PRIVACY POLICY
In accordance with European Regulation 2016/679 (articles 13 and 14) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR"), this Privacy Policy is provided for the management of the website www.iltrenodidante.it (hereinafter also “Site”) for all those who interact with the web services provided on the Site (hereinafter also “Users” or individually “User”).
In addition to the aforesaid legislation in force, specific reference is also made to Recommendation 2/2001 adopted by the European authorities for the protection of personal data, brought together in the Working Party established by article 29 of Directive 95/46/EC, adopted on 17 May 2001 to identify certain minimum requirements for collecting personal data on-line.
DATA CONTROLLER
The Data Controller is Il Treno di Dante s.r.l. (hereinafter “Controller”) in the person of its pro tempore legal representative, with registered office in Via Mengolina 22, 48018 Faenza, Italy.
PLACE OF DATA PROCESSING
Processing regarding the Site services is performed at the Controller’s aforesaid registered office. Data are processed using the servers of the hosting service providers of the Site, which is currently Executive Service Srl
PROCESSING METHODS
Personal data are processed using automated means for the time strictly needed to achieve the purposes for which they were collected. The Controller takes appropriate security measures to prevent the unauthorised access, disclosure, modification or destruction of the personal data. Data are processed using IT and/or telematic means, with organisational methods and logic strictly related to the purposes indicated. In addition to the Controller, in some cases, the following people may have access to the data:
- other individuals in the Controller’s organisation involved in the management of the Site (administrative, commercial, marketing and legal staff, system administrators);
- external individuals who perform duties strictly related to and instrumental in the operation of the service (such as third-party technical service providers, couriers, hosting providers, IT companies, communication agencies) who, if necessary, may be appointed Data Processors by the Controller. An updated list of the Data Processors may be requested in writing from our Privacy Department at the addresses given at the end of this Policy.
Personal information is not disclosed to other third parties without permission, except when required by law or an authority. They shall not be disclosed to third parties nor transferred to third countries or international organisations. Cloud-based services, however, may be used; in this case, service providers will be selected from those who provide appropriate safeguards as referred to in article 46 of the GDPR 679/2016 and never from outside the European Union.
MANDATORY OR OPTIONAL PROVISION OF PERSONAL DATA
Personal data may be provided freely by the User or, in the case of usage data, collected automatically when using this website. Full details of each type of data collected are given in specific information texts displayed before the data are collected.
The Controller will use the data provided voluntarily by Users to fulfil their requests. Users are not required to provide their personal data, however the Controller may not be able to fulfil their requests if they are not provided. To achieve the purposes referred to in this Privacy Policy and within the limits of what is strictly necessary, data shall be processed by the Controller and its employees, co-workers and/or other specifically appointed persons. Without prejudice to specific legal obligations, data shall not be transmitted to third parties and are not intended for disclosure.
- Data regarding User preferences expressed while visiting the Site;
- Data provided voluntarily by Users – identification information – to access specific services offered by the website; please see the special notices published in the relevant sections.
PERSONAL DATA PROCESSED
The following personal data may be processed during or after visiting this Site:
- User identification data, relating to identified or identifiable persons, such as, for example, name, surname, tax code, company, position, email address and telephone number;
- usage data, website, profession, nationality, company name, VAT number, address, fax number, state/province, post code;
- different types of data , town/city, business sector.
NAVIGATION DATA
During normal operation, the IT systems and software procedures used to run this Site collect personal data and transmission of such data is an inherent feature of Internet communication protocols. This information is not collected to be associated to identified individuals but it could, by its very nature, allow Users to be identified after being processed and matched with data held by third parties. This category of data includes IP addresses or the domain names of computers used by individual Users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to address the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful outcome, error, etc.) and other parameters relating to the User’s operating system and IT environment. Please note that the aforesaid data may be used to establish liability in the event of computer crimes detrimental to the Controller’s site or to other sites connected or linked to it.
PURPOSES OF THE PROCESSING
The Controller processes personal data for the following purposes:
- manage correct use of the Site;
- assess, in statistical and aggregate form, how Users use the Site;
- collect information regarding the choices made by Users during navigation;
- send commercial information in line with the preferences expressed by the User during navigation;
- ascertain any illegal conduct by Users causing damage to third parties or the Controller;
- manage purchase orders. The Controller collects and processes the User’s/Client’s personal data to receive and process purchase orders, to deal with any complaints that may be lodged after purchase and to provide the Client with the available services. These data are needed in order to manage purchase orders, also with our sales partners (for example logistics service providers, couriers, banks, etc.). To this end, a Reserved Area may be created for Client login: the personal data of the Client and those regarding his/her purchase orders are saved on the Controller’s system but shall not be freely accessible for security reasons. Clients shall treat their access data in a responsible manner and in accordance with the law and shall not disclose them to third parties. The Controller shall not in any way be liable for incorrect or improper use of credentials by the Client;
- for promotional purposes, to send information about items for sale on the website. By completing the contact form with their data, Users agree to their data being used to respond to requests for information, for quotations or of any other nature indicated on the top of the form. Personal data collected: post code, town/city, tax code, name and surname, email, address, country, fax number, telephone number, VAT number, profession, state/province, company name, business sector, different types of data. The Client’s email address will only be used within the limits of the applicable law, namely where necessary after the Client has given his/her consent. Clients will receive regular emails containing advice on purchases. These promotional messages can be interrupted free of charge by sending an email to privacy@bucci-industries.com, by calling the following number free of charge +39 0546 698000 or by clicking on the option “If you don’t want to receive this newsletter anymore, click here” found in every promotional email.
LEGAL BASIS FOR DATA PROCESSING
The Site processes personal data based predominately on User consent. Consent is given by completing the required fields or by using or consulting the Site, as conclusive behaviour. When using and consulting the Site, Users are first informed with specific notifications that show and refer to this Privacy Policy and request consent to process the personal data with the methods and for the purposes described. Further consent regarding the specific purpose of the service is collected through communication forms or forms for requests for services. The consent and, therefore, the provision of personal data is optional; Users can refuse to give their consent and may withdraw consent they have already given at any time (through the banner at the bottom of the web page or the cookie browser settings). Denying consent, however, may make it impossible to provide certain services and site navigation may be compromised. Therefore, unless otherwise specified, all requested data are mandatory. If the User refuses to provide the data, it may be impossible for the Site applications to provide the service. In cases where the Site indicates that data are optional, Users are free to refrain from giving said data, without this having any consequence on the availability or operation of the service. The use of cookies – or other tracking tools – by the Site or third-party services used, unless otherwise specified, is intended to provide the service requested by the User, in addition to the additional purposes described in this document and the Cookie Policy. The User assumes responsibility for the personal data of third parties obtained, published or shared through this Site and guarantees to have the right to communicate or disclose them, relieving the Controller of any liability towards third parties.
RETENTION PERIOD
Data shall be processed and stored for the time needed to achieve the purposes for which they were collected. Accordingly:
- Personal data collected for purposes related to the execution of a contract will be retained according to the provisions of the applicable law.
- Personal data collected for purposes related to the legitimate interest of the Controller will be retained until such interest is fulfilled. The User can obtain further information on the legitimate interest pursued by the Controller in the relative sections of this document or by contacting our Privacy Department.
When processing is based on User consent, the Controller may retain the personal data until consent is withdrawn. Furthermore, the Controller may be obligated to retain the personal data for longer to comply with a legal obligation or by order of an authority. At the end of the retention period, the personal data will be deleted. Therefore, when such a term lapses, the right to access, cancellation, rectification and portability of the data can no longer be exercised.
COOKIES
The aforesaid Recommendation (2/2001) defines cookies as “a computer record of information sent by a web server to a user’s computer for future identification of such computer at the time of future visits to the same website”. Cookies are text files which are automatically generated in the User’s computer after visiting some of the pages of the Site. Some of these files (session cookies) are automatically removed when the browser is closed, they are technical cookies which enable operation and safe and efficient navigation within the Site. They are valid for the navigation session. They are needed to use the Site and blocking them will prevent it from operating. This category also includes function cookies which help navigation and the service given to the User according to a series of criteria which he/she selects. It would not be possible to memorize the choices made by Users during navigation. Another type of cookie, on the other hand, is recorded and stored (permanent cookies) on the User’s computer (for example, to make the access procedure to the reserved area automatic, the User can choose that his/her user ID and password identification data be stored in one of these files). Another type are analytical cookies which are used to collect information, in aggregate form, on the number of Users and the way in which they visit the website. The aforementioned cookies can be installed directly by the site manager (first party) or by a different site that installs them through the first (so-called third-party analytical cookies). The last kind of cookies – profiling cooking – are used to send advertising messages, for example through personalised banners, in line with the preferences expressed by the User during navigation.
For more information about the use of cookies, please see the Cookie Policy
If Users prefer not to receive cookies, they can stop the Site sending them by configuring their browser. In some cases, however, use of some parts of the Site may depend on cookies being stored on the User’s computer.
DATA SUBJECT RIGHTS
Users may exercise their rights referred to in Chapter III of Regulation (EU) 2016/679. In particular Users have the right to:
- Withdraw consent at any time. The User may withdraw previously expressed consent to the processing of his/her personal data.
- Object to the processing of his/her data. The User may object to the processing of his/her data when it takes place on a legal basis other than consent.
- Access his/her data. The User has the right to obtain information about the data processed by the Controller, about certain aspects of the processing and to receive a copy of the processed data.
- Check and ask for data to be corrected. The User may verify the accuracy of his/her data and request it be updated or corrected.
- Obtain restriction of processing. When certain conditions are met, the User may request the restriction of processing of his/her data. In this case, the Controller will not process the data for any purpose other than retention.
- Obtain the deletion or removal of his/her personal data. When certain conditions are met, the User may ask the Controller to delete his/her data.
- Receive his/her data or have them transmitted to another controller. The User has the right to receive his/her data in a structured, commonly used and machine-readable format and, where technically feasible, to transmit those data to another controller without hindrance. This provision is applicable when data are processed with automated means and the processing is based on the User’s consent, on a contract which the User is a party of or on contractual measures connected to it.
Requests to exercise the aforesaid rights must be sent to the Controller at the following addresses:
by email to: info@iltrenodidante.it or by post to the address Treno di Dante s.r.l. Via Mengolina 22, 48018 Faenza, Italy
UPDATING THE PRIVACY POLICY
This Privacy Policy may be revised periodically in relation to the relevant regulations and law and any changes in the company’s processes. If there are significant changes in the policy, appropriate notice will be given well in advance on the Site or in the dedicated Newsletter.
Data subjects are invited to check this policy on a regular basis. To aid verification, the policy will give the date it was published on the Site.
Updated and published: 12/05/2022