Privacy Policy

Information pursuant to Article 13 of Regulation (EU) No 679/2016 ("GDPR")
Desmotec protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of breach.
As provided by the Regulation of the European Union n. 679/2016 ("GDPR"), and in art. 13, below, the user is provided with the information required by law regarding the processing of personal data.

SECTION I
Who we are and what data we process (art. 13, 1st paragraph letter a, art. 15, letter b GDPR)
Desmotec, in person of its legal representative p.t., based in Via Ugo Sironi 5, 28921 – Verbania (IT), operates as Data Controller and can be contacted at info@desmotec.com and collects and/or receives information concerning the interested party, such as:

Personal data
Name, surname, physical address, nationality, province and municipality of residence, fixed and/or mobile telephone, fax, tax code, e-mail address(s).
Telematic traffic data
Log, IP address of origin

Desmotec does not require the interested party to provide "particular" data, or, according to the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person. In the event that the service requested from Desmotec requires the processing of such data, the interested party will receive prior information and will be asked to give consent.

The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted for any information and request:
e-mail: info@desmotec.com
Telephone: +39 015 58 22 096

SECTION II
For what purposes we need the data of the interested party (art. 13, 1st paragraph GDPR)
The data are used by the Data Controller to respond to the request for registration and to the contract for the supply of the Service chosen and/or the Product purchased, to manage and execute the contact requests submitted by the Data Subject, to provide assistance, to fulfil the legal and regulatory obligations to which the Data Controller is held according to the activity carried out. In no case does Desmotec resell the personal data of the interested party to third parties or use them for purposes not declared.
In particular, the data of the interested party will be processed for:

registration and requests for contact and/or information material.
The processing of the personal data of the interested party takes place in order to carry out the preliminary activities and consequent to the request for registration, the management of requests for information and contact and/or the sending of information material, and
for the fulfilment of any other obligations arising.
The legal basis for such processing is the performance of the services related to the request for registration, information and contact and/or the sending of information material and compliance with legal obligations.
the management of the contractual relationship
The processing of the personal data of the interested party takes place in order to carry out the preliminary activities resulting from the purchase of a Service and/or a Product, the management of the relative order, the delivery of the Service itself and/or the production and/or dispatch of the purchased Product, its billing and payment management, the processing of complaints and/or reports to the service and the provision of the assistance itself, the prevention of fraud and the fulfilment of any other obligation arising from the contract. The legal basis for such processing is the performance of the services inherent in the contractual relationship and compliance with legal obligations.
promotional activities on Services/Products similar to those purchased by the interested party (Considering 47 GDPR)
The Data Controller, even without your explicit consent, may use the contact data communicated by the Data Subject, for the direct sale of their Services/Products, limited to the case in which they are Services/Products similar to those covered by the sale, unless the Data Subject expressly opposes.
commercial promotion activities on Services/Products different from those purchased by the interested party
The personal data of the Data Subject may also be processed for commercial promotion purposes, for investigation and market research with regard to Services/Products that the Data Controller offers only if the Data Subject has authorised the processing and does not oppose this. Such processing may take place, in an automated manner, in the following ways:
– e-mail;
– text messages;
– telephone contact
and can be done:1. where the data subject has not withdrawn his consent for the use of the data;2. where, in the event that the processing takes place through contact with a telephone operator, the interested party is not registered in the register of objections referred to in D.P.R. No 178/2010;
Legal basis for such processing is the consent given by the data subject prior to processing, which can be revoked by the data subject freely and at any time (see Section III)
IT security
The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also through its suppliers (third parties and/or recipients), the personal data of the Data Subject relating to traffic to a strictly necessary and proportionate extent to ensure
Network and information security, i.e. the ability of a network or information system to resist, at a given level of security, unforeseen events or unlawful or arsonous acts affecting availability, authenticity, integrity and
the confidentiality of personal data stored or transmitted.
The Data Controller will promptly inform interested parties, if there is a particular risk of breach of their data without prejudice to the obligations arising from the provisions of art. 33 of the GDPR concerning notifications of personal data breaches.
Legal basis for such processing is the compliance with legal obligations and the legitimate interest of the Owner to carry out processing for purposes of protection of the company's assets.
profiling
The personal data of the interested party may also be processed for profiling purposes (such as analysis of the transmitted data and of the selected Services/Products, propose advertising messages and/or commercial proposals in line with the choices expressed by the users themselves) only if the interested party has provided explicit and informed consent. Legal basis of such processing is the consent given by the interested party prior to the processing, which is revocable
by the person concerned freely and at any time (see Section III).
fraud prevention (recitals 47 and 22 GDPR)
the personal data of the data subject, with the exception of the particular ones (Art 9 GDPR) or judicial (Art 10 GDPR) will be processed to allow controls for the purposes of monitoring and preventing fraudulent payments, by software systems that carry out an automated verification and prior to the negotiation of Services/Products;
overcoming such checks with negative results will result in the impossibility of carrying out the transaction; the interested party may in any case express its opinion, obtain an explanation or contest the decision by motivating their reasons to the Customer Support service or to the contact info@desmotec.com;
personal data collected for anti-fraud purposes only, unlike the data necessary for the proper performance of the requested performance, will be deleted immediately at the end of the control phases.
the protection of minors
The Services/Products offered by the Owner are reserved to entities legally able, on the basis of the national reference law, to conclude contractual obligations. The Data Controller, in order to prevent unlawful access to its services, implements preventive measures to protect its legitimate interest, such as the control of the tax code and/or other checks, when necessary for specific Services/Products, the correctness of the identification data of identity documents issued by the competent authorities.

Communication to third parties and categories of recipients (art. 13, first paragraph GDPR)
The communication of the personal data of the interested party takes place mainly with regard to third parties and/or recipients whose activity is necessary for the performance of the activities related to the relationship established and to respond to certain legal obligations, such as:

Company Group companies:
for administrative, accounting and contractual obligations.
Third party suppliers and Group companies:
Provision of services (assistance, maintenance, delivery/delivery of products, provision of additional services, network providers and electronic communications services) related to the requested delivery.
Credit and Digital Payment Institutions, Banking / Postal Institutions:
Management of receipts, payments, reimbursements related to the contractual performance.
External professionals/consultants and consulting firms:
Fulfilment of legal obligations, exercise of rights, protection of contractual rights, recovery of credit.
Financial administration, Public bodies, Judicial Authorities, Supervisory and Control Authority:
Fulfilment of legal obligations, protection of rights; lists and records kept by public authorities or similar entities according to specific legislation, in relation to the contractual performance.
Persons formally delegated or legally recognised:
Legal representatives, curators, guardians, etc.

* The Data Controller requires the Third Parties own suppliers and Data Processors to respect security measures equal to those adopted against the Data Subject by restricting the scope of action of the Data Processor to the processing related to the requested performance.
The Data Controller does not transfer your personal data to countries in which the GDPR (non-EU countries) is not applied unless specific information against which you will be informed in advance and if necessary your consent will be requested.
The legal basis for such processing is the performance of the services inherent in the relationship established, compliance with legal obligations and the legitimate interest of Desmotec in carrying out processing necessary for these purposes.

SECTION III
What happens if the data subject does not provide his/her identified data as necessary for the performance of the requested performance? (Art. 13, 2nd paragraph, letter and GDPR)
The collection and processing of personal data is necessary to follow up the requested services as well as the delivery of the Service and/or the supply of the requested Product. If the Data Subject does not provide the personal data expressly provided as necessary within the order form or registration form, the Data Controller may not follow the processing related to the management of the services requested and/or the contract and the Services/Products connected to it, nor to the obligations that depend on them.

What happens if the interested party does not consent to the processing of personal data for commercial promotion activities on Services/Products different from those purchased?
In the event that the Data Subject does not give his consent to the processing of personal data for these purposes, such processing will not take place for the same purposes, without this having an effect on the provision of the services requested, nor for those for which He has already given his consent, if requested.
In the event that the Data Subject has given his consent and subsequently withdraws or opposes the processing for commercial promotion activities, his data will no longer be processed for such activities, without any adverse consequences or effects for the Data Subject and the services requested.

How we process the data of the interested party (art. 32 GDPR)
The Data Controller shall provide for the use of appropriate security measures in order to preserve the confidentiality, integrity and availability of personal data of the Data Subject and shall impose similar security measures on third parties suppliers and Managers.

Where we process the data of the interested party
The personal data of the interested party are stored in paper, computer and electronic archives located in countries where the GDPR (EU countries) is applied.

How long is the data of the interested party stored? (Article 13, second paragraph, letter to GDPR)
Unless they explicitly express their will to remove them, the personal data of the interested party will be retained until they are necessary in respect of the legitimate purposes for which they were collected.
In particular, they will be kept for the entire duration of its registration and in any case no longer than a maximum period of 12 (twelve) months of its inactivity, or if, within this period, they are not associated with the Services and/or purchased of the Products through the catalogue itself.
In the case of data provided to the Owner for the purposes of commercial promotion for services other than those already acquired by the interested party, for which initially He has given consent, these will be kept for 24 months, unless the consent given is revoked.
In the case of data provided to the Data Controller for profiling purposes, these will be kept for 12 months, unless the consent given is always revoked.
It should also be added that, in the event that a user forwards to Desmotec personal data that is not required or not necessary for the purpose of the performance of the requested service or for the provision of a service closely connected to it, Desmotec cannot be considered the holder of this data, and will delete them as soon as possible.
Regardless of the determination of the interested party to their removal, the personal data will in any case be stored according to the terms provided by the current legislation and/or national regulations, in order exclusively to guarantee the specific compliances, proper to some Services (exemplificative but not exhaustive, Certified Electronic Mail, Digital Signature, Replacement Conservation.
In any case, personal data will be kept for the fulfilment of the obligations (e.g. tax and accounting) that remain even after the termination of the contract (Article 2220 of the Italian Civil Code); For these purposes, the Data Controller will retain only the data necessary for the respective pursuit.
Without prejudice to the cases in which the rights deriving from the contract and/or from the registration of the personal data, in which case the personal data of the data subject, exclusively those necessary for such purposes, shall be processed for the time necessary for their pursuit, shall be relied upon.

What are the rights of the interested party? (Arts 15 – 20 GDPR)
The data subject shall have the right to obtain from the controller the following:

confirmation that personal data concerning him is being processed or not, and in such case, to obtain access to personal data and the following information:
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular where recipients of third countries or international organisations;
where possible, the intended retention period of personal data or, where not possible, the criteria used to determine that period;
the existence of the right of the data subject to request the controller to correct or delete personal data or to restrict the processing of personal data concerning him or to oppose their processing;
the right to lodge a complaint with a supervisory authority;
where the data are not collected from the data subject, all available information on their origin;
the existence of automated decision-making, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
the appropriate guarantees that the third country (extra EU) or an international data protection organisation may transfer.
the right to obtain a copy of the personal data processed, provided that such right does not affect the rights and freedoms of others; In the case of further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs.
the right to obtain from the controller the rectification of inaccurate personal data concerning him without undue delay.
the right to obtain from the controller the cancellation of personal data concerning him without undue delay, if the reasons provided by the GDPR to art. 17 exist, among which, for example, if they are no longer necessary for the purposes of the processing or if this is assumed as unlawful, and always the conditions provided for by law; and in any case whether the processing is not justified by another equally legitimate reason;
) the right to obtain from the controller the limitation of the processing, in the cases provided for in art. 18 of the GDPR, for example where you have contested its accuracy, for the period necessary for the Controller to verify its accuracy. The data subject must also be informed, within reasonable time, of when the withdrawal period has been completed or the cause of limitation of processing has failed, and therefore the limitation itself revoked;
the right to receive notice from the holder of the addressees to whom requests for corrections or cancellations or limitations of processing have been forwarded, unless this proves impossible or involves a disproportionate effort.
il diritto di ricevere in un formato strutturato, di uso comune e leggibile da dispositivo automatico i dati personali che lo riguardano e il diritto di trasmettere tali dati a un altro titolare del trattamento senza impedimenti da parte del titolare del trattamento cui li ha forniti, nei casi previsti dall’art. 20 del GDPR, e il diritto di ottenere la trasmissione diretta dei dati personali da un titolare del trattamento all’altro, se tecnicamente fattibile.Per ogni ulteriore informazione e comunque per inviare la tua richiesta devi rivolgerti al Titolare all’indirizzo info@desmotec.com. Al fine di garantire che i diritti sopra citati vengano esercitati dall’Interessato e non da terzi non autorizzati, il Titolare potrà richiedere allo stesso di fornire eventuali ulteriori informazioni necessarie allo scopo.

Come e quando l’Interessato può opporsi al trattamento dei propri dati personali? (Art. 21 GDPR)
Per motivi relativi alla situazione particolare dell’Interessato, lo stesso può opporsi in ogni momento al trattamento dei propri dati personali se esso è fondato sul legittimo interesse o se avviene per attività di promozione commerciale, inviando la richiesta al Titolare all’indirizzo info@desmotec.com.

L’Interessato ha diritto alla cancellazione dei propri dati personali se non esiste un motivo legittimo prevalente del Titolare rispetto a quello che ha dato origine alla richiesta, e comunque nel caso in cui l’Interessato si sia opposto al trattamento per attività di promozione commerciale.

A chi può proporre reclamo l’Interessato? (Art. 15 GDPR)
Fatta salva ogni altra azione in sede amministrativa o giudiziale, l’Interessato può presentare un reclamo all’autorità di controllo competente sul territorio Italiano (Autorità Garante per la protezione dei dati personali) ovvero a quella che svolge i suoi compiti ed esercita i suoi poteri nello Stato membro dove è avvenuta la violazione del GDPR.

Ogni aggiornamento della presente Informativa sarà comunicato tempestivamente e mediante mezzi congrui e altresì sarà comunicato se il Titolare effettui un trattamento dei dati dell’Interessato per finalità ulteriori rispetto a quelle di cui alla presente Informativa prima di procede ed a seguito della manifestazione del relativo consenso dell’Interessato qualora necessario.

SEZIONE IV
COOKIE
Informazioni generali, disattivazione e gestione dei cookie
I cookie sono dati che vengono inviati dal sito web e memorizzati dal browser internet nel computer o in altro dispositivo (ad esempio, tablet o cellulare) dell’utente. Potranno essere installati, dal nostro sito internet o dai relativi sottodomini, cookie tecnici e cookie di terze parti. Ad ogni modo, l’utente potrà gestire, ovvero richiedere la disattivazione generale o la cancellazione dei cookie, modificando le impostazioni del proprio browser internet. Tale disattivazione, però, potrà rallentare o impedire l’accesso ad alcune parti del sito. Le impostazioni per gestire o disattivare i cookie possono variare a seconda del browser internet utilizzato, pertanto, per avere maggiori informazioni sulle modalità con le quali compiere tali operazioni, suggeriamo all’Utente di consultare il manuale del proprio dispositivo o la funzione “Aiuto” o “Help” del proprio browser internet. Di seguito si indicano agli Utenti i link che spiegano come gestire o disabilitare i cookie per i browser internet più diffusi:

Internet Explorer:
http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
Google Chrome:
https://support.google.com/chrome/answer/95647
Mozilla Firefox:
http://support.mozilla.org/it/kb/Gestione%20dei%20cookie
Opera:
http://help.opera.com/Windows/10.00/it/cookies.html
Safari:
https://support.apple.com/kb/PH19255

Cookie tecnici
L’uso di cookie tecnici, ossia cookie necessari alla trasmissione di comunicazioni su rete di comunicazione elettronica ovvero cookie strettamente necessari al fornitore per erogare il servizio richiesto dal cliente, consente la fruizione sicura ed efficiente del nostro sito. Potranno essere installati cookie di sessione al fine di consentire l’accesso e la permanenza nell’area riservata del portale come utente autenticato. I cookie tecnici sono essenziali per il corretto funzionamento del nostro sito internet e sono utilizzati per permettere agli utenti la normale navigazione e la possibilità di usufruire dei servizi avanzati disponibili sul nostro sito web. I cookie tecnici utilizzati si distinguono in cookie di sessione, che vengono memorizzati esclusivamente per la durata della navigazione fino alla chiusura del browser, e cookie persistenti che vengono salvati nella memoria del dispositivo dell’utente fino alla loro scadenza o cancellazione da parte dell’utente medesimo. Il nostro sito utilizza i seguenti cookie tecnici:

Cookie tecnici di navigazione o di sessione, utilizzati per gestire la normale navigazione e l’autenticazione dell’utente;
Cookie tecnici funzionali, utilizzati per memorizzare personalizzazioni scelte dall’utente, quali, ad esempio, la lingua;
Cookie tecnici analytics, utilizzati per conoscere il modo in cui gli utenti utilizzano il nostro sito web così da poter valutare e migliorare il funzionamento.

Cookie di terze parti
Potranno essere installati cookie di terze parti: si tratta dei cookie, analitici e di profilazione, di Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Youtube, Yahoo, Bing e Facebook. Tali cookie sono inviati dai siti internet di predette terze parti esterni al nostro sito.

I cookie analitici di terze parti sono impiegati per rilevare informazioni sul comportamento degli utenti sul sito. La rilevazione avviene in forma anonima, al fine di monitorare le prestazioni e migliorare l’usabilità del sito. I cookie di profilazione di terze parti sono utilizzati per creare profili relativi agli utenti, al fine di proporre messaggi pubblicitari in linea con le scelte manifestate dagli utenti medesimi. L’utilizzo di questi cookie è disciplinato dalle regole predisposte dalle terze parti medesime, pertanto, si invitano gli Utenti a prendere visione delle informative privacy e delle indicazioni per gestire o disabilitare i cookie pubblicate nelle seguenti pagine web:

Per cookie di Google Analytics

privacy policy:
https://www.google.com/intl/it/policies/privacy/
indicazioni per gestire o disabilitare i cookie:
https://support.google.com/accounts/answer/61416?hl=it

Per cookie di Facebook:

privacy policy:
https://www.facebook.com/privacy/explanation
indicazioni gestire o disabilitare i cookie:
https://www.facebook.com/help/cookies/

Per cookie di Youtube

privacy policy:
https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines
indicazioni per gestire o disabilitare i cookie:
https://support.google.com/accounts/answer/61416?hl=it

Per cookie di Yahoo:

privacy policy e indicazioni per gestire o disabilitare i cookie:
https://policies.yahoo.com/ie/it/yahoo/privacy/euoathnoticefaq/

Per cookie di Bing:

privacy policy e indicazioni per gestire o disabilitare i cookie
https://privacy.microsoft.com/it-it/privacystatement

Cookie di profilazione
Possono essere installati da parte del/dei Titolare/i, mediante software di c.d. web analytics, cookie di profilazione, i quali sono utilizzati per predisporre report di analisi dettagliati e in tempo reale relativi ad informazioni su: visitatori di un sito web, motori di ricerca di provenienza, parole chiave utilizzate, lingua di utilizzo, pagine più visitate. Gli stessi possono raccogliere informazioni e dati quali indirizzo IP, nazionalità, città, data/orario, dispositivo, browser, sistema operativo, risoluzione dello schermo, provenienza di navigazione, pagine visitate e numero di pagine, durata della visita, numero di visite effettuate.Tali dati possono essere trasferiti a ciascuna delle Società del Gruppo, nel rispetto e con le limitazioni imposte dalla vigente normativa e da quanto previsto nella presente Informativa.