Information on the processing of personal data as established by the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 concerning the protection of natural persons, as well as the free movement of such data and repealing Directive 95/46 / CE (general regulation on data protection).
GPA Partners takes care of your data and treat them according to the procedures set forth in the aforementioned European regulation, better known as GDPR.
The site and our systems comply with the regulations on data acquisition and processing.
For a greater understanding and deepening of the legislation and activities related to personal data, you can read: http://ec.europa.eu/justice/smedataprotect/index_it.htm.
We report, however, in compliance with the provisions of the law, a clear, concise, transparent and easily accessible information containing a summary of the most important aspects to help the user understand the processing of his personal data.
2. Owner and manager of data processing
The owner and manager of data processing is GPA Partners spa. The contact details are indicated on the website in the relevant sections. An e-mail box is available for any communications with this method: email@example.com, for all other methods of contact it is possible to refer to the updated contact details indicated on the website. As the owner and manager of the processing, GPA Partners will endeavor to treat and preserve the personal data of its customers and users according to regulations.
3. Authorized subjects for processing
The data is processed not only by the GPA Partners and by all its collaborators, also by external companies and partners committed to providing and guaranteeing the continuity of services and managing information systems. The subjects can also be partner companies or companies related to the group, as well as companies that manage marketing platforms and systems related to the management of acquired information. All those who can get in touch through shipping activities, accounting, financial, administrative and legal management are authorized.
4. Non-personal and aggregate technical navigation data collected
The computer systems for the use of this website acquire some data that cannot be properly defined as personal, whose transmission is however implicit in the use of internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's IT environment.
These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.
Among these data, IP addresses are the only data that, although not associated with identified direct interested parties, can by its very nature, through processing and association with data held by third parties, allow users to be identified. Wherever possible our company, as required by law, has set up anonymisation and masking in the collection of the IP address as specified below
The data, however, could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this possibility, at present the web IP data does not persist for more than 3 months.
5. Consent and type of data processed voluntarily provided by the user
The consent to the processing of data is freely and voluntarily provided by the user through the web forms by specific approval for the various purposes and recorded for verification by the authorities or for a request by the interested party. The data subject has the right to withdraw his consent at any time. Consent may also be requested in writing if the particular actions require it, otherwise what is expressed in the computerized methods described above applies. The data are those provided, also collected as a supplement to previously collected data in order to keep them constantly updated.
7. Purposes of data processing
The data are collected for the purpose of providing the services, for fulfilling the requests received, for marketing communications or any analyzes and for the transfer to third parties. All required authorizations are diversified for the type of purpose in the various collection forms, with clear indication of the data processed and their purposes. Each type of data processing collected requires specific authorization based on the aforementioned purpose.
Authorization requests differ, in the collection phase, according to the different purposes of data processing as specified below:
A. Processing of mandatory data for the provision of the service. [mandatory]
This is a mandatory consent to allow us to provide the services requested. Treatment may also refers to the transfer of data to third party companies for information management and service delivery purposes in order to guarantee greater security and control over the data and activities covered by the services provided. It also includes communications about the various requirements related to the provision of services such as: sending deadlines, payments, invoices, technical and service communications, warnings and information on the status of the systems, sending of service notes, data recovery in case of accidental loss , backup. The revocation of the authorization, even if possible, prevents the service from being able to be further supplied. The data may also be transferred to third parties residing outside the European Union in the condition provided for in article n.27 paragraph 2 paragraph (a), in which the establishment of a DPO (Data Protection Officer) is not foreseen or representatives of the treatment.
B. Treatment for marketing purposes. [optional]
It concerns an optional consent for marketing purposes related to products and / or services purchased or which are of interest. It provides the authorization to send emails, text messages, and communications also via other IT and paper means of advertising. The data will be processed internally for communications by the GPA Partners about the activities expressed above. The data could be transferred and / or supplied to third-party partner companies or interested external subjects both for the management of the communications and for marketing activities, related investigation and / or survey, and for further purposes. The treatment by third-party companies may relate to activities aimed at helping the management of improvement analyzes on performances and conversions. Consent can be revoked or amended at any time.
8. Mode and duration of data processing
The data are collected in full compliance with current legislation. In particular, the collection phase is carried out by encryption with an SSL protection certificate. The data are stored on cloud storage with backup and redundancy and stored for the period required to the provision of services and related activities. The disks on which the data are stored are encrypted. The processed data may be periodically subject to verification of correctness. In these cases the interested party will receive a communication of adaptation of his data in our files. Physical access to the servers is protected with anti-intrusion systems and access control to data rooms. The data are geographically replicated also for greater protection from accidental deletion due to natural disasters or theft of the same. There is a register of the data logs and the consents provided and the authorizations granted during the insertion and management of data and information related to these authorizations. The purpose is to quickly identify the activities related to the management of the data of the individual users concerned. The data are securely stored and any unauthorized access is limited to the minimum with the implementation of all the security activities provided by the technology. In any case of access the data subjects will be promptly informed and the data immediately restored in the event of accidental deletion.
9. Rights of the data subject regarding the processing of data
The interested party may at any time request the correction, integration or total cancellation of the data. These requests can be made directly to the addresses on the website www.gpapartners.com. The interested party may also request the revocation of the processing authorizations for the various purposes. If the revocation concerns the mandatory purpose of data processing for the provision of the services, they may no longer be provided and may be suspended without reimbursement. It is possible to request, always in accordance with the provisions of the law, a copy of the processed data and the purposes of the processing. It is possible to initiate a complaint to firstname.lastname@example.org or directly to the Personal Data Protection Authority or one of the control authorities in case of non-compliance that goes against the provisions of the GDPR regulation. All data entered on the site through the forms, managed and processed for the purposes requested for quotation, assistance, newsletters and in general contact, also sent by email to domains of our company or referable to it, or through third party systems and in any case sent to us, are treated in compliance with the law of the Privacy Guarantor pursuant to art. 13 of Legislative Decree No. 196/2003 and EU regulation 2016/679 GDPR for the processing of personal data.
The processing of data entered and managed takes place according to the legislation of the Guarantor for the Protection of Personal Data pursuant to art. 13 of Legislative Decree No. 196/2003 The www.gpapartners.com site is in compliance with the EU regulation 2016/679 GDPR for the processing of personal data.
The processing of data entered and managed takes place according to the legislation of the Guarantor for the Protection of Personal Data pursuant to art. 13 of Legislative Decree No. 196/2003.
The www.gpapartners.com site is in compliance with the EU regulation 2016/679 GDPR for the processing of personal data.