This page describes the management procedures of the website of Tuvia Italia S.p.A. in relation to the processing of personal data of its users. This policy is also provided pursuant to article 13 of European Regulation no. 679/2016 (hereinafter indicated as GDPR) to those that interact with the web services of Tuvia Italia S.p.A. accessible electronically from https://www.tuviaitalia.com corresponding to the initial page of the website of Tuvia Italia S.p.A.
The disclosure is provided only for the websites of Tuvia Italia S.p.A. and not also for other websites that may be accessed by the user through links.
The policy is also inspired by Recommendation no. 2/2001 that the European authorities for the protection of personal data, gathered in Working Party 29, adopted on 17 May 2001 to identify certain minimum requirements for collecting personal data online, and, in particular, the methods, timing and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purposes of the link.
Data Controller and contacts
The Data Controller of personal data is Tuvia Italia S.p.A. (hereinafter also “Tuvia Italia”, “Controller” or the “Company”), Via Quintiliano, 27 20138 Milan. The contact data for privacy requests is the following: email@example.com
The processing related to the web services of this website is handled only by authorized personnel.
The personal data provided by users is used only to perform the service or assistance requested and communicated to third parties only if necessary for said purpose.
Types of data processed and retention times
The IT systems and software procedures for operation of this website acquire, during normal operation, some personal data the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interests, but that by its very nature could, through processing and association with data held by third parties, allow identifying users. This category of data includes IP addresses or domain names of computers used by users that connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and the user’s IT environment. This data is only used to obtain anonymous statistical information regarding site use and to verify its correct operation and is deleted immediately after processing. Said data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check the correct functioning of the website and is deleted immediately from the server after processing, unless used to ascertain responsibility for the investigation of computer crimes against the website.
Data provided voluntarily by the user
The request for sending e-mails to the addresses indicated in the appropriate section of the Company’s website entails the subsequent acquisition of some personal data of the requesting party, including the e-mail address of the requesting party, necessary to respond to requests. Specific summary information will be progressively indicated or displayed on the web pages dedicated to these particular services on request. The absence thereof may result in the impossibility of fulfilling the request. Said data is retained for the time necessary to process the requests received. After said terms, your data will be anonymized or deleted, unless it is necessary to keep it for other and different purposes provided for by express provision of the law.
Cookies are used for computer authentication, session monitoring and storage of specific information regarding users accessing the server and are normally present in each user’s browser. The law provides that technical cookies can be used even without consent; these include:
- cookies stored on the terminal of the user/contracting party directly by the owner of the single website, if they are not used for additional purposes: this is the case of session cookies, authentication cookies, cookies for multimedia content such as flash player if they do not exceed the duration of the session, personalization cookies (for example, for the choice of the browsing language), etc.;
- cookies used to statistically analyze accesses/visits to the website (analytics cookies) that only pursue statistical purposes and collect information in aggregate form; for this type of cookies, there are simple ways to oppose (opt-out) storage.
Users can selectively disable Google Analytics by installing the opt-out component provided by Google on their browser. To disable Google Analytics, please refer to the link indicated below: https://tools.google.com/dlpage/gaoptout
Any personal data acquired is processed by automated tools for the time strictly necessary to achieve the purposes for which it was collected. The systems have the appropriate and necessary security measures to prevent data loss, illicit or incorrect use and unauthorized access. For the pursuit of the processing purposes described above, no decision is made based solely on automated processing that produces legal effects concerning you or that significantly affects you in a similar way.
Sharing, communication and dissemination of data
The personal data provided by users is used to perform the service or assistance requested and communicated to third parties only if necessary for said purpose for the provision of the services requested (ex. IT outsourcers). Personal data collected will not be transferred outside the European Union. Apart from these cases, data will not be communicated or granted to anyone, except for contractual provisions or authorization of the parties concerned. In this sense, personal data may be sent to third parties, however only and exclusively if:
- there is explicit consent to share data with third parties;
- there is a need to share information with third parties in order to provide the requested service;
- there is a need to fulfil requests from the Judicial or Public Security Authorities.
Rights of parties concerned
Pursuant to and for the effects of the GDPR, you are entitled to the following rights that you may exercise towards the Company:
- a) obtain from the Controller access and confirmation that of whether processing of your personal data is in progress, also in order to be aware of processing and to verify the lawfulness as well as the correctness and updating of such data;
- b) obtain, where inaccurate, the correction of personal data concerning you, as well as the integration of the same if they are considered incomplete, also in relation to the processing purposes;
- c) request the cancellation of data concerning you, where the data is no longer necessary with respect to the purposes for which it was collected. It is recalled that cancellation is subject to the existence of valid reasons. Cancellation may not be performed if processing is necessary, among other things, for the fulfilment of a legal obligation or for the performance of a task of public interest and for the assessment, exercise or defence of rights in court;
- d) request the limitation of processing, or the adoption of technical and organizational measures that limit access and modification of your personal data. This does not mean that the data is cancelled but that the Controller must avoid using it during the period of the relative block;
- e) take advantage of the right to oppose at any time, for reasons connected with your particular situation, to the processing of your personal data in cases where processing is necessary for the performance of a task of public interest or related to the exercise of public authority of which the Controller is vested or if processing is necessary for the pursuit of the legitimate interest of the same or of third parties;
Said rights may be exercised by contacting the Privacy Representative by writing to the following address: Tuvia Italia S.p.A., Via Quintiliano 27, 20138 Milan, or sending an e-mail to firstname.lastname@example.org
You may also promptly report to the privacy representative, by means of the aforementioned contact details, any circumstances or events from which a personal data breach can occur (that is, any security breach that can cause, accidentally or illicitly, destruction, loss, modification, unauthorized disclosure or access to data), in order to allow an immediate evaluation and, where necessary, the adoption of actions aimed at countering said event.
Modifications to this policy The Company periodically checks its privacy and security policies and, if necessary, revises them in relation to regulatory, organizational or technological modifications. In case of modifications to the policy, the new version will be published on this page of the website.