Legal Notes
Privacy policy regarding treatment of personal data related to the www.bonaldo.it website
The purpose of this document is to inform the natural person (hereinafter the “Interested Party”) regarding the processing of their personal data (hereinafter "Personal Data") collected by the data controller, Bonaldo S.p.A. single partner with registered office in Via Straelle n. 3, 35010 - Villanova, Camposampiero (PD), CF/VAT number 00225710284, e-mail address [email protected], (hereinafter “Data Controller”), via the www.bonaldo.it website (hereinafter “Application” ).
Changes and updates will be binding as soon as they are published on the Application. In case of non-acceptance of the changes made to the Privacy Policy, the Interested Party is required to cease using this Application and may request the Data Controller to delete their Personal Data.
1. Categories of Personal Data processed
The Data Controller processes the following types of Personal Data provided voluntarily by the Interested Party:
a) Contact data: name, surname, address, e-mail, telephone, images, authentication credentials, any further information sent by the Interested Party, etc.
b) Tax and payment data: tax code, VAT number, credit card details, bank account details, etc.
c) Data relating to the employment situation: data included in the curriculum vitae, data relating to the spouse or children, social security data, etc.
The Data Controller processes the following types of Personal Data collected automatically:
d) Technical data: Personal data produced by the devices, applications, tools and protocols used, such as, for example, information on the device used, IP addresses, type of browser and type of Internet provider (ISP). Such Personal Data may leave traces which, in particular when combined with unique identifiers and other information received from servers, can be used to create profiles of natural persons
e) Data regarding navigation and use of the Application: such as, for example, pages visited, number of clicks, actions performed, duration of sessions, etc.
f) Data relating to the exact location of the Interested Party: for example, geolocation data that precisely identifies the position of the Interested Party which can be collected via the satellite network (e.g. GPS) and other means, collected with the consent of the Interested Party. The Interested Party can revoke consent at any time. Failure by the Interested Party to provide Personal Data for which there is a legal or contractual obligation or if they constitute a necessary requirement for the conclusion of the contract with the Data Controller will make it impossible for the Data Controller to establish or continue the relationship with the Interested Party. The Interested Party who communicates Personal Data of third parties to the Data Controller is directly and exclusively responsible for their origin, collection, processing, communication or distribution.
2. Cookies and similar technologies
The Application uses cookies, web beacons, unique identifiers and other similar technologies to collect the Personal Data of the Interested Party on the pages, links visited and other actions performed when the Interested Party uses the Application. These are stored before being transmitted on the next visit by the Interested Party.
3. Legal basis and purpose of processing
The processing of Personal Data is necessary:
a) for the execution of the contract with the Interested Party and specifically:
- for the fulfilment of any obligation deriving from the pre-contractual or contractual relationship with the Interested Party
-for registration and authentication of the Interested Party: to allow the Interested Party to register on the Application, access and be identified also via external platforms
-for support and contact with the Interested Party: to respond to the Interested Party's request
b) by legal obligation and specifically:
-the fulfilment of any obligation established under current regulations, laws and rules, in particular, in tax and fiscal matters
c) on the basis of the legitimate interest of the Data Controller, for:
-marketing purposes via email of the Data Controller’s products and/or services to directly sell the owner's products or services using the email provided by the Interested Party in the context of the sale of a product or service similar to the one being sold
-statistics with anonymous data: to carry out statistical analyzes based on aggregate and anonymous data in order to analyze the behaviour of the Interested Party, to improve the products and/or services provided by the Data Controller and better meet the expectations of the Interested Party
d) on the basis of the consent of the Interested Party, for:
-profiling of the Interested Party for marketing purposes: to provide the Interested Party with information about the Data Controller’s products and/or services through automated processing aimed at collecting personal information with the aim of predicting or evaluating their preferences or behaviour
-retargeting and remarketing: to reach by means of a personalized advertisement the Interested Party who has already visited or shown interest in the products and/or services offered by the Application using their Personal Data. The Interested Party can opt-out by visiting the appropriate Network Advertising Initiative page
-marketing purposes of the Data Controller’s products and/or services: to send commercial and/or promotional information or materials, to carry out direct sales activities of the Data Controller’s products and/or services or to carry out market research with automated and traditional methods
-communication of Personal Data for third Party marketing purposes: to communicate Personal Data to third parties operating in the Design sector so that they may be used to send information or commercial and/or promotional materials or to carry out direct sales activities of their products and/or or services or to carry out market research with automated and traditional methods
-detection of the exact location of the Interested Party: to detect the presence of the Interested Party, to control access, times and the presence of the Interested Party in a specific place, etc.
On the basis of the legitimate interest of the Data Controller, the Application allows interactions with external platforms or social networks whose processing of Personal Data is regulated by the respective privacy documents to which reference should be made. The interactions and information acquired by this Application are in any case subject to the privacy settings that the Interested Party has chosen on such platforms or social networks. This information - in the absence of specific consent to processing for further purposes - is used for the sole purpose of allowing the use of the Application and providing the requested information and services.
The Personal Data of the Interested Party may also be used by the Data Controller to protect himself/herself in court before the competent judicial officials.
4. Processing methods and recipients of Personal Data
The processing of Personal Data is carried out using paper and IT tools with organizational methods and logic strictly related to the purposes indicated and through the adoption of adequate security measures.
Personal Data is processed exclusively by:
a) persons authorized by the Data Controller for the processing of Personal Data who are committed to confidentiality or have an adequate legal obligation of confidentiality;
b) subjects who operate independently as separate data controllers or by subjects designated as data controllers by the Data Controller in order to carry out all the processing activities necessary to pursue the purposes referred to in this information (for example, commercial partners, consultants, IT companies, service providers and/or hosting providers);
c) subjects or bodies to whom it is mandatory to communicate Personal Data by legal obligation or by order of the authorities.
The subjects listed above are required to use appropriate safeguards to protect Personal Data and may only access those necessary to perform the tasks assigned to them.
Personal Data will not be disclosed indiscriminately in any way.
5. Location
If necessary, Personal Data may be transferred to entities located outside the territory of the European Economic Area (EEA). Whenever Personal Data is transferred outside the EEA, the Data Controller will adopt all suitable and necessary contractual measures to guarantee an adequate level of protection of Personal Data, including - among others - agreements based on the standard contractual clauses for data transfer outside the EEA, as approved by the European Commission.
6. Fully automated decision-making processes
The Data Controller uses fully automated decision-making processes which may produce legal effects for the interested party or significantly affect him or her.
7. Personal Data retention period
Personal Data will be retained for the period of time necessary to fulfil the purposes for which they were collected, in particular:
-for purposes relating to the execution of the contract between the Data Controller and the Interested Party, the Personal Data will be kept for the entire duration of the contractual relationship and, after termination, for the ordinary limitation period of 10 years. In the case of judicial litigation, for the entire duration of the same, until the deadlines for appeals have been exhausted
-for purposes relating to the legitimate interest of the Data Controller, they will be retained until such interest is fulfilled
-for the fulfillment of a legal obligation, by order of an authority and for protection in court, they will be kept in compliance with the deadlines established by said obligations and regulations and in any case until the expiry of the limitation period established by the regulations in force
-for purposes based on the consent of the Interested Party, they will be kept until the consent is revoked. For marketing purposes for a period not exceeding 24 months.
At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Interested Party.
8. Rights of the Interested Party
Interested parties may exercise certain rights with reference to the Personal Data processed by the Data Controller. In particular, the Interested Party has the right to:
a) be informed about the processing of his/her Personal Data
b) revoke consent at any time
c) limit the processing of his/her Personal Data
d) object to the processing of his/her Personal Data
e) access his/her Personal Data
f) verify and request rectification of his/her Personal Data
g) obtain the limitation of the processing of his/her Personal Data
h) obtain the cancellation of his/her Personal Data
i) transfer his/her Personal Data to another data controller
j) lodge a complaint with the supervisory authority for the protection of his/her Personal Data and/or take legal action.
To exercise their rights, Interested parties can send a request to the following e-mail address [[email protected]] Requests will be processed by the Data Controller immediately and dealt with as quickly as possible, in any case within 30 days.
Last update: April 2024