This Application collects some of its Users’ Personal Data.

Users can be subjected to different levels of protection. Some Users are therefore granted a higher protection. Further information on the protection principles can be found in the applicability section.

Data Processing Controller

Bruno Balducci Srl - via Ariberto, 24 - 20123 Milano MI Data controller e-mail address: info@brunobalducci.com

Type of Data Collected

The Personal Data collected by this Application independently or through third parties include: name; surname; telephone number; VAT number; company name; address; fax number; country; county; e-mail; postcode; city; N.I. Number; business sector; user ID; general activity data; usage Data.

The full details on each type of data collected can be found in the dedicated sections of this privacy policy or by means of specific information viewed before collecting the data.
The Personal Data can be willingly supplied by the User or, in case of Usage Data, automatically collected whilst this Application is being used.

Unless otherwise stated, all the Data required by this Application is compulsory. If the User refuses to supply it, it may be impossible for this Application to provide the Service. Should this Application specify some Data as optional, Users can decide not to provide such Data without affecting in any way the availability of the Service or its operation.

Users who are unsure on what Data is compulsory are advised to contact the Controller. Any Cookies - or other tracking tools - used by this Application or by the controllers of services provided by third parties used by this Application, unless otherwise stated, have the purpose of supplying the Service requested by the User, as well as the additional purposes described in this document and in the Cookie Policy, if available.

The User shall be responsible for third parties’ Personal Data obtained, published or shared through this Application and assures to have the right to provide it or distribute it, relieving the Controller from any liability towards third parties.

How and Where the Collected Data is Processed Processing Methods

The Controller shall use suitable security measures in order to prevent the unauthorised access, disclosure, editing or distribution of Personal Data.
The data processing is done by using IT and/or telecommunication tools, organised with methods and logics strictly related to the specified purposes. In addition to the Controller, in some cases, other people involved with the running of this Application may gain access to this Data (staff working in administration, sales, marketing, in the legal department, system administrators) or independent individuals (such as providers of independent technical services, postal carriers, hosting providers, IT companies, communication agencies) appointed, if necessary, as Data Processors by the Controller. The updated list of Data Processors can be requested to the Data processing Controller at any time.

Data Processing Legal Grounds

The Controller processes Personal Data related to the User if one of the following conditions occurs:

• the User has provided his/her consent for one or more specific purposes; Note: in some countries, the Controller may be authorised to process Personal Data without the User’s consent or without any of the legal ground specified below until the User opts out of such data processing. However, this does not apply if the Personal Data processing is regulated by the European Personal Data protection legislation;
• data processing is required to fulfil a contract with the User and/or to fulfil pre- contractual conditions;
  data processing is required to fulfil a legal obligation the Controller is subjected to; - data processing is required to carry out a duty in the public interest or to exercise official authority vested in the Controller;
• data processing is required to pursue the legitimate interest of the Controller and of third parties.

In any case, Users can still ask the Controller to clarify the actual legal grounds of each data processing operation and, more specifically, if the processing is legally based, required by a contract or necessary to enter into a contract.

Location

The Data is processed at the Controller’s site of operation and in any other location where the parties involved with the data processing are located. For more information, please contact the Controller.
The User’s Personal Data may be sent to a country other than the User’s country of residence. To get further information on the data processing location, the User can refer to the section containing the details on Personal Data processing.

When higher protection is granted, the User has the right to obtain information related to the legal grounds for transferring Data outside the European Union or to an international organization regulated by public international legislation or consisting or two or more countries, such as the UN, as well as information related to the security methods used by the Controller to protect the Data.

Should the above mentioned data transfer take place, the User can refer to the relevant sections of this document or ask information to the Controller, whose contact details are shown at the beginning of the document.

Data Retention Period

The Data is processed and retained for the time required by the purposes they have been collected for.

Therefore:

The Personal Data collected for the purposes connected to the fulfilment of a contract between the Controller and the User will be held until such contract has been fulfilled. The Personal Data collected for the purposes associated with the Controller’s legitimate interest will be retained until such interest has been met. The User can obtain further information related to the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller.

When the data processing is based on the User’s consent, the Controller can retain Personal Data longer until such consent is withdrawn. In addition, the Controller may be obliged to retain Personal Data for a longer period of time to comply with a legal obligation or following an order issued by an authority.

After the Personal Data retaining period has elapsed, the Personal Data will be deleted. Therefore, after such deadline has expired, the right to access, delete, amend and transfer the Data can no longer be exercised.

Purposes of Processing the Data collected

The User’s Data is collected to allow the Controller to supply their Services, as well as for the following purposes: Contacting the User and Managing the activity data.

To obtain more detailed information on the processing purposes and on the Personal Data actually relevant for each purpose, the User may refer to the relevant sections of this document.

Details on Personal Data Processing

The Personal Data is collected for the following purposes and by using the following services:

Contacting the User
Contact Form (this Application)

The User, by filling in the contact form with their Data, allows it to be used to provide the required information and quotation requests, or any other type of information specified in the form header.

Personal Data collected: Postcode; city; N.I. Number; surname; e-mail; User ID; address; country; name; fax number; telephone number; VAT number; county; company name; business sector; web site.

Mailing List or Newsletter (this Application)

By registering to the mailing list or to the newsletter, the User’s e-mail address is automatically entered in a list of contacts who could be sent e-mail messages containing information, including commercial and promotional information, related to this

Application. The User’s e-mail address could also be added to this list as a result of registering to his Application or after making a purchase.

Personal Data collected: surname; usage data; e-mail; name; company name.

Activity Data Management

This type of services allows the Controller to use the activity data collected from one of the User’s devices in order to allow this Application to operate and provide specific functions. According to the information provided below, some third parties could be involved in the tracking activity.

Most devices allow the User to control which Data can be accessed and which Data is saved.

Activity Data Tracked by your Device (this Application)

This Application uses some activity data tracked by your device in order to operate and provide some specific functions.

Personal Data collected: general activity data.

User’s Rights

Users can be granted certain rights with reference to the Data processed by the Controller.

When higher protection is granted, the User can exercise all the rights listed below: In any other case, the User may contact the Controller to find out their personal rights and how to exercise them.

More specifically, the User has the right to:

• withdraw their consent at any time: the User can withdraw their consent to the previously agreed processing of their Personal Data;

• object to their Data being processed: the User can object to their Data being processed when it occurs on legal grounds different from those agreed. Further information on the right to object is shown in the section below;

• access their Data: the User has the right to obtain information on the Data processed by the Controller, on certain aspects of the process and to receive a copy of the Data processed;

• verify it and request its amendment: the User can verify and amend their Data and request that it be updated or amended.obtain processing restraints. When certain conditions occur, the User can request restraints to be applied to the processing of their Personal Data. In this case, the Controller will only process the User’s data to retain it;

• obtain the deletion o removal of their Personal Data: when certain conditions occur, the User can ask the Controller to delete their Personal Data;

• receive their Data or have it transferred to another Controller: the User has the right to receive their Personal Data in a structured format, commonly used and readable by an automatic device and, if technically feasible, to obtain its unhindered transfer to another Controller. This regulation is applicable when the Data is processed with automated tools and the processing is based on the User’s consent, on a contract entered into by the User or on associated contractual provisions;

• lodge a complaint: the User can lodge a complaint with the relevant personal data protection regulator or through the courts.

Details on the Right to Object

When the Personal Data is processed in the public interest, when the Controller is exercising public duties or a legitimate interest of the Controller is pursued, Users have the right to object to their Personal Data being processed for reasons associated with their specific situation.

Please note that Users whose Personal Data is processed with direct marketing purposes can object to their data being processed without providing any reasons. To find out if the Controller processes data with direct marketing purposes, Users can refer to the associated sections within this document.

How to Exercise your Rights

To exercise their rights, Users can send a request to the Controller’s contact details shown in this document. Requests are lodged for free and are handled by the Controller as quickly as possible, always within a month.

Applicability of a Higher Level of Protection

Whilst most of the regulations mentioned in this document apply to all Users, some are specifically subjected to the applicability of a higher level of protection of Personal Data processing.

This higher level of protection is always assured when the data processing:

• is carried out by a Controller residing in the EU; or
• it relates to Personal Data of Users who reside in the EU and it involves the offer of paid or free goods or services offered to such Users; or
• it relates to Personal Data of Users who reside in the EU and allows the Controller to monitor the behaviour of such Users as long as such behaviour occurs within the EU.

Further Information on Processing Legal Defence

User’s Personal Data may be used by the Data Controller in court or in the preliminary stages leading to a possible legal action against improper uses of this Application or its associated Services by the User.
The User declares to be aware that the Controller may be obliged to reveal their Personal Data if requested by public authorities.

Further Information on Processing Legal Defence

User’s Personal Data may be used by the Data Controller in court or in the preliminary stages leading to a possible legal action against improper uses of this Application or its associated Services by the User.
The User declares to be aware that the Controller may be obliged to reveal their Personal Data if requested by public authorities.

Specific Information

On the User’s request, in addition to the information contained in this privacy policy, this Application could provide the User with additional and contextual information related to specific Services or to the collection and processing of Personal Data.

System and Maintenance Log

For operation and maintenance reasons, this Application and any services provided to and used by this Application by third parties could collect system logs, i.e. files containing the interactions and that may also contain Personal Data, such as the User’s IP address.

Information Not Included in this Policy

Further information related to Personal Data processing may be requested at any time to the Data Processing Controller by using the contact details provided.

Response to “Do Not Track” Requests

This Application does not support “Do Not Track” requests.
To find out if any services supplied by third parties support such requests, the User must read their privacy policies.

Amendments Made to This Privacy Policy

The Data processing Controller reserves the right to amend this privacy policy at any time by notifying Users on this page and, if possible, on this Application as well as, if technically and legally feasible, by sending a notification to the Users through one of the Controller’s contact details. We therefore advice Users to regularly read this page, referring to the date of the last amendment appearing at the bottom of the page.

If the amendments involve processing data whose legal ground is the User’s consent, the Controller will collect the User’s consent again, if necessary.

Definitions and Legal References

Personal Data (or Data)

Personal data means any information which, directly or indirectly, even in connection with any other information, including a personal identification number, identifies or makes it possible to identify an individual.

Usage Data

This is the information automatically collected through this Application (and by third party applications incorporated in this Application, if any), including: the IP address or the domain names of computers used by the User which is connected to this Application, the URI (Uniform Resource Identifier) addresses, the time of the request, the method used to send the request to the server, the size of the file received in reply; the numeric code specifying the status of the reply sent by the server (successful, error etc.), the country of origin, the features of the browser and of the operating system used by the visitor, the various time connotations (such as the length of time spent on each page) and details related to the route followed within the Application, especially with reference to the sequence of the pages viewed and to the User’s operating system settings and IT environment.

User

The individual who uses this Application who, unless otherwise stated, is the Interested Party.

Interested party

The natural person whose Personal Data refers to.

Data Processor (or Processor)

The natural or legal person; the public authority and any other body that processes personal data on behalf of the Controller, in compliance with the conditions provided in this privacy policy.

Data Processing Controller (or Controller)

The natural or legal person; the public authority, the service or another body which, individually or in co-operation with others, establishes the purposes and methods used to process personal data and the tools used, including the security measures related to the operation and usage of this Application. Unless otherwise stated, the Personal Data processing Controller is the controller of this Application.

This Application

The hardware or software tool used to collect and process Users’ Personal Data.

Service

The service provided by this Application as specified in the associated terms (if provided) on this site/application.

European Union (EU)

Unless otherwise stated, any reference to the European Union contained in this document applies to all the countries currently part of the European Union and of the European Economic Area.

Legal References

This privacy policy has been produced in line with many legal systems, including articles 13 and 14 of the Regulation (EU) 2016/679.

Unless otherwise stated, this privacy policy only relates to this Application. Last amendment: 30 May 2018