Privacy Policy
INFORMATION NOTICE REGARDING THE PROCESSING OF PERSONAL DATA OF ONLINE CLIENTS IN ACCORDANCE WITH EU REGULATION 2016/679 (“GDPR”)
DATA PROCESSORS: The following independent controllers
Hereafter, singularly or jointly, also the “Company/ies” or the “Controller/s”.
DATA PROTECTION OFFICER (“DPO”): the DPO may be contacted at the following e-mails:
PERSONAL DATA PROCESSED
Navigation data (collected, for example, through pixels and/or cookies - with reference to the latter see the Cookie Policy which can be accessed from the link in the sidebar at the bottom of the page), as well as data obtained through the use of widgets/social buttons.
The computer systems and software procedures used to operate this Web Site acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified interested parties, but which, by its very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check that it is functioning correctly, and are deleted immediately after processing, always subject to possible use to ascertain responsibility in the event of computer crimes to the detriment of the site.
The Company also processes the data provided directly by you through your possible creation of a personal account and your possible completion of additional sections on the website (by way of example but not limited to: personal data, contact details), as well as details of purchases made.
In the case of authentication via social log-in, the Company, always in compliance with the principle of necessity and proportionality, may process your personal data after receiving your authorization to the transfer of the same provided to the social network by means of which you may log in.
DATA PROCESSING PURPOSES
Once the retention periods indicated above for each of the aforementioned purposes have elapsed, the Data will be destroyed, deleted or anonymized, compatibly with the technical procedures for deletion and backup and with the accountability requirements of the Controller.
It should be noted that the Controllers, in order to pursue the purposes referred to in points 8, 9, and 10, will create an account referring to You internally to their centralized management system (CRM). Should you wish to request the deletion of such account from the CRM, you may exercise your right of deletion in the manner provided in the "Rights of the Data Subject" section of this policy.
In addition, following your possible withdrawal of consent in relation to the purposes that require it, the Company will continue to process your Data for the sole purpose of being able to have evidence that such activities should no longer be carried out with respect to you.
OBLIGATORY NATURE OF PROVIDING DATA
Personal and contact data are mandatory in order to enter into contractual relationships, such as to enable the registration of your personal account or to ensure the provision of the requested services. The navigation data are necessary to give course to the computer and telematic protocols; therefore, their non-conferment would not allow the functioning of this website.
The provision of data for the purposes of direct marketing, profiling, and communication of data to third parties is entirely optional: these processing activities will be carried out only against your express and unequivocal consent, without prejudice to your right to revoke the consent given at any time. It should be noted that the revocation of consent does not affect the lawfulness of the processing based on the consent before the revocation.
RECIPIENTS OF THE DATA
The data may be processed by external parties operating as autonomous data controllers such as, but not limited to, authorities and supervisory and control bodies, parties offering electronic payment services on their circuits, social networks present or referred to on the website you are visiting, as well as parties offering services necessary for the operation of the website.
Data may also be processed on behalf of the Company by external parties designated as data processors, to whom appropriate operational instructions are given. These parties are essentially included in the following categories:
SUBJECTS AUTHORIZED TO PROCESS
The data may be processed by employees of the company functions assigned to the pursuit of the above purposes, who have been expressly authorized to process the data and have received appropriate operational instructions.
TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION
Your personal data may be transferred outside the European Union to the parties indicated in the paragraph "Recipients of the Data" if required for the purposes indicated in this policy. The Company guarantees that your personal data will be processed by such Recipients in accordance with applicable data protection legislation. Such transfers may be based on the adequacy decision or Standard Contractual Clauses approved by the European Commission. For further information, you may contact privacy.hexagon@percassi.com
RIGHTS OF THE DATA SUBJECT - COMPLAINT TO THE SUPERVISORY AUTHORITY
By contacting the Privacy Office, by mail at Hexagon S.p.A., via Giorgio e Guido Paglia n. 1/D 24122 Bergamo, to the kind attention of the Privacy Officer c/o the Legal Department, or by e-mail at privacy.hexagon@percassi.com , data subjects may request from the data controller access to the data concerning them, their deletion, update, the rectification of inaccurate data, the integration of incomplete data, the restriction of processing, as well as the opposition to processing, and exercise any other right as referred and according to the GDPR.
In case of your exercising the right to erasure, the Data Controller may arrange to adopt the procedures best aimed at ascertaining your identity.
Data subjects also have the right, where the processing is based on consent or contract and is carried out by automated means, to receive in a structured, commonly used and machine-readable format the data, as well as, if technically feasible, to transmit them to another data controller without hindrance.
Data subjects have the right to withdraw the consent given at any time for marketing and/or profiling purposes, as well as to object to the processing of data for such purposes, in its entirety or limited to automated methods.
Data subjects have the right to lodge a complaint with the competent supervisory authority in the Member State where they usually reside or work or the State where the alleged breach occurred.
MODIFICATION OF THIS POLICY
The Company reserves the right to amend this Privacy Policy, in whole or in part, or simply to update its contents, for example when there are changes in the applicable law. The Company, therefore, encourages you to regularly consult this Privacy Policy to learn about the most recent and up-to-date version of it.