Pursuant to art. 13 of the European Regulation 679/2016 concerning the protection of personal data, as well as the free circulation of such data (the “Regulation” or “GDPR”) and the applicable local legislation, we inform you that the Data Controller of the data communicated by the user or otherwise obtained as a result of using the website with URL http://www.bonzaigroup.it and related subdomains (the “Site”) is Bonzai SpA (hereinafter “Company” or “Owner”), in the person of the pro-tempore legal representative, with registered office in Corso Italia 22, Milan – 20122.
The presence of the information in the footer of the page ensures the user is within the Company page.
Contact details of the Data Protection Officer
A Data Protection Officer has been appointed to be contacted at the following e-mail address firstname.lastname@example.org.
Redirecting to external sites
From the website www.bonzaigroup.it is possible to link to other websites/web pages both belonging to the Bonzai Group and to third parties.
The Data Controller declines all responsibility for any management of personal data by third-party sites and for the management of authentication credentials provided by third parties
Types of data
- Navigation data
The computer systems and software procedures used to operate the Site acquire, during their normal activity, certain personal data whose transmission is implicit in the use of Internet communication protocols or is used to improve the quality of the service offered. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users who connect to the Site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server, (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.
These data are used to obtain anonymous statistical information on the use of the Site and to check the correct functioning of computer systems. The data could also be used to ascertain responsibility in case of hypothetical computer crimes or in case of damage to the Company or to third parties
- Data provided willingly by the user
Users are not required to provide personal data to visit the Site.
However, the user’s personal data collected through authentication to the services of the Site and the filling of contact forms, the sending of e-mails, messages or any kind of communication to the addresses indicated on the Site, involve the consequent acquisition of common personal data, such as, for example, name, surname, address and telephone number, as well as any other personal data that will be provided by the user spontaneously interacting with the Company through the Site.
Purpose and legal basis of the processing
Personal data may be collected and processed for the following purposes:
1. for any registration and access to the reserved areas of the Site for the purpose of providing the online services offered by the Company;
2. For managing of any user requests for information and contact details;
3. to fulfil the legal and contractual obligations to which the Company is subject;
In relation to the purposes referred to in points 1, 2, 3 and 4, the provision of personal data does not require the consent. Any refusal to provide data may determine the impossibility for the Company to provide the requested service, to comply with legal obligations and to process and respond to requests from users.
Providing personal data through any contact forms on the Site is not a legal or contractual requirement.
Methods of processing and storage of data
As part of the Company’s organisational structure, personal data will be processed by persons authorised to process data, acting under the authority of the Data Controller, appropriately instructed by the Data Controller, mainly with electronic systems in accordance with the principles applicable to the processing of personal data pursuant to art. 5 of the Regulation, adopting the appropriate technical measures to ensure adequate security of personal data.
The data will be kept for the period of time necessary for the purposes indicated in this Policy and to comply with legal obligations.
The period of data retention depends on the purposes for which they are processed and therefore may vary, depending on the time necessary to manage the contractual relationship with the user, or to ascertain the responsibilities – in particular related to cyber crimes – and to enforce rights in a court of law and for the time provided by applicable law.
Communication, diffusion and transfer of data
Personal data will not be diffused, however, they may be communicated to other companies of the Bonzai Group, competent authorities or public or private bodies for the fulfilment of obligations under the law.
The personal data collected may be processed by third parties, as data processors referring to the services provided on behalf of the Company, on the basis of specific contractual agreements, eventually for occasional maintenance and as necessary to perform services under specific requirements. Generally data are not transferred outside the European Union; however, if for specific needs, it is necessary to transfer the data to countries located outside the EU, even in countries that do not offer adequate protection, the Company undertakes to ensure compliance with the provisions of Chapter V of the GDPR, ensuring levels of protection and safeguard even of an adequate contractual nature,
Rights of the data subject
The interested party may exercise, in relation to the processing of data described therein, the rights provided for by the Regulation (Articles 15-21), including:
• receive confirmation of the existence of your personal data and access their content (access rights);
• update, modify and/or correct personal data (right of rectification);
• request the cancellation or limitation of the processing of data processed in violation of the law, including those which do not need to be stored in relation to the purposes for which the data were collected or otherwise processed (right to be forgotten and right to be limited);
• oppose processing (right of opposition);
• revoke the consent, if given, without prejudice to the lawfulness of the processing based on the consent given before the revocation;
• lodge a complaint with the Supervisory Authority in the event of a breach of personal data protection law;
• receive a copy of the data concerning him in electronic format in the context of the employment contract and request that such data shall be transmitted to another controller (right to data portability).
Requests relating to the exercise of these rights may be addressed to the Data Protection Officer (hereinafter only “Data Protection Officer” or, in short, “DPO”) by sending an e-mail to email@example.com.