The Data Controller is CO.VI.COL srl, with registered office in Paina di Giussano, via Verdi n. 70, CF 07117040159 VAT no. 00847140969, contactable at the email address info @ covicol.com

The Data Controller processes the data according to the principles established by the GDPR (General Data Protection Regulation EU 2016/679), of lawfulness, correctness, transparency, limitation of purposes and storage, data minimization, accuracy, integrity and confidentiality.

 

The data processed

The data subject to processing are:

1. Navigation Data;
2. Personal, identification and contact data (it is expressly forbidden to transmit particular data or data relating to criminal convictions and crimes - one's own or third parties - as per articles 9 and 10 of the GDPR), voluntarily provided by the user in any requests made via the request form, or to the addresses indicated on this site.

 

The purposes of the processing

The purposes of the Processing are the following:

1. allow the user to navigate the site; statistical research / analysis on aggregate or anonymous data, without the possibility of identifying the Visitor, aimed at measuring the functioning of the site, measuring traffic and evaluating usability and interest of the Site (in this case the Data Controller does not process data), fulfillment of legal obligations to which the Data Controller is subject.
2. respond to user requests and update them – including via email or newsletter service – on the Data Controller's activities.

 

The legal bases of the processing

The legal bases of the Processing are the following:

1. a) legitimate interest of the Data Controller and user consent;
2. b) need to respond to user requests and user consent.

 

Browsing data and cookies

The computer and telematic systems and software used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.

It is highlighted that the aforementioned data could be used to ascertain responsibility in the event of computer crimes against the site or other sites connected or linked to it: except for this eventuality, at present the data on web contacts do not persist for more than a few days.

No cookies are used to transmit personal information, nor are persistent cookies of any kind used, or systems for tracking users. The use of session or navigation cookies (which are not stored persistently on the user's device and are deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the site. The session cookies used on this site avoid the use of other IT techniques that could potentially compromise the confidentiality of users' navigation and do not allow the acquisition of personal data identifying the user.

The user can however selectively disable the action of Google Analytics by installing on his/her browser the opt-out component provided by Google.

• Duration – some cookies (so-called session cookies) remain active only until the browser is closed. Other cookies (so-called persistent cookies) “survive” the browser being closed and are also available in subsequent visits by the user, and their duration is set by the server at the time of their creation, normally no more than 6 months.
• The usability of the contents is also possible by completely disabling cookies, and the disabling of “third party” cookies does not in any way affect the navigability of the Site.
• The setting can be defined specifically for different websites and web applications. In addition, the best browsers allow you to define different settings for different types of cookies.
  • Firefox
  • Internet Explorer
  • Chrome
  • Opera
  • Safari for Mac
  • Safari for iOS
• We also point out the possibility of using specific tools for managing privacy regarding cookies for advertising purposes such as Your Online Choices limited to advertising networks that adhere to the initiative. For further information, http://www.edaa.eu.
• The user can always decide whether or not to accept cookies using the settings on their browser.
• ATTENTION! If the user uses particular Services provided by other parties (for example by clicking the buttons of various social networks, or by clicking on links to external sites), Personal Data may be processed by third parties. In this case, it will be necessary to verify the rules and conditions of processing of such third parties. The user therefore grants, on this point, the broadest indemnity to the Owner for this type of Processing.
• ATTENTION! It is expressly forbidden to upload, publish or otherwise process personal data of third parties using the site or its services: if you do so anyway, against this prohibition of the Owner, the user becomes the independent owner of the processing of such data, assuming all related responsibility and releasing the Owner.

 

Treatment Methods

The Data will be:

• collected electronically;
• recorded in digital format on servers exclusively available to the Owner;
• protected from risks of destruction, modification, cancellation and unauthorised access by means of adequate physical, logical and organisational security measures;
• further processed, including in paper form, to the extent and for the time strictly necessary to carry out the purposes indicated above;
• all subjects authorised to process data by the Data Controller are adequately trained in the provisions of the law and other processing rules, and are committed to confidentiality.

 

Communication to recipients and dissemination

The data acquired through the site will not be disclosed.

The data is communicated to the recipients to the extent strictly necessary in relation to the purposes indicated above.

The categories of recipients are as follows:

• subjects necessary for the operation and provision of the services offered by the Site, who act as Data Processors, pursuant to contracts stipulated pursuant to art. 28 GDPR;
• Persons in charge and other persons authorised by the Data Controller.

As already mentioned, the Data Controller may also need to communicate data to fulfill legal obligations or to comply with orders from Authorities.

 

Data retention period

The Data Controller retains the data for the time necessary to achieve the purposes above, or to carry out what is requested by the user, or required by the purposes described in this document, and the user can always request its cancellation, rectification and portability, or oppose the Processing or obtain its limitation.

In particular, the Data Controller will retain the Personal Data for the following periods:

• Browsing data: maximum 7 days;
• Identification and contact data provided by the user via the request form: no later than 24 months from the user's request (while the data necessary for the update service on the Data Controller's activities, until the operation of the service itself: the Data Controller will in any case periodically verify, at least every three years, the persistence of the interested party's consent).

Except as stated above, the Data Controller will retain Personal Data for the maximum period of time permitted by Italian law to protect its rights and/or interests.

 

Mandatory and optional nature of the communication of Personal Data

1. navigation data: their communication is mandatory and essential to allow the Owner to allow the user to use the site: the latter cannot refuse to communicate the navigation data, to the extent that they consist of personal data.
2. personal data provided by the user through the request form or the addresses indicated on the site: their communication is optional. If the user refuses to communicate such Data, the Owner may not be able to process such requests, in whole or in part.
3. newsletter service: consent to the related processing is optional. If the user does not give consent, the Data Controller will not be able to provide the service to him.

 

Rights of the interested party

The interested party has the right to:

• access your Personal Data held by the Data Controllers;
• request its rectification and/or cancellation (“oblivion”);
• request the Limitation or oppose the Processing;
• request data portability;
• lodge a complaint with a Supervisory Authority.

The interested party also has the rights set forth in art. 7 of Legislative Decree 196/2003 (and subsequent amendments/additions) not expressly mentioned (i.e. the right to obtain confirmation of the existence of Personal Data concerning you and their communication in an intelligible form, the indication of their origin, the identification details of the data controllers, the transformation into anonymous form of the Personal Data or their blocking if processed in violation of the Privacy Law).

 

Changes to this Policy

This Policy is effective as of 05/24/2018.

The Owner reserves the right to modify the content, in part or completely, also due to changes in the Privacy Policy.

The Owner will publish the updated version of this document on the Site, and from that moment it will be binding: the Interested Party is therefore invited to visit this section regularly.