Personal data provided directly by the user to GEXCEL s.r.l. in the pages of the web sites www.gexcel.it and www.store.gexcel.it at the time of registration, filling out the contact forms and subsequently for using the services from time to time provided by GEXCEL s.r.l. will be processed in compliance with the provisions of Legislative Decree 196/2003 concerning the protection of personal data ("Privacy Code") and following the entry into force of EU Regulation no. 679/2016 ("GDPR") in accordance with the provisions of art. 13 of the aforementioned European Regulation.
GEXCEL s.r.l. is committed to protecting the privacy of users, in particular protecting personal information through security procedures that protect personal data against:
• Improper use or disclosure;
• The unauthorized modification;
• The loss or destruction caused by accidental or unlawful act;
• Unauthorized access.
This privacy statement explains data collection and use practices on this site; the following information therefore does not apply to other sites, products or services not provided by the owner of this site, online and offline, or to other Web sites accessed via links and/or activities carried out by third parties.
GEXCEL s.r.l. informs the user of the following:
Personal data processing means any operation, or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, even if not registered in a database, such as collection, registration, organization, structuring, storage, processing, selection, blocking, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
It is specified:
1. TREATMENT HOLDERS
The Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Registered Office: via Branze 45, 25123, Brescia (BS), Italy
Headquarters: via Branze 45, 25123, Brescia (BS), Italy
Chamber of Commerce of Brescia with VAT number and C.F. 02943490983
2. COLLECTION OF GENERAL DATA AND INFORMATION
The computer systems and software procedures, used to operate the site acquire, during their normal operation, some personal data (navigation data), whose transmission is implicit in the operation of Internet communication protocols. It specifies the holder of this site does not acquire the information.
Collected may be: name of the website, file, date and time of access to the internet site, quantity of data, browser type and version used, the operating system used by the accessing system, domain name of your internet service provider, the so-called referrer URL (the website from which an accessing system reaches our website), your Internet protocol address (IP address) and any other similar data and information.
The collection of this data is partially mandatory for delivering and providing the content of our website correctly. Furthermore, these anonymously collected data and information are analyzed statistically and used for optimizing our offer and technology.
We reserve the right to provide the server log files to the law enforcement authorities in case of suspicion of illegal use or cyber attacks.
The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
3. COLLECTION OF PERSONAL DATA
In order to use personalized services, we collect personal data of the user (first name, last name, email address, phone number, country, address) during registration/login/request by contact forms. The personal data we transmit and process is determined by the respective input mask used for registration.
The personal data entered by the user are collected and stored exclusively for internal use by the Controller and for his own purposes. The controller may request transfer to one or more processors (i.e. shipment service or local Gexcel's distributor) that also uses personal data for an internal purpose which is attributable to the Controller.
A user can provide to GEXCEL his/her personal data though a direct contact via e-mail or phone call. These personal data are stored by the Controller for the purpose of processing the user request and contacting the user.
The website system automatically stores the data subject's IP address as well as date and time of the registration. These data are not passed on to third parties unless there is a statutory obligation to pass on the data.
The registration of the user enables the Controller to offer the users contents or services that may only be offered after a specific request (quotation, product demo version, information, purchase, technical support, general help, etc.). The user is free to change the personal data at any time, or to have them completely deleted from the data stock of the Controller.
By filling out one of our website contact forms or after making the registration/order/purchase on our online store or after a direct contact, the user is inserted in our mailing list and automatically start receiving our newsletter: a service to inform customers, business partners and users about news and offers of GEXCEL. If the dedicated newsletter form is filled out, a confirmation e-mail will be sent to the e-mail address registered by the user for the first time for newsletter shipping. The personal data collected as part of the registration for the newsletter will only be used to send our newsletter and for information regarding the newsletter system itself. There will be no transmission of personal data to third parties.
The newsletter system automatically collects some data concerning the interaction with the newsletter content by the user. These personal data are stored and analyzed in order to optimize the shipping of the newsletter as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be transferred to third parties.
4. COMMUNICATION OF DATA AND POSSIBLE ADDRESS OF PERSONAL DATA
The personal data of the user may be disclosed to specific subjects, appointed by the owner of the supply of services that are necessary for the performance of the obligations connected to the user. In particular, the data may be communicated to:
1. persons, companies or professional offices, which provide assistance, advice or collaboration to the Data Controllers in accounting, administrative, legal, tax and financial matters;
2. subjects delegated and/or appointed by GEXCEL s.r.l. the performance of the activities or part of the activities related to the provision of sales services, such as Customer Service, even if managed in outsourcing; the logistics center responsible for packaging the products purchased by the user; the carriers responsible for delivering the purchased products; the subjects who perform on behalf of GEXCEL s.r.l. after-sales assistance and any other external collaborators to whom communication is necessary for the correct fulfillment of the obligations assumed by GEXCEL s.r.l. in relation to the contract for the supply of its services;
3. to Public Administrations for the performance of institutional functions within the limits established by law or by regulations.
5. LINKS TO THIRD PARTY SITES
7. WEB BEACONS
Web pages and our e-mail updates do not contain electronic images called "one pixel GIFs," "clear GIFs" or "pixel tags". On Web sites they allow us to count the number of users who have visited the pages. In promotional messages/e-mail newsletters allow you to count how many subscribers have read them. Web beacons allow us to obtain statistical data about the activities and features that most interest our customers to provide more personalized content. They are not used to access personal information without consent.
8. RIGHTS OF THE USER
The user (hereinafter also "interested"), pursuant to the provisions of art. 7 of the Privacy Code and art. 15 GDPR, is entitled to:
- obtain confirmation of the existence or not of personal data concerning him/her, even if not yet registered, and their communication in an intelligible form;
- obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) of the identification details of the Controller, the data processors and the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, managers or agents;
- obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment is it proves impossible or involves a use of means manifestly disproportionate to the protected right;
- to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning him / her, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party for direct marketing purposes through automated methods extends to the traditional ones and that in any case the possibility remains for the interested party to exercise the right of opposition even partially. Therefore, the interested party may decide to receive only communications using traditional methods or only automated communications or none of the two types of communication;
- ask the Owner to access personal data (art 15 GDPR), the correction (art 16 GDPR) or the cancellation (Article 17 GDPR) of the same, the limitation of treatment or to oppose their treatment (Article 18 GDPR );
- to revoke the consent at any time without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation;
- propose a complaint to the Guarantor for the protection of personal data.
9. PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After the expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
10. PROVISION OF PERSONAL DATA
The provision of personal data is partly required by law (i.e. tax regulations) or can also result from contractual provisions (i.e. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the user provides us with personal data, which must subsequently be processed by us. The Controller can clarify to the user whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.
11. DATA STORAGE
The data collected by GEXCEL s.r.l. are stored into dedicated servers:
- the www.gexcel.it website is on the OVH servers located in Canada.
- the www.store.gexcel.it e-commerce is on the BigCommerce servers located in United States (BigCommerce has self assessed under the conditions of the EU-US Data Shield agreement, which has been offered an adequacy decision by the Article 29 Working Party. This decision is currently understood to transition to the GDPR when it comes into force. Learn more)
- the newsletter service in based on MailChimp platform, with severs located in United States (MailChimp Privacy)
- the user's data, collected via websites or direct contact, stored in electronic form, are stored on a server owned by GEXCEL located in Italy, Via Branze 45, Brescia. In particular, the Controller declares that the data recorded on the server are protected against the risk of intrusion and unauthorized access and that security measures have been adopted to guarantee the integrity and availability of data as well as the protection of the areas and premises relevant to their custody and accessibility.
Personal data will be processed by collaborators and/or employees of the Controller as managers or processors, within the scope of their respective functions and in accordance with the instructions given by the Controller.
The Controller guarantees the highest level of security in the management of user data. Credit card information is stored only in encrypted format and according to the security requirements of the PCI certification. The Controller does not have access to confidential information relating to credit cards, which will be processed by intermediaries and card issuers in compliance with the Privacy Code.