The Data Controller is Biesse SpA, with registered office at Via della Meccanica, 16, Pesaro, Italy, phone number: +39 0721 439100, Tax Code and VAT number IT 00113220412 Companies Register Pesaro Urbino No. 1682 (hereinafter referred to as the 'Company' or ‘Controller’).
DPO contact details
The DPO can be contacted at firstname.lastname@example.org.
Purposes and legal basis of the data processing and data conservation period
The data you provide on completing the dedicated form will be processed in order to respond either by email or telephone to your requests for contact/information.
The processing is necessary to fulfil specific requests of the data subject. The legal basis for processing is therefore the execution of a contract to which the data subject is a party.
This data will be kept for the time necessary to respond to individual requests for information, up to a maximum of 24 months. Once the period above has elapsed, your data will be destroyed or made anonymous in accordance with the technical procedures of cancellation and back-up.
Pursuant to Article 13(2)(e) of the GDPR, we hereby inform you that the provision of data marked with an asterisk is mandatory; as such, any refusal to provide this data will render it impossible to respond to your request for contact.
The provision of other data, not marked with an asterisk on the form, is optional.
Parties authorised to process the data
Your personal data will be processed by company employees and/or outside staff who have received adequate operating instructions and who the company has expressly authorised to process it.
Data recipients and transfer of data outside the EU
The data may also be processed by entities designated by the Company as data controllers, including those with headquarters outside the EU. These entities, by way of example, provide the Company with professional services instrumental to the purpose indicated in this privacy statement, such as, by way of example: the company responsible for maintenance/management of the Company's website and of the electronic and/or telematic tools it uses; the company that manages the sending of responses to requests, as well as the company that provides the CRM software (and in particular the Salesforce Services - i.e. Sales Cloud, Service Cloud, Chatter and Communities – and Marketing Cloud services), currently salesforce.com EMEA Limited, with registered office in the UK.
Salesforce.com has adopted the Binding Corporate Rules ("BCR") for Processors to legitimise the transfer of personal data outside the European Union to companies within its group that process such data on behalf of Data Controllers established in a member state in their capacity as Data Processors and/or Sub-Data Processors.
Salesforce’s Processor Binding Corporate Rules are available at the following link https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf
For further information, please consult the following links https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/EU-Data-Transfer-Mechanisms-FAQ.pdf and https://help.salesforce.com/articleView?id=000314281&type=1&mode=1 (“Where is my Salesforce instance located?”)
Your data may be communicated to independent data controllers such as supervisory and control authorities and bodies and, in general, public or private parties entitled to request/receive the data.
Rights of the data subject
The data subject may exercise the rights provided for by Articles 15-22 of the GDPR vis-a-vis the Data Controller and, in particular, may request access to the data concerning them, its erasure, the rectification of inaccurate data, integration of incomplete data and restriction of processing in the cases envisaged by Article 18 of the GDPR.
In order to exercise their rights, the data subject may contact the Data Controller by sending a written communication to the above address or an email to email@example.com
Data subjects may, at any time, lodge a complaint with the Personal Data Protection Authority (Article 77 of the GDPR), as well as take legal action before the appropriate courts (Article 79 of the GDPR).
 Pursuant to Article 18 of the GDPR, the data subject has the right to obtain restriction of processing from the data controller when one of the following hypotheses applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests the restriction of its use;
c) although the controller no longer needs the personal data for the processing purposes, it is required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
What cookies are
Cookies (or markers) are small text files that are sent by the web server visited by the user to their device (usually to the browser), when the user accesses a specific website. Their purpose is to store and send information. They are memorised so that the device can be recognised the next time the website is visited. Indeed, at each subsequent visit, the cookies are re-sent by the user's device to the website.
Each cookie generally contains:
- the name of the server from which the cookie has been sent;
- the expiry and a value, usually a unique number generated randomly by the computer.
First-party and third-party cookies
Cookies can not only be installed by the manager of the website visited by the user (first party cookies), but also by a different website that installs cookies via the first website (third party cookies) and is capable of recognising them. This occurs because the visited website can host elements (images, maps, sounds, specific links to pages of other domains, etc.) that lie on different servers from the one on which it is hosted.
Technical, analytical and profiling cookies
Depending on their purpose, the cookies can be divided into technical cookies and profiling cookies.
Technical cookies are cookies used only to “send a communication on a digital communication network or, to the extent strictly necessary, to the supplier of a service who has been explicitly asked by the subscriber or user to provide said service”." (see Art. 122, paragraph 1 of the Privacy Act, as amended by Italian Legislative Decree 69/2012). In particular, these cookies are normally used to enable users to navigate efficiently through the pages, memorise their preferences (language, country, etc.), perform digital authentications, manage the shopping cart or enable users to make purchases online, etc.
Technical cookies can be divided into browsing cookies, used to record data useful for normal browsing and use of the website on the user's computer (e.g. allowing preferred page size in a list to be remembered) and functional cookies, which allow the website to remember the choices made by the user to optimise its functionality (e.g. functional cookies allow the website to remember a user's specific settings, such as country selection and, if set, permanent access status). Some of these cookies (known as essential or strictly necessary) enable functions without which it would be impossible to carry out certain operations.
Pursuant to the above-mentioned Art. 122, paragraph 1 of the Privacy Act, the users' consent is not required for the use of technical cookies, but there is an obligation to inform them.
Pursuant to the Provision, so-called analytical cookies are treated the same as technical cookies - and, therefore, user consent is not required for their installation - if:
- they are created and used directly by the first party website operator (without, therefore, the intervention of third parties) for the purpose of optimising the website to collect aggregate information on the number of users and how they visit the website, as well as
- created and made available by third parties and used by the first party website for only statistical purposes, if suitable tools are adopted to reduce their identification ability (for example, by masking significant parts of the IP address) and if their use is subject to contractual obligations between the first party website manager and third parties, in which express reference is made to the third party's commitment to use them exclusively for the service provision, to store them separately and not to "enhance" or "cross-reference" them with other information they have at their disposal.
Profiling cookies are used to track the user's browsing, analyse user behaviour for marketing purposes and create user profiles based on their tastes, habits, choices, etc. in order to send targeted advertising messages with reference to the user's interests and in line with the preferences expressed by the latter when browsing online. These cookies, pursuant to Art. 122 of the Privacy Code, can be installed on the user's terminal only if they have given their consent with the simplified procedures identified by the Italian Data Protection Authority in the Provision (publication on the website of a "short" notice in an immediate pop-up banner on the home page (or other page through which the user can access the website), which refers to an "extended" notice, which is accessed through a link that can be clicked by the user).
Persistent and session cookies
Based on their duration, cookies can be classed as persistent cookies, which remain memorised until their expiry on the user's device, unless the latter removes them, and session cookies, which are not persistently memorised on the user's device and disappear when the browser is closed.
Cookies used by this Website
Legal basis for the processing
Below are the legal bases for processing by type of cookie:
- technical browsing and functional cookies: fulfilment of a contract of which the Data Subject is a party (user request to access and use the contents of the website);
- analytical cookies used for profiling purposes: consent.
Methods for giving and withdrawing consent for the installation of analytical and identification cookies used for profiling purposes
However, you can also express your cookie preferences through your browser settings. Almost all web browsers are configured by default to automatically accept all cookies. However, it's possible to change this default configuration through your browser settings, which allow you to delete and/or remove all or some cookies, block the sending of cookies or limit it to certain websites. Deactivating/blocking or deleting the cookies could however preclude certain areas of the website from being used to optimum effect, prevent certain services from being used and slow down the browsing experience.
How the cookie management settings are configured depends on the browser used. Usually, the cookie settings can be adjusted from the "Preferences", "Tools" or "Options" menu.
The links to the cookie management guides for the main browsers are provided below:
- Internet Explorer: http://support.microsoft.com/kb/278835
- Internet Explorer [mobile version]: http://www.windowsphone.com/en-us/how-to/wp7/web/changing-privacy-and-other-browser-settings
- Edge: https://support.microsoft.com/en-gb/help/4027947/microsoft-edge-delete-cookies
- Safari: http://docs.info.apple.com/article.html?path=Safari/5.0/en/9277.html
- Safari [mobile version]: http://support.apple.com/kb/HT1677
- Android: http://support.google.com/mobile/bin/answer.py?hl=en&answer=169022
For browsers other than those listed above, see the relevant guide for details on how to manage cookies.