purposes.

DATA ACCESS

Your data may be made accessible for the purposes referred above:

  • to employees and collaborators of the Data Controller in Italy and abroad, in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
  • to third-party companies or other subjects (by way of example, credit institutes, professional firms, consultants, accountants insurance companies for the provision of insurance services, etc.) who carry out outsourcing activities on behalf of the Controller, in their capacity as external managers of treatment.

DATA COMMUNICATION

Without the need for express consent (in accordance to Article 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred above to Supervisory Bodies, Judicial Authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent data controllers.

Your information will not be shared.

NATURE OF DATA PROVIDED AND CONSEQUENCES OF DENYING DATA PROCESSSING

The provision of data for the purposes referred in section “Data provided voluntarily by the user”,¬† point 1, is mandatory for providing the above mentioned services. The provision of data for the purposes referred to in point 2 is optional . You can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material concerning the Services offered by the Data Controller.
However, you will continue to be entitled to the Services in point 1.

COOKIES

No personal data of users is acquired by the site by means of cookies.

We do not use cookies to transmit information of a personal nature, we do not use so-called profiling cookies of any kind, or any system for tracking users that allow their identification.

Technical cookies

The use of session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server ) necessary to allow the safe and efficient exploration of the site.

The so-called session cookies used on this site avoid the use of other technologies that could compromise the privacy of users’ browsing and do not allow the acquisition of personal identification data.

The site uses a cookie to store consent to the use of cookies once the request request bar is closed. This cookie is necessary to prevent the consent being requested again each time a new page of the site is opened and stored on the device for 12 months. You can update your preferences at any time using the “Cookies preferences” bar.

Third-party functions

Our site, like most sites, includes features provided by third parties. A common example can be a YouTube video inserted in a page or widget of social networks. These functions may deposit cookies, for which you should refer to the service provider’s policy. Our site includes features provided by the following third parties:

Cookies for statistical purposes

We use cookies to compile statistics in aggregate form on the number of visitors and on which technologies they use (eg Windows, Mac, smartphone, etc.). This we need to understand if our site is usable on all platforms, and so on. This helps us to constantly improve our site. We also need this statistical analysis system to see how many people have visited our site, if they have been there before, how long visitors spend on the site and which pages they visit the most. This helps us to understand how our site works and to focus our energies on improving our services.

In compliance with the indications of the Italian Privacy Guarantor regarding cookies , suitable tools have been adopted to reduce the identifying power of analytical cookies, ie the anonymization of IP addresses by masking a portion of the address.

In order to collect the statistics we use:

RIGHTS OF THE DATA OWNER

In your capacity as an interested party, you have the rights set forth in art. 7 of the Privacy Code and art. 15 GDPR and precisely the rights to:

  • request confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
  • request informations about: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) of the identification details of the owner, the managers and the designated representative in accordance to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) of the parties or categories of parties to whom the personal data may be communicated or who may become aware of the data
  • as designated representative in the territory of the State, managers or agents; request: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where this fulfillment is it proves impossible or involves a use of means manifestly disproportionate to the protected right;
  • ¬†object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right to object even only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.

Where applicable, you also have the rights referred to in Articles 16-21 of GDPR (Right of rectification, right to be forgotten, right to restriction of processing, right to data portability, Right to object), as well as the right of complaint to the Guarantor Authority.

HOW TO EXERCISE YOUR RIGHTS

You can exercise your rights at any time by sending:

COMPLAINTS

To file a complaint regarding the processing of personal data, the customer can contact the Italian Data Protection Authority using the following link: http://www.garanteprivacy.it/home/footer/contatti


This document, published at the address

www.poly3.it/privacy-policy

constitutes the ‘Privacy Policy’ of this site and may be subject to updates.