Privacy Policy

Information pursuant to Article 13 of Regulation (EU) No 679/2016 ("GDPR")
Desmotec protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of breach.
As provided by the Regulation of the European Union n. 679/2016 ("GDPR"), and in art. 13, below, the user is provided with the information required by law regarding the processing of personal data.

SECTION I
Who we are and what data we process (art. 13, 1st paragraph letter a, art. 15, letter b GDPR)
Desmotec, in person of its legal representative p.t., based in Via Ugo Sironi 5, 28921 – Verbania (IT), operates as Data Controller and can be contacted at info@desmotec.com and collects and/or receives information concerning the interested party, such as:

Personal data
Name, surname, physical address, nationality, province and municipality of residence, fixed and/or mobile telephone, fax, tax code, e-mail address(s).
Telematic traffic data
Log, IP address of origin

Desmotec does not require the interested party to provide "particular" data, or, according to the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person. In the event that the service requested from Desmotec requires the processing of such data, the interested party will receive prior information and will be asked to give consent.

The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted for any information and request:
e-mail: info@desmotec.com
Telephone: +39 015 58 22 096

SECTION II
For what purposes we need the data of the interested party (art. 13, 1st paragraph GDPR)
The data are used by the Data Controller to respond to the request for registration and to the contract for the supply of the Service chosen and/or the Product purchased, to manage and execute the contact requests submitted by the Data Subject, to provide assistance, to fulfil the legal and regulatory obligations to which the Data Controller is held according to the activity carried out. In no case does Desmotec resell the personal data of the interested party to third parties or use them for purposes not declared.
In particular, the data of the interested party will be processed for:

registration and requests for contact and/or information material.
The processing of the personal data of the interested party takes place in order to carry out the preliminary activities and consequent to the request for registration, the management of requests for information and contact and/or the sending of information material, and
for the fulfilment of any other obligations arising.
The legal basis for such processing is the performance of the services related to the request for registration, information and contact and/or the sending of information material and compliance with legal obligations.
the management of the contractual relationship
The processing of the personal data of the interested party takes place in order to carry out the preliminary activities resulting from the purchase of a Service and/or a Product, the management of the relative order, the delivery of the Service itself and/or the production and/or dispatch of the purchased Product, its billing and payment management, the processing of complaints and/or reports to the service and the provision of the assistance itself, the prevention of fraud and the fulfilment of any other obligation arising from the contract. The legal basis for such processing is the performance of the services inherent in the contractual relationship and compliance with legal obligations.
promotional activities on Services/Products similar to those purchased by the interested party (Considering 47 GDPR)
The Data Controller, even without your explicit consent, may use the contact data communicated by the Data Subject, for the direct sale of their Services/Products, limited to the case in which they are Services/Products similar to those covered by the sale, unless the Data Subject expressly opposes.
commercial promotion activities on Services/Products different from those purchased by the interested party
The personal data of the Data Subject may also be processed for commercial promotion purposes, for investigation and market research with regard to Services/Products that the Data Controller offers only if the Data Subject has authorised the processing and does not oppose this. Such processing may take place, in an automated manner, in the following ways:
– e-mail;
– text messages;
– telephone contact
and can be done:1. where the data subject has not withdrawn his consent for the use of the data;2. where, in the event that the processing takes place through contact with a telephone operator, the interested party is not registered in the register of objections referred to in D.P.R. No 178/2010;
Legal basis for such processing is the consent given by the data subject prior to processing, which can be revoked by the data subject freely and at any time (see Section III)
IT security
The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also through its suppliers (third parties and/or recipients), the personal data of the Data Subject relating to traffic to a strictly necessary and proportionate extent to ensure
Network and information security, i.e. the ability of a network or information system to resist, at a given level of security, unforeseen events or unlawful or arsonous acts affecting availability, authenticity, integrity and
the confidentiality of personal data stored or transmitted.
The Data Controller will promptly inform interested parties, if there is a particular risk of breach of their data without prejudice to the obligations arising from the provisions of art. 33 of the GDPR concerning notifications of personal data breaches.
Legal basis for such processing is the compliance with legal obligations and the legitimate interest of the Owner to carry out processing for purposes of protection of the company's assets.
profiling
The personal data of the interested party may also be processed for profiling purposes (such as analysis of the transmitted data and of the selected Services/Products, propose advertising messages and/or commercial proposals in line with the choices expressed by the users themselves) only if the interested party has provided explicit and informed consent. Legal basis of such processing is the consent given by the interested party prior to the processing, which is revocable
by the person concerned freely and at any time (see Section III).
fraud prevention (recitals 47 and 22 GDPR)
the personal data of the data subject, with the exception of the particular ones (Art 9 GDPR) or judicial (Art 10 GDPR) will be processed to allow controls for the purposes of monitoring and preventing fraudulent payments, by software systems that carry out an automated verification and prior to the negotiation of Services/Products;
overcoming such checks with negative results will result in the impossibility of carrying out the transaction; the interested party may in any case express its opinion, obtain an explanation or contest the decision by motivating their reasons to the Customer Support service or to the contact info@desmotec.com;
personal data collected for anti-fraud purposes only, unlike the data necessary for the proper performance of the requested performance, will be deleted immediately at the end of the control phases.
the protection of minors
The Services/Products offered by the Owner are reserved to entities legally able, on the basis of the national reference law, to conclude contractual obligations. The Data Controller, in order to prevent unlawful access to its services, implements preventive measures to protect its legitimate interest, such as the control of the tax code and/or other checks, when necessary for specific Services/Products, the correctness of the identification data of identity documents issued by the competent authorities.

Communication to third parties and categories of recipients (art. 13, first paragraph GDPR)
The communication of the personal data of the interested party takes place mainly with regard to third parties and/or recipients whose activity is necessary for the performance of the activities related to the relationship established and to respond to certain legal obligations, such as:

Company Group companies:
for administrative, accounting and contractual obligations.
Third party suppliers and Group companies:
Provision of services (assistance, maintenance, delivery/delivery of products, provision of additional services, network providers and electronic communications services) related to the requested delivery.
Credit and Digital Payment Institutions, Banking / Postal Institutions:
Management of receipts, payments, reimbursements related to the contractual performance.
External professionals/consultants and consulting firms:
Fulfilment of legal obligations, exercise of rights, protection of contractual rights, recovery of credit.
Financial administration, Public bodies, Judicial Authorities, Supervisory and Control Authority:
Fulfilment of legal obligations, protection of rights; lists and records kept by public authorities or similar entities according to specific legislation, in relation to the contractual performance.
Persons formally delegated or legally recognised:
Legal representatives, curators, guardians, etc.

* The Data Controller requires the Third Parties own suppliers and Data Processors to respect security measures equal to those adopted against the Data Subject by restricting the scope of action of the Data Processor to the processing related to the requested performance.
The Data Controller does not transfer your personal data to countries in which the GDPR (non-EU countries) is not applied unless specific information against which you will be informed in advance and if necessary your consent will be requested.
The legal basis for such processing is the performance of the services inherent in the relationship established, compliance with legal obligations and the legitimate interest of Desmotec in carrying out processing necessary for these purposes.

SECTION III
What happens if the data subject does not provide his/her identified data as necessary for the performance of the requested performance? (Art. 13, 2nd paragraph, letter and GDPR)
The collection and processing of personal data is necessary to follow up the requested services as well as the delivery of the Service and/or the supply of the requested Product. If the Data Subject does not provide the personal data expressly provided as necessary within the order form or registration form, the Data Controller may not follow the processing related to the management of the services requested and/or the contract and the Services/Products connected to it, nor to the obligations that depend on them.

What happens if the interested party does not consent to the processing of personal data for commercial promotion activities on Services/Products different from those purchased?
In the event that the Data Subject does not give his consent to the processing of personal data for these purposes, such processing will not take place for the same purposes, without this having an effect on the provision of the services requested, nor for those for which He has already given his consent, if requested.
In the event that the Data Subject has given his consent and subsequently withdraws or opposes the processing for commercial promotion activities, his data will no longer be processed for such activities, without any adverse consequences or effects for the Data Subject and the services requested.

How we process the data of the interested party (art. 32 GDPR)
The Data Controller shall provide for the use of appropriate security measures in order to preserve the confidentiality, integrity and availability of personal data of the Data Subject and shall impose similar security measures on third parties suppliers and Managers.

Where we process the data of the interested party
The personal data of the interested party are stored in paper, computer and electronic archives located in countries where the GDPR (EU countries) is applied.

How long is the data of the interested party stored? (Article 13, second paragraph, letter to GDPR)
Unless they explicitly express their will to remove them, the personal data of the interested party will be retained until they are necessary in respect of the legitimate purposes for which they were collected.
In particular, they will be kept for the entire duration of its registration and in any case no longer than a maximum period of 12 (twelve) months of its inactivity, or if, within this period, they are not associated with the Services and/or purchased of the Products through the catalogue itself.
In the case of data provided to the Owner for the purposes of commercial promotion for services other than those already acquired by the interested party, for which initially He has given consent, these will be kept for 24 months, unless the consent given is revoked.
In the case of data provided to the Data Controller for profiling purposes, these will be kept for 12 months, unless the consent given is always revoked.
It should also be added that, in the event that a user forwards to Desmotec personal data that is not required or not necessary for the purpose of the performance of the requested service or for the provision of a service closely connected to it, Desmotec cannot be considered the holder of this data, and will delete them as soon as possible.
Regardless of the determination of the interested party to their removal, the personal data will in any case be stored according to the terms provided by the current legislation and/or national regulations, in order exclusively to guarantee the specific compliances, proper to some Services (exemplificative but not exhaustive, Certified Electronic Mail, Digital Signature, Replacement Conservation.
In any case, personal data will be kept for the fulfilment of the obligations (e.g. tax and accounting) that remain even after the termination of the contract (Article 2220 of the Italian Civil Code); For these purposes, the Data Controller will retain only the data necessary for the respective pursuit.
Without prejudice to the cases in which the rights deriving from the contract and/or from the registration of the personal data, in which case the personal data of the data subject, exclusively those necessary for such purposes, shall be processed for the time necessary for their pursuit, shall be relied upon.

What are the rights of the interested party? (Arts 15 – 20 GDPR)
The data subject shall have the right to obtain from the controller the following:

confirmation that personal data concerning him is being processed or not, and in such case, to obtain access to personal data and the following information:
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular where recipients of third countries or international organisations;
where possible, the intended retention period of personal data or, where not possible, the criteria used to determine that period;
the existence of the right of the data subject to request the controller to correct or delete personal data or to restrict the processing of personal data concerning him or to oppose their processing;
the right to lodge a complaint with a supervisory authority;
where the data are not collected from the data subject, all available information on their origin;
the existence of automated decision-making, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
the appropriate guarantees that the third country (extra EU) or an international data protection organisation may transfer.
the right to obtain a copy of the personal data processed, provided that such right does not affect the rights and freedoms of others; In the case of further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs.
the right to obtain from the controller the rectification of inaccurate personal data concerning him without undue delay.
the right to obtain from the controller the cancellation of personal data concerning him without undue delay, if the reasons provided by the GDPR to art. 17 exist, among which, for example, if they are no longer necessary for the purposes of the processing or if this is assumed as unlawful, and always the conditions provided for by law; and in any case whether the processing is not justified by another equally legitimate reason;
) the right to obtain from the controller the limitation of the processing, in the cases provided for in art. 18 of the GDPR, for example where you have contested its accuracy, for the period necessary for the Controller to verify its accuracy. The data subject must also be informed, within reasonable time, of when the withdrawal period has been completed or the cause of limitation of processing has failed, and therefore the limitation itself revoked;
the right to receive notice from the holder of the addressees to whom requests for corrections or cancellations or limitations of processing have been forwarded, unless this proves impossible or involves a disproportionate effort.
the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning him or her and the right to transmit such data to another data controller without impediment by the data controller to whom he or she has provided them, in the cases provided for by art. 20 of the GDPR, and the right to obtain direct transmission of personal data from one data controller to the other, if technically feasible. For further information and in any case to send your request you must contact the Owner at info@desmotec.com. In order to ensure that the rights mentioned above are exercised by the Data Subject and not by unauthorized third parties, the Data Controller may request the Data Controller to provide any additional information necessary for the purpose.

How and when can the interested party object to the processing of their personal data? (Art. 21 GDPR)
For reasons relating to the particular situation of the interested party, the same can object at any time to the processing of their personal data if it is based on the legitimate interest or if it happens for commercial promotion activities, sending the request to the Owner at info@desmotec.com.

The Data Subject has the right to the deletion of his personal data if there is no legitimate overriding reason for the Data Controller compared to the one that gave rise to the request, and in any case if the Data Subject has opposed the processing for commercial promotion activities.

To whom can the interested party lodge a complaint? (Art. 15 GDPR)
Without prejudice to any other action in administrative or judicial proceedings, the Data Subject may lodge a complaint with the competent supervisory authority in the Italian territory (Guarantee Authority for the Protection of Personal Data) or with the one that carries out its tasks and exercises its powers in the Member State where the violation of the GDPR took place.

Any update of this Policy will be communicated promptly and by appropriate means and will also be communicated if the Data Controller processes the data of the Data Subject for further purposes than those of this Policy before proceeding and following the manifestation of the relevant consent of the Data Subject if necessary.

SECTION IV
COOKIES
General information, deactivation and management of cookies
Cookies are data that are sent by the website and stored by the internet browser on the user’s computer or other device (e.g. tablet or mobile phone). They can be installed, from our website or its subdomains, technical cookies and third-party cookies. However, the user can manage, or request the general deactivation or cancellation of cookies, by changing the settings of their internet browser. However, such decommissioning may slow down or impede access to certain parts of the site. The settings for managing or deactivating cookies may vary depending on the internet browser used, therefore, to have more information about how to perform such operations, we suggest the User to consult the manual of his/her device or the "Help" or "Help" function of his/her internet browser. Below are the links that explain how to manage or disable cookies for the most popular internet browsers:

Internet Explorer:
http://windows.microsoft.com/en-IT/internet-explorer/delete-management-cookies
Google Chrome:
https://support.google.com/chrome/answer/95647
Mozilla Firefox:
http://support.mozilla.org/en/kb/Management%20of%20cookies
Opera:
http://help.opera.com/Windows/10.00/en/cookies.html
Safari:
https://support.apple.com/kb/PH19255

Technical cookies
The use of technical cookies, i.e. cookies necessary for the transmission of communications on the electronic communications network or cookies strictly necessary to the supplier to provide the service requested by the customer, allows the safe and efficient use of our site. Session cookies may be installed in order to allow access and stay in the reserved area of the portal as an authenticated user. Technical cookies are essential for the proper functioning of our website and are used to allow users to enjoy normal navigation and the possibility to use the advanced services available on our website. The technical cookies used are characterized by session cookies, which are stored exclusively for the duration of navigation until the browser is closed, and persistent cookies that are saved in the memory of the user’s device until their expiry or cancellation by the user. Our site uses the following technical cookies:

Technical cookies of navigation or session, used to manage the normal navigation and authentication of the user;
Functional technical cookies, used to store customizations chosen by the user, such as the language;
Technical analytics cookies, used to know how users use our website so that they can evaluate and improve the operation.

Third-party cookies
Third-party cookies may be installed: These are cookies, analytics and profiling, Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Youtube, Yahoo, Bing and Facebook. These cookies are sent by the websites of said third parties outside our site.

Third-party analytical cookies are used to detect information about user behaviour on the site. The detection takes place anonymously, in order to monitor the performance and improve the usability of the site. Third-party profiling cookies are used to create user profiles, in order to propose advertising messages in line with the choices expressed by users themselves. The use of these cookies is governed by the rules laid down by the third parties themselves, therefore, Users are invited to read the privacy policies and indications to manage or disable cookies published on the following web pages:

For Google Analytics cookies

privacy policy:
https://www.google.com/intl/en/policy/privacy/
directions to manage or disable cookies:
https://support.google.com/accounts/answer/61416? hl=en

For Facebook cookies:

privacy policy:
https://www.facebook.com/privacy/explanation
directions to manage or disable cookies:
https://www.facebook.com/help/cookies/

For Youtube cookies

privacy policy:
https://www.youtube.com/intl/en/yt/about/policies/#community-guidelines
directions to manage or disable cookies:
https://support.google.com/accounts/answer/61416? hl=en

By Yahoo cookie:

privacy policy and directions to manage or disable cookies:
https://policies.yahoo.com/ie/en/yahoo/privacy/euoathnoticefaq/

For Bing cookies:

privacy policy and directions to manage or disable cookies
https://privacy.microsoft.com/en-en/privacystatement

Profiling cookies
They can be installed by the Owner/s, using software of web analytics, profiling cookies, which are used to prepare detailed and real-time analysis reports on: visitors to a website, search engines of origin, keywords used, language of use, most visited pages. They can collect information and data such as IP address, nationality, city, date/time, device, browser, operating system, screen resolution, navigation source, visited pages and number of pages, duration of visit, number of visits made. These data may be transferred to each of the Group's companies, in compliance with and with the limitations imposed by the current legislation and the provisions of this Policy.