Dear Customer/Supplier, EU Regulation (EU) 2016/679 requires that the affected individual must be informed in advance about the use of data concerning him or her, and that the treatment of personal data is only allowed with the express consent of the affected individual except in cases provided for by law.
Dasty Italy Spa – Via Fratelli Kennedy, 13 – 24060, Bagnatica (BG), Tel. +39 035667780, Mail email@example.com
The Data Protection Officer (DPO) for Dasty Italy Spa can be reached at the following e-mail address firstname.lastname@example.org
3.1 Browsing data
The IT systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
These data, which are necessary for the use of web services, are also processed for the purpose of obtaining statistical information on the use of services (by way of example only: most visited pages, number of visitors per hour or per day, geographical areas of origin, etc.) and to check the proper functioning of the services offered.
Any limited treatment of personal data collected for the pursuit of such purposes is necessary for the fulfilment of the legitimate interest of the data controller (Art. 6 par.1 lett. f) of the GDPR.
3.2 Data voluntarily provided by the user
The optional, explicit and voluntary sending of messages to the holder’s addresses, private messages sent by users to institutional profiles/pages on social media (where this possibility is provided for), as well as the submission of forms and the filling in of registration forms on the site or on the company’s social media, involve the acquisition of the sender’s contact data, necessary to provide feedback and to deliver the service that may be requested, as well as all the personal data included in the communications.
Depending on the purposes pursued, the processing of such data may therefore take place to perform a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the same (Art. 6 par.1 lett. b) of the GDPR; for the compliance with specific legal obligations, such as accounting and tax obligations, (Art. 6 par.1 lett. c) of the GDPR; for the pursuance of a legitimate interest of the Data Controller (Art. 6 par.1 lett. f) of the GDPR.
Specific summary information may be provided on the pages of the site set up for particular services on request (by way of example only: signing up for subscriptions; requesting information; registering for specific services).
3.3 Anonymous or aggregated data
Data anonymisation takes the form of a treatment aimed at preventing the identification of the data subject. Anonymised data does not fall within the scope of data protection legislation. The Data Controller collects, processes, and shares aggregate data such as statistical or demographic data for various purposes related to improving and optimising the performance of the site. Aggregate data may derive from personal data provided by the user, but are not considered personal data since, as specified, they do not allow either directly or indirectly the identification of the person concerned.
Such data will also be used to improve the quality of our existing products/services, to develop new functionalities, as well as for further general research purposes (e.g. to ascertain the frequency with which a specific product/service is used; to calculate the percentage of users accessing a specific function of the website etc.). Since these data do not allow for the identification of a specific individual and are not considered personal, they may be shared with further third parties, or partners.
3.4 Further processed data
Further data may also be processed by each Data Controller for the purpose of asserting or defending its own rights in court.
Personal data are processed as part of the normal activity of the company Dasty Italy Spa for administrative-accounting purposes:
- Fulfilment of fiscal or accounting obligations
- Customer management (administration of customers, administration of contracts, orders and invoices, control of reliability and solvency)
- Supplier management (administration of suppliers, administration of contracts, orders, invoices, selection in relation to company needs)
This website may contain links or references to other websites or social networks such as Facebook, Instagram, and LinkedIn. By clicking on the appropriate links you can share the content of this website. The Data Controller does not control the cookies or other tracking technologies of such websites to which this Policy does not apply. For details on cookies and the activities carried out by third parties, it will be necessary to consult the individual privacy policies of those websites.
Treatment related to web services is handled only by staff expressly authorised by the Data Controller or by any third-party suppliers that perform support activities for the provision of such services, who have been designated Data Processors pursuant to Article 28 of the GDPR.
Personal data will be retained for a maximum of 10 years from invoicing and/or until the conclusion of the contractual relationship unless specific legal obligations exist (accounting and tax regulations) and unless the retention of such data is necessary to assert or defend a right of the Data Controller in any forum and in particular in the courts.
The personal data collected will not be transferred to third countries, by which is meant countries not belonging to the European Union or the European Economic Area. Should this occur, the Data Controller declares and guarantees to comply with the provisions of Articles 44 et seq. of the GDPR.
The data collected may be transferred or communicated to other companies for activities strictly related and instrumental to the operation of the service, such as, for example, the management of the computer system, the maintenance of this website, the sending of newsletters. Apart from these cases, personal data will not be communicated to third parties unless provided for by contract or law, or requested by the Judicial or Public Security Authorities, or unless specific consent is requested from the person concerned. No data deriving from the web service will be disclosed.
For more information on the treatment of one’s own personal data as well as to obtain, in the cases provided for by the GDPR, access to one’s own personal data, their rectification or deletion or the restriction of their treatment or to oppose their treatment (Art. 15 et seq. of the Regulation), each data subject may contact directly:
Dasty Italy Spa – Via Fratelli Kennedy, 13 – CAP 24060, Bagnatica (BG), Tel. +39 035667780, Mail email@example.com
The interested party has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him are being processed, and in this case he has the right to:
- obtain access to his personal data, request the rectification or erasure of his personal data or the restriction of the processing of his personal data or object to their processing
- to receive in a structured, commonly used and machine-readable format the personal data concerning him/her and has the right to transmit such data to another data controller (data portability)
- be informed of the existence of an automated decision-making process, including profiling;
- if expressed, withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
- lodge a complaint with the supervisory authority.