- Updated on
- Rev. 00
privacy policy
Table of Contents
DATA CONTROLLER
The data controller is Composite Technical Systems S.p.A., with registered office in Via Monsignor Faidutti, 9 – 33048 Chiopris-Viscone (UD). To exercise the rights recognised by Regulation (EU) 679/2016 (hereinafter ‘GDPR’ or ‘Regulation’) or to request any clarification regarding the processing of your personal data, you can contact the Controller at the following addresses:
e-mail info@ctscyl.com
public certified email (PEC): cts@pec.ctscyl.com
telephone: +39 0432 991383
SECURITY
The Data Controller has taken technical and organizational measures to ensure a level of security appropriate to the risk and compliance with the legislation on the processing of personal data.
INFORMATION ON THE TYPES OF DATA PROCESSED
(A) BROWSING DATA
When browsing the Site, a series of personal data such as IP addresses or domain names of the computers used by users, source and exit web pages, URI/URL addresses of the resources requested, date and time of the visit, information relating to the operating system and browser of the user, as well as further technical data relating to the browsing session are processed.
Purpose and legal basis of processing (GDPR Article 13, paragraph 1(c)
The processing of such data -in automated and aggregate form- is carried out exclusively for purposes related to the management and administration of the Site, as well as for statistical purposes. The data could also be used to ascertain liability in the event of computer crimes to the detriment of the Site and/or other unlawful acts.
The legal basis is the legitimate interest of the Data Controller (Article 6, paragraph 1(f) of the GDPR).
Scope of communication (GDPR Article 13, paragraphs 1(e) and (f)
Data are processed exclusively by personnel duly authorised and trained to perform the processing, as well as by the IT service providers involved in the management of the Site, identified as data processors. As a rule, the data are not disseminated and/or transferred outside the European Economic Area.
Data retention period (GDPR Article 13, paragraph 2(a)
Unless required in case of investigations as consequences of unlawful acts or malfunctions, data are generally not retained for more than 7 days.
Conferment (GDPR Article 13, paragraph 2(e)
The data are not provided by the Data Subject, but are automatically acquired by the technological systems of the Site.
B) CONTACT REQUESTS
Sending messages to the addresses on the Site and/or filling in the appropriate forms entails the acquisition and processing by the Data Controller of the sender’s contact data, necessary for replying, as well as any personal data included in the text.
Purpose and legal basis of processing (GDPR Article 13, paragraph 1(c)
Contact data are requested and processed to provide a reply and/or contact the data subject. The legal basis for the processing is the performance of a contract to which the data subject is party or the execution of pre-contractual measures implemented at the data subject’s request (Article 6, paragraph 1(b) of the GDPR).
Scope of communication (GDPR Article 13, paragraphs 1(e) and (f)
The data are only processed by persons duly authorised and trained to process them.
Currently, personal data collected through our Site are not transferred outside the European Economic Area (EEA). Should it become necessary to transfer data to third countries in the future, the Data Controller undertakes to take all appropriate security measures provided for by the GDPR to ensure the protection of personal data. This includes the use of standard contractual clauses approved by the European Commission, adequacy decisions or other appropriate safeguards to ensure that the transfer takes place in accordance with the applicable data protection rules.
Data retention period (GDPR Article 13, paragraph 2(a)
As a rule, data are retained for the time necessary to respond to the Data Subject. More generally, the data will be retained for a period identified according to criteria of strict necessity in view of the different purposes pursued and, in any case, in compliance with current legislation on the protection of personal data and in accordance with the logic of protection of the Data Controller’s rights (limitation periods as set out in the Italian Civil Code).
Conferment (GDPR Article 13, paragraph 2(e)
Failure to provide data will result in the impossibility of receiving replies to your requests.
DATA SUBJECT’S RIGHTS
Pursuant to Articles 15 et seq. of the GDPR, with regard to personal data concerning him/her, the Data Subject has the right to:
- ask the Data Controller to have access to and to obtain a copy of the data, as well as to know the purpose of their processing, the retention period and possible recipients;
- obtain the rectification of inaccurate personal data and the integration of incomplete data, without undue delay;
- obtain the restriction of the processing, in the cases provided for in Article 18 of the GDPR, to include only the storage or only operations for which explicit consent is given, as well as in cases where it is necessary to safeguard rights in court, to protect public interests or the rights of third parties;
- obtain cancellation, without undue delay, if:
- the data are no longer needed for the purposes indicated;
- consent to the processing has been withdrawn;
- the data have been unlawfully processed;
- cancellation is necessary to comply with a legal obligation and in the other cases provided for in Article 17 of the GDPR;
- oppose the processing of personal data concerning him or her, pursuant to Article 21 of the GDPR, in particular for direct marketing purposes, with the consequent impossibility of further processing the data for that purpose;
- receive, from the Data Controller, the data without hindrance, in a commonly used, machine-readable, structured format, in order to transmit them to another data controller (so-called right to portability);
- revoke at any time the consent to data processing already given, without prejudice to the lawfulness of the processing carried out up to that point;
The aforementioned rights may be exercised by contacting the Data Controller at the addresses indicated.
RIGHT OF COMPLAINT
If a data subject considers that his or her personal data is being processed in breach of the GDPR, he or she has the right to lodge a complaint with the competent supervisory authority.
ABSENCE OF AUTOMATED PROCESSING
The Data Controller declares that no automated decision-making, including profiling, is carried out within the meaning of Article 22 of Regulation (EU) 2016/679 (GDPR).
REVIEWS
This privacy policy is subject to periodic reviews and updates to reflect any regulatory changes or changes in our data processing methods. Each new version will be made available on our Site, clearly indicating the date of the latest update. We invite users to consult this section regularly to be informed of any changes.