This policy includes relevant information on the protection of your personal data processed by us through our website (hereinafter "Site"), as Data Controller, pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter "GDPR").
The Data Controller is Cartoprint S.p.A. with registered office in Via Roma, 107, 21042 Caronno Pertusella (VA), tax code 01550330631 (hereinafter “Titolare” o “Cartoprint”).
For the purposes indicated in this policy, the Controller will process the personal data that you voluntarily provide through the forms "Contact" and "Ask for more information on customisation" of the Site, such as personal data and contact details, as well as data collected automatically during navigation. .
Computer systems and software procedures used for the functioning of the Site may acquire, during their normal operation, some personal data, the transmission of which is an integral part of Internet communication protocols. This information is not collected to be associated with identified data subjects, but, by its very nature, might allow data subjects to be identified by processing and associating it with data held by third parties. Among the Personal Data of this category there are IP addresses or domain names of the devices used by users to connect to the Site, the URI (Uniform Resource Identifier) of the requested resources, time of the request, the method used to submit the request to the server, the size of the file received as a reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters regarding your operating system and device environment.
Personal Data provided by you
We collect your personal data and contact details that you voluntarily provide to us, such as your name, last name and e-mail address, to respond to your requests for information submitted through the forms "Contact" and "Ask for more information on Customisation" of the Site.
Purposes and legal basis for the processing
Personal data will be processed by the Controller to allow you to navigate on the Site and to check its proper functioning, as well as for the purpose of protecting our rights before the judicial authorities or in legal proceedings.
In relation to the purposes, the legal grounds for the processing are: the performance of a contract or pre-contractual measures in response to your request, and our legitimate interest.
Allow you to navigate the Site and check its proper functioning.
This processing activity is necessary for the performance of a contract or of pre-contractual measures in response to your request. The provision of personal data for this purpose is necessary to allow you to navigate on the Site and to check its proper functioning.
Manage and respond to your requests for information ii. received through the form "Contact" and "Ask for more information on customization" of the Site. This processing activity is necessary for the performance of a contract or pre-contractual measures in response to your request.
You are not obliged to communicate your data for the above-mentioned purpose, however, failing this, the consequence is the impossibility to follow up on your requests.
To exercise or defend a right before the judicial authorities or in legal proceedings.
This processing activity is necessary to pursue the legitimate interest of the Controller to exercise or defend its rights; the Controller has considered that this legitimate interest does not prejudice your rights and freedoms.
Methods of processing and data retention period
The processing of your personal data will be based on the principles of lawfulness, fairness, transparency, purpose limitation and storage limitation, data minimisation, accuracy, integrity and confidentiality, in accordance with the GDPR and current national legislation on the protection of personal data. Your data will be processed through computer and telematic means and are protected by adequate security measures to ensure confidentiality, integrity and availability.
We retain personal data only for the time necessary for the purposes for which they were collected or for any other legitimate related purpose. Therefore, if personal data are processed for two different purposes, we will retain the aforementioned data until the purpose with the longer term ends. In any case, we will no longer process personal data for that purpose for which the retention period has expired. Personal data that are no longer necessary, or for which there is no longer a legal basis for its retention, will be irreversibly anonymised (and thus can be retained) or deleted.
The browsing data are deleted after 7 days except for any possible detection of crimes by the judicial authority.
Personal data processed to manage and respond to your requests are stored for the entire period of time necessary to accomplish your request and then they are erased.
Where the data processing is necessary for the purposes of judicial protection, these data are stored for the period for which any claims may be pursued by law.
Categories of data recipients
Your personal data will be processed by persons authorised and trained to process data, who will operate in accordance with the principles of fairness, lawfulness and transparency and will protect the confidentiality of your data through adequate technical and organisational measures to ensure a level of protection adequate to the risk. In some cases, your personal data will be communicated to other parties who/which act on our behalf as data processors to whom specific instructions on the processing of your data have been given. You can request the list of the abovementioned parties to the Data Controller by writing to firstname.lastname@example.org, (e.g. companies that provide us with IT support services, cloud services, etc.).
In particular, your data may be communicated solely for the purposes specified above to the following recipients:
companies that provide us with IT support services for our systems;
companies that provide us with cloud services;
authorities to which the right of access is granted by law or regulations (e.g. law enforcement)
Transfer of data abroad
The Controller does not transfer personal data outside the European Union.
The Data Controller does not transfer personal data outside the European Union, in any case, where the Data Controller, due to any requirements related to the location of service providers, needs to transfer data outside the European Union to countries for which the European Commission has not issued an Adequacy Decision, the Data Controller undertakes to ensure adequate levels of protection and safeguards, including contractual ones, compliant with the applicable laws, including the adoption of standard contractual clauses pursuant to art. 46, par. 2, letter c) of the GDPR, supplemented if necessary by additional technical, legal and organisational measures necessary to ensure that the level of protection of personal data is equivalent to the one of the European Union.
Rights of Data Subject
In relation to the processing of your personal data you will always be able to exercise your rights under the GDPR (Articles 15-21):
obtain confirmation of the existence of your personal data and access to their content (right of access);
update, amend and/or correct your personal data (right to rectification);
request the erasure or restriction of processing of data processed in breach of law, including those that are no longer necessary in relation to the purposes for which data were collected or otherwise processed(right to erasure and right to restriction);
object to the processing at any time where the processing is based on our legitimate interest (right to object);
in the cases provided for, receive a copy of the data in electronic format concerning you rendered in the context of the contract and request that such data be transmitted to another data controller (right to data portability).
If you consider that the processing of your personal data through the website is in violation of the provisions of the legislation on the protection of personal data, you always have the right to lodge a complaint with the Italian Data Protection Authority for the protection of personal data or lodge a judicial remedy to the competent judicial authority.
Last update: April 2022
The icons reproduced in this policy were created by Maastricht European Centre on Privacy and Cybersecurity and disclosed by the Italian Data Protection Authority (www.garanteprivacy.it) in the form in which it has received from the authors. The icons are used here on the basis of the CC BY 4.0 license (of which the conditions are recalled), in the form in which they are published on the site of the Italian Data Protection Authority.