We inform you that as a result of browsing/consulting the website our company may acquire and process personal data in accordance with the applicable regulations on privacy and data protection, namely Legislative Decree no. 196/2003 and EU Regulation 679/2016 (GDPR).
We therefore inform you:
1. Data controller
Data Controller is A.D.R. S.p.A. with registered office in Via A.M. Ceriani n.96 ,21040 Uboldo (VA), Tax Code/VAT No.: 00637410127, contact us privacy@adraxles.com.
2. Processing, Nature of the processed data, Purpose, Legal Basis and Storage time
Navigation data
Nature of the data: The computer systems and software procedures responsible for operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These data are anonymous. This is information not collected to be associated with identified data subjects, but which by its very nature could allow user identification through processing and association with data held by third parties.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters related to the operating system and the computer environment of the user.
Purpose: the correct operation of the website.
Legal Basis: Art. 6, paragraph 1, point f) GDPR: "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party". Specifically, both the company and the user are legitimately involved, so that the site works properly and safely.
Storage time: 6 months.
External connections
Nature of the data: browsing data (for further information see above).
Purpose: to allow the user to move easily with a click on third-party websites to find insights, information or access services provided by third parties. Within the site, there are links to insights, links to external services (e.g.: for recognition through SPID you are redirected to the digital identity manager site) and other possible links to external sites. The user will realise passage to a different site from ours by some elements such as the different design of the site, the opening of a new page in the browser, the appearance of a new cookie banner, where you can find the new information about its data processing.
Legal Basis: Art. 6, paragraph 1, point f) GDPR: "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party". Specifically, both the company and the user are legitimately interested in the use of new content, which however occur as a result of a specific action by the user.
Storage time: 6 months
Data provided voluntarily by the user via email
Nature of the data: personal data, contact data (e.g. email address) and any other data contained in the The optional, explicit and voluntary sending of email to the email addresses on this site or to other email addresses within this company, involves the subsequent acquisition of the sender’s address, necessary to respond to requests, and any other personal data entered in the letter. If the message activates a service or further documentation by our company, the initial purpose and legal basis may change and in this case the information will need to be updated to new processing.
Purpose: to manage correspondence between user/applicant and our company;
Legal basis: Art. 6, paragraph 1, point f) GDPR: "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party". Specifically, both the company and the user are legitimately interested, so that communications produced by the user/ applicant are properly managed and processed.
Storage time: up to 10 years, consistent with the prescription time in Italian law and the probative value of postal communications including electronic ones.
Form of contact
Nature of the data: personal data, contact data (e.g. email address) and any other data contained in the specific text filed, to collect the collect the user’s instance. The data entered in these fields will be acquired by this company and processed exclusively to respond to the specific request. If the message activates a service or further documentation by our company, the initial purpose and lawfulness may change and in this case the information will need to be updated to the new processing. Purpose: to promptly reply to user/applicant requests; Lawfulness: Art. 6, paragraph 1, point a) GDPR: “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”. Storage time: 6 months.
Reserved Area access / Pago PA
Nature of the data: Public Digital Identity System (SPID) or National Service Card (CNS)/ Electronic Identity Card (CIE); Personal data including the Tax Code, contact data (e-mail and telephone), Purpose: to create a functional and secure system of digital payments promoted by the Agency for Digital Italy (AgID) and a progressive process of digitisation of the Italian public administration (e-government). Access to the area will allow the user to connect in a stable, continuous and unique way to the website, allowing unlocking of certain digital services specified within the "Telematic Help Desk" area. Lawfulness: Art. 6, paragraph 1, point e): “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”, in compliance with Art. 5 of the Digital Administration Code and Leg. Decree 179/2012. Storage time: up to 10 years, consistent with the prescription time in Italian law and the probative value of postal communications including electronic ones.
3. Purpose of processing
Available within point 2, specified for the different processing tasks.
4. Legal basis of processing
Available within point 2, specified for the different processing tasks.
5. Recipients, communication and dissemination of data
Personal data collected for the tasks described in point 2 will not be subject to generalised dissemination. Widespread dissemination is when the number and identity of recipients is not known (e.g. publication in media). Such data may be accessible and/or communicated to subjects both inside and outside the company, such as:
- Personnel authorised to take charge of the requests generated by the processing tasks mentioned in point 2 (e.g.: reply to communications by e-mail).
- Appointed suppliers pursuant to Art. 28 GDPR for the management and/or provision of the website and/or services related to the processing tasks in point 2 (e.g.: software house);
- Autonomous data controllers (e.g.: digital identity manager). The updated list of Data Processors and Recipients is available on request.
6. Non-EU transfers
Data transfer outside the European Union is not planned.
7. Storage period
Available within point 2, specified for the different processing tasks.
8. Rights of data subjects
GDPR guarantees (Art. 12-22 of EU Regulation 679/2016) the existence of the right of the data subject to ask the data controller for access to personal data and the rectification or cancellation of such data or the restriction of processing concerning him or her or to object to their processing, as well as the right to data portability. The GDPR guarantees, if the processing is based on Article 6, paragraph 1, point a), or article 9, paragraph 2, letter a), the existence of the right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before withdrawal; To exercise your rights, as well as for other information, the data subject may contact the privacy contact person at the e-mail address indicated in point 1. If the data subject considers his or her rights violated, he or she can protect himself or herself by filing a complaint with the Guarantor for the protection of personal data.
9. Obligation or right to provide data
Without prejudice to the data subject’s autonomy not to access the website, the navigation data necessary for operation of the website (technical and de-identified data) will be processed by default. The user will then be free not to provide any personal data and their failure to provide may result in the partial or total impossibility to activate certain services or to obtain feedback on any requests.
10. Automated decision-making process
There is no provision for automated decision-making process, including profiling under Article 22 GDPR.
11. Other relevant information
Specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorised access. If the undersigned intends to further process the personal data for a purpose other than that for which they were collected, before such further processing, the interested party will be provided with information on this different purpose and any other relevant information.