Biesse S.p.A. provides below the information regarding the processing of your personal data when you are browsing the website (hereinafter “Site”) pursuant to art. 13 of Regulation 2016/679 (hereinafter “GDPR”) and art. 122 of the Legislative Decree 196/2003 (hereinafter "Privacy Code"), in accordance with the Decision of the Italian Data Protection Authority of 8 May 2014, "Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies", as supplemented by the “Guidelines on the use of cookies and other tracking tools” of 10 June 2021 (hereinafter "Decision").
1. Who the "data controller" of the processing of personal data is (i.e., who decides the purposes and means of processing) and how it can be contacted
The data controller is Biesse S.p.A., VAT IT 00113220412 with registered office in via della Meccanica 16, Pesaro (PU), e-mail privacy@biesse.com (hereinafter, “Company”).
2. How the “data protection officer” ("DPO") can be contacted?
The Company's DPO can be contacted at dataprotectionofficer@biesse.com.
3. Categories of data processed
3.1 Browsing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These data are not collected to be associated with identified data-subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
Such data may be processed to:
enable and monitor the proper functioning of the Site, perform maintenance activities;
obtain anonymous statistical information on the use of the Site; and
ascertain possible liability in case of hypothetical computer crimes against of the Site and therefore exercise and/or defend the Company's rights in court.
3.2 Data provided by the user
In certain sections of the Site, you may be asked to provide personal data. In this case you will be provided with the specific privacy policy pursuant to Article 13 of the GDPR.
3.3 Cookie
The Site uses cookies as further described below.
What are cookies?
Cookies are small text files sent to the user’s device (usually to the user’s browser) by the websites the user visits when the latter accesses such websites for the purpose of storing and transporting information. They are stored so that they can recognize that device on the next visit. On each subsequent visit, in fact, cookies are resent from the user's device back to the site.
Each cookie generally contains the name of the server from which the cookie was sent and the expiration date and a value, usually a unique number randomly generated by the computer.
First party and third party cookies
Cookies can be installed not only by the same owner of the site browsed by the user (first-party cookies), but also by a different site that installs them through the first site (third-party cookies) and is able to recognize them. This happens because on the browsed site there may be elements (images, maps, sounds, links to web pages of other domains, etc.) that are stored on servers other than that of the site visited.
Pursuant to the provisions of the Decision, for cookies installed by third parties, the obligations to provide information and, if the conditions are met, consent lie with the third parties; the site owner, as technical intermediary between the third parties and the users, is obliged to include updated links to the third parties' information and consent forms in the extended information statement.
Technical, analytical and profiling cookies
Depending on the purpose, cookies can be divided into technical cookies and profiling cookies.
Technical cookies are installed for the sole purpose of “carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service” (cf. Art. 122(1) of Privacy Code).
They are usually used to enable efficient navigation between pages, store user preferences, store information on specific user configurations, perform user authentication, etc.
Technical cookies can be divided into navigation cookies, which are used to record data useful for the normal navigation and use of the website on the user's computer (e.g. allowing the user to remember the preferred page size in a list), and functional cookies, which allow the website to remember choices made by the user in order to optimise its functionality (e.g. functional cookies allow the website to remember specific user settings, such as country selection and, if set, permanent login status).
Some of these cookies (called essential or strictly necessary) enable functions without which certain operations could not be possible.
Pursuant to the Art. 122(1) of Privacy Code, the use of technical cookies does not require the consent of users, but only the obligation to inform users.
Pursuant to the Decision, technical cookies are assimilated to - and, therefore, users' consent is not required for their installation - so-called analytics cookies if:
i) created and used directly by the first party site operator (without, therefore, the intervention of third parties) for site optimisation purposes to collect aggregate information on the number of users, and how they visit the site; and
ii) created and made available by third parties if:
a) used by the first party site for merely statistical purposes, where appropriate minimisation measures are taken to reduce the ability to identify users (e.g. by masking appropriate portions of the IP address) and processed only for the production of aggregate statistics and in relation, as a rule, to a single site or mobile application, so as not to allow tracking of the navigation of the user on different applications or browsing different websites;
b) third parties, who provide the web measurement service to the site, do not combine, enrich or cross-reference the data, even minimised as above, with other information available to such third parties (e.g. customer files or statistics of visits to other sites) or transmit them to other third parties.
Profiling cookies, on the other hand, are used to track the user's browsing, analyse their behaviour for marketing purposes and create profiles on their interests, habits, choices, etc. in order to send targeted advertising messages in relation to the user's interests and in line with the preferences expressed when browsing online.
These cookies may be installed on the user's terminal only if the user has given his or her consent.
Permanent and session cookies
Based on their duration, cookies are distinguished into permanent, which remain stored, until they expire, on the user's device, unless removed by the user, and session cookies, which are not stored persistently on the user's device and disappear when the browser is closed.
Cookies used by the Company
The cookies used by the Company are identified and categorised in the tables on the “Cookie List” page in the footer of the Site, where the capitalised terms used (e.g. Company, Site) have the same meaning as in this Privacy and Cookie Policy.
4. Methods of Providing Consent and Browser Settings
Profiling cookies will be installed on your devices only after consent expressed by selecting the “Accept All” button or by selecting the indicated purposes and then clicking on “Accept Selected” within the banner containing the short information notice. Consent for the use of cookies is recorded with a specific "technical cookie".
It is always possible to change your choice by clicking on the button of each page of the Site.
However, users may also express their preferences regarding cookies through the settings of the browser used. Even if the web browser used by the user is set to automatically accept cookies, the user can change the default configuration through the settings menu, deleting and/or removing all or some cookies, blocking the sending of cookies or limiting it to certain sites. Disabling, blocking cookies, or deleting them may affect the optimal use of certain areas of the Site or prevent certain functionalities of the Site, as well as affect the functioning of third-party services. Below are links to the guidelines for managing cookies on main browsers:
Microsoft Internet Explorer
Microsoft Edge
Google Chrome
Mozilla Firefox
Safari
For browsers other than the ones listed above, please consult the related guideline to identify the cookies management mode.
5. Categories of recipients
The data may also be processed, on behalf of the Company, by third parties, designated as Data Processors pursuant to Article 28 of the GDPR, such as natural and/or legal persons who carry out activities functional to the pursuit of the aforementioned purposes (e.g. service providers for the management of the Site, such as system outsourcers, companies dealing with connectivity services to the Internet network, consulting companies).
Furthermore, the data may be disclosed to autonomous data controllers, such as authorities and supervisory and control bodies entitled to request/receive the data, as well as to any providers (or third parties or vendors) listed in the above tables containing the list of cookies.
The data are processed by the employees of the Company - belonging to the corporate functions assigned to the pursuit of the above-mentioned purposes - who have been expressly authorised to process them and who have received appropriate operating instructions.
6. Transfer of data outside EU
Data may be transferred to entities established in countries outside the European Union (EU) and the European Economic Area (EEA). Where they have not been deemed adequate by the European Commission through a decision pursuant to Article 45 of the GDPR, the "transfer tools" referred to in Article 46 of the GDPR (such as standard contractual clauses) will be used, assessing the possible provision of "additional measures" capable of guaranteeing a level of protection equivalent to that required by EU law.
For more information, if third parties are indicated in the table above, please see the links to their respective privacy notices.
7. Rights of the data subject
Data subjects may exercise against the Company the rights recognised in Articles 15-22 of the GDPR and in particular:
i) request access to the data concerning them and the information referred to in Article 15 (purpose of processing, categories of personal data, etc.)
ii) request cancellation in the cases provided for in Article 17 if the Company has no longer the right to process them[1];
iii) obtain the rectification of inaccurate data or the integration of incomplete data;
iv) obtain the limitation of the processing (i.e. the temporary storage of the data), in the cases provided for in Article 18 GDPR[2];
v) to object at any time, easily and free of charge, on grounds relating to the particular situation, to the processing of data carried out on the basis of the legitimate interest of the controller;
vi) to receive in a structured, commonly used and machine-readable format the data, as well as, if technically feasible, to transmit them to another data controller without hindrance, where the processing is based on consent or contract and is carried out by automated means has the right.
Data subjects also have the right to withdraw consent at any time as specified in the previous Article 4 on "Methods of Providing Consent and Browser Settings.
To exercise these rights, they may contact the Company at any time by sending their request by e-mail or by registered letter with return receipt to the contacts indicated in Article 1.
Data subjects have the right to lodge a complaint with the Data Protection Authority or, in any event, with the competent supervisory authority in the Member State where they normally reside or work or in the State where the alleged infringement occurred.
________________________________________
1 The data subject shall have the right to obtain from the controller the erasure of personal data in the following cases:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to Article 6.1(a) or Article 9.2(a), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
2 The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) of GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.