Corman S.p.A. firmly believes that transparency is the basis of the relationship with its customers and users. For this reason, it wishes to apply utmost clarity on how personal data is used.
The following describes how this website (hereinafter the “Website”) is managed, in relation to the processing of personal data of users who consult it.
This is a policy that is also provided pursuant to Article 13 of Regulation (EU) 2017/679“Protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereinafter the “GDPR”) to those who interact with the web services of Corman S.p.A., accessible electronically from [https://organyc-online.com/privacy-policy].
1 – Data Controller
The Data Controller is Corman S.p.A. (hereinafter the “Company” or “Corman” or the “Controller”), with registered office in Via Liguria, 3 – 20084 Lacchiarella (MI) and which may be contacted by e-mail at: firstname.lastname@example.org.
2 – Place of personal data processing and data processors
Processing related to the Website’s web services takes place at the Company’s headquarters and is managed only by technical personnel of the department in charge of processing pursuant to Article 29 of the GDPR.
For the various specific services, the related data may be processed by specialised companies, which may be appointed as data processors pursuant to Article 28 of the GDPR.
The full list of data processors can be requested at email@example.com.
4 – Type of data processed
4.1 Browsing data
During normal operation, computer systems and software procedures that serve to keep the Website operational acquire certain personal data, whose transmission is implicit in the use of Internet communication protocols.
This information is not gathered in order to be associated with specific data subjects but it could, by its nature, enable users to be identified by means of processing and association with data held by third parties.
This category includes IP addresses or the domain names of computers used by users who connect to the Website, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time the request is made, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the response status from the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.
This data is used for the sole purpose of obtaining anonymous statistical information on Website usage as well as to verify its proper operation; it is deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical cyber crimes against the Website. The legal basis for the processing is the legitimate interest of the Data Controller in the proper functioning of the Website and the provision of browsing data is necessary to access the Website.
4.2 Data provided by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this Website entails subsequent acquisition of the e-mail address of the sender, which is necessary in order to respond to requests, as well as any other personal data included in the message.
5 – Purpose and legal basis of data processing
Without prejudice to that specified for browsing data in point 4.1), personal data provided by users through the Website is processed for the following purposes:
- allow the performance of operations strictly related and instrumental to the management of relations with users, such as – by mere way of example – the response to queries received with contact forms or through the e-mail address provided on the Website;
- allow the proper performance of contractual obligations taken by the Company towards users and customers and vice versa, as well as the resulting accounting and tax obligations;
- allow the fulfilment of obligations provided for by laws, regulations or EU legislation or by provisions issued by authorities empowered to do so by law or by supervisory and control bodies.
- purposes necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
- purposes of statistical research/analysis on aggregated or anonymous data, without therefore the possibility of identifying the user, aimed at measuring the functioning of the Website and its operational functions, including the resolution of any technical problems.
The legal basis for the processing of personal data for the purpose pursuant to point a) is the performance of pre-contractual measures adopted at the request of the data subject, for the purpose pursuant to point b) is the performance of an existing contract with the Company, for the purpose pursuant to point c) is the fulfillment of legal obligations, and for the purpose pursuant to point d) is the pursuit of a legitimate interest of the Company. In such cases, provision of data by the data subject is mandatory and, in its absence, it will not be possible to respond to the request made or perform the contract to which it relates. Regarding the purpose pursuant to point e), this does not involve the processing of personal data.
6 – Third-party advertisers and links to other websites
The Corman Website may include third-party advertisements and links to other websites and applications through which services and products may be purchased. Third-party advertising partners may collect information about the user when the latter interacts with their content, advertising, and services.
7 – Processing methods and retention periods
Personal data is processed using automated electronic means and devices only for the period of time that is strictly necessary to achieve the purposes for which such data was gathered.
Specific security measures are used to prevent the loss or unlawful or incorrect use of data, as well as unauthorised access thereto.
8 – Rights of data subjects
As provided for by Article 13 of the GDPR, users may at any time:
- ask the Controller for access to their personal data and rectification or erasure of the same or limitation of processing of data that concerns them;
- object to the processing of personal data;
- exercise the right to data portability;
- if provided, withdraw consent at any time without prejudice to the lawfulness of data processing carried out based on consent provided prior to withdrawal;
- lodge a complaint with a supervisory authority.
The rights described above in points a), b), c) and d) may be exercised by a request addressed without any particular formalities to the Controller at the following address: firstname.lastname@example.org.
9 – Amendments
This policy Rev.01 was issued on [04/07/2023] date from which it is effective.