Pursuant to articles 13 and 14 of EU Regulation 679/2016.
With this document, Astrel Group s.r.l., which owns the website www.astrelgroup.com (hereafter “the Website”), informs the data subject (“the User”) that any of his or her personal data that relates to the use of the Website, whether it is accessed directly from the homepage or via the subpages, shall be processed with all due care and using appropriate tools to ensure data security. Please note that this statement – which is consistent with the provisions of articles 13 and 14 of EU Regulation 2016/679– cannot be considered applicable to any other sites that may be accessed via links included in the Website.
- Data controller
Astrel Group s.r.l. (registered office: Via Isonzo, 21/E – 34070, Mossa, Province of Gorizia, Italy; Italian fiscal ID code/VAT number: 00187070313)
The Controller may be contacted at the following email address: firstname.lastname@example.org
- Types of data collected
The data collected for processing (whether by the Website itself or by third parties) include: Cookies, usage data, email addresses, given names, surnames, usernames, unique identifiers used by marketing tools (e.g. Google), geographical coordinates and language preferences.
The personal data may be provided freely by the User or, in the case of usage data, collected automatically as the Website is used.
Unless otherwise specified, all data requested by the Website are to be considered as required data; in the event the User does not provide said data, it may not be possible for the Website to supply the service that the User requires and for which he or she has accessed the Website. This notwithstanding, where a form on the Website describes certain data as optional, the User is free not to provide the data in question without compromising the availability of the service requested or the functionality of the Website.
The User is responsible for any personal data her or she communicates, publishes, or shares via the Website, and attests to the veracity of said data, thus exempting the Controller from any liability towards third parties.
- Purposes of data processing
The purposes for which the User’s data may be processed are as follows:
- to collect the personal data voluntarily entered and transmitted by the User when he or she completes one of the “forms” used by the Website;
- to collect the personal data voluntarily entered and transmitted by the User when he or she sends an email to one of the addresses indicated on the Website;
- responding to requests for information and initiating pre-contractual relations;
- to allow the User to subscribe to the newsletter service provided by the Controller;
- prevent or identify fraudulent activities or abuses likely to damage the Website;
- exercise Controller’s rights (e.g. legal defence rights).
- Legal basis for processing of data
The data processing is performed either on the basis of the right to information or to fulfil a contractual obligation or other de-facto obligation, or else, where applicable, on the basis of consent, where this is provided by the User when he or she, freely and duly informed, completes the relevant fields in one or more of the contact “forms” used by the Website.
- Methods and location of data processing
The Controller shall adopt appropriate security measures to prevent access to, or the disclosure, alteration or destruction of, the personal data.
Processing may be conducted using computerised or telemetric tools, which shall be managed and employed in a manner that is strictly in keeping with the stated purposes of the data processing.
In addition to the Controller, other individuals may have access to the data, specifically: individuals engaged in the running of the company Astrel Group s.r.l. (administrative, sales and marketing staff, legal advisers and systems administrators); external providers (marketing and communications agencies, and suppliers of technical, hosting, IT and delivery services), which shall be nominated by the Controller, where necessary, as Data Processors.
An updated list of Data Processors may be obtained from the Data Controller at any time.
The data shall be processed at the premises of the Controller.
The data may be transferred outside of Italy, to companies with premises either within or outside the European Union, as and when doing so is conducive to achieving the purposes set out at point 3.
The Controller undertakes to ensure that, in such a circumstance, the data is treated with all due confidentiality, where necessary entering into agreements to ensure an adequate level of security and/or that adopt the standard contract provisions set out by the European Commission.
The Website and the Services provided by the Data Controller are not intended for persons under the age of 18, nor will the Controller intentionally collect the personal data of such persons. In the event that information about persons under the age of 18 is unintentionally recorded, the Controller shall, at the users’ request, delete such information in a timely fashion.
- Period of data storage
The Data shall be processed and stored for as long as it is required to achieve the purposes for which they are collected, provided this period is within legal limits.
A non-exhaustive set of example periods reads as follows:
- For personal data that are collected for purposes associated with fulfilling a contract between the Controller and the User, the data shall be stored until the contract has been fully executed, and all legal requirements fulfilled;
- For personal data collected for purposes that are in the legitimate interests of the Controller, the data shall be stored until said interests are satisfied. The User can find additional information about the legitimate interests of the Controller in the relative sections of this document, or by contacting the Controller;
- Where the data processing is founded on the User’s consent, the Controller is entitled to store the personal data for a longer period, and until such a time that the User withdraws his or her consent.
Furthermore, the Controller may be required by law, or at the instruction of certain public authorities, to retain the Personal Data for longer periods.
At the end of the period of storage, the Personal Data shall be deleted. As such, at the end of such a period, it is no longer possible to exercise the right to access, rectification or erasure, or the right to data portability.
- Contact forms and newsletters
The “Contacts” Form
By entering his or her data into the Contacts Form, the User consents to the use of said data for the purposes of responding to requests for technical information, quotations, post-sales assistance, or requests of any other nature that may be indicated in the form heading.
Personal data collected: given name, surname, telephone number, email address, location (town/city/locality).
When the User subscribes to the newsletter, his or her email address is automatically added to a mailing list of recipient addresses to which emails may be sent with information relating to this web application. This information may be of a commercial or promotional nature.
The User’s email address may also be added to the mailing list in the event the User registers with the Website or following a purchase.
Personal data collected: email.
N.B.: These data are processed using the platform and tools provided by the “MailUp” service. The data acquired and processed in delivering the requested service shall not, at any point, be transferred to countries outside the EU.
These data shall be stored until such a time that the Data Subject makes it known that he or she no longer wants to receive the newsletter, and in any circumstance, for no longer than two years from the date the data are recorded. For the MailUp terms and conditions, click here
- Social network widgets
“Social Plug-ins” take the form of buttons on the pages of the Website that carry the logos of social networks (such as Google Maps, Facebook, YouTube, Twitter, LinkedIn, etc.) and allow the User to interact directly with the relevant social platform, for example to share content.
- Rights of the data subject
The General Data Protection Regulation (GDPR) guarantees a series of rights for the Data Subject in relation to the personal data processed by the Controller. Specifically, it is acknowledged that the User rights set out in articles 15, 16, 17, 18, 20, 21, 77 and 82 of the GDPR are recognised in law (e.g. the User’s right to obtain confirmation as to whether personal data concerning him or her are being processed, the right to have any data processed in an unlawful manner erased, the right to rectification of inaccurate data, the right to object – for legitimate reasons – to the use of his or her data, etc.).
The Controller undertakes to provide a response to any related request within 30 days or, in the event that such a timescale cannot be observed, to provide justification for the extension of the default deadline. The response shall be issued at no cost to the Data Subject, except in the event that the request proves unfounded or excessive in nature, in which case he or she may be charged a sum not in excess of the costs actually incurred in carrying out the requested investigation.
Any request for information and/or clarification, question or claim in respect to the processing of personal data and for the purposes of asserting the rights of the Data Subject should be addressed to the Controller identified in point 1, by email, using the email address indicated, or by registered post, using the postal address indicated.
- MODIFICATIONS TO THIS PRIVACY NOTICE
Astrel Group s.r.l reserves the right to modify, update, add to or remove parts of this privacy notice at its sole discretion and at any time.
It falls to the Data Subject periodically to check the documentation published on the Website for revisions.
Most recent revision 09 July 2018