(Code on personal data protection)
This information notice describes the methods and purposes of the processing of personal data of users who access and use the website www.uniform.it (hereafter, also only “Site”), in compliance with the current legislation on the protection of personal data.
This information notice is provided only for the Site and the subdomains related to it and not also for third-party websites accessible through hyperlinks (links) contained in the Site, which the Data Controller is in no way responsible.
1. Data Controller.
The Data Controller is UNIFORM S.p.A. (hereafter, the “Company”) located in Viale dell’Agricoltura, 36 – 37046 – MINERBE (VR), Tax Code and VAT number 02338730233.
2. Nature of the provision of data.
The provision of personal data concerning you and which the company holds/or will hold, marked with the mandatory asterisk, are essential for the performance of the requested service. Any refusal to communicate the data will make it impossible to execute the service correctly. All data that does not bear the asterisk must be considered optional and their omission does not imply any impediment
3. Types of data processed and purpose of the processing.
No registration is required to access the Site. However, there are sections within the Site that require registration or the use of username and password, or services for the use of which it is required to provide one’s data (e.g. your data may be required to access the Newsletter service, Contact Form, Restricted Area, etc.).
The processing operations are carried out with reference to common personal data. The types of data being processed include, in particular:
I. data such as name, surname, company, email and telephone. These data will be used, with the consent, for the sole purpose of receiving and processing requests for information from visitors to the Site;
II. navigation data, collected using automatic methods, exclusively for the purpose of obtaining aggregated and anonymous statistical information related to the use of the Site (including, without limitation, IP addresses, navigation hours, geographical data and other parameters related to the operating system and to the user’s computer environment); however, such information could, even through processing and/or associations with other data, held by the provider or third parties, allow the identity of the user to be traced;
III. data voluntarily submitted by the user, including, in particular, the data provided by sending e-mails to the e-mail address firstname.lastname@example.org indicated on the Website. The data provided by the user can be acquired and stored by the owner, in electronic form, for the purposes related to their collection via the Site. The optional and voluntary sending of e-mails to the address indicated on the Website, in particular, involves the acquisition and consequent processing of the sender’s address and any other personal data present in the message, to the extent necessary to provide feedback to the Party concerned.
4. Modalities and duration of the processing.
The personal data being processed are treated, even with electronic instruments, for a period of time not exceeding that strictly necessary to achieve the purposes for which they were collected.
Processing operations are carried out in such a way as to guarantee the security of the data and the systems. Specific security measures are adopted in order to minimize the risk of destruction or loss, even accidental, of the data itself, from unauthorized access, processing that is not permitted or does not comply with the purposes indicated in this information notice. The security measures adopted, however, do not allow the absolute exclusion of the risks of interception or compromise of personal data transmitted via electronic means. It is therefore recommended to check that the device in use is equipped with software systems suitable for the protection of data transmission, both incoming and outgoing (such as, for example, updated antivirus systems, firewalls and spam filters).
5. Communication and dissemination of data.
In any case, personal data will be communicated, disseminated, assigned or otherwise transferred to third parties for illicit purposes and, in any case, without giving suitable information to the parties concerned and acquiring the consent, where required by law. Without prejudice to any communication of data at the request of the judicial authority or public security, in the manner and in the cases provided by law. Personal data will not be transferred abroad, to countries or international organizations not belonging to the European Union that do not guarantee an adequate level of protection, recognized, pursuant to art. 45 of the GDPR, on the basis of an adequacy decision of the EU Commission. In the event that it becomes necessary for the provision of the Site services, the transfer of personal data to countries or international organizations outside the EU, for which the Commission has not taken any decision of adequacy pursuant to art. 45 of the GDPR, will take place only in the presence of adequate guarantees provided by the country or by the recipient organization, pursuant to art. 46 of the GDPR and on the condition that the parties concerned have rights to action and effective remedies. In the absence of an adequacy decision by the Commission, pursuant to art. 45 of the GDPR, or adequate guarantees, pursuant to art. 46 of the GDPR, including the binding corporate rules, cross-border transfer will take place only if one of the conditions indicated in art. 49 of the GDPR.
6. Rights of the Data Subject.
The interested party is granted the right to access their personal data, to request correction, updating and erasure or limitation, if incomplete, erroneous or collected in violation of the law, as well as to object to the processing for legitimate reasons or obtain portability.
The data subject, in particular, has the right to obtain confirmation of the existence or not of personal data concerning him/her, even if not yet registered, and their communication in an intelligible form.
The interested party also has the right to obtain the indication:
a) of the purposes and methods of the processing;
b) of the logic applied in case of processing carried out with the aid of electronic instruments;
c) of the identification details of the Data Controller, the Data Processor and the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as authorized to process.
The data subject has the right to obtain:
a) updating, rectification or integration of their data;
b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept in relation to the purposes of the processing;
c) the limitation of processing, when one of the hypotheses referred to in article 18 of the GDPR occurs;
d) certification that the operations referred to in letters a), b) and c) have been brought to the attention of those to whom the data have been communicated or disseminated, except in the case where this fulfilment proves impossible or involves a use of means manifestly disproportionate to the protected right;
e) the transmission of data concerning him/her, provided to the Data Controller and processed on the basis of the expressed consent of the data subject for one or more specific purposes, in a structured format, commonly used and readable by automatic device. Pursuant to art. 20 of the GDPR, the data subject also has the right to send such data to another Data Controller without impediments and, if technically feasible, to obtain the direct transmission of personal data from one controller to the other.
f) if the processing is based on consent, withdraw consent at any time (pursuant to article 7, paragraph 3 of the GDPR);
The data subject has the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
c) automated decision-making processes that significantly affect him/her.
Without prejudice to any other administrative or judicial appeal, the Data Subject has the right to lodge a complaint/report/appeal with a supervisory authority, in particular in the Member State in which he/she normally resides, works or the place where the alleged violation has occurred.
7. Exercise of rights.
The foregoing rights are exercised with a request addressed to the Data Controller, by sending an email to email@example.com. The request is formulated freely and without formalities by the interested party, who has the right to receive appropriate feedback within a reasonable time, depending on the circumstances of the case.
The data subject may use, for the exercise of his/her rights, non-profit organizations, organizations or associations, whose statutory objectives are of public interest and who are active in the field of protection of the rights and freedoms of the data subjects with regard to the protection of personal data, conferring, for this purpose, a suitable mandate. The data subject may also be assisted by a trusted person.
You can receive more information on the purposes and methods of processing personal data by writing to the e-mail address firstname.lastname@example.org and specifying “Privacy” in the subject.
To know your rights, propose a complaint/report/appeal and always be updated on the legislation on the protection of individuals with regard to the processing of personal data, the data subject can contact the Authority for the protection of personal data, consulting the website at http://www.garanteprivacy.it/.
8. Review clause.