PROCESSING OF PERSONAL DATA

PROCESSING OF PERSONAL DATA

INFORMATION ON THE PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH ARTICLE 13 paragraph 1 of EU REGULATION 2016/679

This Information Notice governs the manner in which Nuova Lofra srl, with registered offices in Torreglia via Montegrotto 125, collects, stores, uses, discloses or otherwise processes personal data collected from users of this website.

DATA COLLECTION
Your personal data may be collected by Lofra in different ways, namely:
Data provided directly by the User
The sole purpose of the processing of the personal data you provide on the form on the site www.lofra.it, which you can update if necessary, is to allow Lofra to provide the services on the site and requested by you (in particular, the e-commerce service), as well as to comply with specific requirements of Community legislation, laws or regulations. Any refusal to provide such data would make it impossible to manage this relationship, with the consequent impossibility of providing the services requested and proceeding with the purchase of Lofra material. Joining the form does NOT imply subscription to any newsletter or the sending of promotional material.
Data collected automatically
The Personal Data collected automatically through, but not limited to, so-called “cookies” (as better specified in the following section), are – as a rule – data relating to the User’s navigation.
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is generally not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of Personal Data includes the IP addresses, or domain names, of the computers used by Users who connect to the Site, the URI (uniform resource identifier) addresses of the resources requested, the time of the request, the method used to submit the request, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User’s operating system and computer environment.
This Data is mainly used to obtain statistical information on the use of the Site and to check its correct functioning.
The Data may also be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Site.

HYPERLINKS
The Site may contain links to other third-party sites (“Links”) that are deemed of interest to the User. By linking to such sites, you are leaving this Site of your own free will and accessing a site owned by a third party. The information contained in such sites are independent and out of the control of Lofra, which assumes no responsibility in this regard, not even with regard to any processing of Personal Data that may occur in such circumstances. Accordingly: (i) Lofra does not assume any responsibility or liability for, nor does it provide any warranty regarding the nature and content of any third party websites linked to this Website via Links; (ii) this Policy is not applicable to or relating to the processing of data by other websites, even if consulted by the User via Links; (iii) links to third party websites are the sole responsibility of the Users.

DATA CONTROLLER AND DATA PROCESSOR
The data controller is Nuova Lofra srl, with registered office in via Montegrotto 125, Torreglia (PD), P.I. 04433800283, pec: nuovalofra@legalmail.it.
The full contact details of the data processors appointed by Nuova Lofra srl are available upon written request sent to the email address privacy@lofra.it.

WHERE, HOW THE DATA IS PROCESSED AND TO WHOM THE DATA MAY BE DISCLOSED
Data processing normally takes place at the premises of the site owner.
Your data may come to the knowledge of your data in addition to those responsible for data processing, if they are appointed to manage specific data conferred:
a) collaborators, employees and suppliers of Nuova Lofra srl, within the scope of their duties and/or any contractual obligations with them;
b) sub-suppliers and/or sub-contractors engaged in activities related to the execution of services and products offered by Nuova Lofra srl
c) legal, administrative and tax consultants to the extent necessary and/or functional to carry out the activities of Nuova Lofra srl
d) banking institutions for the management of collections and payments arising from the execution of the contract of the interested party
e) public authorities for fulfilments dictated by Community legislation, laws or regulations.
The data will be communicated to third parties solely for the performance of the contract being formed or established with Nuova Lofra srl or in order to fulfil the obligations imposed by Community legislation, laws or regulations.
Upon your request Nuova Lofra srl undertakes to provide you with all the information and policies used by third parties in relation to the processing of the data provided.
Under no circumstances will the data you provide be sold to third parties.

METHODS OF TREATMENT
The data may be processed by means of both paper and computer files (including portable devices and Cloud systems located within the European Economic Area or in a country for which an adequacy decision has been issued) and processed in a manner strictly necessary to fulfil the purposes set out above. If it is necessary to process the data outside the EEA and in a country for which no adequacy decision has been issued by the European Commission, the Data Controller undertakes to ensure that the transfer takes place on the basis of one of the mechanisms provided for in Chapter V of the GDPR, in particular the stipulation of Standard Contractual Clauses with the identification of appropriate technical or organisational measures and in any case, will be notified. In any case, the processing will be carried out in a form in compliance with the security measures provided for in EU Regulation 2016/679 (art. 32), by specially appointed persons (art. 29 GDPR). In each case Nuova Lofra srl studied the technology available, the costs of implementation, as well as the nature, object and purpose of the processing, thoroughly assessed the risk to the rights and freedoms of the natural persons involved both in terms of probability and severity, has put in place the technical and organisational measures to ensure a level of security most suited to preserving your data from the risks presented by the processing, resulting in particular from the destruction, loss, alteration, unauthorised disclosure of or access, whether accidental or unlawful, to personal data transmitted, stored or otherwise processed. Nuova Lofra srl undertakes to ensure that anyone acting under its authority and having access to personal data shall not process such data unless instructed to do so by the law of the Union or of the Member States.

DATA RETENTION
In compliance with the principles of lawfulness, purpose limitation and data minimisation, pursuant to Article 5 of EU Regulation 2016/679, in the event of non-subscription to the contract or termination of the effectiveness of the contract (for any reason whatsoever), all data provided by You will be deleted in full within six months, except for those that must be expressly retained on the basis of explicit provisions of Community legislation, laws, regulations or which may protect a legitimate interest of Nuova Lofra srl for which a ten-year retention period is envisaged.

PURPOSE OF PROCESSING AND NATURE OF CONSENT
Lofra processes Personal Data exclusively for the following purposes
purposes related to the use of the services offered by Lofra and to fulfil any contractual obligations established with the User. Consent is not necessary.
statistical purposes, market research in which case the data collected will be anonymous. Consent is given through the use of the appropriate banner that appears when entering the site.

USERS’ RIGHTS
At any time, you may exercise the following rights under Articles 15 to 22 of EU Regulation 2016/679 by contacting the data controller at privacy@lofra.it:
a. to request confirmation of the existence or otherwise of your personal data and to obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, where possible, the storage period;
b. obtain the rectification and erasure of data;
c. obtain the restriction of processing when one of the cases provided for in Article 18 of EU Regulation 2016/679 applies;
d. obtain the portability of the data, i.e. receive them from a data controller, in a structured, commonly used and machine-readable format, and transmit them to another data controller without hindrance;
e. where the processing is based on consent, withdraw it at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;
f. to lodge a complaint with the Data Protection Authority;
g. to object to automated decision-making regarding natural persons, including any profiling.
In the event of a request, a special form will be provided.
You will in any case be given a written response within 1 month of the request. The response time may be longer in particularly complex cases, but in any case will not exceed 3 months.
The exercise of rights is, in principle, free of charge, but there may be exceptions: in cases of particular complexity of the response, if the request is manifestly unfounded, excessive or even repetitive (Art. 12(5)), or if several ‘copies’ of personal data are requested in the case of the right of access (Art. 15(3)). In the latter case, the administrative costs incurred will be taken into account.

COOKIES
regarding cookies and navigation data collected on the LOFRA.IT website, please refer to the relevant page click here.

CLARIFICATIONS
For any clarifications or doubts in relation to Lofra’s data processing policy and this Information Notice, please contact the data controller at the email address privacy@lofra.it.
Finally, please note that Lofra may amend, supplement or update this Policy from time to time, in consideration of any changes in the applicable legislation or in the provisions issued by the Italian Data Protection Authority (“Garante”) or in the services offered on the Site.
Changes and updates to the Policy are applied and brought to the attention of all interested parties, as soon as they are adopted, by means of their publication on the Site. Consequently, each User is invited to periodically access the Site in order to check this Policy if it has been updated.