Privacy Policy
Information document pursuant to and in accordance with Article 13 Regulation (EU) 2016/679 (GDPR)
WHY THIS INFORMATION?
Pursuant to Regulation (EU) 2016/679 (hereinafter “GDPR”), this page describes the methods of purposes personal data. This information is provided pursuant to art. 13 GDPR. The information is not to be considered valid for other third-party websites, which may be consulted through links on this website, for which no responsibility is assumed.
Processing personal data
Personal data: any information relating to an identified or identifiable natural person (“data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, or physical identity of that natural person, genetic, psychological, economic, cultural or social (C26, C27, C30 GDPR).
- Contractors/Users Data.
- Navigation data: the computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.
- Data communicated voluntarily: the optional, explicit and voluntary sending of messages to the contact addresses indicated on this site and/or the compilation of data collection forms involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered.
Information about the processing of personal data carried out through Social Media platforms
With regard to the processing of personal data carried out by the managers of the Social Media platforms used by the Data Controller, please refer to the information provided by the latter through their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of dedicated Social Media platforms, to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation.
Specific information
Specific information may be present on the pages of the Site in relation to particular services or data processing provided.
COOKIES AND OTHER TRACKING SYSTEMS. WHAT ARE THEY? WHAT ARE THEY FOR?
For other information about cookies, it’s possible to read cookie policy published on the footer of website.
1. WHO IS THE DATA CONTROLLER? HOW TO CONTACT HIM?
The Data Controller is X-TRIM SOLUTIONS S.R.L., with registered office in Cinisello Balsamo, (MI) Via Monfalcone 39, Cap 20092, Italy, in the person of the Chairman of the Board of Directors pro-tempore. The contact details of the Data Controller: amministrazione@xtrimsolutions.com
2. PURPOSE OF THE PROCESSING, LEGAL BASIS, DATA RETENTION PERIOD, NATURE OF THE PROVISION
PURPOSE OF THE PROCESSING |
LEGAL BASIS |
DATA RETENTION PERIOD |
NATURE OF THE PROVISION |
Navigation on this website. The data necessary for the use of web services are also processed for the purpose of: • obtain statistical information on the use of services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.); •check the correct functioning of the services offered. The data will be used to ascertain responsibility in case of hypothetical computer crimes against the site. | Processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that the interests or fundamental rights and freedoms of the interested party which require the protection of personal data do not prevail, taking into account the reasonable expectations entertained by the interested party and the activities strictly necessary for the functioning of the site and navigation itself. (Art. 6, par. 1, letter f) and C47 of the GDPR) Interested parties are guaranteed the possibility of obtaining, upon request, information on the balancing test carried out. | Browsing data will be stored for the duration of the browsing session. In any case, they do not persist for more than seven days (except for any need for the judicial authority to ascertain crimes). | The provision of data is necessary for navigation on the website. |
Use of cookies and equivalent technologies. See the cookies policy in the footer of the site. | For necessary non-technical cookies and comparable technologies, the processing is based on consent to the processing of personal data (Art. 6 par. 1, lett. A) and C42, C43 GDPR). Consent is given through the banner and the cookie policy of the site. | See the cookies policy in the footer of the site. | See the cookies policy in the footer of the site. |
In addition to browsing, personal data will be processed for:
PURPOSE OF THE PROCESSING |
LEGAL BASIS |
DATA RETENTION |
NATURE OF THE PROVISION |
|---|---|---|---|
A) CONTACTS, sending contact requests, information. | The processing is necessary for the performance of a contract to which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the same (C44). Art. 6 para. 1 lit. b) of the GDPR. | Maximum 1 year. | Disposal is necessary. Failure to provide the necessary data will make it impossible to be contacted and receive information. |
B) MANAGEMENT OF YOUR REQUESTS and requests from other interested parties, pursuant to art. 15 et seq. of the GDPR (rights of the data subject). | The processing is necessary for compliance with a legal obligation to which the controller is subject (C45). Art. 6 para. 1 p lit. c) of the GDPR. | 5 years from the closure of the request, except for litigation. | The provision of personal data is mandatory, as it is essential to be able to execute legal obligations. |
3. TO WHOM WILL PERSONAL DATA BE COMMUNICATED? DATA RECIPIENTS
Personal data will be communicated to subjects who will process the data as independent Data Controllers, or Data Processors (art. 28 GDPR) and processed by natural persons (art. 29 GDPR) who act under the authority of the Data Controller and the Data Processors on the basis of specific instructions provided regarding the purposes and methods of processing. The data will be communicated to recipients belonging to the following categories:
- Subjects based in Italy, who provide services for the website and communication networks, including e-mail, hosting and website management (including parent company);
- Competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request.
The list of Data Processors by Article 28 is available by writing to amministrazione@xtrimsolutions.com or other addresses indicated above.
4. WILL THE DATA BE TRANSFERRED TO NON-EEA COUNTRIES?
Personal data will not be transferred to countries outside the EEA
5.IS THERE AN AUTOMATED PROCESS?
Personal data will be subjected to traditional, electronic and automated manual processing. Please note that fully automated decision-making processes are not carried out.
6. WHAT ARE YOUR RIGHTS? HOW CAN HE EXERCISE THEM?
Data subjects may assert their rights as expressed by Articles 15 et seq. GDPR, either by contacting the Data Controller at the e-mail address: amministrazione@xtrimsolutions.com or by writing to the contacts indicated above.
The data controller guarantees data subjects the possibility to request, at any time, access to their personal data (art.15), Right to rectification (art.16), Right to erasure (art.17), Right to erasure (art.18). The data controller shall notify (art. 19), to each of the recipients to whom the personal data have been transmitted, any corrections or deletions or limitations of processing carried out. The data controller shall notify the data subjects who request such recipients.
The data controller guarantees the right to data portability (art.20) and, in the event of requests pursuant to art.20, will provide the data subjects with the data in a structured, commonly used and machine-readable format.
The data subjects have the right to object (art.21), at any time, to the processing of data based on legitimate interest by writing to the contacts indicated above with the subject “opposition”. In the event of exercising the right to object to processing based on legitimate interest, the Data Controller recognises that data subjects have the possibility of obtaining, upon request, information on the balancing test carried out.
In the event that data subjects believe that the processing of personal data carried out by the Data Controller is in violation of the provisions of Regulation (EU) 2016/679, they are free to lodge a complaint with the National Supervisory Authority, in particular in the Member State where they habitually reside or work, or in the place where the alleged violation of the Regulation occurred (Data protection Authority https://www.garanteprivacy.it/), or to bring the matter before the appropriate courts.
7. CHANGES TO THE POLICY
The data controller may change, modify, add or remove any part of this Privacy Policy. In order to facilitate the verification of any changes, the policy will contain an indication of the date of update of the policy itself.
Date updated: February, 4, 2025
