PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA

This privacy notice explains how the Data Controller specifically processes personal data relating to the navigation of the website https://www.dbagroup.it/ (“Website”).
 

Identity and Contact Details of the Data Controller

DBA Group SpA, viale Felissent, 20/D 31020 Villorba (TV), email privacy@dbagroup.it (“DBA" or the "Data Controller”).
 

Contact Details of the Data Protection Officer

The Data Protection Officer may be contacted at: dpo@dbagroup.it
 

Categories of Data and Source

DBA processes ordinary personal data (e.g. identification data, contact details and browsing data) provided directly by you or collected through the Website.
 

Purposes of Processing and Legal Bases

A. Website Browsing: The IT systems and software procedures used to operate this Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.This information is not collected to be associated with identified individuals; however, by its very nature, it could, through processing and association with data held by third parties, allow users to be identified. This category includes, by way of example, IP addresses, domain names of computers used by users connecting to the Website, URI (Uniform Resource Identifier) addresses of requested resources, the time of requests, the method used in submitting requests to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), and other parameters relating to the user's operating system and IT environment. Such data are used solely to obtain anonymous statistical information on Website usage and to verify its proper functioning and are deleted immediately after processing.
B. Management of Information Requests: Personal data are processed for all purposes related to handling requests for information, materials and/or quotations.
C. Management of Requested Services: Personal data are processed for all purposes related to the management of the contractual relationship in all its phases (e.g. provision of requested services, customer support activities and compliance with legal obligations applicable to the Data Controller)
D. Defence of Legal Claims: The Data Controller may need to process personal data for the management of disputes and out-of-court or judicial proceedings.
 
Purpose Legal Basis (Ordinary Data)  Legal Basis (Special Categories of Data)
A. Legitimate interest of the Data Controller in ensuring the operation and security of the Website  
B. Performance of pre-contractual measures /
C. Performance of pre-contractual and contractual measures /
D. Legitimate interest of the Data Controller in establishing, exercising or defending legal rights /
 

Retention Period

Purpose Retention Period
A. 30 days from collection
B. Time necessary to handle requests and subsequent communications, and in any case no longer than 6 months from the last interaction
C. 10 years from termination of the contract
D. 10 years from the final resolution of the dispute
 

Nature of the Provision of Data and Consequences of Failure to Provide Data

Purpose Nature Consequences
A. Mandatory Inability to browse the Website
B. Mandatory Inability to receive the requested information
C. Mandatory Inability to establish or continue the business relationship
D. Mandatory Inability to manage disputes
 

Scope of Disclosure

Data are processed by authorised internal personnel assigned to specific tasks and may be disclosed externally according to the following criteria:
 
Finalità Categorie di destinatari esterni
A. External consultants; companies providing hosting and technology platform management services
B. Companies belonging to the same corporate group; agents; business consultants
C. External consultants; companies providing hosting and technology platform management services
D. Law firms; debt collection or credit assignment companies; judicial authorities
 
 
Since data are also processed through IT tools, they may be accessible to parties providing maintenance and support services for such systems.
 

Transfer of Data to a Third Country or an International Organisation

Personal data may be transferred, for the purposes for which they were collected, to the United States of America, which is a country outside the European Union.
The transfer of personal data to entities located in the United States shall take place exclusively on the basis of the Standard Contractual Clauses adopted or approved by the European Commission and/or the European Commission Adequacy Decision of 10 July 2023 regarding the adequacy of the level of protection of personal data under the EU–US Data Privacy Framework (Articles 45 and 46(2)(c) and (d) of the GDPR).
To obtain a copy of such safeguards, you may contact the Data Controller as indicated below.
 

Data Subjects’ Rights

The data subject to whom the personal data relate is entitled to exercise the following rights:
Access: you may obtain confirmation as to whether or not your personal data are being processed and, where that is the case, access to such data and a copy thereof.
Rectification: you may request the updating of your personal data, the correction of inaccurate data and the completion of incomplete data.
Erasure: you may obtain the deletion of your personal data where certain legal conditions are met (for further information, please contact the Data Controller).
Restriction of processing: you may request that your data be marked so as to restrict their future processing where certain legal conditions are met (for further information, please contact the Data Controller).
Right to object: you may object to the processing of your personal data on grounds relating to your particular situation, where the processing is based on the legitimate interests of the Data Controller or is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
Data portability: you may receive the personal data provided to the Data Controller in a structured, commonly used and machine-readable format and transmit those data to another controller where the processing is based on consent or on a contract and is carried out by automated means.
Withdrawal of consent: you may withdraw your consent for the purposes for which it was requested, without affecting the lawfulness of processing carried out before the withdrawal.
 
The rights that may actually be exercised in relation to the processing activities carried out are as follows:
 
  Access Rectification Erasure Restriction Objection Portability Withdrawal of Consent
A. X X X X X    
B. X X X X   X  
C. X X X X   X  
D. X X X X X    
 
 
To exercise the rights described above, you may use the form available at the following link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924 and send it to the following email address: privacy@dbagroup.it. The data subject may also request further details regarding the information provided above (e.g. the balancing test relating to the legitimate interest pursued by the Data Controller or the list of data processors) by contacting the same address.

A complaint may be lodged with a supervisory authority. In Italy, the competent authority is the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali): www.garanteprivacy.it.
 

DECLARATIONS

I have read and understood the information on the processing of personal data.