SUBJECT: Information pursuant to and for the purposes of articles 13 and 14 of the GDPR 2016/679 and of the national legislation in force relating to the protection of the processing of personal data.
With this information B&CO OUTDOOR SRL provides the interested party with the information referred to in Articles 13 and 14 of the GDPR 2016/679 regarding the processing of personal data concerning him.
The Data Controller is B&CO OUTDOOR SRL, with headquarters in Via Brescia, 2 - 36040 Torri di Quartesolo (VI).
Purpose and legal basis of the processing.
The collection and processing of personal data are carried out in order to conduct the supply of the application software of B&CO OUTDOOR SRL, for the display and management of data relating to its contracts as well as for the sending of reports relating to the supply; it is specified that the registration and creation of credentials is generated by the IT manager of B&CO OUTDOOR SRL and sent privately to the Customer (treatment necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted on request of the same pursuant to art.6 par.1 let.b) GDPR 2016/679).
The collection and recording of data will take place in compliance with the principles set out in art. 5 GDPR 2016/679, namely: for specific, explicit and legitimate purposes and in a manner compatible with these purposes, in the context of the processing necessary for the operation of the business; exactly and if necessary with the appropriate updates. So that they are relevant, complete and not excessive in relation to the collection purposes; so that their conservation is functional to the period of time necessary for the purpose for which they were collected and subsequently processed according to the GDPR 2016/679 and to the national legislation in force.
Personal data may be processed with the aid of both paper and electronic tools, or in any case suitable for recording and storing the data, and in any case in such a way as to guarantee its security and protect the maximum confidentiality of the data subject. Specific security measures will be observed to prevent data loss, illicit or incorrect use and unauthorized access in full compliance with art. 32 of the GDPR 2016/679 and of the national legislation in force.
Details on the processing of personal data in relation to some particular purposes
Hosting, housing and back-end infrastructure
This type of service has the function of hosting data and files that allow the Applications to function, allow their distribution and make available a ready-to-use infrastructure to provide specific functions of this Application.
Some of these services work through servers geographically located in different places, making it difficult to determine the exact place where Personal Data is stored.
OVHCloud (OVH Srl)
OVHCloud is a hosting service provided by OVH srl
Amazon Web Services (AWS) (Amazon)
Amazon Web Services is a hosting and backend service provided by Amazon.com Inc.
Non-continuous geolocation (This Application)
This Application may collect, use and share data relating to the geographical location of the User, in order to provide services based on the location itself.
Most browsers and devices provide tools by default to deny geo-tracking. If the User has expressly authorized this possibility, this Application may receive information on its actual geographical position.
The geographical location of the User occurs in a non-continuous manner, upon specific request of the User or when the User does not indicate the place where he is in the appropriate field and allows the application to automatically detect the position.
Personal data collected: geographic position.
The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data to contextualize and personalize the advertisements of its own advertising network.
Personal Data collected: Cookies and Usage Data.
Viewing content from external platforms
This type of service allows you to view content hosted on external platforms directly from the pages of this Application and interact with them.
In the event that a service of this type is installed, it is possible that, even if the Users do not use the service, it collects traffic data relating to the pages in which it is installed.
The Application interacts only with the B&CO OUTDOOR SRL website and management platform
Google Fonts (Google Inc.)
Google Fonts is a font style visualization service managed by Google Inc. that allows this Application to integrate such contents within its pages.
Widget Google Maps (Google Inc.)
Google Maps is a map visualization service managed by Google Inc. that allows this Application to integrate such contents within its pages.
Personal Data collected: Cookies and Usage Data.
Type of data processed
Among the Personal Data collected by this Application, either independently or through third parties, there are: company name, contractual and accounting data, e-mail address, geographical location, cookies and usage data.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Application.
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Application and guarantees to have the right to communicate or disseminate them, freeing the Owner from any liability to third parties.
Mandatory or optional nature of providing data and consequence of any refusal.
The provision of personal data necessary for the fulfillment of legal obligations, for the establishment of the contractual relationship or for its execution is mandatory. Failure to provide it will make it impossible to follow up on the requests of the interested party or to execute the contract.
The consent to the provision of personal data for information, promotional and / or marketing purposes is optional and, if given, it can be revoked at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation. In this case, failure to provide it will make it impossible for the undersigned to send you commercial communications
Place of Treatment.
The Data is processed at the Data Controller's registered office and operating offices and in any other place where the parties involved in the processing are located.
Without prejudice to the communications and dissemination carried out in execution of legal obligations, all data collected and processed may be communicated to:
Professionals and consultants, in particular subjects who provide services for the management of the information system and telecommunications networks (including e-mail);
Subjects who carry out treatments on behalf of the Data Controller as managers pursuant to art. 28 GDPR 2016/679, such as, by way of example and not limited to: subjects who provide services for the management of the information system and telecommunications networks (including e-mail). The complete and updated list of Managers is available to those entitled to do so upon request at the headquarters of the Data Controller
Subjects authorized to access data by current legislation and / or to whom data must be communicated in execution of legal obligations.
Personal data may be processed by employees and collaborators assigned to the competent offices of the undersigned, explicitly authorized to process the processing based on the provisions of art. 29 of the GDPR 2016/679 and by the national legislation in force.
Transfer of data abroad.
Personal data may be communicated and / or transmitted abroad only for the pursuit of the purposes referred to in this information, or for exclusively technical reasons related to the structure of the company Information System and / or the application of technical and organizational security measures. deemed suitable by the Data Controller (Article 32 GDPR 2016/679), and exclusively in compliance with articles 44 s.s. of the GDPR 2016/679.
Data retention times.
Without prejudice in any case to compliance with art. 5 GDPR 2016/679 ("conservation limitation principle"), the data will be stored in our archives according to the following parameters:
Data processed for the fulfillment of the obligations pursuant to art. 2220 of the Italian Civil Code: 10 years, without prejudice to any delayed payments of the fees that justify their extension;
Data processed for the fulfillment of anti-money laundering obligations: 10 years;
Data processed for information, promotional and / or marketing purposes: 24 months;
Data processed for purposes other than the above, as part of the contractual relationship and referred to in this information: until the expiry of the contract and / or the commercial supply relationship
In relation to the specific limitation periods provided for by the law, the data necessary for the assessment, exercise or defense of a right in court may be subject to longer retention times.
The verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically.
Rights of the interested party.
With regard to the personal data themselves, the interested party may exercise the rights provided within the limits and under the conditions set out in Articles from 15 to 22 of the GDPR 2016/679 and by the national legislation in force. In particular, the GDPR attributes to the interested party:
Right of access (Article 15 of the GDPR 2016/679);
Right to rectify inaccurate personal data and right to integrate incomplete personal parts (Article 16 of the GDPR 2016/679);
Right to cancellation (Article 17 of the GDPR 2016/679);
Right to limit the processing (Article 18 of the GDPR 2016/679);
Right to request the recipients to whom any corrections or cancellations or limitations of processing have been communicated (Article 19 of the GDPR 2016/679);
Right to data portability (Article 20 of the GDPR 2016/679);
Right to object (Article 21 GDPR 2016/679);
Right not to be subjected to a decision based solely on automated processing (Article 22 of the GDPR 2016/679).
In the event of signing any form of consent to the processing, it should be noted that the interested party can revoke it at any time, without prejudice to the mandatory obligations provided for by the legislation in force at the time of the revocation request, by contacting the Data Controller at the following address by e-mail: email@example.com.
Right of Complaint
The interested party who deems that the processing of personal data is in violation of the provisions of the GDPR 2016/679 has the right to lodge a complaint with the supervisory authority of the State of the European Union in which he habitually resides, works, or of the place in which the alleged violation has occurred, as required by art. 77 GDPR 2016/679, or to take the appropriate judicial offices.
Torri di Quartesolo, 30/11/2021