Policy statement for the processing of personal data
pursuant to article 13 EU Regulation 2016/679
Pursuant to Art. 13 of the European Regulation (EU) 2016/679 (hereinafter GDPR), and regarding the personal data of which Irsap spa will dispose as part of the on-line sales process for goods/services concerning IRSAP NOW devices, we inform you of the following.
- Data Controller
The Data Controller is Irsap spa (VAT reg. no. 00040070294), with registered offices at Via delle Industrie 211, Arquà Polesine (RO).
- Data Subject
Data Subjects are the customers of Irsap spa, understood as: consumers ex Lgs. Decree no 206/2005, or professional users (owners of individual companies, legal representatives of businesses).
- Personal data
To use the on-line sales process for products/services relating to IRSAP NOW devices, the data subject will need to provide the following personal data:
- Name and family name
- Delivery/installation address
- Telephone no.
- Payment/invoicing details
- Purpose of data processing
Data processing is for the sole purpose of performing pre-contractual and contractual obligations (completion of on-line purchase of Irsap Now Systems and provision of installation, customer care and technical assistance services), as well as for legal, fiscal and accounting obligations, and to meet the specific needs of the customer.
For example, personal data will be processed for:
4.1 management of the pre-contractual stage and establishment/performance of the contractual relationship with the customer (on-line purchase of Irsap Now Systems and provision of customer care and corrective maintenance services);
4.2 fiscal and accounting management for the contractual relationship;
4.3 management of company quality systems and processes;
4.4 promotion of company activities, customer satisfaction and maximising customer loyalty.
4.5 profiling for the sending of customised communication;
Personal data may be processed using hardcopy and computer-based means - including portable devices - and processed using the methods strictly necessary to meet the aims stated above
- Legal basis for processing
5.1 The basis for processing, for the purposes as per point 4.1 is represented by the performance of the contract between the parties (art. 6, subsection 1, lett. b) Reg. EU 2016/679).
5.2 The basis for processing for the aims stated in the point and 4.4 is represented by the legitimate interest of the Data Controller or by third parties (art. 6, subsection 1, lett. f) Reg. EU 2016/679).
5.3 The basis for processing, for the purposes as per point 4.3 is represented by the performance of the contract between the parties (art. 6, subsection 1, lett. b) Reg. EU 2016/679).
5.4 The basis for processing, for the purposes as per point 4.5 is represented by the consent of the party concerned (art. 6, subsection 1, lett. a) Reg. EU 2016/679).
- Result of failure to provide personal data
Regarding the personal data pertaining to the performance of the agreement, of which the data subject is part or concerning the performance of a legal obligation, failure to communicate personal data will prevent the completion of the contractual relationship.
- Data retention
The Personal data being processed for the purposes stated in point 3 will be retained for the period of the agreement and subsequently, for the time for which the Controller is subject to retention obligations for tax purposes or for other purposes required by law or regulations. Specifically, data will be retained for the ten-year time limit required for retaining documents necessary for accounting, taxation and anti-money laundering purposes, in compliance with that stated in the reference standards,
- Data communication
The data subject’s information will be communicated to and processed by employees authorised by the Data Controller for this purpose (contact, appointed/authorised to carry out processing).
According to that required for the performance of the agreement, personal data may be communicated to:
- Accounting firm
- Law firm
- Credit institute
- Public and private bodies
- Control and certification bodies
- Public security authorities or insurance companies as well as third parties authorised by specific provisions in Law or Regulations, imposed by the laws of the European Union or member state to which the Data Controller is subject.
Data can be known by other independent Controllers or External Managers appointed by the Data Controller.
- Transfer to third countries
Irsap Spa may transfer data to third countries or international organisations.
In this case, Irsap Spa undertakes to perform this transfer in compliance with the guarantees set down in section V of the GDPR (Articles 46 and 47 GDPR).
- Data subject’s rights
The data subject has the right to:
- request access to their personal data and to the information regarding same; correction of incorrect data or the integration of incomplete data; deletion of personal data (in the event of the occurrence of one of the conditions stated in Art. 17, paragraph 1 of the GDPR and in compliance with the exceptions set down in section 3 of the same article); limitations to the processing of personal data (on the occurrence of one of the situations stated in Art. 18, section 1 of the GDPR);
- request and obtain - in the event that the legal basis of processing is the contract or consent, and the same is achieved with automated means - the personal data in a structured, legible format for the automatic device, also for the purpose of communicating these data to another data controller;
- oppose the processing of these personal data at any time, on the occurrence of specific situations involving the data subject;
- withdraw consent at any time, limited to the hypothesis in which treatment is based on the consent for one or more specific purposes, and concerns shared personal data (for example, date and place of birth or residence or specific data categories (for example, data that reveal racial origins, political opinions, religious beliefs, health or sexual orientation). Processing based on consent and carried out before the withdrawal of same will in any case be considered legal;
- submit complaint to a controlling authority.
Statement made with reference to cookies on the website https://now.irsap.com belonging to Irsap spa, with offices in Arquà Polesine (RO), Via delle Industrie 211, Data controller.
What is a cookie?
A cookie is a small text file that is stored in a computer’s memory as soon as the user visits the website. The text stores information that the site is able to read at the time in which it is consulted at a later time. Some of these cookies are required for the correct operation of the website, while others are useful to the visitor because it is able to store data safely, such as user name and language settings. The advantage of having cookies installed in your PC is that you no longer need to fill out the same intervention every time you want to access a site visited previously
What types of cookie are used on https://now.irsap.com?
Generally, we can divide cookies into three categories: “Functional”, “Analytical” and “Tracking”. You can find more information on each cookie category used by IRSAP S.p.a., as follows.
- Functional Cookies
These cookies are essential, since they allow the user to move and use the functions around the Service, such as accessing reserved areas.
These cookies collect information about the user name that is used to access the service used to access the service, to reduce and enable interactions with the administrative functions of the Service. These cookies can also remember a user's access to guarantee new and different content compare to new or non authenticated users.
- Analytics cookies
We use Google Analytics to analyse the use of our site.
Analytics cookies record access in anonymous format, providing general information, if necessary, with an approximate geographical location - city only - obtained from the user’s IP.
The information generated for our website are then used to provide reports on the use of our Service.
- Profiling Cookies
These are used to create customised profiles to send customised communication, with the user's consent.
Cookies can be deleted by the user through the options available on their browser.
How do I deactivate cookies?
Browser settings can be edited to deactivate cookies following a simple procedure. Important: disabling cookies can prevent the website to access other basic functions such as registration or access to reserved areas and interactive functions.
- Open Firefox
- Press the “Alt” key on the keyboard.
- Select “Tools” from the tool bar in the top part of the screen, followed by “Options”.
- Then select the “Privacy” tab.
- Go to “History Settings” and then to “Use custom settings for history”. Deselect “Accept cookies from sites” and save the preferences.
- Open Internet Explorer.
- Click on “Tools” and then on “Internet Options”.
- Click the “Privacy” tab, move the slider to the level of privacy that you want to set (up to block all cookies or down to allow all),
- and then click OK.
- Open Google Chrome.
- Click on the “Tools” icon
- Select “Settings” and then “More Settings”
- Under “Privacy”, select “Content settings”.
- From the Cookies and site data”, where it is possible to search and delete specific cookies.
- Enter chrome://settings/cookies into the search bar and press send.
- This opens the Cookies and site data” tab, where it is possible to search and delete specific cookies.
- Open Safari
- Select “Preferences” in the tool bar, followed by “Security” in the dialogue box that will open.
- In the “Accept cookies” it is possible to specify if and when Safari must save cookies from websites. For more information, click on the Help button (marked with a question mark).
- For more information on the cookies that are stored on your computer, click on “Show cookies”.