1. DATA CONTROLLER
This information is provided only for the website www.veca.it (hereinafter "Website") and not for other websites that may be consulted by the user through links contained therein. The data controller is VECA SPA which is based in Via Morello di Mezzo, 101/105 - 41019 Soliera (Modena) Italy, for any clarification or exercise of the user's rights, he can contact him at the following e-mail address: info@veca.It The Data Protection Officer can be contacted at rpd@progettoprivacy.it
2. LEGAL BASIS AND PURPOSE
The personal data provided will be processed in compliance with the lawfulness conditions pursuant to Art. 6 (f) of EU Regulation 2016/679 for the following purposes, unless objected to:
• browsing this website;
• any contact requests, including sending information requested by you;
• administrative and accounting activities in general. For the purposes of applying the provisions on personal data protection, processing carried out for administrative and accounting purposes is that related to the performance of organizational, administrative, financial, and accounting activities, regardless of the nature of the data processed. Specifically, these purposes include internal organizational activities, those necessary for the fulfillment of contractual and pre-contractual obligations, and information activities.
The processing of data for the purposes in question is based on Article 6, paragraph 1, letter f): (recital 47), taking into account the reasonable expectations of the data subject at the time and in the context of the collection of personal data, when the data subject can reasonably expect that processing for that purpose will take place.
3. PERSONAL DATA PROCESSED
Except as specified for browsing data, the user is free to provide personal data. Failure to provide personal data will make it impossible to use the services offered by the data controller.
Browsing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user's operating system and IT environment.
Data provided voluntarily by the user
The optional, explicit, and voluntary sending of emails to the addresses indicated on this site and/or the completion of data collection forms entails the subsequent acquisition of the sender's address, which is necessary to respond to requests, as well as any other personal data entered.
Tracking data collected by website cookies
A cookie is a small piece of data that a website stores in the browser of your computer or mobile device. This Privacy and Cookie Policy applies to all cookies and similar technologies (hereinafter all referred to as "cookies"). Web pages have no memory. If you navigate from page to page within a website, you will not be recognized as the same user on each page. Cookies allow the website to recognize you as a unique user. Cookies also allow your choices to be remembered, such as your preferred language, currency, and search criteria. Cookies also allow you to be recognized on your next visit.
Regarding data processing via cookies, please see the cookies policy available on the website.
4. DATA PROCESSING METHODS
The processing of personal data collected through this website is carried out in compliance with Regulation (EU) 2016/679 ("GDPR") and national legislation on the protection of personal data.
The website allows the collection of personal data exclusively through:
- the contact form or email, through which the user can send requests for information or communications;
- technical cookies and, if applicable, profiling or analytical cookies, as specified in the relevant cookie policy.
The personal data provided by the user via the form or email (e.g., name, surname, email address, and message content) are processed solely to manage the request submitted and to provide any responses or information. Providing data is optional, but necessary to receive a response.
Processing is carried out by authorized personnel, using IT and electronic means, with procedures strictly related to the purposes indicated and adopting appropriate technical and organizational security measures to guarantee the confidentiality, integrity, and availability of the data.
The use of cookies and the related consent management methods are governed by the Cookie Policy available on the website.
5. DATA RECIPIENTS
Your data, subject to processing, will not be disclosed except within the limits set forth in the following information, subject to your consent. It may be disclosed to contractually linked companies abroad and within the European Union, in accordance with and within the limits of Articles 44 et seq. of EU Regulation 2016/679, in order to fulfill contracts or related purposes.
The data may be disclosed to third parties belonging to the following categories:
• entities that provide services for the management of the information system used and for digital and telecommunications networks (including email);
• firms or companies in the context of assistance and consultancy relationships;
• competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.
• subsidiaries or parent companies for the services provided (e.g., IT, accounting, etc.)
The entities belonging to the above categories may act, based on the assigned assignment, as Data Processors and/or as natural persons acting under the authority of the Data Controller and the Data Processor (Article 29 of EU Regulation 2016/679), for the purposes listed above, or operate completely independently as separate Data
Controllers. The list of designated Data Processors is constantly updated and available at the Data Controller's headquarters. Any further communication or dissemination will take place only with your explicit consent.
6. TRANSFERS OUTSIDE THE EU
Personal data is stored on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers outside the EU. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with applicable legal provisions, subject to the stipulation of standard contractual clauses provided by the European Commission or through agreements between countries such as the "Data Privacy Framework."
7. DATA RETENTION PERIODS
The processing will be carried out automatically and/or manually, using methods and tools designed to ensure maximum security and confidentiality, by persons specifically appointed for this purpose. The data will be retained for a period no longer than the purposes for which it was collected and subsequently processed. Specifically:
• browsing this website (session);
• any contact requests, including sending information you requested (maximum 12 months);
• general administrative and accounting activities (10 years or a different term established by law);
8. USE OF PROFILING, AUTOMATED DECISION-MAKING OR MONITORING SYSTEMS (Legislative Decree 104/2022)
The Data Controller does not perform profiling or processing aimed at implementing an automated decision-making or monitoring process.
9. EXERCISE OF DATA SUBJECT RIGHTS
You may exercise your rights as set forth in EU Regulation 2016/679 by contacting the Data Controller, sending an email to the Data Controller's email address, or writing a letter to the Data Controller's registered office indicated above.
Specifically, these rights include: the right to obtain confirmation as to whether or not your personal data is being processed, and, if so, the right to obtain access to such data and other information, such as: the type of personal data; the recipients or categories of recipients of the data; the period for which the data will be stored or the criteria used to determine that period; the right to request rectification, erasure, or restriction of processing of personal data; the right to object to data processing; the right to lodge a complaint with a supervisory authority; and, if the data is not collected from the data subject, all information regarding its source. the existence of an automated decision-making process (including profiling pursuant to Art. 22 GDPR); the necessary safeguards in the event of data transfer to a third country or an international organization pursuant to Art. 44 et seq. GDPR; the right to obtain a copy of the personal data undergoing processing.
