Privacy Policy pursuant to article 13 EU Regulation 2016/679
Reference regulations
- EU Regulation No. 679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of personal data (hereinafter “EU Regulation”)
- Legislative Decree No. 196 of June 30, 2003 (hereinafter “Privacy Code”), as amended by Legislative Decree No. 101 of August 10, 2018
- Recommendation No. 2 of May 17, 2001 on the minimum requirements for online data collection in the European Union, adopted by the European Data Protection Authorities, meeting in the Working Party established by Article 29 of Directive No. 95/46/EC (hereinafter “Recommendation of the Working Party under Article 29”)
Var Group S.p.A. (hereinafter also “the Company”), a corporation belonging to the entrepreneurial group SeSa S.p.A., with registered office in Via Piovola 138, Empoli (FI), VAT No. 03301640482, wishes to inform users about the terms and conditions applied by the Company to the data processing operations. This policy is related to the personal data of users who proceed to consult and use the Company's website, responding to the following domain: www.vargroup.com
The Company acts as “Data Controller,” i.e. “the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data.” Specifically, the processing of personal data may be carried out by individuals specifically authorized to carry out processing operations on users' personal data and, for this purpose, duly instructed by the Company. In application of the regulations on the processing of personal data, users who consult and use the Company's website are “data subjects,” meaning the natural persons to whom the personal data processed relate.
It should be noted that the policy does not extend to other websites that may be consulted by users through links, including Social Buttons, on the Company's website. In particular, Social Buttons are digital buttons or direct links to Social Network platforms (such as, but not limited to, LinkedIn, Facebook, Twitter, YouTube). By performing a click on such links, users will be able to access the Company's social accounts. The Social Networks, to which the Social Buttons refer, operate as autonomous Data Controllers; consequently, any information regarding the methods by which said Data Controllers carry out processing operations on users' personal data can be found in the relevant Social Network platforms.
1. Personal data processed
The Company may process the following users' personal data:
a. Navigation data: the computer systems and software procedures used to operate this website acquire, during normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with personal data held by third parties, allow users to be identified. This category of personal data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These personal data are used only to obtain anonymous statistical information on the use of the website and to check its correct functioning.
Browsing data do not persist for more than 12 months, without prejudice to any need to ascertain crimes by the judicial authorities.
b. Personal data voluntarily provided: the optional, explicit and voluntary transmission of personal data to the Company, in the forms on the website, entails the acquisition of the email address and all further users' personal data required by the Company to comply with specific requests.
With reference to the processing of personal data provided in the contact form placed on this website, please refer to the relevant “contact form policy”.
2. Purpose and legal basis for the processing of personal data
Regarding the personal data referred to in point 1), let. a) of this policy, users' personal data are processed, automatically and “obligatorily”, by the Company in order to enable browsing; in this case, the processing is carried out on the basis of a legal obligation to which the Company is subject, as well as on the basis of the Company's legitimate interest in ensuring the proper functioning and security of the website; therefore, the express consent of the users is not necessary.
With regard to the personal data referred to in point 1), let. b) of this policy, the processing is carried out to provide information or assistance to users; in this case, the processing is based on the execution of specific requests and the fulfillment of pre-contractual measures; therefore, the express consent of users is not necessary.
3. Nature of the provision of personal data
Without prejudice to what has been specified for navigation data in relation to which the provision is obligatory as it is instrumental to the navigation of the Company's website, users are free to provide or not personal data in order to receive information or assistance from the Company.
With reference to the processing of personal data provided in the contact form placed on this website, please refer to the relevant “contact form policy”.
4. Methods and duration of the processing of personal data
Processing of personal data is carried out by individuals authorized to process them, specifically identified and trained for this purpose by the Company.
The processing of the users' personal data is carried out using automated tools with reference to the access data to the pages of the website.
With reference to the processing of personal data provided in the contact form placed on this website, please refer to the relevant “contact form policy”.
In any case, the processing of personal data is carried out in full compliance with the provisions aimed at ensuring the security and confidentiality of personal data, as well as, among other things, the accuracy, updating and relevance of personal data to the purposes stated in this information.
Notwithstanding the fact that the browsing data referred to in point 1, let. a) do not persist for more than 12 months, the processing of personal data is carried out for the time strictly necessary to achieve the purposes for which they were collected or, in any case, according to the retention period provided for by law.
It should also be noted that the Company has adopted specific security measures to prevent loss, illicit or incorrect use of personal data and unauthorized access to them.
5. Recipients of personal data
Limited to the purposes identified in this notice, your personal data may be disclosed in Italy or abroad, within the territory of the European Union (EU) or the European Economic Area (EEA), for the fulfillment of legal obligations. For more information regarding the filling out of the contact form placed on this website, please refer to the relevant “contact form policy”.
Personal data will not be transferred outside the territory of the European Union (EU) or the European Economic Area (EEA).
Personal data will not be subject to dissemination and therefore will not be disclosed to the public or to an indefinite number of individuals.
6. Rights under Articles 15, 16, 17, 18, 20 and 21 of EU Regulation 2016/679.
Users, as data subjects, may exercise the rights of access to personal data provided by Article 15 of the EU Regulation and the rights provided by Articles 16, 17, 18, 20 and 21 of the same Regulation regarding rectification, erasure, limitation of processing of personal data, data portability where applicable and opposition to the processing of personal data.
The rights can be exercised by writing to the following address: [email protected]
If the Company does not provide feedback within the timeframe provided by the regulations or the feedback is inadequate, users may lodge a complaint with the Data Protection Authority (DPA).
Below are the contact details of the Italian DPA:
Garante per la Protezione dei Dati Personali
Fax: (+39) 06.69677.3785
Telephone: (+39) 06.69677.1
E-mail: [email protected]
7. Data Protection Officer
Data Protection Officer can be contacted at the company headquarters and at the following e-mail address:
E-mail: [email protected]