Information and consent of personal data processing
Interested persons: Customers and company website visitors
CAEN SpA – headquartered in via Vetraia, 11 – 55049 Viareggio (LU), Tel. +39 0584 388 398 – firstname.lastname@example.org, for the purpose of the GDPR (Regulation EU 2016/679), is the data controller of your personal data. With this document we inform you that we will process your personal data according to honesty, lawfulness, transparency and privacy principles.
Your personal data will be processed according to the aforementioned regulation and to the privacy obligations required by the same. The involved websites are:
- www.caen.it and its aliases, www.caen-de.com (hereinafter the”SITES(1)”)
- www.caen-russia.com (hereinafter the “SITES(2)”)
Website security precautions: For the purpose of the website management we adopted specific security precautions aimed to assure the user with safe access and to protect the information contained in the website from loss or cancellation, even unintentional.
We assign a user name and a password to the companies requiring access to the website reserved area. The passwords are generated with a method ensuring that they do not contain any reference to data easily referred to the user with the aim to avoid any abuse. The user is committed to maintain his own password confidential.
Purpose of the data processing: your data will be processed for the purposes described in the following paragraphs. If related to legislative or contractual obligations it will be enough to read this policy, if related to other purposes, the provision of data will be optional for you and your refusal to the data processing does not compromise the continuation of the relationship or the adequacy of the data processing itself.
User’s data are collected to allow us to provide our services to you and for the following purposes: contacting the user, sending email messages, interactions with social networks, statistical purposes and showing contents using external platforms.
The types of personal data used for each purpose are indicated in the specific sections of this document. Personal data collected through this site refer to:
1. Navigation and usage data, cookies
2. Data provided voluntarily by the user
Collected personal data may refer both to the user and to third parties to whom the user provides the data.
The user assumes the responsibility of the personal data of third parties published or shared through the site and guarantees to have the right to communicate or disseminate them, releasing the data controller from any liability to third parties.
For the purposes of the following data processing, the Data Controller may become aware of sensitive or judicial data as defined by the Privacy Code, when necessary for the purposes specified below, and in particular:
- Email address,
- Telephone number,
- Personal and/or invoicing data
- Any other data voluntarily disclosed by the user (e.g by a CV delivery)
Your sensitive data being processed are only those strictly relevant to the obligations, tasks or purposes described above and will be treated in compliance with the instructions contained in the relevant general authorizations of the Italian Data Protection Authority (Garante per la protezione dei dati personali).
1. Navigation data.
The IT systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet communication protocols. This information is not collected to be associated with identified interested parties, but which by their very nature could, through data processing and in association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
Cookies are now essential tools as they allow modern sites to work at their best, allowing maximum customization, interaction and fluency in navigation. But they can also be used to monitor user browsing and then send advertising messages associated with this.
Cookies can be:
- Session cookies (if they expire when the browser is closed) or permanent cookies (if they remain until the expiration of a term, that could be even years);
- first-party or third-party cookies (in this second case they are set by a site or a webserver different from the one that the user is visiting at that time);
- technical cookies (sometimes needed for a complete or better use of the site) or profiling cookies (aimed to create a user profile then used to send advertising messages associated with the preferences expressed during previous navigations).
The Italian Data Protection Authority (Garante per la protezione dei dati personali) considers technical cookies the session cookies, the functional cookies and – only under certain conditions – the analytics cookies. In the provision of 8 May 2014, the Authority specified that analytics cookies can be assimilated to technical cookies only if used for the purpose of optimizing the site directly by the owner of the site itself, which can collect information in aggregate form on the number of users and how they visit the site.
For more information about the cookies types, features and how they work you can consult the websites http://www.allaboutcookies.org, www.youronlinechoices.com, http://cookiepedia.co.uk and the 8 May 2014 provision aforementioned.
2. Data voluntarily provided by the user.
Sending e-mails to the addresses indicated on the site
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this website entails the acquisition of the sender’s address, needed to reply to requests, as well as any other personal data included in the message.
Compilation of the data collection form (for information request)
Websites 1 and 2, on the “Contact” page, allow interested parties to request information by entering some personal data (such as name and surname, company name, e-mail address, country). These data will be processed manually and also through the use of IT tools by the specifically appointed personnel of CAEN SpA, exclusively to respond to the user’s request. The personal data introduced in the Form are divided into two categories: mandatory and optional, as shown in the procedure for requesting information. The provision of mandatory data and the related processing for the purposes indicated above are strictly functional to the execution of the request. The other data collected serve to help CAEN S.p.A. to offer an even better service. We point out that at any time you can exercise, directly addressing the Data Controller, the rights specified in the appropriate section called “RIGHTS OF THE INTERESTED”.
Website and newsletter subscription
Websites 1 and 2, on the “Subscribe to the Newsletter” page, allow interested parties to send the subscription to our newsletter along with any data (such as name and surname, e-mail address, country of origin). These data will be processed by CAEN S.p.A. for purposes related to the activities of sending commercial and event-related communications. The personal data introduced in the Form are divided into two categories: mandatory and optional, as shown in the procedure for requesting information. The data processing will be carried out with IT and telecommunication tools with methods strictly connected to the purposes indicated above. The data will be processed until the revocation of the explicit consent and will subsequently be deleted, unless otherwise indicated by the interested party. The provision of data is optional. The data will not be disseminated and will be processed exclusively for the aforementioned purposes by specifically appointed personnel. The interested party is required, after evaluation of the above, to provide us with confirmation of the acknowledgment of this information and its consent to the data processing (through confirmation by email and the affixing of a flag in the appropriate space below the data collection form). The interested party at any time can exercise, by contacting the Data Controller, the rights recognized by the current legislation regarding the protection of personal data.
Photos and video publication
Websites 1 and 2 allow interested parties to view their photos and videos, collected during tradeshows, events, projects or company visits. These data will be processed by CAEN S.p.A. for purposes related to the presentation of products or projects and to the organization of events. The data processing will be carried out with IT and telecommunication tools with methods strictly connected to the purposes indicated above. The data will be processed until the revocation of the explicit consent and will subsequently be deleted, unless otherwise indicated by the interested party. The provision of data is optional, you can request the removal from this site and from company archives. The data are to be disseminated only on this site and will be processed exclusively for the aforementioned purposes by specifically appointed personnel. The interested party is requested, upon evaluation of the above, to give us its consent to the data processing (through explicit request during the recording of photos and videos, in case of non-public events). The interested party at any time can exercise, by contacting the Data Controller, the rights recognized by the current legislation regarding the protection of personal data.
Data processing method: The data processing is carried out by adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or cancellation of Personal Data. In particular, the data processing is carried out by means of:
- IT tools, with organizational methods strictly related to the purposes indicated above;
- Entrusting data processing operations to third parties.
Each data processing is carried out in compliance with the procedures described in Chapter II of Regulation (EU) 2016/679.
Communication: your data will be will be stored at our office and will be communicated exclusively to the competent parties for the fulfilment of the services necessary for a proper management of the relationship, ensuring the protection of the interested party rights.
Your data will be processed only by personnel expressly authorized by the Data Controller and, in particular, by the following categories of persons in charge:
- Managers and administrative staff (reading, writing, communication, removal);
- Managers and IT staff (reading, writing, change, removal).
In addition to the Data Controller and the internal staff, in some cases, third parties (such as technical service providers, postal carriers, hosting providers, IT companies, communication agencies) may access to your data. Your data may also be disclosed to other third parties, in particular to:
- Constitutional bodies
- Consultants and freelancers
- Anyone who is a legitimate recipient of communications required by law or regulation.
Some of the above mentioned persons may not be in Italy because of the multinational nature of our company, so your personal data may be transferred abroad, even outside the European Union in countries that do not guarantee an adequate level of personal data protection according to the standards established by Italian and European legislation on personal data protection. Personal Data may be transferred abroad only in relation to professional information and only for purposes that are instrumental to your work at the Company or related to company activity. The Data Controller is responsible for verifying the compliance of the aforementioned persons with national and European legislation regarding the data processing of personal data.
Dissemination: personal data, without prejudice to the absolute prohibition to disclose the data suitable for revealing the state of health, may be disseminated, according to the procedures described above, to:
- No one.
Data retention: Data processing related to the web services of this website take place at the company headquarters and are handled by technical staff in charge of data processing.
Your personal data will be stored, in the manner indicated above, for the minimum time required by the legislative and contractual nature or until the request for cancellation by the interested party. At the time of collection, the data will be stored in specific folders on the company management systems and/or in paper archives. At the time of cancellation it is possible that the data are still stored in anonymous form.
Interested parties rights: The persons to whom the personal data refer have, at any time, the right to obtain confirmation of the existence or not of the same data and to know its content and origin, verify its accuracy or request its integration or updating, or correction.
You also have the right to obtain from the Data Controller the cancellation, communication, updating, correction, integration of personal data concerning and, in general, exercise all the rights provided by Chapter III of the GDPR, Articles 12 to 23, including the right to issue a complaint to the supervisory authority.
Further information on data processing:
Defense in court
The User’s Personal Data may be used by the Data Controller to defend the website in court or in the stages leading to its eventual establishment, from abuses in the use of the website or its related services by the User.
Specific information could be presented on the pages of the Website in relation to particular services or processing of the data provided by the user or by the interested party.
User’s personal data can be processed with additional methods and purposes related to the website maintenance.
For needs related to operation and maintenance, this website and any third party services used by it, may collect system logs, which are files that record the interactions – including navigation – and that may also contain personal data, such as the IP address.
Information not contained in this policy
Further information related to the processing of Personal Data can be requested at any time to the Data Controller.
Link to third-party sites
CAEN S.p.A. is not responsible for the processing of personal data that may be carried out by and through websites to which this website refers via links.