With reference to the processing of personal data provided to Bitron, this information concerns the methods, timing and nature of the information that data controllers must provide to users. (Article 13 of EU Regulation 2016/679 - GDPR)
The Data Controller is BITRON INDUSTRIE S.p.A. ("BITRON") with headquarter at Strada del Portone 95, 10095, Grugliasco (TO), ITALY, as well as all other companies of the group (see www.bitron.net on the Bitron in the World page).
Place of data processing and authorized personnel
Data processing operations related to the services of these sites take place at the suppliers of the Internet services used to create and make available the site and at the offices of the Data Controller, where the processing operations (both paper and electronic) connected to other Services are also maintained.The data are processed only by the authorized personnel, also for any maintenance and administration operations of the processing systems.
Types of data processed
Bitron collects personal information primarily in two ways, depending on how users interact:
Navigation and technically essential data
During the course of normal operation, the computer systems and software procedures used to operate this website collect personal data, the transmission of which is an intrinsic part of using Internet communication protocols. Such information is not collected to be associated with identified parties, but could, by its very nature, make it possible to identify users when processed and associated with data held by third parties. This data category includes IP addresses or the domain names of the computers used by users who connect to the website, the Uniform Resource Identifier (URI) addresses of requested resources, the time of the request, the method used to place the request with the server, the size of the file obtained in reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the operating system and to the user’s IT environment. This data is only used to obtain anonymous statistical data relating to use of the website and to check that it is operating correctly, and is immediately deleted after processing. The data could be used to determine responsibility in the event of hypothetical IT offenses against the website.
Data provided voluntarily by the user
Data related to identified or identifiable persons, may also be processed on the basis of further information communicated by the person concerned: for example, by filling in data collection forms; or by sending, explicitly and voluntarily, personal data directly provided by the user, such as e-mail sent to the addresses indicated on this site, which implies the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the communication.
Purposes of data processing, data communication and dissemination
Personal data collected are used only to perform the requested Services or performances and are communicated to third parties only if necessary to this purpose.If there are obligations under a contract, Bitron will use the personal information collected to fulfill contractual obligations only.In any case, no data shall be disseminated or published without the prior consent of the person concerned. Finally, please note that in some cases (not subject to ordinary management) the Public Authorities may request information, as well as personal data, to which the Controller shall give follow up.
Optional provision of data
Apart from what is required in terms of navigation and technically essential data, the user is free to provide personal data for specific requests regarding products and/or Services and/or contacts. Without certain essential data it may be impossible to fulfil the request.
Legal basis. Management of approval for processing
When necessary, apart from cases in which the legitimate interests of both the Data Controller and third parties apply, and, in any case, after having read the policy, the interested party is required to consent to the processing and disclosure of their personal data for the purposes and within the limits described; failure to do so would prevent the Data Controller from processing the data in order to perform and provide the services requested by the interested party.
Personal data processing, understood as the collection, recording, organization, storage, processing, modification, deletion and destruction or the combination of two or more of these operations, takes place using manual, computerized and online tools, as well as in an automated manner, using methods strictly related to the stated purposes and, in any case, in such a way as to ensure security and confidentiality and for the time strictly necessary to achieve the purposes for which it has been collected.
Data is processed legally and accurately, is collected and recorded for specified, explicit and legitimate purposes, is accurate and, if necessary, updated, relevant, complete and not excessive with regard to the purposes of processing, in compliance with basic security measures and the rights and fundamental freedoms and the dignity of the party concerned, particularly with regard to confidentiality and personal identity.
Bitron implements specific security measures to ensure a level of security appropriate to the risk for personal data processed. These measures are designed to ensure the integrity, confidentiality and availability of personal data. The level of security is continuously reviewed and adapted to meet new security standards in collaboration with security experts.
Data are held until the legal prescription for the establishment of claims or defences expires, after the purpose (purpose of processing) for which the data were collected has been fulfilled. Personal data will not be transferred to recipients in a third country or to international organizations outside of the European Union (EU) or the European Economic Area (EEA) a part from the companies of our group settled worldwide with whom standard contractual clauses have been signed pursuant to GDPR, art.46.
Rights of interested parties
At any time the interested party may: exercise his/her rights (of access, to rectification, to erasure, to restriction of processing, to data portability, to object, to not be subject to automated decision making) when stipulated by law in interactions with the Data Controller, pursuant to Articles 15-22 of the GDPR; lodge a complaint with the Data Protection Authority (www.garanteprivacy.it); and, where data processing is based on consent, revoke consent, taking into account the fact that such a revocation will not affect the lawfulness of consent-based data processing that occurred before consent was revoked.
Personal data processing is covered by European and Italian legislation, in particular Regulation (EU) 2016/679 and Legislative Decree No. 196 of 30 June 2003, as subsequently amended and supplemented, as well as provisions of the Data Protection Authority.
Requests should be sent to the Data Controller at firstname.lastname@example.org
Updated February 1st 2020