INFORMATION ON THE PROCESSING OF PERSONAL DATA

This information complies with Article 13 Regulation (EU) 2016/679 (GDPR), the law which protects the personal information of anyone who interacts with the web services of Apinox Srl, which can be accessed from any computer at the following address: www.apinox.it, which is the main page of the website.

This page describes only how the official website of the company is managed, but not other external websites which can be consulted by the user through links. 

Further information could be provided inside different access channels, divided according to the subject matter. Other information could be found inside the website in relation to specific services.  

Data controller: Apinox Srl Via Bradolini, 21 - 31020 castello Roganzuolo di S.Fior (TV)

Contact details: privacy@apinox.it

After the above mentioned retention times, the Data will be destroyed, cancelled or made anonymous, according to the technical procedures of removal and backup.

Type of Processed Data and Collection Methods

Navigation Data - Log files

It is possible to access the website without the user being asked to provide any personal data. During their normal operation, the computer systems and the applications dedicated to the functioning of this website detect some data (the transmission of which is implicit in the use of Internet communication protocols) that are not associated with directly identifiable users. The collected data include the IP addresses of the users connecting to the website, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request and the numerical code indicating the status of the response given by the server (good end, error, etc.).

This is information that does not provide personal data of the user and that is not collected to be associated with identified data subjects. It is technical / informatic data collected and used in an aggregate and anonymous wayfor the purpose of verifying the correct functioning and monitor the security of the website, of improving the quality of the service and providing statistics concerning the use of the website and of being able to ascertain the responsibility in case of hypothetical computer crimes against the website.

Data provided voluntarily by the user

The voluntary and explicit sending of e-mails to the addresses mentioned in the different access channels of this website entails the subsequent acquisition of the address and data of the sender / user, necessary to respond to the requests produced and / or to provide the requested service. However, it ensures that this processing will be based on principles of correctness, lawfulness, transparency and protection of confidentiality as indicated in the GDPR. In any case, before proceeding with the activation of a certain service, adequate information will be provided and, when necessary, the relative consent to the processing of personal data will be acquired. This consent may be revoked at any time, causing the use of the service in question to lapse.

The lack of consent or revocation of the same does not imply any consequence, except for the impossibility of using the website and / or receiving the requested service or obtaining more detailed information about the activities of the Company.

In any case, if necessary, the processing of personal data may be carried out for the pursuit of a legitimate interest of the owner or on the basis of a legal obligation. In particular, obtaining the consent for the processing referred to in the previous point regarding navigation and log data is not necessary, as the data are treated as responding to a legitimate interest (Recital 47 of the GDPR)

Supply of data

Besides what has already been specified about navigation data, the supply of personal data by the interested party for the purposes described in the previous paragraph is to be considered optional. Failure to provide data may make it impossible to use certain services provided by the website.

Methods of data processing

Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they are collected, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 of the GDPR and in compliance with the mandatory time limits prescribed by law. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

Communication and / or dissemination of data

users' data, which are subject to processing, will not be disclosed but may be transmitted to companies contractually linked to the firm, in accordance with and within the limits of the GDPR. The collected data will be stored in servers placed in the European union. It is understood that, if necessary, the Data Controller can move the servers also outside the EU. In such case, the Data Controller guarantees that the transfer of the data outside the EU, subject to drafting of the standard agreement clauses established by the European Commission, will happen according to the relevant legal provisions and the user will be informed about it.

The data can be transmitted to third parties of the following categories:

• people providing services for the information management system and the telecommunication network (including email) used by the company;
• offices or companies for assistance or consultancy;
• upon request, competent authorities for fulfilment of law obligations and/or provisions of public bodies.

The individuals belonging tothe aforementioned categories are either to carry out the duties of external data processing managers, or to work completely independently as data processing officers in their own right. The list of these individuals is constantly updated and is available at the website of the company. Any further communication and diffusion will be subject to the user's explicit approval.

Possible Existence of an Automated decision-making process

The Data Controller informs the involved users that in this website there is no automated decision-making process, therefore there is no profiling system.

Minors

This website is not intended for persons under the age of 16 and the Data Controller does not intentionally collect personal information on minors. In the event that information on minors were unintentionally registered, the Data Controller will delete them in a timely manner at the request of the users.
 

Rights of the data subject  

The data subjects have the right to request information from the company regarding the processing of personal data by email at: privacy@apinox.it.

• Right of access: we are transparent about the data we collect and about the use we make of them. In order to gain access to the information you can contact us by email at any time.
• Right to rectification: you have the right to obtain the rectification of inaccurate or incomplete information and ask for the update and/or modification of it.
• Right to erasure: you can send an erasure request of all your personal data and we will process your request within 30 days.
• Right to processing restriction: you have the right to ask the Data Controller to limit the processing of your data.
• Right to data portability:  at your request, we will export your data so that they can be transferred to third parties in a structured, commonly used and machine-readable format.
• Right to object: you can unsubscribe at any time from all the specific uses we make of your data (newsletter, automatic email, etc.)
• Right to lodge a complaint : if you think that your rights have not been respected, you can lodge a complaint with the competent authority according to the directions on the website: www.garanteprivacy.it or by mail at urp@gpdp.it