Information pursuant to Article 13 of European Regulation 2016/679
This section describes the site management methods adopted by CMR Group S.p.A. with reference to the processing of personal data of users who access and consult it. Pursuant to Art. 13 of EU Regulation 2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, CMR Group S.p.A. intends to inform those who interact with the services offered by this site, accessible electronically by typing the address: www.cmr.it
In order to provide its web services, CMR Group S.p.A. may process data relating to identified or identifiable natural or legal persons. The Controller is CMR Group S.p.A., with registered office in Borzano of Albinea (Reggio Emilia), Via Giovanni Falcone, 2/A.
Location of data processing and communication and disclosure
The following site is physically “hosted” in Italian territory. The data is handled only by personnel authorised to process by the controller and by consultants in the marketing/communication field as data processors. The data may also be viewed by the company that manages the website, limited to technical access for maintenance and management needs of the server and the website.
The controller may communicate the data on the site to public bodies or authorities when required by law or when necessary to protect its rights. No data deriving from the web service is disclosed.
Types of data processed
The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment. This data is used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
DATA PROVIDED VOLUNTARILY BY THE USER
The user has the opportunity to interact with the site by providing their data on the “Contacts” page.
Through this interaction, the user can provide the following personal data:
Users are advised not to send sensitive data in their communications, such as data suitable for revealing racial and ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data relating to health and sexual life, as well as genetic and biometric data, in addition to identification data of third parties (in this case, it is better to use invented names)
Purpose of processing
The processing we intend to carry out, with specific consent where necessary, has the following purposes:
Legal basis and mandatory or optional nature of the processing
The legal basis for the processing of personal data for the purposes referred to in points n. 1 and n. 2 is the performance of a contract or the steps necessary prior to entering into a contract (Article 6(1)(b) of the Regulation) or to satisfy a legitimate interest of the controller to respond to user requests (Article 6(1)(f) of the GDPR). Providing the personal data for these purposes is mandatory in order to satisfy the request sent and failure to provide it would make it impossible to activate the requested Services.
The legal basis for processing of user data to send commercial and advertising communications (point 3) is the request for consent from the user (Article 6(1)(a) of the GDPR). Providing the data is optional and the only consequence of failure to provide it is that no commercial communications will be sent by CMR Group.
The legal basis for the processing of point 4 is compliance with a legal obligation (Article 6(1)(c)), and, lastly, the processing of non-identifying statistics is not subject to data protection legislation, as it does not use personal data, but only anonymous data.
Pursuant to Art. 5 of EU Regulation 679/2016, “Principles relating to processing of personal data”, personal data is stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which it is processed.
The personal data of the data subjects may also be stored for longer periods, in compliance with obligations relating to the laws in force (such as accounting obligations) and, in any case, applying every technical-organizational measure aimed at activating mechanisms – where possible – of data anonymization.
The data collected for marketing purposes will be kept until the user’s withdrawal of consent or objection to processing is received.
Transfer of data outside the EU
No data is transferred outside non-EU countries.
Rights of data subjects
The data subject has the right to ask the controller to access the data, for its rectification, erasure, restriction of processing, or to object to processing of the data, in addition to the right to data portability, under the conditions established by Articles 15, 16, 17, 18, 20 and 21 of EU Regulation 2016/679.
Furthermore, the data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Lastly, the data subject has the right to lodge a complaint with a supervisory authority, if he/she believes that the processing that concerns him/her breaches the European Regulation.
Any communication can be sent to the Controller at the e-mail address: firstname.lastname@example.org
INFORMATION FOR THE CONTACT FORM
CMR Group S.p.A., as the data controller, wishes to inform you of how it will process your data pursuant to Article 13 of the 2016/679 European Regulation
The purpose and the legal basis of processing
The data collected (name and surname, e-mail address and data you voluntarily entered in the message) will be processed exclusively to respond to your requests for information and/or prepare a quote/offer requested by you. It is not necessary to request consent for the processing of such data, since the processing is necessary to satisfy the pre-contractual requests of the data subject (Article 6(1)b) of the GDPR), as well as for the legitimate interest of the owner in fulfilling the requests for information received from the data subject (Article 6(1)(f) of the GDPR). It is necessary to provide the data in order to receive an answer to requests sent to the Controller.
Furthermore, only with your consent, CMR Group S.p.A. may process your data to send you commercial communications and advertising information on CMR Group S.p.A. products and services.
For this processing, it will be necessary to request your consent, as established by Art. 6(1)(a) of Regulation (EU) 2016/679; providing the data is optional, so your refusal to provide it means you will be unable to receive commercial communications from CMR Group S.p.A.
Transfer of data to third countries
The data will not be transferred to non-EU countries.
Data retention period
The data will be kept for the time necessary to respond to user requests and subsequently to comply with legal obligations. The data collected for marketing purposes will be kept until the withdrawal of consent or exercising of the right to object by the user.
The data will be communicated to internal personnel authorised to process customer data and also to marketing/communication consultants appointed as data processors. Furthermore, the data may be disclosed to IT personnel and IT companies for occasional maintenance interventions.
The data will not be disclosed.
Rights of the data subject
Pursuant to Chapter III of the GDPR, the data subject always has the right to ask the Controller for access to their data, for its rectification or erasure, for restriction of processing or to object to processing, to data portability, to withdraw consent to processing (where given), by asserting these and the other rights provided by the GDPR, through simple communication to the Controller. Lastly, the data subject has the right to lodge a complaint with a supervisory authority if he/she believes that the processing breaches the legislation applicable to the protection of his/her data.
The controller is CMR Group S.p.A., with registered office in Borzano of Albinea (Reggio Emilia), Via Giovanni Falcone, 2/A.
To request information on data processing or exercise the rights referred to in the previous point, please contact us at the e-mail address: email@example.com