Skip to main content

PRIVACY POLICY WEBSITE

Brugola OEB Industriale S.p.A., with registered office at Piazza Giovanni XXIII n. 36, 20851, Lissone (MB), Italy, VAT number 00811320969 (hereinafter referred to as the “Data Controller”), as the Data Controller, informs you, in accordance with EU Regulation 2016/679 (“GDPR”) and the current legislation on the protection of personal data, that your data, within the scope of the website https://brugola.com/, will be processed for the following purposes and in the following manner.

Unless otherwise indicated, the contents of this notice shall apply to the personal data processed in relation to the use of the Website. Please note that for the processing of personal data carried out for purposes other than those indicated below, the relevant processing information for the specific services will apply.

 

  1. CATEGORIES OF PERSONAL DATA PROCESSED

The Data Controller exclusively processes personal data that is identifiable and not sensitive, provided by users during the use of the Website, including but not limited to: name, surname, telephone number, e-mail address, IP address, and session ID.

 

  1. PURPOSES AND LEGAL BASIS OF THE PROCESSING

Personal data is processed for the following purposes and legal bases:

a. Your Personal Data is processed, without your prior consent, for the following purposes and legal bases:

  • fulfillment of contractual and pre-contractual obligations, in particular:

– responding to user requests (e.g. managing contact inquiries);

– allowing users to use the Website, including technical management and operational functions, including resolving any technical issues;

  • compliance with legal obligations, regulations, national and EU legislation, or requirements imposed by competent authorities;
  • pursuit of the Data Controller’s legitimate interests, such as:

– defense of a right in court or before an authority;

– management and maintenance of the Website: the Data Controller’s interest is to ensure the operational efficiency of the company, including the Website and potential service improvements;

– prevention and detection of fraudulent activities or abuses harmful to the Website: the Data Controller’s interest is to protect against illicit conduct.

 

  1. PROCESSING METHODS

Your data will be processed, both in paper and electronic format, through the operations of collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data.

 

  1. DATA RETENTION

The Data Controller processes personal data for the time necessary to fulfill its purposes, not exceeding the periods indicated below. However, at the end of these periods, the Data Controller may retain personal data, in whole or in part, for certain purposes, as expressly required by specific legal provisions or to assert or defend a right in court.

Regarding the use of the Website, the Data Controller processes personal data for the time necessary to fulfill the purposes outlined in Section 2 (Purposes and legal basis of the processing), including, but not limited to:

  • 10 years from the collection for the fulfillment of contractual and pre-contractual obligations;
  • for the time required by applicable legal provisions regarding the fulfillment of the Data Controller’s legal obligations.

 

  1. PROVISION OF PERSONAL DATA

Regarding the use of the Website, the provision of personal data:

  • for the purposes of fulfilling contractual and pre-contractual obligations related to the use of the Website, is mandatory. This data is necessary for the relationship with the Data Controller and the use of its services. However, users may decide not to provide personal data; in the absence of such data, it will not be possible to use the Data Controller’s services;
  • for the purposes of fulfilling the Data Controller’s legal obligations, is mandatory. This processing is necessary to comply with a legal obligation to which the Data Controller is subject and does not require the user’s consent.
  1. COMMUNICATION OF PERSONAL DATA

For the aforementioned purposes, the data controller may disclose your data to:

  • employees and/or collaborators of the Data Controller, appointed as data processors under Article 28 of the GDPR, and authorized individuals under Article 29 of the GDPR and Article 2-quaterdecies of the Italian Privacy Code;
  • third parties (e.g., IT service providers, hosting providers, etc.) who perform outsourcing activities on behalf of the Controller and process the data as external data processors.
  1. TRANSFER OF PERSONAL DATA

Personal data may be transferred to a third country or international organization for the aforementioned purposes based on an adequacy decision under Article 45 of the GDPR and in compliance with the appropriate safeguards provided for in Article 46 of the GDPR.

  1. DATA SUBJECTS RIGHTS

The Data Controller informs you that, as the data subject, if not limited by law, you have the right to:

  • obtain confirmation of the existence or non-existence of your personal data, even if not yet recorded, and that such data be made available to you in an intelligible form;
  • obtain information and, if applicable, a copy: a) of the origin and category of personal data; b) of the logic applied in case of processing carried out with the aid of electronic tools; c) of the purposes and methods of the processing; d) of the identification details of the Data Controller and the data processors; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it, particularly if recipients of third countries or international organizations; f) when possible, the retention period of the data or the criteria used to determine such period; g) the existence of automated decision-making, and in such cases, the logic used, the significance, and the expected consequences for the data subject; h) the existence of appropriate safeguards in case of data transfer to a non-EU country or international organization;
  • obtain, without undue delay, the updating and rectification of inaccurate data or, when interested, the integration of incomplete data;
  • withdraw consent at any time, easily and without obstacles, using, if possible, the same channels used to provide consent;
  • obtain the erasure, anonymization, or blocking of data: a) processed unlawfully; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in case of withdrawal of consent on which the processing is based and there is no other legal basis; d) if you have objected to the processing and there are no overriding legitimate grounds for the processing; e) in case of compliance with a legal obligation; f) in the case of data concerning minors. The Data Controller can refuse erasure only in the case of: a) exercise of the right to freedom of expression and information; b) compliance with a legal obligation, the performance of a task carried out in the public interest, or the exercise of official authority; c) reasons of public interest in the area of public health; d) archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes; e) exercise of a right in court;
  • obtain the restriction of processing in the case of: a) contested accuracy of personal data; b) unlawful processing by the Data Controller to prevent erasure; c) exercise of your right in court; d) verification of the Data Controller’s legitimate grounds prevailing over those of the data subject;
  • receive, if the processing is carried out by automated means, without hindrance and in a structured, commonly used, and machine-readable format, the personal data concerning you to transmit it to another controller or, if technically feasible, to obtain direct transmission by the Data Controller to another controller;
  • object, in whole or in part, for legitimate reasons related to your particular situation, to the processing of personal data concerning you;
  • lodge a complaint with the Data Protection Authority.

In the aforementioned cases, where necessary, the Data Controller will inform the third parties to whom your personal data is communicated of the exercise of your rights, except in specific cases (e.g., when such fulfillment is impossible or involves a disproportionate effort compared to the right being protected).

The data subject, if they believe that their rights have been violated, has the right to lodge a complaint.

For further information, we invite you to consult the website of the Italian Data Protection Authority – www.garanteprivacy.it – where you will find a section dedicated to these rights.

  1. EXERCISE OF DATA SUBJECTS’ RIGHTS

You may exercise your rights at any time by:

– sending a registered letter with return receipt to the Data Controller’s address;

– sending an email to privacy@brugola.com.

  1. DATA CONTROLLER

The Data Controller is Brugola OEB Industriale S.p.A., with registered office at Piazza Giovanni XXIII, 36, 20851, Lissone (MB), Italy, VAT number 00811320969.

The updated list of data processors is kept at the Data Controller’s office.

This information may be subject to updates and modifications, for which the Data Controller will inform the data subject.

January 30, 2024

Cookie Policy
Terms and Conditions