Receiving updates about our products and services is easy: just fill the form below and we will send you a monthly newsletter with the latest news from Gerotto's world.
Newsletter
Signup
Signup
Receiving updates about our products and services is easy: just fill the form below and we will send you a monthly newsletter with the latest news from Gerotto's world.
Information notice directed to interested parties - sending Newsletter-
In accordance with the European Regulation 679/16 EU Reg., we hereby provide you with the necessary information regarding the processing of personal data that you have provided. This information is provided pursuant to Art. 13 of the European Regulation on the protection of personal data.
1. The "Holder of the Treatment"
This is the company Gerotto Federico S.r.l., VAT registration number 00308900281, with registered office in Via Croce n. 26, Campodarsego (PD), e-mail address: privacy@gerotto.it.
The treatment will be carried out with both manual, computerized and telematic tools, in compliance with the rules in force and the principles of correctness, lawfulness, transparency, relevance, completeness and non-excess, accuracy and with organization and processing logics strictly related to the purposes pursued, and in any case in order to ensure the security, integrity and confidentiality of data processed, in compliance with organizational, physical and logical measures provided for by the provisions in force.
For the purposes expressed in this information, only non-special personal data will be processed. In order to use the services offered or to make requests, it may be necessary to register by filling in a special registration form, or by first contact.
2. Purpose of the treatment, legal basis
The personal data provided will be processed, in compliance with the conditions of lawfulness ex art. 6 of Reg. UE 2016/679, for the following purposes: forwarding of newsletters, related to events, exhibitions, promotion of services and promotional communications in general.
The express consent of the Interested party is the legal basis for the treatment, pursuant to art. 7 of Reg. EU 2016/679. The procedures for revoking the consent are very simple and intuitive, it is sufficient to contact the Data Controller by using the contacts provided in this Information notice.
3. Data transfer outside the EU and guarantees
Personal data will normally not be transferred to countries outside the European Union. If there is a need to transfer them to a country outside the EU, the data will be transferred to third countries and/or international organizations for which the European Commission has intervened with an adequacy decision (art. 45 Reg. EU 2016/679).
4. Data storage period or criteria for determining the period
The collected personal data will be stored in a form that allows the identification of the interested party for a period of time not exceeding the achievement of the purposes for which the personal data are processed. In particular, the storage of personal data provided depends on the purpose of processing: for the purpose of requesting to receive the newsletters via e-mail, the storage period will be twenty-four (24) months.
5. Who will process the Interested party’s personal data and to whom they will be communicated
No data will be disclosed in any way. Your data may be communicated to specific recipients such as public authorities or public bodies for the fulfilment of legal obligations to which the Data Controller is subject, and any other public body entitled to request data, in the cases provided for by law or persons authorized to process such data under the authority of the Data Controller, as well as through data controllers linked to the Data Controller by specific contract, for example: companies that provide services for the management of the computer system and telecommunications networks and consultancy to the Data Controller. The updated list with the identification details of the Data Processors may be requested at any time by you from the Data Controller.
6. Transfer of personal data outside the EU
Your data will be processed by the Data Controller within the territory of the European Union. In the event that for technical and/or operational reasons it becomes necessary to make use of parties located outside the European Union, the transfer of personal data, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of Chapter V of the Regulation. All necessary precautions will therefore be taken in order to guarantee the most complete protection of your data by ground such transfer on the basis on: (i) decisions of adequacy of the third country recipient expressed by the European Commission; (ii) adequate guarantees expressed by the third party recipient pursuant to Article 46 of the Regulation; (iii) the adoption of binding corporate rules.
7. With respect to the rights of the Interested party: Articles 15, 16, 17, 18, 19, 20, 21 and 77 of the
GDPR.
We inform you that you have the right to access your personal data, to rectify, to delete and, if necessary, to be forgotten, to limit the processing of your personal data, to transfer your data and to object at any time to the processing of your personal data. We also inform you that you have the right to revoke your consent to the processing of your data at any time, without prejudice to the lawfulness of the processing based on the consent given prior to revocation (Art. 7 paragraph 3 of the GDPR). Pursuant to Article 77 of the Regulation, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are habitually resident, working or in the place where the alleged breach occurred. In order to exercise your rights or for any request or need relating to this information notice, please contact us at the following e-mail address: privacy@gerotto.it.
To learn more about your rights and the policy on the Protection of Personal Data of the company Gerotto Federico S.r.l. you can access the Privacy section of the company website and consult the Privacy Policy.
The Data Controller
Gerotto Federico S.r.l.
Following its mission and values, Gerotto Federico S.r.l. undertakes to protect all natural persons data with due regard for identity, human dignity and fundamental freedoms stated by Constitution in line with Regulation EU 679/2016 (hereinafter “GDPR”) regarding the processing of human subject’s personal data and the free move of such data.
The “Controller” is Gerotto Federico S.r.l., VAT registration number 00308900281 with its registered office in Via Croce n. 26, Campodarsego (PD), email address: privacy@gerotto.it.
Data protection is based on principles contained on this document which Gerotto Federico S.r.l. undertakes to spread, respect and make them respect to its employees, associates and recipients or third parties with which it work as part of its activities and mission.
Gerotto Federico S.r.l. ensures, implements and supports privacy policy in relation to its practical reality, its investment opportunities and above all its values.
In particular, Gerotto Federico S.r.l. undertakes:
The present privacy policy will bring to all the employees, partners, associates attention through specific outreach meetings.
Why this policy and who are the addressee
This policy is addressed to www.gerotto.it users (“website”) and to all human data subjects in relation to their business (hereinafter data subject and user).
The access to different website divisions and/or any other requests of information or services by users will be subjected to inclusion of personal data whose processing will be done in compliance with GDPR.
For the use of specific services, specific policies will be provided to the user from time to time as well as specific consents will be asked, if necessary, for the personal data processing.
The current policy is given specifically for the website and not for other websites consulted by users through links recalled inside the present website.
Definition
The term personal data is referred to the definition contained in article 4, par. 1) of GDPR, namely, any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
GDPR statues that, before personal data has been processed (following article 4, par. 2) of GDPR), processing means any operation or set of operation which is performed on personal data or on sets of personal data, whether or not by automated or alternation, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available alignment or combination, restriction, erasure or destruction) it is necessary to inform the subject which required data belongs about purposes, reasons of the data processing and the way in which they are used.
Personal data shall be communicated to subjects, “recipients”; art. 4 par. 9) of GDPR defines recipients as a natural or legal person, public authority, agency or another body, to which personal data are disclosed, whether a third party or not.
Personal data shall be communicated to specific subjects (authorized subject as laid down in art. 4 par. 10 of GDPR) considered as natural or legal person, public authority, agency or body other than the data subject, controller, processor and person who, under the direct authority of the controller or processor, are authorised to process personal data.
Inter alia, following art. 4 par. 9 if GDPR, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
In this regard, the aim of current document is to supply, in a simple and intuitive way, all due and useful information in order to ensure the promoter providing, consciously and informed, personal data and requiring/achieving explanation and/or correction at any time.
Categories of personal data and processing
Navigation data
Computer systems and programs responsible for this portal functioning get personal data which transfer occurs implicitly in respect of web communication protocol, according to their operations and for as long necessary for the connection.
The information are collected in order to combine them with data subjects but, because of their nature, they would identify visitors (e.g. IP address), domain names of terminals used, requests scheduled, etc.
Data, immediately erased after their processing, are used limitedly for the purpose of obtaining anonymous statistic information about web usage and to control their proper functioning. Web contacts details are not stored for no longer than 7 days, unless potential cybercrime against websites.
No data of the service will be communicated or spread.
Data subject is invited to read privacy policy contained in the Privacy section of the website in order to get more information about this matter.
Contact details given by user
The dispatch, optional, explicit and voluntary of personal data required to have access to services and get requests by email, means the subsequent purchase by the controller of sender’s addressee and any other personal data which will be processed to answer the requests or the service supply as well as for making linked activities and respect legal obligations (e.g. about tax matters). Total, partial or incorrect data transfer will determine not only the impossibility on using required services but also, in some cases, to fulfil legal duties.
In order to enjoy services presented, it should be necessary to register by filling an appropriate registration or first contact form (“Form”).
Data transfer stated inside the abovementioned form is required in order to complete registration process specifically for data marked with asterisk (*); consequently, total, partial or incorrect data inclusion overturns the registration and therefore doesn’t allow enjoy the services.
Personal data will be processed both with manual, informatics and telematics systems in compliance with current legal obligations and principles of lawfulness, fairness, transparency, completeness and non-exceed, minimisation of data and accuracy with organisation and processing strictly linked with the aims pursued and, however, in accordance with current organisational, physical and logical measures. Such measures will be implemented and increased following technologic development in order to guarantee protection, availability and integrity of data processed.
Purposes of the processing and legal basis
User navigation data are proceeded limitedly for obtaining statistic information about website usage.
Regarding data given by the user, they are collected with the only aim of enjoying the services accordingly with the privacy policy released in the appropriate sections i.e. requesting by email in order to reflect the requests received.
The processing of data given by filling of the first contact form and subsequent steps in the processing compared to the selection of the project is made following the aim of:
Legal basis of processing shall be identified pursuant to art. 6 of GDPR among:
Automated decision-making
The controller states he does not adopt decision likely to affect data subject based only on automated processing of his personal data. All the decision-making process involved with purposes of the abovementioned processing are made by human intervention.
Disclosure of personal data
Personal data shall be disclosed to specific subject considered as recipients or authorized subjects under the authority of the controller. In this sense, in order to carry out the activities necessary to achieve the purposes stated in the current privacy policy, these following recipients should be in a position to process personal data with:
Personal data will be processed only for the achievement of the specific purpose; consequently personal data processed by third parties will be limited to specific aims. Personal data will not be disclosed.
International transfer of data
Your personal data will be processed inside EU territory. If subjects based outside EU will be necessary for data processing, the transfer of Your data, limited to specific processing activities, will be regulated in compliance with what stated in par. V of GDPR. All the due precautions will be adopted in order to guarantee the maximum protection of Your personal data basing the processing: (i) on adequacy decisions of third countries recipient stated by European Commission; (ii) on appropriate guarantees expressed by third party recipient following art. 46 of GDPR; (iii) on the adoption of binding obligations for the company.
Storage period
One of the principles provided by the GDPR concerns the limitation of the storage period, regulated by art. 5, par. 1, pt. e) that statues as follow: personal data are kept in a form which permits identification of data subjects for no longer than is necessary for the purpose for which the personal data are processed; personal data may be stored for no longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical purposes or statistical purposes in accordance with article 98 (1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject. In the light of this principle, the controller will process Your personal data limited on what it is necessary for the achievement of the purposes stated by this privacy policy. In particular, personal data will be processed for no longer than the end of the current precontractual and contractual relationships, considering the period of limitation and storage obligations provided by tax law and any other obligations stated by laws, regulations, and, consequently, principle of non-exceed (art. 6 of GDPR) will be applied. In this case, personal data will be stored for no longer than 10 years, that is the term provided by civil law.
Marketing communication and the withdrawal of consent
The controller will process personal data given and referred to promotional purposes in order to send other information linked with their activities and products supplied by the controller himself. Such communication shall be made by email, mobile phone, i.e. advertising products in the homes’ subject. Specific consent may be necessary for this specific purpose (art. 6, par. a) GDPR.
Marketing communication activities will not be processed without specific consent for this purpose.
Personal data released for the abovementioned purposes will be stored for no longer than 10 years and, anyway, until the withdrawal of Your consent. As GDPR requires, when the subject gives the consent for the personal data processing for one or more of the purpose for which it is required, he will be able to revoke it totally/partially without prejudice for the lawfulness of the processing based on released consent before the withdrawal at any time.
The procedures for withdrawing the consent are simple and intuitive: it is necessary to contact the controller and/or the joint controllers by using contacts set out in this policy.
In addiction and for simplicity, when You receive emails by the controller that are not of Your concern anymore, You will not receive any other communication by clicking on the button unsubscribe set at the bottom of the same or through the contacts for which the consent has been collected (SMS, mail, email, phone calls, social media).
Rights of the data subjects
As stated by art. 15 of GDPR, data subject shall have the right to access his personal data, to obtain the rectification and updating, if incomplete or incorrect, to obtain the erasure when the collecting has been done unlawfully, to object to the processing of any personal data for specific and legal reasons.
In particular, the rights you can exercise at any moment against the controller are the following:
The data subject shall exercise the abovementioned right by addressing the controller.
Requests, in accordance with Article 15 of GDPR, shall be addressed to Gerotto Federico S.r.l., via Croce n.26, Campodarsego (PD) or by email as set out in the contact section. Furthermore, you shall consult the “privacy policy section” if the website where you may find all the information concerning our policy about personal data Processing applied by the controller, usage and processing of data, updated information about contacts and communication channels available for the data subject from the controller.
Contacts
You can contact the controller to the mail address: privacy@gerotto.it. For any other request or need the data subject may send a communication to Gerotto Federico S.r.l., via Croce n.26, Campodarsego (PD), email address privacy@gerotto.it. The updated list of the processors is available upon request. Furthermore, you may consult inside privacy policy section of the website all the information about policy applied by the controller on personal data, updated information about contacts and communication channel available for the data subject from the controller.
The controller
Gerotto Federico S.r.l.
Updated version of the privacy policy to May 2018
Information notice directed to interested parties - contact form requests-
In accordance with the European Regulation 679/16 EU Reg., we hereby provide you with the necessary information regarding the processing of personal data that you have provided. This information is provided pursuant to Art. 13 of the European Regulation on the protection of personal data.
1. The "Holder of the Treatment"
This is the company Gerotto Federico S.r.l., VAT registration number 00308900281, with registered office in Via Croce n. 26, Campodarsego (PD), e-mail address: privacy@gerotto.it.
The treatment will be carried out with both manual, computerized and telematic tools, in compliance with the rules in force and the principles of correctness, lawfulness, transparency, relevance, completeness and non-excess, accuracy and with organization and processing logics strictly related to the purposes pursued, and in any case in order to ensure the security, integrity and confidentiality of data processed, in compliance with organizational, physical and logical measures provided for by the provisions in force.
For the purposes expressed in this information, only non-special personal data will be processed. In order to use the services offered or to make requests, it may be necessary to register by filling in a special registration form, or by first contact.
2. Purpose of the treatment, legal basis
The personal data provided will be processed, in compliance with the conditions of lawfulness ex art. 6 of Reg. UE 2016/679, for the following purposes:
A: to respond to your requests for contact and information, to send offers regarding the products and services requested to the Data Controller and to carry out all communication activities always linked to respond to your requests for contact and offer.
B: to send promotional communications, offers and corporate advertising material.
C: to profile, with the express consent of the interested party, his/her behaviour, habits and propensity for additional services offered in order to improve services.
D: legitimate interests of the Data Controller, such as the right of defence in court.
For the purposes of letter A, the legal bases are the contractual or legal obligations to which the Data Controller is subject or the legitimate interest of the latter. The Personal Data provided are necessary to supply the services and all the activities related to the execution of the contract, as well as to comply with the applicable laws, failure to provide them, even partially or incorrectly, could make it impossible to fulfill the contractual obligations and the law. The legal basis for the purposes referred to in letters B, C is the prior express consent of the interested party. These communications may be made by sending e-mails, by telephone, or by sending advertising material, by message or even through social networks. Failure to give consent for these specific purposes has the sole consequence of not being able to carry out the activities of commercial communication, sending newsletters or profiling. Failure to give consent for these specific purposes has the sole consequence of not being able to carry out the activities of commercial communication. The data provided for the above purposes will be stored for the period necessary for each purpose and, in any case, until the consent of the interested party is revoked. In fact, as provided for by the EU Regulation, if the Interested Party has given his consent to the Treatment of Personal Data for one or more purposes for which it was requested, he may, at any time, revoke it in whole and/or in part without prejudice to the lawfulness of the Processing based on the consent given before revocation.
The procedures for revoking the consent are very simple and intuitive, just contact the Data Controller using the contact channels provided in this information notice.
The legal basis for the purpose referred to in letter D is the protection of the legitimate interests of the Holder including the defense in court. Also in this case, the principle of non excess will be applied, in relation to the timing of the judicial defense.
In summary, it should be noted that:
For purposes A and D, the consent of the interested party is not required, while for purposes B, C consent will be required, which remains revocable at any time.
3. Data transfer outside the EU and guarantees
Personal data will normally not be transferred to countries outside the European Union. If there is a need to transfer them to a country outside the EU, the data will be transferred to third countries and/or international organizations for which the European Commission has intervened with an adequacy decision (art. 45 Reg. EU 2016/679).
4. Data storage period or criteria for determining the period
Personal Data will be processed for a period of time equal to the minimum necessary, i.e. until the termination of any pre-contractual and contractual relations in place with the Data Controller, taking into account the terms of legal prescription, the data will be stored for no more than 10 years from the end of the relationship that coincide with the civil terms, except for the time necessary for the protection of the legitimate interests of the Data Controller. In any case, the principles of necessity, proportionality and not excess will be applied.
5. Who will process the Interested party’s personal data and to whom they will be communicated
No data will be disclosed in any way. Your data may be communicated to specific recipients such as public authorities or public bodies for the fulfilment of legal obligations to which the Data Controller is subject, and any other public body entitled to request data, in the cases provided for by law or persons authorized to process such data under the authority of the Data Controller, as well as through data controllers linked to the Data Controller by specific contract, for example: companies that provide services for the management of the computer system and telecommunications networks and consultancy to the Data Controller. The updated list with the identification details of the Data Processors may be requested at any time by you from the Data Controller.
6. Transfer of personal data outside the EU
Your data will be processed by the Data Controller within the territory of the European Union. In the event that for technical and/or operational reasons it becomes necessary to make use of parties located outside the European Union, the transfer of personal data, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of Chapter V of the Regulation. All necessary precautions will therefore be taken in order to guarantee the most complete protection of your data by ground such transfer on the basis on: (i) decisions of adequacy of the third country recipient expressed by the European Commission; (ii) adequate guarantees expressed by the third party recipient pursuant to Article 46 of the Regulation; (iii) the adoption of binding corporate rules.
7. With respect to the rights of the Interested party: Articles 15, 16, 17, 18, 19, 20, 21 and 77 of the GDPR.
We inform you that you have the right to access your personal data, to rectify, to delete and, if necessary, to be forgotten, to limit the processing of your personal data, to transfer your data and to object at any time to the processing of your personal data. We also inform you that you have the right to revoke your consent to the processing of your data at any time, without prejudice to the lawfulness of the processing based on the consent given prior to revocation (Art. 7 paragraph 3 of the GDPR). Pursuant to Article 77 of the Regulation, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are habitually resident, working or in the place where the alleged breach occurred. In order to exercise your rights or for any request or need relating to this information notice, please contact us at the following e-mail address: privacy@gerotto.it.
To learn more about your rights and the policy on the Protection of Personal Data of the company Gerotto Federico S.r.l. you can access the Privacy section of the company website and consult the Privacy Policy.
The Data Controller
Gerotto Federico S.r.l.