PRIVACY POLICY OF THIS SITE

This page contains information on the methods used to process the personal data of users who consult this website.

This policy is provided in accordance with article 13 of Leg. Decree no. 196/2003 – Personal Data Protection Code – and articles 7 and 13 – 22 of the General Data Protection Regulation (GDPR) 2016/679 – to all those who interact with the APC Srl web services from the address http://www.apcsrl.it corresponding to the official home page of the APC Srl website.

Scarica la politia della qualità | Scarica la politica per l’ambiente

The information applies solely to the APC Srl website and not to other websites that may be visited by the user through links accessible from the site.

DATA CONTROLLER

After visiting this website, data relating to identified or identifiable persons, including their images, may be acquired. The Data Controller is APC Srl, which has its registered office in Via Galli 19 – 27029 Vigevano (PV) – R.E.A. Pavia no. 159413 – Tax Code and VAT No. 00949690184.

PLACE OF DATA PROCESSING

The processing operations related to the web-based services of this site are carried out at the aforesaid offices of APC Srl exclusively by authorised personnel, or by others occasionally tasked to perform maintenance operations.

TYPES OF DATA PROCESSED

Navigation data. The computer systems and software procedures used to run this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols.

This information is not collected to be associated with identified parties, but by its very nature, could allow identifying users, through processing and association with data held by third parties.

This category includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the reply status given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

This data is used only to obtain anonymous statistical information on site usage and to check its correct functioning and is deleted immediately after processing.

The data could be used to verify responsibility in case of potential computer crimes against the site, except for this possibility, the data on web contacts does not persist for more than seven days.

COOKIES

No personal data of users is acquired from the site.

Cookies are not used to transmit information of a personal nature, nor are so-called “persistent” cookies of any kind used, i.e. systems for tracking users. So-called session cookies used in this site avoid the use of other information techniques potentially prejudicial to the privacy of users and do not allow acquisition of the user’s personal identification data.

OPTIONAL NATURE OF DATA PROVISION

Apart from the information specified above for navigation data, the user is free to provide data contained in request forms.

The failure to provide this data may lead to the impossibility to fulfil the request.

For the sake of completeness, it should be remembered that in some cases, the Authority (Guarantor or delegates) may request data and information pursuant to article 157 of Leg. Decree no. 196/2003 and article 15 of GDPR 2016/679, for the purposes of monitoring the processing of personal data. In such cases, the reply is compulsory under penalty of an administrative fine.

PROCESSING METHOD

Personal data is processed by automated tools for the time strictly necessary to achieve the purposes for which it was collected.

Specific security methods are followed to prevent loss, illegal or improper use and unauthorised access of data.

RIGHTS OF DATA SUBJECTS

Data subjects are entitled at any time to obtain confirmation of the existence of personal data and to know the content and origin of said data, to verify its accuracy or to request that it is integrated or updated or corrected or that its use is limited (art. 7 of Leg. Decree no. 196/2003 and articles 16-18 of GDPR 2016/679). Pursuant to the aforesaid articles, data subjects have the right to ask for the complete cancellation, transformation into anonymous form or blocking of data processed in violation of the law, and in any case can oppose the processing of their data for legitimate reasons. For your convenience, the articles are reproduced in their entirety below:

art. 7 of Leg. Decree no. 196/03

1. A data subject has the right to obtain confirmation of the existence or otherwise of personal data concerning them, even if not yet recorded, and communication of said data in an intelligible form.

2. A data subject shall have the right to be informed of:

a)the origin of the personal data;

b)the purposes and methods of the processing;

c)the logic applied to the processing, if it is performed with the help of electronic tools;

d)the identification details of the data controller, data processors and representative designed in accordance with article 5, paragraph 2;

e) the entities or categories of entity to whom or which the personal data may be communicated or who or which may become aware of said data in their capacity as designated representative in the State’s territory, data processors or persons in charge of the processing.

A data subject shall have the right to obtain:

a) updating, rectification or, where relevant, integration of the data;

b) cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;

c) certification to the effect that the operations pursuant to letters a) and b) have been notified, also regarding their content, to those to whom or which the data have been communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate use of resources compared with the right that is to be protected.

3. 3.A data subject shall have the right to object, in whole or in part:

a) on legitimate grounds, to the processing of personal data concerning them, even though said data is pertinent to the purpose of the collection;

b) to the processing of personal data concerning them for the purpose of sending advertising materials or direct selling materials or for carrying out market research or commercial communication surveys.

GDPR 2016/679

Article 16

Right of rectification

The data subject shall have the right to obtain from the data controller without undue delay the rectification of inaccurate personal data. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary statement.

Article 17

Right to Erasure (“Right to be forgotten”)

1. The data subject shall have the right to obtain from the data controller the erasure of personal data concerning them without undue delay, and the controller shall have the obligation to erase said personal data without undue delay where one of the following grounds applies:

1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

2. the data subject withdraws consent on which the processing is based according to article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), and where there is no other legal ground for the processing;

3. the data subject objects to the processing pursuant to article 21, paragraph 1, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to article 21, paragraph 2;

4. the personal data have been unlawfully processed;

e)the personal data have to be erased for compliance with a legal obligation provided by Union or Member State law to which the data controller is subject;

6. the personal data have been collected in relation to the offer of information society services referred to in article 8, paragraph 1.

2. Where the data controller has made the personal data public and is obliged pursuant to paragraph 1 to erase such data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links, or copy or reproduction of said personal data.

3. Paragraphs 1 and 2 shall not apply to the extent that the processing is necessary:

1. for exercising the right of freedom of expression and information;

2. for compliance with a legal obligation that requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

3. for reasons of public interest in the area of public health in accordance with article 9, paragraph 2, letters h) and i), and article 9, paragraph 3;

4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89, paragraph 1, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

5. for the establishment, exercise or defence of legal claims.

Article 18

Right to restriction of processing

1. The data subject shall have the right to obtain from the data controller restriction of processing where one of the following applies:

1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of said personal data;

2. the processing is unlawful, and the data subject opposes the erasure of personal data and requests the restriction of their use instead;

3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

4. the data subject has objected to the processing pursuant to article 21, paragraph 1, pending the verification whether the legitimate grounds of the controller override those of the data subject.

2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the data controller before the restriction of processing is lifted.