ATTENTION TO NON-TECHNICAL COOKIES: The simple continuous use of the website doesn’t configure consent. Consent must be given by a clear positive action, for example ticking “ok” or “accept” in the appropriate banner which contains a short information and a link to the complete information.
This information regulates the processing of personal data through the use of the website available at the address sambonet.it, sambonet.com, paderno.it e arcturusgroup.it, in compliance with Regulation (EU) 2016/679 (hereinafter, “GDPR”).
1. Identity and contacts of the Joint Data Controller
Joint Data Controller, within the meaning of Article 26 of the GDPR, as they have jointly determined the purposes and means of the processing, are:
- Arcturus srl, with headquarters in Via Filippo Baldinucci, 60 – 20158 Milano (MI), administrative headquarters in Via Giovanni Coppo 1/C – 28060 Orfengo (No), telephone 02/39310402, pec email@example.com (“Arcturus” or “Joint Data Controller”)
- Sambonet Paderno Industrie S.p.A., with headquarters in Via Giovanni Coppo, 1C – 28060 Orfengo (No), telephone 0321/1916711, pec firstname.lastname@example.org (“Sambonet” or “Joint Data Controller”)
Joint Data Controller are situated in Italy, so it is not necessary the appointment of a representative.
2. Categories of data
The data subject’s personal data will be processed.
For the definition of personal data, please refer to Article 4(1) of the GDPR, the collection of which is necessary to fulfil the above-mentioned purpose.
3. Modality of treatment and logic
3.1 Cookies and environmental data
Navigation, functional, and session cookies: they permit the correct working of the website. The use of session cookies (that are not collected in a persistent way on the data subject device and that are automatically deleted during the closing of the browser) is strictly limited to the transmission of identifications of single sessions and they are used in order to permit the safe and efficient use of the website.
Statistics Cookie: The website uses statistical cookies created by the Data Controller itself or provided by third parties. In the latter case, proper tools have been adopted in order to lower the identifiability, also by masking major parts of the IP addresses processed this way. The use of such third-party statistical cookies is also subject to contractual restraints that bind the third party to use them exclusively for the provision of the service, keep them separately, and not to “enrich them” or “cross them” with other information that the third parties may have. For that which concerns Google Analytics cookies, the information that may be obtained from the cookies, of the use of the Website by the users, shall be sent by the user’s browser to Google Inc., with offices in 1600 Amphitheater Parkway., Mountain View, CA 94043, United States, and stored in the servers of the company itself.
Please read Google’s privacy rules available at the following address: http://www.google.com/intl/it/privacy/privacy-policy.html.The privacy information on Google Analytics’ Services is available at the following address: http://www.google.com/intl/en/analytics/privacyoverview.html.
Navigation data and environmental variables: The IT systems and procedures set up for the running of the Website automatically acquire some personal data in relation to the user’s navigation, including environmental variables, as part of their normal running.
An example of this category of data are:
- IP address of computers of users that use the service;
- Number of accesses;
- Visualized pages;
- Date and hour of the access;
- URL of the browser before visualizing our website;
- The type of browser used for the navigation;
- The operative system.
Profiling cookies: The Website uses profiling cookies provided by third parties.
Deleting and deactivating cookies
Since cookies are normal text files you can access them by using word processing programs.
In any event, you can set up your browser in order to keep it from processing cookies. Just to give an example, below are listed the ways you can deactivate and delete the cookies from the main web browsers:
Delete/deactivate cookies with Firefox: http://support.mozilla.com/it/kb/Eliminare%20i%20cookie
Delete/deactivate cookies with Explorer: http://windows.microsoft.com/it-IT/windows-vista/Delete-your-Internet-cookies
Delete/deactivate cookies with Chrome: http://support.google.com/chrome/bin/answer.py?hl=it&answer=95647
3.2 Data voluntarily provided by the data subject
The data freely and voluntarily provided by the user by sending an email to the addresses indicated on the Website, may be acquired for the purposes indicated from time to time.
Specifically, besides the email address needed in order to answer to the sender, other personal data, contained in the relative communication, shall be processed.
Data gathered in such manner shall be kept and processed exclusively for the purposes of keeping correspondence and shall not be used for other purposes.
4. Purposes of the processing and legal basis
In relation to technical cookies, the data processing is made in order to allow a correct utilization of website; the related use is necessary for the provision of the web site: sambonet.it, sambonet.com, paderno.it, arcturusgroup.it. In this case the legal basis of the data processing is the legitimate interest of the Joint Data Controller.
In relation to non-technical cookies, the data processing carried out with themselves, allows to offer a customized navigation experience by the use of the profiling. In this case, the consent of the data subject, expressed in conformity of the present information to data subject, shall provide the legal basis.
In relation to data freely given by email, the data processing permits to answer to the subjects’ requests. In this case the legal basis is the legitimate interest of the Joint Data Controller to answer to the subjects.
5. Modalities of expressing consent
Consent for the use of non-technical cookies shall be given by clicking on a specific checkbox inside a banner.
6. The source of personal data
The Data Controller will process, in compliance with this information to data subject, only the data provided by the data subject and collected by the web site or by email.
Data from accessible public sources shall not be processed.
7. Recipients and categories of recipients of personal data
Recipients of the data subject’s personal data may be:
- Communication companies that carry out commercial communication and profiling activities on behalf of the Data Controller and are responsible for the processing;
- The companies that offer services of an information society, including, in particular, those offering hosting services.
8. Data transfer
Joint Data Controller may intend to transfer personal data to a third country or to an international organisation. Such subjects may be:
- Communication companies that conduct communication activities on behalf of the Data Controller;
- The companies that offer services of an information society, including, in particular, those offering hosting services;
- Service suppliers of the communication company.
The transfer of personal data to the aforementioned subjects, if based in a third country or international organization, is carried out according to a decision of suitability of the European Commission, which evaluates how the third country, the territory or one or more specific sectors in the third country or the international organization ensure an adequate level of protection of the data subject’s rights. In the absence of such decision, the Data Controller – if deemed in any case appropriate – reserves himself the right to conclude specific separate agreements that oblige such subjects to adopt adequate security and also organizational measures, in order to offer appropriate guarantees related to the data subject’s rights. Google Inc., in particular, is contractually bound to ensure a suitable protection to the data subject’s rights.
The data may be transferred to the following countries: United states of America.
In order to obtain a copy of such data or the place where they have been made available a request may be sent to the following address: email@example.com, firstname.lastname@example.org.
9. Personal data retention period
The personal data processed and retained for a correct fruition of the web site are processed and retained for a period not exceeding 12 months from the single collection.
The Data Controller reserves the right, anyhow, to request to the data subject to renew the consent and/or to verify the expressed consents.
10. Optional nature of the consent and consequences in case of lack of consent
In relation the personal data, processed by technical cookies in order to permit a correct fruition of the website, the communication of the personal data is a contractual legal obligations requirement, but it’s founded on the legitimate interest of the Data Controller. In this case, the lack of the communication of those data will determine the impossibility to furnish a completely available website.
The consent should be considered optional in relation to non-technical cookies. In this case, the lack of the communication of those data will determine the impossibility to furnish a customized service.
In relation to the data sent by email, the consent is to be considered optional. In case of lack of the consent of those data, it will be impossible to reply to your requests.
11. Rights of the data subject
11.1 Right to object
The data subject has the right to object as set out herein below:
- The right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, according to point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
- Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing;
- Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes;
- Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
11.2 Other rights
The Data Controller shall also inform the data subject about the existence of his or her following rights:
- Right of access by the data subject: the data subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and other specific information, pursuant to article 15 of the GDPR;
- Right to rectification: the data subject shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement, pursuant to article 16 of the GDPR;
- Right to erasure/right to be forgotten and the right of withdrawal of the consent: the data subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay where the grounds set out in article 17 of the GDPR apply. In relation to the withdrawal of the consent, the data subject has the right to revoke the consent in any moment without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
- Right to restriction of processing: the data subject shall have the right to obtain from the Data Controller restriction of processing where the grounds set out in article 18 of the GDPR apply;
- Right to data portability: the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the Data Controller to which the personal data have been provided under the conditions set out in article 20 of the GDPR.
12. Exercise of the rights
The request to exercise the rights outlined in this information to data subject must be addressed directly to the Data Controller at the email address email@example.com, firstname.lastname@example.org. Alternatively, such rights may be exercised by sending a letter to such effect by registered post with acknowledgement of receipt to the address Via Giovanni Coppo 1C – 28060 Orfengo (NO).
13. Accessibility to information to data subject
The information to data subject is accessible at the web site https://sambonet.it/it/privacy, https://paderno.it/it/privacy,https://sambonet.com/com/privacy, http://arcturusgroup.it/it/privacy.html, as well as at Joint Data Controller’s dealers. If expressly requested by the data subject, the information may also be orally provided, provided that identity of the data subject is proven, by means of a telephone call.
This information on the processing of personal data may be updated in order to comply with national and European legislation on the processing of personal data and/or to adapt to the adoption of new systems, internal procedures or for any other reason that may be appropriate and/or necessary. This information notice may therefore be modified at any time, without prior notice.
The interested party is therefore invited to periodically consult this page of the site.
14. Privacy and newsletter
If the data subject gives the consent to receive commercial communication, the processing of his data could be made to send communications, as direct marketing, newsletter, activities of sending advertising material, to carry out market research, by traditional systems of communication and authomated information systems, as commercial or promotional communication or by email or by SMS; the legal basis is the consent of the data subject expressed in conformity to this information. In this case the communication of personal data is not necessary for contractual purposes. The data subject has the optional to provide personal data; in this case the lack of communication of those data will not permit any marketing activity. In this case the period of conservation of those personal data must not exceed 24 months from the single collection.