Privacy policy
Pursuant to Regulation (EU) 2016/679 (hereinafter referred to as “GDPR” or “Regulation”), the following describes how the personal data of users viewing the website is processed
www.beantech.it
As a result of viewing the website listed above (and other websites owned by beanTech), data relating to identified or identifiable natural persons may be processed.
Data Controller
The Data Controller of personal data is BEANTECH S.R.L., VAT no. 02175740303 with registered office in Udine (UD), Via Ivrea 5 (hereinafter “BEANTECH” or “Controller”).
To exercise the rights recognised by REGULATION (EU) 2016/679 (hereinafter “GDPR” or “Regulation”) or to ask for any clarification regarding the processing of personal data, you can contact the Controller at the following numbers: tel. 0432.889787 – email privacy(@)beantech.it
Information on the types of processed data
Navigation data
The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.
Purpose and legal basis of processing
(Art. 13, 1, c)
|
This data is used for security reasons, to check the proper functioning of the site and to obtain statistical information (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.). The data could also be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site (legitimate interests of the Controller). |
Scope of communication
(Art. 13, 1, e, f) |
The data is processed exclusively by internal staff, duly authorised and trained to process it, and will not be disclosed to external parties, disseminated or transferred to non-EU countries. Only in the event of an investigation may it be made available to the competent authorities. |
Data retention period
(Art. 13, 2, a) |
Subject to the need for investigation in the event of illegal actions, the data will generally be retained for no longer than seven days. |
Transfer
(Art. 13, 2, f) |
The data is not conferred by the data subject but automatically acquired by the site’s technological systems |
Data provided voluntarily by the Data Subject
Purpose and legal basis of processing
(Art. 13, 1, c)
|
The Controller processes personal data voluntarily provided by the Data Subject for various purposes:
Legal basis for processing 1. Performance of a contract to which the Data Subject is party or the execution of pre-contractual measures taken at the Data Subject’s request: purpose no. 1. |
Scope of communication
(Art. 13, 1, e, f) |
Provision of data and consequences of refusal
Failure to provide the data indicated as “mandatory” in the specific forms will make it impossible to use the requested service. Failure to provide personal data for marketing purposes will make it impossible to receive the communications referred to in purpose no. 2. Only persons authorised to process data and persons who process data on behalf of the Data Controller and who have been appointed as Data Processors may access your personal data. These subjects are also bound to secrecy and confidentiality based on specific internal regulations. Personal data shall not be transferred or disseminated. |
Period of data retention
(Art. 13, 2, a) |
Personal data is processed for the time necessary to achieve the purposes for which it was collected or for any other legitimate related purpose. Therefore, if personal data is processed for different purposes, such data will be retained until the purpose with the longest retention period expires; however, such data will no longer be processed for those purposes whose retention period has expired. Personal data that is no longer needed, or for which there is no longer a legal basis for its retention, is irreversibly anonymised (or permanently deleted). For the sake of clarity, the personal data provided for purpose no. 1 will be retained for a period identified according to criteria of strict necessity according to the different purposes pursued and, in any case, in compliance with current legislation on the protection of personal data, the retention of accounting records and in accordance with the logic of protection of the Controller’s rights (limitation periods as set out in the Italian Civil Code). With regard to processing for marketing purposes, it is always possible to object to receiving further communications. |
Conferment
(Art. 13, 2, f) |
The conferment of personal data is necessary for the purposes of carrying out the activities listed in the points listed in the purposes and any manifestation of refusal (or withdrawal of consent) to the processing entails the impossibility of carrying out the same activities.
Failure to provide the data indicated as “mandatory” in the specific forms will make it impossible to use the requested service. Failure to provide personal data for marketing purposes will make it impossible to receive the communications referred to in purpose no. 2). |
Transfer of personal data to third countries
Data processed for the above purposes will not be transferred to third countries.
Rights of the Data Subject
The Data Subject has the right to request the following:
- Access to personal data and information (Art. 15 of the GDPR).
- Rectification or erasure of the same (Articles 16 and 17 of the GDPR).
- Restriction of the processing of personal data (art. 18 of the GDPR).
In addition, the Data Subject may:
- Object to the processing of personal data under the conditions and within the limits set out in Article 21 of the GDPR.
- Exercise the right to data portability (art. 20 GDPR).
With regard to processing operations based on consent (pursuant to Articles 6(1)(a) and 9(2)(a) of the GDPR), the Data Subject has the right to withdraw such consent at any time (without affecting the lawfulness of the processing based on the consent given prior to the revocation).
Finally, if he/she considers that the processing of his/her personal data violates the GDPR, the Data Subject has the right to lodge a complaint with a supervisory authority (Data Protection Authority or other authority that may be competent) pursuant to Article 77 et seq. of the GDPR.