Keeping your personal data private and secure is important for us at IVELA SPA. IVELA is a single-member company with VAT no. 10889890157 headquartered at Via Bruno Buozzi 15, Liscate (Mi), Italy (the Data Controller), and we comply with the current data protection and -security laws. We trust that the information below will help to explain the kind of data that we usually collect via the website www.ialux.it (the Website), how we use and protect that data, and whom we share it with.
Please be advised, under article 13 of the General Data Protection (Regulation (EU) 2016/679), that your personal data will be processed in a lawful, transparent, proportionate way in compliance with the applicable personal-data protection and security legislation to protect your privacy and rights, as detailed below.
a. WEBSITE-USE DATA
The information systems and computer programs used to operate the Website collect some personal data that is sent to us as an inevitable result of communicating via the internet. This type of data includes: the IP addresses or domain names of computers that you use when visiting the Website; URI (Uniform Resource Identifier) addresses of the resources requested; the time of the request; the method used to send the request to the server; the size of the file obtained in response; the numeric code for the response status from the server (success, error, etc.); and other details of your operating system and computing environment. When collecting this information, we do not seek to associate it with identified individuals. By its nature, though, it could potentially be used – by processing it and linking it with data held by third parties – to identify you.
This data is used only to obtain statistical information on use of the Website and to ensure that the Website works properly; the data is deleted immediately after processing and is not associated with any data that could identify you. The data could be used to investigate who is responsible for any cybercrimes that damage the Website.
b. WHERE YOUR PERSONAL DATA COMES FROM
“Processing” means any operation or set of operations carried out on personal data, aggregated or otherwise, with or without the use of automated processes. Types of processing include collecting, recording, organising, structuring, keeping, adapting, modifying, extracting, consulting, using, and communicating by sending, disseminating or any other means of making it available, comparing, linking, restricting, deleting or destroying.
The personal data that we hold is essentially:
- identification details (name, surname, email address, country)
You provide this data when sending a request for information about our products/services by filling in the dedicated forms on the Website.
All personal data is processed in line with the GDPR and the principles and obligations of confidentiality, to which the Data Controller has always been committed.
c. LAWFUL BASIS AND PURPOSES OF PROCESSING
We shall process your data for the following purposes:
c.1) To deal with your requests
We process the data that you provide in order to respond when you ask to be contacted or when you request information or assistance in carrying out a project.
The lawful basis for processing your data is to take pre-contractual steps at your request.
c.2) To send catalogues and sales and marketing messages
With your prior consent, we may process the data that you provide to send you information about what we do, including our products/services, special offers, catalogues or other marketing materials, and invitations to trade fairs or company events. We do that manually or via automated systems, using email and/or telephone and/or instant messaging and/or the postal service.
You may withdraw your consent at any time to receive material sent automatically or material sent in the traditional ways, or both, by contacting the Data Controller, as stated in point l) below, and asking to opt out.
Once you opt out, you will receive an acknowledgement from the Data Controller.
Please note that you may continue to receive a few more marketing messages after opting out, for technical and operational reasons (e.g. if the mailing list is finalised just before your opt-out reaches us). If you continue to receive marketing messages after opting out, please alert the Data Controller using the contact details in point l) below.
The lawful basis for processing your data is the consent that you gave when you filled in the forms in the dedicated section of the Website.
d. HOW YOUR DATA IS PROCESSED
Your data will be processed using suitable manual and electronic means to keep it secure for the purposes for which it was provided and collected, to safeguard it from unauthorised access by third parties, and to comply with European and Italian legislation.
e. WHY YOUR DATA IS NEEDED AND WHAT HAPPENS IF YOU DO NOT PROVIDE IT
You must provide your data for the purposes in points c.1) and c.2), because it is essential to fulfil your requests and/or to fulfil the contract between the Data Controller and the agent or the agency that the user represents. If you do not provide your data, then we shall be unable to respond when you ask to be contacted or when you request information and/or assistance in carrying out a project, or you will be unable to access the reserved area on the Website or use the features in it.
When using our interactive services, please do not send any sensitive/special data. That means any details that could reveal your racial or ethnic origin, state of health, religious beliefs, political opinions or membership of political parties, trade unions or religious, philosophical, political or trade-union associations and organisations, among other things. We shall immediately delete any sensitive/special data that we receive.
f. HOW LONG WE KEEP YOUR DATA
The data that you provide will be kept:
• for purpose c.1) for as long as is necessary to fulfil your request for information and then for as long as is necessary to fulfil any contract entered into after that request and then for 10 years in accordance with articles 2214 et seq. of the Italian Civil Code and other legal requirements. Your data may be kept for longer to assert or defend IVELA’s rights in court or elsewhere until those rights expire.
• for purpose c.2) for 24 months from the date when you gave your consent. (You can always opt out of receiving marketing messages by using the unsubscribe link in each message.)
g. WHO MAY RECEIVE AND PROCESS YOUR DATA
Your personal data may be seen by our employees and/or contract staff whom the Data Controller appoints to perform tasks that are necessary for the purposes in c.1), c.2).
It may also be seen by suppliers of IT and logistics services involved in operating the Website, outsourced service suppliers, freelancers and consultants, and companies that send the promotional emails and text messages, newsletters or marketing content (with your prior consent).
Those parties – formally designated by the Data Controller as appointed/authorised people, data supervisors and/or system administrators – will process your data in line with and exclusively for the purposes stated in this notice, under the Data Controller’s oversight and supervision.
Your data may also be disclosed to third-party suppliers, e.g. shippers and/or agents, which will process it as data supervisors appointed by the Data Controller or, as appropriate, as independent data controllers, for the sole purpose of shipping products and/or promotional samples and/or contacting you, with your prior consent.
For a full, up-to-date list of the parties that have received your data, please contact the Data Controller at the email address in point l).
h. DISSEMINATING YOUR DATA
The Data Controller will not disseminate your data.
i. TRANSFERRING DATA ABROAD
Your personal data will not be sent outside the European Economic Area or EEA (i.e. the European Union plus Iceland, Norway and Liechtenstein).
l. YOUR RIGHTS
Subject to the limits and conditions under the applicable data protection law, you are entitled:
i) to be told whether or not data about you exists;
ii) to access your data;
iii) to be told about the content of the data, where it came from, how (if at all) it is processed using computerised tools, the purposes of processing it, the types of personal and sensitive/special data involved, who (or what kind of recipient) has received or will receive your personal and sensitive/special data, for how long the data is kept or the criteria used to determine that, and the particulars of the data controller, the data supervisors and the people appointed/authorised/designated to process it and the Data Protection Officer, where appointed;
iv) to place limits on how your data is processed, to obtain a portable extract of your data, to have your data deleted, anonymised or frozen where processed unlawfully, and to have your data updated, corrected and added to;
v) to object to your data being processed;
vi) to withdraw your consent, if given (without affecting the lawfulness of the processing carried out based on your consent before you withdrew it);
vii) to complain to the supervisory authority (the Italian Data Protection Commissioner or Garante Privacy).
If you would like to exercise your rights, please contact IVELA SpA, single-member company, at Via Bruno Buozzi 15, Liscate (Mi), Italy or via email at firstname.lastname@example.org.
The Data Controller reserves the right to alter this policy at any time without notice. We advise all Website users and visitors to review this page from time to time, to see if changes have been made and to read any new information. In any event, your data will not be processed for purposes other than those stated in the policy that was current when you provided your data and for which you gave any consent.
You can view any earlier versions of this policy by sending an email at email@example.com.