Privacy policy for online activities

Disclosure made under GDPR – EU Regulation 2016/679 to those interacting with Com40 S.r.l. web services accessible by telematics from the address www.com40.it. The policy is made only for the www.com40.it site and not also for other websites possibly consulted by the user via special links. In accordance with the obligations of the GDPR – EU Regulation 2016/679 with this in mind that Com40 Ltd., based in Via Concordia 1 – Oderzo (TV), as a Holder will subject to processing the personal data freely conferred by the user/visitor in accordance with the rules in force. In particular, the treatment will be based on the principles of fairness, law and transparency as required by the GDPR – EU Regulation 2016/679: the data will not be surplus, as well as collected and recorded for the purposes referred to in paragraph 1 and retained for the period of time necessary for the purposes for which they were collected.

1. Type of data processed and purpose of treatment

1.1. Navigation data
The computer and software systems responsible for the operation of this site acquire, during their normal exercise, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the addresses in Uniform Resource Identifier/Locator (URL) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (good outcome, error, etc.), and other parameters related to the operating system. This data, which is necessary for the use of web services, is also processed for the purpose of:

  • obtain statistical information on the use of services (most visited pages, number of visitors per time or daily time, geographical areas of origin, etc.);
  • check that the services offered are working correctly.

Browsing data is captured and processed through the Google Analytics platform and has a 26-month stay on Google’s servers.

1.2. Data provided voluntarily by user/visitor
The optional, explicit and voluntary sending of messages to Com40 contact addresses, as well as filling in and forwarding forms on the site, involves the acquisition of the sender’s contact information, which is required to respond, as well as all personal data included in the communications. The collected data will be used for the following purposes:

  • to respond to requests received;
  • to improve our Site (we use user feedback to improve our services);
  • to create promotions, surveys, to send information to users about topics that we think may be of interest to them;
  • to send periodic emails, we can use the user/visitor’s email addresses to send them information and updates; the same address can be used to answer your questions and requests.

The user/visitor will be able to exercise his rights to the controller at any time under the GDPR – EU Regulation 2016/679.

1.3. Cookies
Please refer to the full text of the cookie policy.

1.4. Purpose of treatment
The personal data provided will be processed in accordance with the conditions of ex art law. 6 f) Reg. EU 2016/679 for the following purposes:

  • navigation on this website
  • any data collection form fill for recruitment
  • any form compilation data collection for receiving newsletters, promotional communications via email or automatic notifications about new articles or comments.

1.5. Data recipients
The personal data provided will be communicated to recipients, who will process the data as managers (Article 28 of the EU 2016/679 Reg. 2016) and/or as individuals acting under the authority of the Holder and the Manager (Article 29 of the EU 2016/679 Reg. 2016), for the purposes listed above. Precisely, the data will be communicated to:

  • individuals who provide services for the management of the information system and communication networks (including e-mail)
  • studies or companies in the context of support and advisory reports
  • authorities responsible for fulfilling legal obligations and/or public body provisions, at the request of
  • In the case of an accounting administrative purpose, the data may possibly be transmitted to commercial information companies for the assessment of solvency and payment habits and/or subject to debt collection purposes.

Individuals in these categories act as a data processor, or operate independently as separate holders of the treatment.

2. Treatment mode

The processing of data can be carried out both in a non-automated way and with the help of electronic, computer and telematics tools, for the time strictly necessary to achieve the purposes for which they were collected. The methods of processing will be suitable to ensure the security and confidentiality of the data itself in accordance with the GDPR – EU Regulation 2016/679 regarding “minimum security measures” for the processing of personal data. The data collected will not be disclosed – outside of the cases of mandatory communication by law – nor of dissemination, except as indicated in paragraph n. 1.4., if not anonymously and aggregated, for statistical purposes and promoting Com40’s activities. Only with the express consent of the applicant, the applicant’s email address can be used to send communications concerning Com40 initiatives deemed to be of interest to the applicant. All technical, IT, organisational, logistical and procedural security measures will be taken in carrying out the treatment, as required by the GDPR – EU Regulation 2016/679, so that the minimum data protection measures provided by the law are guaranteed. The security measures mentioned above will ensure that only people in charge of Com40’s treatment will have access to the data.

2.1. Data retention period
The data collected for the purposes of paragraph 1.4 is retained for the duration of the subscription to the Newsletter Service of the Interested and for the 10 years following the deadline, resolution or withdrawal from it, except in cases where the retention for a later period is required for any litigation, requests of the competent authorities or under applicable legislation. When the retention period ends, the Data will be deleted, anonymized or aggregated.

2.2. Data transfer
The data can be freely transferred outside the national territory to countries located in the European Union. The possible transfer of the person’s data to countries located outside the European Union will, in any case, be in accordance with the appropriate and appropriate guarantees for the transfer itself under applicable law and in particular Article 44 of the Privacy Code and Articles 45 and 46 of the Privacy Regulation. You will have the right to obtain a copy of the data held abroad and to obtain information about the place where that data is stored by making an express request at the address in paragraph 4 of this policy.

3. Rights of those affected

Any physical person who uses our service can:

  • to obtain information from the holder at all times about the existence of their personal data, the origin of their personal data, the purpose and manner of processing and, if any, to gain access to the personal data and information referred to in Article 15 of the GDPR
  • request updating, rectifying, integrating, deleting, limiting data processing if any of the conditions under Article 18 of the GDPR apply, anonymously or blocking personal data, treated in violation of the law, including those that do not require retention in relation to the purposes for which the data was collected and/or subsequently processed
  • to oppose, in all or part, for legitimate reasons, the processing of data, although relevant to the purpose of the collection and processing of personal data provided for commercial information or the sending of advertising or direct sales material or for the completion of market research or commercial communication. Each user also has the right to withdraw consent at any time without prejudging the legality of the treatment based on the consent given before the revocation
  • receive their personal data, provided consciously and actively or through the use of the service, in a structured format, common use and readable by automatic device, and to transmit it to another controller without impediments
  • complain to the Italian Data Protection Authority.

Please note that for any questions or requests related to your personal data and respect for your privacy you can write to info@com40.it.

4. Changes and updates

Com40 Ltd. may also make changes and/or additions to that policy, also as a result of the beginning of the effectiveness of the Privacy Regulation and any subsequent changes and/or regulatory additions. The changes will be notified in advance and the Interested person will be able to view the text of the policy constantly updated in the Privacy section of the www.com40.it site.