Stilscreen S.r.l. with registered office in Bellusco (MB), Via dell’Artigianato, 35/37, as the Data Controller for processing data collected/transmitted via the website, hereby informs you, pursuant to art. 13 of Legislative Decree (D.Lgs.) No. 196 dated 30.6.2003 (hereafter, referred to as the “Privacy Code”) and art. 13 of European Regulation No. 2016/679 that the new European Regulation No. 2016/679 (hereafter, referred to as “GDPR”) regarding the protection of natural persons with reference to the processing of personal data, as well as the free circulation of such data, is applicable definitively in all EU Countries from 25th May 2018.
The Regulation introduces new safeguards in favour of data subjects and new obligations for Data Controllers and Data Processors and confirms the requirements already established by Legislative Decree No. 196 dated 30.6.2003, i.e., in particular, that the data subject (hereafter, also referred to as the “data subject”) is to be informed in advance regarding the use of the data which regard him/her and that the processing of personal data by the Company is only permitted with the data subject’s express consent, except in the cases provided for by law.
Therefore, we wish to inform you of the following in relation to the personal data to be processed.
- PURPOSES OF DATA PROCESSING
The personal data provided by users via the website pages have the following purposes:
- requests for information regarding our products and services;
- to enable browsing the website;
and we use the data for the sole purpose of performing the requested service and the data are processed as specified in greater detail in this information notice.
- SOURCE OF PERSONAL DATA
We will only use your data collected via the www.stilscreen.com website, which are:
- browsing data, for example, the IP address, or the domain names of the devices used by the users who connect to the site, the time of the request and other parameters relating to the user’s operating system and the IT environment;
- data provided voluntarily and freely to request information.
We invite you not to communicate special personal data (sensitive data, legal data or data referred to minors).
The computer systems and the software procedures used to operate of this Internet website acquire certain personal data as part of their normal functioning, the transmission of such data is implicit in the use of the Internet communication protocols. Reference is made to information that by its very nature could enable users to be identified, through processing and associations with data held by third parties.
This category of data includes the IP addresses or the domain names of the devices used by the users who connect to the site, the time of the request, and other parameters related to the user’s operating system and the IT environment. Such data is only used for the purposes of obtaining anonymous statistical information regarding the use of the site and to check it correct operation. The data may be used to ascertain responsibility in the event of hypothetical computer-related crimes against the site and may be communicated to the Judicial Authority, if the Judicial Authority explicitly requests such data.
- METHODS OF DATA PROCESSING
The data will be processed in compliance with the limits and conditions set out in art. 11 of the “Privacy Code”, and in particular:
- is carried out by means of operations or a series of operations indicated in art. 4, paragraph 2) of the “GDPR”, and more in detail: the collection, recording, organisation, storing, consulting, processing, modification, selection, retrieval, comparison, utilisation, interconnection, blocking, communication, erasure and destruction of data;
- is performed using paper-based, computer and telematic procedures;
- is performed in compliance with the principles of confidentiality, integrity and availability;
- is carried out by our personnel, in the framework of their respective functions and in compliance with the instructions received and/or by the external service providers who act on behalf of our company and only for the specific tasks which are assigned;
- is not performed with automated procedures and/or profiling.
- SENSITIVE AND LEGAL DATA
The data subject, in relation to specific operations requested from Stilscreen, consents to the latter processing of data communicated voluntarily, pursuant to art. 9 and art. 10 of the “GDPR”.
- DATA STORAGE PERIOD
Your data will be processed for as long as is necessary to provide the service you have requested.
- CATEGORIES OF PERSONS TO WHOM THE DATA MAY BE DISCLOSED
Your data may or will also have to be disclosed to the following persons or categories of persons, in strict relation to the purposes indicated above:
- companies of the group of which our company is a member (parent companies, subsidiaries and associated companies, also
indirectly, in accordance with the applicable provisions of law);
- other third parties: external companies (for example: ICT suppliers responsible for managing the website) of which Stilscreen avails itself, for technical and organisational reasons, which are trusted, and have committed themselves to confidentiality.
All the external persons, for which disclosure is not a mandatory requirement, included in the above-mentioned categories, shall use the data as “Data Controllers”, in full autonomy, pursuant to law, or if necessary, may be appointed as “external Data Processors” by the Data Controller Stilscreen.
- DATA DISSEMINATION
Your personal data will not be disseminated by us.
- POSSIBLE TRANSFER OF DATA ABROAD
Your personal data received via the website based on the procedures and purposes described above will not be transferred abroad except in the case of group companies in close relation to the aforementioned purposes.
- DATA CONTROLLER
Stilscreen with registered office Bellusco (MB) in Via dell’Artigianato, 35/37, represented by the pro-tempore legal representative is the Data Controller.
- DATA SUBJECT’S RIGHTS
The data subject may contact the Data Controller at any time to enforce his/her rights, which we summarise below:
- to be informed whether personal data which may concern him/her are being processed;
- to obtain confirmation as to whether or not personal data which concern him/her exist, regardless of their being already recorded, and the communication of such data in an intelligible form and of their source, as well as the logic applied and the purposes on which the data processing is based;
- to obtain the erasure, anonymisation or blocking of data processed unlawfully, including data whose retention is unnecessary in relation to the purposes for which the data were collected or subsequently processed;
- to obtain the updating, rectification, or integration of the data, where interested therein. In particular, the data subject may request the Data Controller to access the personal data, at any time, and to rectify or erase such personal data or limit the processing of the data which concern him/her or to object to the processing of such personal data and in addition may assert the right to data portability;
- may object, in whole or in part, on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
- to know the identification data concerning the Data Controller, the data processor and the representative designated; the entities or categories of entity to whom or which the personal data may be communicated and who or which may become aware of said data in their capacity as a representative designated in the State’s territory, data processors or persons in charge of data processing;
- to obtain certification to the effect that the operations referred to in the sub-sections above have been notified to the entities to whom or which the data were communicated or disseminated, except in the case that this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected;
- to revoke consent, at any time, without prejudicing the lawfulness of the data processing based on the consent given prior to revocation and to lodge a complaint with a supervisory authority.
- MECHANISMS TO EXERCISE RIGHTS
The data subject may send his/her request directly to the Data Controller at the following address in order to exercise his/her rights and/or for any information needed: email@example.com.
- HOW TO CONTACT THE ITALIAN DATA PROTECTION SUPERVISOR
The data subject may send a report or a complaint to the Italian Data Protection Supervisor using the procedure it deems most appropriate, delivering it by hand to the Italian Data Protection Supervisor’s offices (at the address indicated below) or by sending:
- a registered letter with recorded delivery addressed to the Italian Data Protection Supervisor, Piazza di Monte Citorio, No. 121 – 00186 Rome;
- an e-mail to the following address: firstname.lastname@example.org, or email@example.com;
- a fax to the following number: 06.696773785.
- MANDATORY OR OPTIONAL NATURE OF PROVIDING THE DATA AND CONSENT
The provision of your data is optional, pursuant to art. 6, paragraph 1, sub-sections b) and c) of the “GDPR”.
- REFUSAL TO PROVIDE DATA
Your refusal to provide your personal data could render it impossible to provide you with the services you have requested.