Datenschutzerklärung

Die Nutzung unserer Webseite ist in der Regel ohne Angabe personenbezogener Daten möglich. Soweit auf unseren Seiten personenbezogene Daten (beispielsweise Name, Anschrift oder eMail-Adressen) erhoben werden, erfolgt dies, soweit möglich, stets auf freiwilliger Basis. Diese Daten werden ohne Ihre ausdrückliche Zustimmung nicht an Dritte weitergegeben. Wir weisen darauf hin, dass die Datenübertragung im Internet (z. B. bei der Kommunikation per E-Mail) Sicherheitslücken aufweisen kann. Ein lückenloser Schutz der Daten vor dem Zugriff durch Dritte ist nicht möglich. Der Nutzung von im Rahmen der Impressumspflicht veröffentlichten Kontaktdaten durch Dritte zur Übersendung von nicht ausdrücklich angeforderter Werbung und Informa-tionsmaterialien wird hiermit ausdrücklich widersprochen. Die Betreiber der Seiten behalten sich ausdrücklich rechtliche Schritte im Falle der unverlangten Zusendung von Werbeinformationen, etwa durch Spam-Mails, vor.

Quellverweis: eRecht24

 

WEBSITE PRIVACY POLICY

The company Sirap-Gema S.p.A., with registered office at Verolanuova, (hereinafter “Data Controller”) hereby informs you under Art. 13 of the European Regulation no. 2016/679 concerning the protection of individuals with regard to personal data processing (hereinafter "GDPR"), which came into force on 24 May 2016 and is applicable as from 25 May 2018 and Recommendation no. 2/2001 of the Working Group as per Article 29 (now, European Data Protection Board) of Directive 95/46/EC and provides you with some information as to the processing of your personal data while visiting the website www.vitembal.de (hereinafter “Website”).

Collection and processing of personal data

Browsing data

The computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Data Subjects, still it could allow the identification of users by their very nature, through processing and association with data held by third parties.

This category of data includes IP addresses or domain names of the computers used by users connecting to the Website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.),and other parameters relating to the user's operating system and computer environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and are deleted immediately after processing.

These data could be used to ascertain responsibility in case of computer crimes against the Website.

Data provided voluntarily

In some sections of the Website and in relation to specific services on request, you will be asked for some personal data. In this case, you shall be provided with a privacy notice pursuant to Art. 13 of GDPR as from 25 May 2018, relating to the processing of personal data in relation to the individual intended purposes.

Purpose and legal basis of the processing

The Data Controller shall process your personal data for the technical administration and operation of the Website as well as for the other purposes as indicated in the relevant sections or pages of the Website.

The legal basis for this personal data processing is of a contractual nature.

Method of processing

The personal data processing is based on principles of correctness, lawfulness and transparency. Personal data may also be processed through automated procedures intended to store, manage and transmit them and by means of appropriate technical and organizational measures to ensure, inter alia, the security, confidentiality, integrity, availability and resilience of systems and services thanks to the use of suitable procedures that avoid any risk of loss, unauthorized access, illicit use and disclosure.

Provision of data and consequences of any refusal

Without prejudice to the above information as to browsing data, the provision of data as to the services on request for further processing purposes is optional. Failure to provide such data may make it impossible to pursue these additional purposes.

Recipients

Your personal data shall be processed by the employees and collaborators of the Data Controller, acting as Persons in charge of the processing and/or Data Processors.

Your personal data shall also be processed by trustworthy companies which carry out tasks of a technical and organizational nature on behalf of the Data Controller. Such companies directly co-operate with the Data Controller and act as Data Processors. In particular, as part of the processing of data carried out through the Website, Sirap-Gema S.p.A has appointed the following Data Processor:

- the company Sirap-Gema S.p.A. which deals with the management and technical maintenance of the Website.

The list of Data Processors is constantly updated and is available upon request by sending a communication to the address below or an e-mail to: dpo@sirapgroup.com

Your personal data shall not be disclosed to third parties nor disseminated.

Data transfer in countries not belonging to the European Union

Your personal data shall not be transferred outside the European Union.

Your rights

In relation to the processing activities carried out by the Data Controller, you may ask Data Controller for access to your personal data, erasure of personal data, rectification of inaccurate data, integration of incomplete data, restriction of the processing in the cases set out in art. 18 of GDPR, and object, on grounds relating to his/her particular situation, to processing in the case of legitimate interests of the controller. Furthermore, without prejudice to any other administrative or judicial appeal, the Data Subject may personally lodge a complaint to the supervisory authority.

Also starting as from 25 May 2018, in addition to the aforementioned rights the Data Subject may also exercise also the right to data portability, as per Art. 20 of GDPR. In the latter case, the Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller to which the personal data have been provided.

These rights can be exercised by sending an e-mail to: dpo@sirapgroup.com or a written communication to the address indicated below and, in the case of portability, the Data Subject may request that the data be transmitted directly from the Data Controller to another data controller, where technically feasible and correctly identified.

Contact details of the Data Controller, Data Processor and Data Protection Officer

The Data Controller is Sirap-Gema S.p.A., in the person of its legal representative pro tem, with registered office at Verolanuova, phone +39 030 93681

The Data Processor is Sirap-Gema S.p.A.

Last updated: February 2018

 

 

NOTE: This document takes into account the recommendations provided for by the Group of European Supervisory Authorities , Working Party Article 29 (“WP29”), in the draft of the recent “Guidelines on transparency under Regulation 2016/679  (WP260)

It is hereby understood that this document is subject to amendments and supplements as a result of the publication of the final Guidelines, as well as additional Guidelines or WP29 Opinions, now European Data Protection Board (EDPB) .

************ CONTACTS NOTICE

  1. INTRODUCTION

Pursuant to Art. 13 of the European Regulation no. 2016/679 concerning the protection of individuals with regard to personal data processing (hereinafter "GDPR"), which came into force on 24 May 2016 and is applicable as from 25 May 2018, we hereby inform you that your personal data (hereinafter "Data") shall be processed by Sirap-Gema S.p.A (hereinafter “Company”) to reply to requests of information on the Company.

2.PURPOSE OF THE PROCESSING AND LEGAL BASIS

  1. The Data provided by you when completing the form shall be processed by the Company to reply to your requests for information.

The processing is therefore necessary to fulfil your request. The legal basis for this processing is therefore the performance of a contract which the Data Subject is a party of.

Pursuant to Art. 13, para. 2, letter e) of GDPR, we hereby inform you that the provision of Data marked with an asterisk in the data collection form is mandatory for the pursuit of the aforementioned purpose; therefore, any failure to provide such data shall not allow the Company to provide the requested information.

  1. Subject to your specific consent and until revocation thereof, the Data may be processed by the Company for commercial and/or promotional purposes, that is, by way of example, to send - with automated (such as SMS, MMS and e-mail) and traditional methods of contact (such as telephone calls and traditional mail) - promotional and commercial communications relating to the services/products offered by the Company, as well as the carrying out of market studies and statistical analysis.

In this case, the legal basis for this processing is therefore the consent.

It is hereby understood that consent to the processing of Data for the aforementioned purpose is purely optional; therefore, in the case of refusal of processing, the Data shall be processed for the sole purpose indicated in paragraph

2.1 of this notice.

3.METHOD OF PROCESSING

The processing is based on principles of correctness, lawfulness, transparency and data minimization (privacy by design); data may be processed either manually or through

automated procedures designed to store, process and transmit them and through appropriate technical and organizational measures, taking into account the state of the art and implementation costs, so as to guarantee, inter alia, the security, confidentiality, integrity, availability and resilience of systems and services and to avoid any risk of loss, destruction, unauthorized access or disclosure or, in any case, illicit use, as well as through reasonable measures to promptly cancel or correct inaccurate data with respect to the purposes for which they are processed.

4.DATA CONSERVATION PERIOD

4.1 The Data collected for the purposes indicated under section 2.1 shall be retained for 30 days to reply to individual requests for information. Once the aforementioned term has elapsed or, in any case, when requests have been fulfilled, your Data shall be destroyed or made anonymous.

4.2 The Data collected for the purposes indicated under section 2.2 shall be retained until withdrawal of your consent. That being the case, data shall be then destroyed or made anonymous.

5.PERSONAL DATA PROTECTION MODEL

5.1 The Company, as Data Controller, has prepared a model for the personal data protection and established roles and responsibilities as to data protection by identifying, in particular, the persons in charge each corporate organizational unit as those responsible for the performance of the model, limited to the processing which they are responsible for, in compliance with the applicable regulatory requirements ("Privacy Contact Persons").

5.2 Your Data may only be processed by the employees of the company functions authorized for the processing as they are responsible for the pursuit of the aforementioned purposes. These employees have been appointed as Persons in charge of the processing and have received adequate operating instructions in this regard.

6.CATEGORIES OF RECIPIENTS

6.1 The Data may be disclosed to persons acting as Data Controllers or processed, on behalf of the Company, by persons appointed as Data Processors, who are given appropriate operating instructions. These persons are essentially included in the following categories:

  1. companies performing the management and/or maintenance of the Website;
  2. supervisory and control authorities and any public entity entitled to request the Data;

     The complete and updated list of the Data Processors is available upon request by sending a communication to the address below or an email to [dpo@sirapgroup.com.

7.DATA SUBJECT'S RIGHTS

7.1 Pursuant to the GDPR and as from its date of application, Data Subjects are granted the rights referred to in Articles 15 to 22 of the GDPR, where applicable.

In particular, Data Subjects may ask the Data Controller to access or delete Data, correct inaccurate Data, supplement incomplete Data and limit processing in the cases provided for by Art. 18 of the GDPR1.

7.2 If the conditions for exercising the right to portability pursuant to Art. 20 of the GDPR 2 are fulfilled, the Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data Controller without hindrance, where technically feasible.

7.3 Data Subjects have the right to withdraw the consent given at any time for the purposes referred to in section 2.2 above.

7.4 Data Subjects have the right to lodge a complaint with the competent Supervisory Authority (in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement).

The aforementioned rights may be exercised by sending a communication by ordinary mail to Sirap-Gema S.p.A. with registered office at Verolanuova, to the kind attention of the Data Controller or by e-mail to sirapgemaspa@legalmail.it

8.DATA CONTROLLER IDENTITY AND CONTACT DATA

The Data Controller is Sirap-Gema S.p.A., in the person of its legal representative pro tem, with registered office at Verolanuova, e-mail address sirapgemaspa@legalmail.it, phone +39 030 93681.

                                                                                                                                                                                                                                                                                                                                                                                                                                     

1 Namely if:

the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data;

the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;

although the Data Controller no longer needs it for processing purposes, personal data are necessary for the Data Subject to ascertain, exercise or defend a right in court;

  1. the Data Subject objected to the processing pursuant to Article 21, para. 1, pending verification of the possible prevalence of the legitimate reasons of the Data Controller over those of the Data Subject.

2 And namely if the processing is based on consent pursuant to Art. 6.1 letter a) or Art. 9.2, letter a) or on the contract pursuant to Art. 6.1, letter b) of the GDPR and is carried out with automated tools.

 

NOTE: This document takes into account the recommendations provided for by the Group of European Supervisory Authorities , Working Party Article 29 (“WP29”), in the draft of the recent “Guidelines on transparency under Regulation 2016/679  (WP260)

It is hereby understood that this document is subject to amendments and supplements as a result of the publication of the final Guidelines, as well as additional Guidelines or WP29 Opinions, now European Data Protection Board (EDPB).

************ NEWSLETTER NOTICE

INTRODUCTION

Pursuant to Art. 13 of the European Regulation no. 2016/679 concerning the protection of individuals with regard to personal data processing (hereinafter "GDPR"), which came into force on 24 May 2016 and is applicable as from 25 May 2018, we hereby inform you that your e-mail address shall be processed by Sirap-Gema S.p.A (hereinafter “Company”) in order to send the newsletter containing information relating to the products offered by the Company (hereinafter “Newsletter”).

 

PURPOSE OF THE PROCESSING AND LEGAL BASIS

The e-mail address shall be processed to send, by e-mail, the Newsletter to those who request it explicitly by entering their e-mail address in the appropriate data collection form.

The processing is therefore necessary to receive the Newsletter. The legal basis for this processing is therefore the performance of a contract which you are a party of.

Pursuant to Art. 13, para. 2, letter e) of GDPR, we hereby inform you that the provision of the e-mail address for the aforementioned purpose is mandatory; therefore any refusal to provide it shall make it impossible for us to send you the Newsletter.

 

METHOD OF PROCESSING

The processing is based on principles of correctness, lawfulness, transparency and data minimization (privacy by design); data may be processed either manually or through automated procedures designed to store, process and transmit them and through appropriate technical and organizational measures, taking into account the state of the art and implementation costs, so as to guarantee, inter alia, the security, confidentiality, integrity, availability and resilience of systems and services and to avoid any risk of loss, destruction, unauthorized access or disclosure or, in any case, illicit use, as well as through reasonable measures to promptly cancel or correct inaccurate data with respect to the purposes for which they are processed.

 

DATA CONSERVATION PERIOD

The data collected shall be retained until you ask us to unsubscribe from the newsletter service. That being the case, data shall be then destroyed or made anonymous.

 

PERSONAL DATA PROTECTION MODEL

The Company, as Data Controller, has prepared a model for the personal data protection and established roles and responsibilities as to data protection by identifying, in particular, the persons in charge each corporate organizational unit as those responsible for the performance of the model, limited to the processing which they are responsible for, in compliance with the applicable regulatory requirements ("Privacy Contact Persons").

Your e-mail address may only be processed by the employees of the company functions authorized for the processing as they are responsible for the pursuit of the aforementioned purposes. These employees have been appointed as Persons in charge of the processing and have received adequate operating instructions in this regard.

 

CATEGORIES OF RECIPIENTS

The data may be disclosed to persons acting as Data Controllers or processed, on behalf of the Company, by persons appointed as Data Processors, who are given appropriate operating instructions. These persons are essentially included in the following categories:

  • companies performing the management and/or maintenance of the Website;
  • (legal, tax, etc.) consulting firms, independent professionals and auditing firms that support the Company in various ways, with particular reference to legal, tax, social security, accounting and organizational aspects;
  • supervisory and control authorities and any public entity entitled to request the Data;

The complete and updated list of the Data Processors is available upon request by sending a communication to the address below or an email to dpo@sirapgroup.com.

 

DATA SUBJECT'S RIGHTS

Pursuant to the GDPR and as from its date of application, Data Subjects are granted the rights referred to in Articles 15 to 22 of the GDPR, where applicable.

In particular, Data Subjects may ask the Data Controller to access or delete data, correct inaccurate data, and limit processing in the cases provided for by Art. 18 of the GDPR1.

                                                                                                                                                                                                                                                       

1 Namely if:

the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data;

the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;

If the conditions for exercising the right to portability pursuant to Art. 20 of the GDPR 2 are fulfilled, the Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data Controller without hindrance, where technically feasible.

Data Subjects have the right to lodge a complaint with the competent Supervisory Authority (in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement).

The aforementioned rights may be exercised by sending a communication by ordinary mail to Sirap-Gema S.p.A., with registered office at Verolanuova, to the kind attention of the Data Controller or by e-mail to dpo@sirapgroup.com

 

SERVICE CANCELLATION

To stop receiving the Newsletter, please enter your e-mail address in the appropriate box and click on "Unsubscribe" button.

If problems occur, please contact the e-mail address

sirapgemaspa@legalmail.it

 

DATA CONTROLLER IDENTITY AND CONTACT DATA

The Data Controller is Sirap-Gema S.p.A., in the person of its legal representative pro tem, with registered office at Verolanuova, e-mail address sirapgemaspa@legalmail.it phone +39 030 93681.

                                                                                                                                                                                                                                                      

although the Data Controller no longer needs it for processing purposes, personal data are necessary for the Data Subject to ascertain, exercise or defend a right in court;

the Data Subject objected to the processing pursuant to Article 21, para. 1, pending verification of the possible prevalence of the legitimate reasons of the Data Controller over those of the Data Subject.

2 And namely if the processing is based on consent pursuant to Art. 6.1 letter a) or Art. 9.2, letter a) or on the contract pursuant to Art. 6.1, letter b) of the GDPR and is carried out with a