Privacy Policy


Information on the processing of personal data of users who consult the Company’s website pursuant to Article 13 of Regulation (EU) 2016/679

Pursuant to Regulation (EU) 2016/679 (hereinafter “Regulation”), this page describes the methods of processing:

– of the personal data of users who consult the website (hereinafter “Site”) of NOVOFORNO (hereinafter “Company”) accessible electronically at the following address https://www.novoforno.com/;
– of the personal data entered or collected through the Company’s social media pages.

This information does not concern other sites, pages, or online services that can be accessed via hypertext links that may be published on the site but refer to resources outside the Company’s domain.


LEGAL BASIS FOR PROCESSING

The Company will process personal data only if it has a legal basis to do so. Data protection legislation provides that the processing of personal data is lawful only if and to the extent that at least one of the following conditions applies (referred to in Art. 6 of the Regulation):

a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures adopted at their request;
c) processing is necessary to comply with a legal obligation to which the data controller is subject;
d) processing is necessary to protect the vital interests of the data subject or another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
f) processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

The legal basis for processing, therefore, will depend on the reasons for which the Company has collected and uses the data.

These reasons consist, in some cases (such as for requests received through the contact section), in the need to provide the necessary response to the requests received (in this case, the legal basis is the execution of a contract and/or pre-contractual measures), in other cases in the duty to comply with legal and/or regulatory obligations, or, in other cases still, in the possibility of pursuing the legitimate interest of the Company that will be identified from time to time. Where the consent of the data subject is necessary, such consent will be requested in the forms provided by law.


TYPES OF DATA PROCESSED AND PURPOSE OF PROCESSING

Personal data refers to all information relating to the user by means of which they can be identified. Personal data includes, for example, name, surname, contact details, telephone number, email address, IP address, and information concerning the user’s access to the Site.

Following the consultation of the Site, as well as following the use of the services made available through it, the Company may collect personal data of users following telephone communications to the contacts listed on the Site, following the receipt of emails at the addresses listed on the Site, or through the completion of forms present in the contact section, or, again through the use of social network plug-ins used on the Site.

Specifically, the types of data processed can be classified as follows:


BROWSING DATA

The computer systems and software procedures responsible for the operation of the Site acquire, during their normal operation, certain personal data, the transmission of which is implicit in the use of Internet communication protocols.

These are information that is not collected to be associated with identified individuals, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and computing environment.

These data, necessary for the use of web services, are also processed in order to:

  • obtain statistical information on the use of services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.);
  • check the correct functioning of the services offered;
  • identify anomalies and/or abuse.

Browsing data do not persist for more than seven days (except in cases where they need to be kept for the assessment of crimes by the Judicial Authority).


PERSONAL DATA VOLUNTARILY PROVIDED BY USERS

The optional, explicit, and voluntary sending of messages to the Company’s contact addresses, private messages sent by users to the institutional profiles/pages on social media (where this possibility is provided), as well as the completion and submission of forms on the Company’s website, entail the acquisition of the sender’s contact data, necessary to respond, as well as all personal data included in the communications.

Specific information will be published on the Site pages prepared for the provision of certain services.


COOKIES AND OTHER TRACKING SYSTEMS

No cookies are used for user profiling, nor are any other tracking methods used.

Session cookies (non-persistent) are used in a way strictly limited to what is necessary for the secure and efficient navigation of the Site. The storage of session cookies on terminals or browsers is under the control of the user, where, at the end of HTTPS sessions, information relating to cookies remains recorded in the service logs, with retention times not exceeding seven days like other browsing data.


CONSEQUENCES OF FAILURE TO PROVIDE DATA

Failure to provide data necessary to respond to requests may result in the inability of the Company to provide a comprehensive response or the available services. Where necessary, the Company will inform the user from time to time about the mandatory or optional nature of providing personal data (e.g., to make a specific request).

In particular, the mandatory or optional nature of data communication will be highlighted with a warning or an appropriate character for mandatory information.


RECIPIENTS OF DATA

The recipients of the data are the Company’s personnel, who act based on specific instructions provided regarding the purposes and methods of the same processing. In particular, the mandatory or optional nature of data communication will be highlighted with a warning or an appropriate character for mandatory information. Also, the recipients of the data collected following the consultation of the Site are the entities designated by the Company, pursuant to Article 28 of the Regulation, as data processors.

In case of using social media plug-ins on the Site, data will be shared with the social media service and, if applicable, with the user’s profile present on the social media itself. In such cases, please refer to the privacy policy published by the social media. In any case, the personal data processed will not be disseminated.

It remains understood, in accordance with legal provisions, the communication or dissemination of data requested by Police Forces, Judicial Authority, information and security bodies, or other public entities for defense or state security purposes or the prevention, detection, or suppression of crimes.


PROCESSING METHODS AND SECURITY

The data will be processed:

  • through manual, computer, and telematic tools and in a way that ensures the availability, integrity, and confidentiality of the data;
  • with organizational methods and logic strictly related to the purposes indicated, in compliance with the principle of minimization;
  • by specifically appointed, identified, and authorized subjects, properly instructed and made aware of the constraints imposed by the relevant legislation;
  • with the use of technical and organizational security measures to prevent and/or reduce the risks of unlawful access and destruction or loss of the data itself.


PLACE OF PROCESSING

The management and storage of personal data will take place in Italy and, in any case, within the European Union. Currently, the servers used by the Company are located within European territory. Data will not be transferred outside the European Union. However, if necessary and/or appropriate, the Company may move the location of servers within Italy and/or the European Union and/or non-EU countries. In such cases, the Company will ensure that any transfer of data outside the EU will take place in compliance with applicable legal provisions, entering into agreements that ensure an adequate level of protection, and/or adopting the standard contractual clauses provided by the European Commission, and/or, in any case, satisfying the conditions provided by applicable regulations.


DATA RETENTION PERIOD

The data collected by the Site during will be used exclusively for the purposes indicated and will be retained for the time strictly necessary to carry out the activities of the Company. Data will not be retained for a period longer than necessary to satisfy the purpose for which they were processed. To determine the appropriate retention period, the Company will consider the quantity, nature, and sensitivity of the personal data, the purposes for which they are processed, and the possibility of achieving these purposes by other means. The data collected by the Site will then be retained for the entire duration necessary to respond to requests and, even after termination, to manage any contractual, pre-contractual, administrative, or legal obligations related to or deriving from them, or for the time allowed by Italian law to protect the legitimate interests of the Company.


RIGHTS OF DATA SUBJECTS

Data subjects have the right to obtain from the Company, in the cases provided, access to their personal data and the rectification or erasure of the same or the limitation of processing that concerns them, to object to the processing or to request the so-called data portability. Data subjects can also, at any time, withdraw the consent given (see Articles 15 et seq. of the Regulation). The specific request to the Company is submitted by contacting the Data Protection Officer at the contact details provided above. Data subjects who believe that the processing of personal data relating to them carried out through the Site is in violation of the Regulation have the right to lodge a complaint with the Authority, as provided for by Article 77 of the Regulation, or to bring proceedings before the appropriate judicial authorities (Article 79 of the Regulation).


CHANGES AND UPDATES TO THIS PRIVACY POLICY

The Company may amend or simply update, in whole or in part, this notice, also considering any regulatory and/or regulatory changes on the subject. The Company undertakes not to limit any rights previously recognized without first obtaining the explicit consent of the data subject. Changes and updates will be made available on the Site homepage. The most relevant changes will be highlighted through a more prominent notice (for example, where the services and data collected allow it, via an email notification).