Privacy Policy – Information Note

INFORMATION NOTE ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF (EU) REGULATION 2016/679

Grafoplast srl, Zona Industriale 15077 Predosa (AL), Tax ID Code/VAT Number 07460940963, as Data Controller (hereinafter: “DATA CONTROLLER”), pursuant to EU Regulation 2016/679 (hereinafter: “Regulation”) – considers privacy and the protection of Personal Data to be the primary objective of its business. Therefore, before transmitting any personal data to the Data Controller, please read this Policy carefully: it contains important information on the processing of your Personal Data. “Personal data” means any information concerning an identified or identifiable natural person (“data subject”); a natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, residence data, an online ID or one or more characteristic elements of his/her physical, physiological, genetic, psychic, economic, cultural or social identity.
 This Policy:
• is intended as provided for the following websites
o https://www.grafoplast.it;
o https://www.siglatura.it.
• it is provided pursuant to art. 13 of the Regulation, to those who interact with the web services of the Website and of the Data Controller, both through simple consultation and through the use of specific services made available by the Website
The Data Controller can be contacted at: privacy@grafoplast.it.
This document has been drawn up pursuant to Article 13 of EU Regulation 2016/679 (hereinafter: “Regulation “) in order to enable you to learn about our privacy policy, to understand how your personal information is processed when you use our websites and, where appropriate, in order to give your consent to processing your Personal Data in a free and informed manner. The information and data provided by you or otherwise acquired in connection with the use of the services of the DATA CONTROLLER, – such as for example the request for information – hereinafter “Services” -, will be processed in accordance with the provisions of the Regulation and the obligations of confidentiality which inspire the activities of the Data Controller.
According to the rules of the Regulation, the processing carried out by the Data Controller will be based on the principles of lawfulness, correctness, transparency, of purpose and conservation limitation, data minimisation, accuracy, integrity and confidentiality.
 TABLE OF CONTENTS
1. Data Controller
2. Personal Data subject to processing
a. Browsing data
b. Data provided voluntarily by the data subject
3. Purposes of the processing
4. Legal basis and mandatory or optional nature of the processing
5. Recipients of Personal Data
6. Retention of Personal Data
7. Rights of the data subjects
8. Modifications
_______________________________________________
1. Data Controller
The Data Controller of the processing carried out through the Website is Grafoplast srl, Zona Industriale 15077 Predosa (AL), Tax ID code/VAT number 07460940963, who can be reached at the email address privacy@grafoplast.it
2. Personal Data subject to processing
Following browsing of the Website, we wish to inform you that we may process other Personal Data freely provided by you in the information request forms (for example, to obtain course information or in order to request enrolment in training courses). Any sensitive data, pursuant to art. 9.1 Reg. 2016/679/EU, should not be processed without the prior explicit consent of the data subject.
a. Browsing data
During normal operation, the computer systems and software procedures used to operate this website acquire some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with any data subjects, but by its very nature it could identify the users through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers employed by users who connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error etc.) and other parameters concerning the user’s operating system and computer environment. These data are used only in order to obtain anonymous statistical information concerning use of the website and to check its correct operation, to identify anomalies and/or abuse, and are deleted immediately after their processing. The data could be used to ascertain responsibility in case of computer crimes against the Website or against third parties: except for this possibility, the data concerning web contacts do not currently persist for more than seven days.
b. Data provided voluntarily by the data subject
We may process personal and/or contact information such as your name, surname, email address and telephone number. 
Should you submit Personal Data of third parties to the DATA CONTROLLER, you must guarantee – assuming all responsibility – that this particular case of processing is based on a suitable legal basis pursuant to art. 6 of the Regulation, which legitimises the submission of this information to the DATA CONTROLLER and its related processing.
3. Purposes of the processing
The processing of data that we intend to carry out may have the following purposes:
a. To allow the provision of the services requested by you such as:
requesting information concerning the Data Controller’s products
purchasing products and relative communications regarding the purchase and all the activities related to the purchase
participating in courses and events
b. to respond to requests for assistance or information;
c. to fulfil any legal, accounting and tax obligations;
d. to assert or defend rights in court, in the event of abuse in the use of the Website and/or of our Services.
e. communications about products and promotions
4. Legal basis and mandatory or optional nature of the processing
The legal basis for processing Personal Data for the purposes referred to in section 3(a-b) is art. 6.1.b) of the Regulation, as the processing is necessary to provide the Services or to respond to requests from the data subject. The provision of Personal Data for these purposes is optional, but failure to provide the data would make it impossible to activate the Services provided by the Website.
The purpose referred to in section 3(c) represents the processing of Personal Data carried out pursuant to art. 6.1.c) of the Regulation, in order to fulfil a legal obligation. Once the Personal Data has been provided, the processing is verily required in order to comply with a legal obligation which the DATA CONTROLLER is subject to. Processing for the purposes referred to in section 3(d) would be carried out in accordance with art. 6.1.f) of the Regulation.
5. Outsourced activities
In pursuing its activities, the Data controller requires other operators to perform certain services on its behalf. Operators who are not our representatives for processing personal data will be appointed as Data Processors (in accordance with art. 28 GDPR) and will process the data within the limits strictly necessary to provide the commissioned service and exclusively for that purpose and they themselves will ensure that their representatives have signed a confidentiality agreement. For anything not indicated herein, these subjects must provide a specific information note on the processing of personal data they carry out
6. Data retention
The Personal Data processed for the purposes referred to in section 3(a-d) will be kept for the time strictly necessary to achieve those same purposes in accordance with the principles of minimisation and limitation of storage pursuant to art. 5.1.e) of the Regulation. In any case, the Data Controller shall process the Personal Data for the time necessary to fulfil contractual and legal obligations.
Additional information concerning the period of data retention and the criteria used to determine this period can be requested by writing to the Data controller.
7. Rights of the data subjects
In accordance with articles 15 and subsequent articles of the Regulation, you have the right at any time to request access to your Personal Data, to their rectification or deletion, to the limitation of processing in the cases provided for by art. 18 of the Regulation, to receive the data concerning you in a structured, commonly used format, readable by an automatic device, in the cases provided for by art. 20 of the Regulation. At any time, you may revoke your consent pursuant to art. 7 of the Regulation; lodge a complaint with the competent supervisory authority pursuant to art. 77 of the Regulation (Authority for the Protection of Personal Data WWW.GARANTEPRIVACY.IT) pursuant to art. 77 of the Regulation, should you believe that the processing of your data is contrary to the legislation in force.
You can make a request to oppose the processing of your data under Article 21 of the Regulation, providing evidence of the reasons justifying the opposition: the Data Controller reserves the right to evaluate the request, which would not be accepted in case of the existence of legitimate binding reasons to proceed with the processing which prevail over your interests, rights and freedoms.
Requests should be addressed in writing to the Data Controller.
8. Modifications
This privacy policy was updated on 17 September 2019.  The DATA CONTROLLER reserves the right to modify or simply to update the content, in part or in full, including due to changes in the applicable legislation. The DATA CONTROLLER will inform you of such changes as soon as they are introduced and they will be binding as soon as they are published on the Website. The DATA CONTROLLER therefore invites you to regularly visit this section to learn about the most recent and updated version of the privacy policy in order that you may always be kept updated concerning the data collected and their use by the DATA CONTROLLER.
Cookie Policy
Foreword
This Cookie Policy (hereinafter also referred to as the “Policy”) has the purpose of describing how we operate the website currently available at www.grafoplast.it and www.siglatura.it with respect to the use of cookies or markers (hereinafter also referred to as “Cookies”).
The above-mentioned website is owned by Grafoplast S.r.l.
Cookies or markers (hereinafter also referred to as “Cookies”) are packages of information sent by a web server (in this case from this website) to the user’s/visitor’s Internet browser (hereinafter also referred to as “Browser”) and automatically stored by the latter on the personal computer or mobile device (hereinafter also referred to as “Device”) used for navigation and automatically sent back to the server each time the website is accessed. This site uses Cookies; therefore, in order to fully enjoy the service, we recommend configuring the browser used for navigation in such a way that it accepts receipt of said Cookies.
Table of contents
1. General information about the Cookies used
2. Cookies used for aggregate analysis of website visits
3. Cookies used to post interest-based ads
4. List of Cookies
5. How to disable Cookies
1. General information about the Cookies used
Please note that by default almost all browsers are set to automatically accept Cookies. Users/visitors can however change the default settings at any time. As stated above, disabling or deleting cookies may however preclude optimal use of some areas / functions of the website or compromise the use of services offered after authentication. Should users/visitors wish to decide on each occasion whether or not to accept Cookies, they can also configure their browser to alert them each time a cookie is saved. The Cookies used may be of the following type: (1) persistent, i.e. they remain stored on the hard drive of the user/visitor’s Device until their expiry; (2) session, i.e. they are not permanently stored on the hard drive of the user/visitor’s Device and they are deleted once the Browser is closed.
Cookies are used to: (a) facilitate navigation within the website and ensure its proper use; (b) facilitate access to services which require authentication (thus avoiding that users have to re-enter the authentication credentials each time they access the services); (c) for statistical purposes, to know which areas of the website have been visited; (d) for optimal management of pages and advertising space; (e) to deliver content and advertising in line with the choices made by web surfers (so-called behavioural advertising with dynamic creativity).
Session cookies are used to transmit the identifiers of navigation sessions to allow a safe and efficient exploration of the website. The session cookies used in this website avoid the use of other computer techniques which may be potentially prejudicial to the browsing confidentiality of users/visitors and are also used to improve the provision of the services offered. In addition, the Cookies may be specific to the website (used, for example, to know the number of pages visited within the website itself) or to third parties (i.e. generated by other websites to deliver content on the website visited by the users). This website may use anonymous third-party Cookies in order to manage the delivery of advertising messages in a dynamic and advanced manner. The most common Browsers provide the possibility of blocking the cookies of third parties alone, accepting only those of the website. In addition, some companies which generate Cookies on third-party websites offer the possibility of deactivating and/or inhibiting only their own Cookies in a simple and immediate way, even when these are anonymous or do not involve recording personal identification data such as, for example, IP addresses.
2. Cookies used for aggregate analysis of website visits
Grafoplast Srl uses aggregate analysis tools of browsing data which allow it to improve the websites ( Google Analytics). These tools use Cookies that are installed on the user/visitor’s Device in order to allow the website manager to analyse how users/visitors use the websites. The information generated by the Cookies concerning the use of the websites by the user/visitor (including the IP address anonymised by masking certain fields) will be transmitted and stored on Google servers. The above-mentioned information may be used for the purpose of tracking and examining the use of the websites by users/visitors, for reporting activities and to provide other services related to the website’s activities, as well as in order to browse. In order to protect the confidentiality of users/visitors as much as possible, Grafoplast uses the “masking IP” feature, which requires the system to obscure the last 8 digits of the user/visitor’s IP address before any kind of processing is carried out, thereby rendering the data analysed anonymous. Users/visitors will in any case have the possibility to inhibit the use of Google Analytics and to prevent storage on their Device through the specific add-on of the Google Analytics Deactivation Browser, made available by Google at https://tools.google.com/dlpage/gaoptout. To activate this component which inhibits the system of sending information concerning the visit by the user/visitor, simply install it by following the instructions on the screen, close and reopen the Browser.
3. Cookies used to post interest-based ads
The websites may use third-party cookies to publish advertisements defined according to the interests of users/visitors. This information is collected while the user/visitor is browsing and is in no way linked with the account under which the user/visitor accesses the websites. In particular, Google Adwords by Google Inc. uses browsing data within its online advertising circuit to propose ads which are more relevant to the interests the user/visitor manifested during the browsing sessions. VGI uses the above-mentioned technology and uses the browsing data within its own websites to offer the user/visitor targeted and interest-based advertising. More generally, each Browser allows the user/visitor to deactivate third-party Cookies which aim to provide advertising based on the latter’s interests. For example, in the case of the Firefox Browser, the deactivation of the Cookies in question can be done by following the instructions on the Firefox “Cookies Management” page. In the case of Internet Explorer, instructions on deactivating third-party cookies can be found at the following link: “Managing Internet Explorer Cookies”.
4. List of Cookies
5. How to disable Cookies
 Most browsers are initially configured to automatically accept cookies. The user/visitor may change these settings to inhibit Cookies or to be alerted that Cookies are being used on his/her Device. There are various ways to manage Cookies and, in this regard, users/visitors can refer to the instruction manual or help screen of their browsers to find out how to configure or change the Cookie settings. When using different Devices (e.g. personal computers, smartphones, tablets, etc.), the user/visitor must ensure that each Browser on each Device used is configured to reflect his/her preferences regarding the use of Cookies.
  1. Modifications

This privacy policy was updated on 17 September 2019.  The DATA CONTROLLER reserves the right to modify or simply to update the content, in part or in full, including due to changes in the applicable legislation. The DATA CONTROLLER will inform you of such changes as soon as they are introduced and they will be binding as soon as they are published on the Website. The DATA CONTROLLER therefore invites you to regularly visit this section to learn about the most recent and updated version of the privacy policy in order that you may always be kept updated concerning the data collected and their use by the DATA CONTROLLER.