The European Regulation on the Protection of Personal Data (GDPR) Article 13, paragraph 1, imposes the obligation to inform the person concerned, in the event of direct collection of his/her data, about the fundamental elements of the processing, specifying them in § 1, letter a/f. We therefore inform the User that:
Data processing method
The personal data you provide will be processed in compliance with the above-mentioned regulations and with the confidentiality obligations that inspire the Controller’s activity. The data will be processed using both computerised tools and on paper or any other suitable type of support (e.g. cloud systems, digital storage and substitute storage systems, …), in compliance with the appropriate technical and organisational security measures envisaged by the GDPR.
Categories of data
The subject of the processing may be your personal data such as:
Automatically collected data. The computer systems and procedures used to operate the site acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. These data are processed for the sole purpose of obtaining statistical information on the use of the site and to check its correct operation.
Source of personal data
The personal data held by the Data Controller are collected directly from the data subject.
Purpose of data processing and legal basis
The purpose and legal basis of the processing of your data is:
1. For automatically collected data, the legal basis is the legitimate interest of the Controller and the purpose is to ensure and improve the web browsing experience.
2. For data provided voluntarily by the user, the legal basis is the fulfilment of a legal obligation and the purpose is to be able to send replies to specific requests made by the user.
Recipients of the data
Within the limits pertinent to the processing purposes indicated, your data may be communicated to duly trained internal staff of GRUPPO P&G SRL. Your data will not be disseminated in any way.
Transfer of data to third countries
The transfer of your data to a third country is not envisaged.
According to the principle of storage limitation (art.5, GDPR), a check on the obsolescence of the stored data in relation to the purposes for which they were collected is carried out periodically. In particular:
1. Automatically collected data are processed, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the site and to check its regular operation, including for security purposes or in accordance with the deadlines laid down by law.
2. The data provided voluntarily by the user will be kept for a period of time not exceeding the achievement of the purposes for which they are processed or according to the deadlines provided for by law.
Rights of the data subject
The data subject shall always have the right to request from the Controller access to his/her data, rectification or erasure of the data, restriction of processing or the possibility to object to processing, to request data portability, to withdraw consent to processing by asserting these and other rights under the GDPR by simple communication to the Controller. The data subject may also lodge a complaint with a supervisory authority.