Pursuant to and for the purposes of Section 13 of Legislative Decree no. 196 of 30 June 2003 (“Personal Data Protection Code” – hereafter, the “Code”), Bottero S.p.A. (hereafter, “Bottero”) provides you with information regarding the processing of the personal data of those users who access and consult the website www.bottero.com (hereafter, the “Website”).
This information is provided with exclusive reference to the Bottero Website and therefore with the exclusion of other websites that users may consult through links. This information also draws on Recommendation no. 2/2001, which was adopted on 17 May 2001 by the European data protection authorities forming the Group established by Article 29 of Directive 95/46/EC in order to identify some minimum requirements for the on-line collection of personal data regarding, in particular, the procedures, timeframes and nature of the information that controllers must give to users when these connect to web pages, regardless of the reasons and purposes for which they connect.
In view of the consultation of the Website, Bottero may collect and process data related to identified or identifiable persons. The controller (hereafter, the “Controller”) is:
acting through its pro tempore legal representative
2. Place and procedures to process data
The processing operations related to the web services of this Website shall take place at the Bottero’s registered office.The processing of data shall be made mostly with the assistance of computer and telecommunication means, for an amount of time not to exceed the term for which, and the extent to which, operations are necessary, and within the limits of the purposes for which they are collected. As a matter of fact, personal data shall be kept in electronic files, in such a way as to enable their identification or selection in an aggregate form. Specific security measures shall be adopted in order to prevent the loss of the data, unlawful or incorrect uses and unauthorized access in compliance with the applicable rules and regulations. In any case, we inform you that the transmission of data through the Internet does not ensure absolute levels of security. The Controller cannot be considered to be under obligations other than the accurate and correct application of the standards of security imposed by the applicable rules and regulations.
3. Purposes of the processing pursuant to Section 13 of the Code
Several types of data collection may be performed through the Website:
necessary and automatic collection of the user’s data concerning the interaction with the Site;
processing connected with the collection of the data voluntarily entered by the user by sending emails to the addresses indicated to contact the Controller;
processing connected with the receipt and management of the CVs voluntarily sent by the data subjects;
transmission of communications related to courses and events organized by the Controller at the fax number and/or email address indicated by the data subject;
pursuant to Section 130 of the Code, subject to the prior consent of the data subject, the transmission of informational and promotional communications, including communications of a commercial nature, advertising material and/or offers for goods and services by post, through the Internet, by telephone or email on the part of Bottero and/or on the part of its subsidiaries and/or associated companies
This information refers exclusively to the processing operations performed on the data collected in an automatic way (surfing data) within the Website, following the transmission of emails to contact the Controller. This information therefore does not refer to the processing operations performed through other websites that the user may ccess through links from the Website. The respective controllers shall provide automatic information for such processing operations. In particular, it is specified that the processing operations concerning the data disclosed by accessing third parties’ websites through the links indicated on the Website are performed by parties other than Bottero.
4. Type of data processed
Due to the consultation of this Website, data relating to identified or identifiable persons may be processed.
4.1 Surfing data
The computer systems and software procedures which support the operation of the Website record – over the course of their normal operation – some personal data which are acquired automatically and inevitably, in the case in which Internet communication protocols are used. These are data that, even if not recorded with the main purpose of identifying the respective users, could well be associated – due to their characteristics – with data banks of third parties and thus enable the identification of users. The data belonging to this category include, for example, the IP addresses or domain names of the computers used by those users who connect to the Website, the URI (Uniform Resource Identifier) marked addresses of the requested resources, the time of request, the method used in submitting the request to the server, the size of the file obtained as a reply, the number code indicating the state of the reply given by the server (for example, successful or error) and other parameters related to the operational system and to the computer environment of the user. Such data are used for the sole purpose of gathering anonym statistic information on the use of the Website and in order to monitor its correct operation, and they are deleted promptly after processing.
The surfing data may be used for ascertaining the existence of liability in the case of computer frauds (if any) to the detriment of the Website and of Bottero, in compliance with the procedures applicable with respect to the competent Authorities.
Except for the data related to surfing (collected automatically by the Website), users are free to provide the personal data that regard them.
4.2 - Data provided through the sending of electronic mail
The optional, express and voluntary sending of electronic mail to the addresses indicated in the Website implies the subsequent acquisition, on the part of the respective recipient, of the header’s address in order to reply to requests and of the other personal data contained in the email. The electronic mail addressed of such users shall not be extracted and used to provide information on the services provided by the Controller, unless this purpose reflects the reason for the message sent by the user.
Users are requested to avoid sending data capable of revealing racial and ethnic origins, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade-unionist character, as well as personal data disclosing capable of disclosing health and sex life, or information which may be otherwise qualified as “sensitive data” pursuant to Section 4(1)(d) of the Code. If this is not the case, the related message shall be promptly destroyed.
This will cause the impossibility of providing the information requested. In the case in which the user intends in any case to send data of a sensitive nature (for example a CV containing data related to the community) to the Controller, the relevant message should be sent by fax to the following number +39 0171 401611, along with a specific declaration to consent to the processing of the sensitive data contained therein. Without such a declaration, the message received, if any, shall be destroyed. .
5. Automatic instruments for data collection
6. Access to the data
For the achievement of the purposes under point 3, the data may be accessed by Bottero’s legal representatives, by the IT Manager (limitedly to the support and maintenance of electronic equipment), by parties who are part of Bottero’s sale network in Italy and abroad and by any other party whose data must be disclosed on the basis of an express legal provision. Such parties shall act within their respective responsibilities or duties and, in any case, according to the procedures and subject to the limits provided for by the respective deeds of appointment as Processor or Person in charge. The data may be transferred to Bottero’s foreign subsidiaries and/or associated companies and, in compliance with the applicable rules and regulations, also to non-EU Member States in which Bottero pursues its interests.
7. Data disclosure
The data related to surfing shall in no event be disclosed or communicated, unless disclosure thereof to the competent Authorities is required in relation to the activities necessary for ascertaining and punish crimes. The personal data provided by the user who sends requests for information to the various electronic mail addresses indicated on the Website shall not be disclosed to third parties.
8. Rights of the data subjects
Users may exercise the rights under Section 7 of the Code by contacting the Controller at the address specified above. In particular, users are entitled to:
obtain from the Controller, at any time, a confirmation of the existence or inexistence of the data which regard them, even if not recorded yet, and their communication in an intelligible form;
know the origin of the data, the purposes, methods and logic applied within the processing;
know the identification details of the persons in charge of the processing and of the categories of parties to whom the data may be communicated or who may become aware thereof as processors or persons in charge;
obtain the erasure, anonymization or blocking of data that have been processed unlawfully, and the updating, rectification or, where interested therein, integration of the data;
object in whole or in part, on legitimate grounds, to the processing of personal data concerning them even though they are relevant to the purposes of collection; and
object in whole or in part to the processing of personal data where it is carried out for the purpose of sending advertising materials or for commercial information. Please indicate, as subject matter of the notice, “Request pursuant to Section
9. Term and updating
Except for the surfing data which are kept for no more than one week from collection, the other data shall be kept consistently with the purpose for which they have been granted and in any case in compliance with the applicable rules and regulations.
On the basis of what is provided for by Section 11(1)(c) of the Code, the personal data shall be kept up to date as indicated by the data subject, pursuant to Section 7(3)(a) of the Code.
* * *