This policy on the treatment of personal data (see ‘Policy’ below) exists in compliance with article 13 of UE Regulation 679/2016 (General Data Protection Regulation – see ‘GDPR’ below).
The circular describes how and for what purposes your personal data will be handled during your navigation of the site www.bvitalia.eu (see ‘Website’ below) and the use of various functions and services that occur within the site.
In this policy, the terms ‘you’ and ‘your’ refer to the user of the site and its relative functions/services in their capacity as an interested party in the handling of personal data.
A) Holder of the Personal Data Treatment
The official Holder of the treatment of your personal data is Bayview Italia s.r.l. (see ‘Holder’ below).
You are entitled to speak to the Holder for questions, requests or clarifications relating to this policy or the general handling of your personal data, using the following contact details:
- Email address (subject: ‘Privacy’): email@example.com
- Address: Piazza Generale Armando Diaz 5, Milan
- Telephone: +39-800-597070
B) Personal Data Categories
The holder deals with the following categories of personal data during your navigation of the site and the use of its relative functions/services:
- Information and data relating to your navigation of the site and the devices that you use to navigate the site and use its functions and services (such as but not limited to: information relating to the pages and sections of the site that you visit, your activity on the site, the time you spend on individual pages and sections of the site, your IP address, the browser you’re using, the type of device used and data concerning your geographical position on the condition that you have previously agreed to such treatment - information due to Cookies or similar tools issued by pages of the site);
- Should you wish to receive a demo of our products through filling in the relevant form in the ‘Products’ section of the site (or through communication with the Holder), personal data and information will therein be requested to send the contact request and manage your communication (such as but not limited to: name, surname, email address for potential replies but excluding the content of the information or request that you are submitting);
- Should you wish to respond to job offers displayed on the site using the email address given, personal data and information will therein be requested for managing your communication (such as but not limited to: name, surname, email address for potential replies but excluding the content of the information or request that you are submitting);
- Should you wish, for any reason, to contact our company using the email address given, personal data and information will therein be requested for managing your communication (such as but not limited to: name, surname, email address for potential replies but excluding the content of the information or request that you are submitting);
- In the case of possible interaction, on your part, between the content of the site and your social media networks (likes or tweets, for exampl, data and information concerning the relevant profiles will be processed.
Furthermore, and more generally, the Holder may process the following categories of personal data collected outside the site.
- Information and personal data taken from tickets (both electronic and non-electronic), gathered from interested or third parties;
- Information and personal data acquired at events and meetings according to the appropriate policy made available for an interested party when the information is gathered;
- CVs acquired (even non-electronic versions), for the same reasons as seen in c) above.
Personal data such as those referred to in category 1. are gathered automatically by the Data Controller during your navigation of the site. This information is not collected with the intent to identify users, but, because of their nature, may, through the processing and linking with data hold by third parties, enable the identification of the user. In any case, this data are only used to obtain anonymous statistical information on the use of the site to monitor that it is properly working.
Personal data as referred to in categories 2. to 8 are provided directly and intentionally by you.
C) Implication of the failure to provide Personal Data
The processing of personal data such as those referred to in category 1. in the previous section is necessary for the Data Controller in order to guarantee an optimal navigation experience and to offer all of the site’s functions and services. It is, however, possible to limit the processing of such personal data through certain functions made available on the Site (with particular reference to the transmission of Cookies or similar tools – please refer to the site’s Cookies policy) or by your device or browser/navigation application. In such case, the navigation of the site could be limited and some of its functions or services could be inaccessible.
The processing of personal data of categories other than 1., it is necessary to fulfil contractual obligations (i.e. to grant you access to the Site and allow the use of specific functions/services of the Site such as but not limited to receiving a demo) and laws (i.e. the legal obligations of the Data Controller); therefore you must provide the aforementioned personal data when requested in order to access certain services and functions of the Site .
If you do not provide said data, it will not be possible for the Data Controller to allow the use of the functions and services of the Site that you have requested.
D) Purpose of Data Handling and Relevant Legal Bases
Your personal data will be handled for the following purposes and according to the following legal bases.
|Purpose||Pursuing of Legitimate Interests|
|1.||To allow navigation of the site, access to its pages and sections, use of its functions and services (therein including interaction with social network profiles)||Necessary on a contractual basis (art. 6(i)(b) GDPR)|
|2.||To allow your request for product demos||Necessary on a contractual basis (art. 6(i)(b) GDPR)|
|3.||To take in your replies to our job offers by means of the email address offered and/or forwarding a hard copy of an interested party’s CV||Necessary on a contractual basis (art. 6(i)(b) GDPR)|
|4.||To allow the Holder to take in requests put in by administrative, jurisdictional or public security authorities (such as but not limited to: the laws of art. 210 c.p.c and 248 c.p.p)||Necessary for the fulfilment of legal obligations to which the Holder is subject (art. 6(i)(c) GDPR)|
|5.||To allow the holder to assess, check or protect their rights in a legal or non-legal setting or in any case in the event of a dispute or controversy (instituted by you, the Holder, a third party or a legal or administrative authority)||Necessary on a contractual basis (art. 6(i)(b) GDPR)|
|6.||To check that the site is working correctly to make changes or updates and provide an optimal navigation experience||Necessary on a contractual basis (art. 6(i)(b) GDPR)|
|7.||To allow the Holder or a third party responsible for this to check the correct navigation of users on the site||Necessary on a contractual basis (art. 6(i)(b) GDPR)|
|8.||To allow the Holder to get in touch with an interested party following the latter’s request (shown in the buying of tickets, processing of data at events and meetings etc.)||Necessary on a contractual basis (art. 6(i)(b) GDPR)|
With specific reference to the purposes declared in numbers 5,6 and 7, the following must be specified:
|Purpose||Pursuing of Legitimate Interests|
|5.||To allow the holder to assess, check or protect their rights in a legal or non-legal setting or, in any case, in the event of a dispute or controversy (instituted by you, the Holder, a third party or a legal or administrative authority)||It is in the Holder’s interests to defend their rights in cases of controversy|
|6.||To check that the site is working correctly to make changes or updates and provide an optimal navigation experience||It is in the Holder’s interests to improve the site to provide users with an optimal navigation experience|
|7.||To allow the Holder or a third party responsible for this to check the correct navigation of users on the site and/or the correct working of transactions executed||It is in the interests of the Holder to defend themselves from fraud, malicious intent or wrongful actions by users of the site|
|8.||To allow the Holder to get in touch with an interested party following the latter’s request (shown in the buying of tickets, processing of data at events and meetings etc.)||It is in the interests of the Holder to take in requests from potential partners, clients or people interested in their products or services|
Should you want more (or more specific) information concerning the above assessment of the Holder regarding the balance between legitimate interests pursued and interests or rights and the fundamental freedoms of interested parties, you can contact the Holder using the contact details in section A.
E) Categories of Personal Data Recipients
In order to fulfil the purposes laid out above, your personal data will be handled even by third parties that are not the Holder.
Such parties will handle your personal data both on behalf of the Holder (thus, managing it) and as independent holders (upon appropriate communication from the Holder).
Specifically, the following categories of recipients will handle your personal data:
- Service providers necessary for the correct working of the site and its functions/services (such as but not limited to: ICT service providers, hosting service providers, platform providers and data processing applications);
- Legal, administrative and/or public security authorities in conformity with legal arrangements with the aim of investigating and pursuing illicit activities, preventing and safeguarding against risks and threats to security and public order as well as any reasons linked to the protection of the rights and freedoms of individuals.
Should you wish to familiarise yourself with the particulars of all the recipients listed above, you can contact the Holder using the contact details in section A.
F) Transferring Personal Data Outside the European Economic Area
Personal data transferred out of the European Economic Area will only be transferred to countries that guarantee an adequate level of personal data protection, on the basis of a judgement of suitability by the European Commission (for example, the United States).
In the event of a transfer to countries outside the European Economic Area that do not guarantee an adequate level of personal data protection, the transfer will only take place:
- Upon adoption of appropriate guarantees (such as but not limited to: the signing of data transfer agreements that embody the standard contractual clauses approved by the European Commission);
- If necessary for the entering into a contract or the fulfilment of contractual obligations between you and the Data Controller.
In any case, should this eventuality occur, the Holder will take care to provide you with, along with your actual request, detailed information regarding the method of transferring data to third countries, the eventual appropriate measures taken and the ways to obtain copies of the data or the place in which it has been made available.
G) Periods of Storing Personal Data
Your personal data will be retained for a period of time that may vary depending on the type and purpose of the data processing. At the end of the retaining period, personal data will be deleted or irreversibly anonymized. The personal data retention periods are the following:
- Data relating to your navigation of the Site and/or the devices that you use, except in cases where they are necessary to investigate the responsibility for potential offenses or damages to the Site or third parties, will be retained for no longer than 7 (seven) days;
- Data relating to commercial transactions carried out on the Site (including payment data) will be retained until the fulfilment of every administrative, fiscal or civil requirement (such as but not limited to the deadline to withdrawal or object to a payment). Data relating to billing will be retained for 10 (ten) years;
- Data and information relating to contacts between you and the Data Controller will be retained until fulfilment of your requests;
- Data relating to the transmission of commercial communication related to news, initiatives and offers of the Data Controller in relation to purchased products/services will be stored until the interested party exercises their right to oppose this or the data is deleted (also through the selection of the appropriate function in the communication – so called unsubscribe link);
- Data relating to the transmission of commercial communication (including from third party commercial partners), market research and statistical studies carried out with authorization by the data subject will be retained until the data subject exercises its right to oppose this transfer or to request deletion of the data (also through the selection of the appropriate function in the communication – so called unsubscribe link) or after two (2) years have passed since your last interaction with the site.
If, at the end of the period above, personal data must be used for specific purposes (for example, for the protection of the rights of the Holder in the event of a contention), it will be stored until the conclusion of said purposes (for example, until the end of the contention).
At the end of the periods laid out above your personal data will be deleted or made unintelligible to the Holder.
H) Treatment of Personal Data through Automated Decision-Making Processes
Handling of your personal data through automated decision-making processes (therein including profiling in compliance with the laws in art. 22, paragraphs 1 and 4 of the GDPR) is not anticipated.
I) Your Rights regarding the Treatment of Personal Data
You are entitled to request access to your personal data from the Data Controller pursuant to art. 15 GDPR. While exercising your rights, you may request information about:
- The purpose of the data processing;
- The personal data categories;
- The recipients or the categories of recipients to whom personal data has been or will be transferred and in particular if the recipients are other countries or international organizations;
- Where applicable, the anticipated personal data retaining period or, when not available, the criteria used to determine such period;
- The right to request the Data Controller to amend or delete personal data or to limitat the processing of your personal data or to object to said processing;
- The right to file a complaint to a supervisory authority;
- All information regarding the sources of personal data not collected from you;
- The existence of an automated decision-making process, including the profiling tools referred to in art. 22, paragraphs 1 and 4 of the GDPR and, at least in such cases, any significant information on the reasoning used as well as the estimated importance and consequences of such data processing
You are also guaranteed the following rights:
- The right to revoke your permission, in compliance with art. 7(3) GDPR, without jeopardizing the lawfulness of data processing that already took place and the lawfulness of data processing that took place pursuant to another legal basis;
- The right to obtain from the Data Controller the correction of inaccurate data or the integration of incomplete personal data, in compliance with art. 16 GDPR;
- The right to obtain from the Data Processor the deletion of personal data, in compliance with art. 17 GDPR. The fulfilment of the request to delete the data may not be guaranteed by the Data Controller (or the Data Controller could only partially fulfil requests) insofar as the processing of personal data that are the subject of the deletion request is required to fulfil legal obligations and investigations or the exercise or defence of legal claims;
- The right to obtain from the Data Controller the limitation of data processing, in compliance with art. 18 GDPR;
- Within the limits provided by the law, the right to obtain from the Data Processor the portability of personal data processed pursuant your authorization or on a contractual basis in compliance with art. 6, paragraph 1, letters a) and b) of the GDPR; in the event you exercise this right, it will be the responsibility of the Data Processor to provide you with all your data, collected with your authorization or in the fulfilment of contractual obligations, in a structured and interoperable format; where it is technically possible, said personal data can be transferred, in the same way, even to third parties chosen and indicated by you through the proper request;
- The right to object to the processing of your personal data, pursuant to art. 21 GDPR, unless the Data Controller shows, upon receiving such request a legitimate and cogent reason for the data processing which trumps your interests, rights and freedoms, or for an investigation, the exercise or defence of legal claims.
The above mentioned requests must be sent using the contact details in section A.
The Data Controller will reply to the requests without undue delay.
You will also have the right, if you believe that the processing carried out by Bayview Italia S.r.l. violates the provisions of the GDPR, to file a complaint – following the directions as indicated at https://www.garanteprivacy.it/web/guest/home_en - with Italian Data Protection Authority.
J) Policy Changes or Updates
Should the notice be modified or supplemented, the Data Controller will make every reasonable effort to inform the data subjects of said modifications (for example, through specific communications – in the form of a banner or a similar tool – on the site’s homepage).
However, we invite you to verify periodically the section of the Site where the present Notice is located.
K) Data Protection Officer
Bayview Italia S.r.l. It informs you that, pursuant to Art. 37 of the GDPR, on May 14, 2018 has designated Mrs. Francesca Boffa as Data Protection Officer, if necessary, you may contact her at the following email address: firstname.lastname@example.org. The DPO will be available to assist you or inform you about the processing of your data.