Privacy Policy

1. Who is data controller? How to contact him?

The Data Controller is X-TRIM SOLUTIONS S.R.L., with registered office in Cinisello Balsamo (MI) Via Monfalcone 39 Cap 20092, Cod. Fisc. / P.ta Iva 05029290961, in the person of its pro-tempore Legal Representative, who can be contacted for any information by phone 02 99725234, e-mail info@xtrimsolutions.com

2. Personal data processed

Personal data: any information concerning an identified natural personwith particular regard to an identifier such as the name, the identification number, location data, the online identifier or to one or more elements regarding its physical, physiological, genetic, mental, economic, cultural or social identity

Contractors/User Data

Navigation Data

Computer systems and procedures software preceded to the operation of this site, acquire, during their normal exercise, some personal data whose transmission is implicit using Internet communication protocols.

This category includes: IP addresses, URI/URL (Uniform Resource Identifier/Locator), time of request, type of request, outgoing packet size, server status of response (received, error, etc…) and other parameters related to the operating system.

Data provided by data subject

The optional, explicit and voluntary dispatching of messages to contact-addresses, as well as compilation and forwarding of forms, involves the acquisition of sender’s personal data necessary to reply, as well as all the personal data included in messages themselves.

Information on the processing of personal data carried out through Social Media platforms

With regard to the processing of personal data carried out by the managers of the Social Media platforms used by the Controller, please see the information provided by them in their respective privacy policies. Data controller processes the personal data provided by the users through the pages of the dedicated Social Media platforms, to manage the interactions with the users (comments, public posts, etc.) and in compliance with the laws in force.

Detailed Notices

Detailed notices related to specific services or processing are available on specific pages of the site.

Cookies and other tracking systems.

Cookies are not used for profiling.
Technical session cookies (not persistent) are used, strictly limited to what is necessary for the safe and efficient navigation of the sites.

Link to Cookie Policy.

Information on the processing of personal data carried out through Social Media platforms

With regard to the processing of personal data carried out by the managers of the Social Media platforms used by the Controller, please see the information provided by them in their respective privacy policies Data controller processes the personal data provided by the users through the pages of the dedicated Social Media platforms, to manage the interactions with the users (comments, public posts, etc.) and in compliance with the laws in force.

3. Purpose of processing, legal basis of the processing, data retention, nature of provision

PURPOSE OF PROCESSING	LEGAL BASIS OF PROCESSING	DATA RETENTION	NATURE OF PROVISION
Navigation on this website. The data required to use the web services are also processed in order to: obtaining statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.); checking the proper functioning of the services offered. The data will be used to ascertain liability in case of computer crimes against the site.	Processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, taking into consideration the reasonable expectations of the data subject and the activities that are strictly necessary for the operation of the site or for browsing it (Art. 6(1)(f) and C47 of the GDPR)	Navigation data will be retained for the whole duration of the browsing session, except in the event of the need to ascertain criminal offences by the judicial authorities	The provision of data is necessary to browse the website.

In addition to navigation, personal data will be processed for:

PURPOSE OF PROCESSING	LEGAL BASIS OF PROCESSING	DATA RETENTION	NATURE OF PROVISION
A) CONTACTS, sending contact requests, informationzioni	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (C44) Art. 6 par. 1 lett. b) of GDPR.	Maximum 24 months	The provision of data is necessary. If you do not provide your necessary personal data, the Data Controller will not be able to contact you for sending the requests information.
B) HANDLING YOUR REQUESTS PURSUANT TO ART. 15 and following of GDPR (Rights of the Data Subject)	The processing is necessary for compliance with a legal obligation to which the Data Controller is subject to. (C45) Art. 6 par. 1 lett. c) GDPR.	5 years after closing of the claim, unless in dispute	The provision of personal data is necessary, as it is indispensable to be able to fulfil legal obligations.

4. To whom will personal data be disclosed? RECIPIENTS OR CATEGORIES OF RECIPIENTS

The personal data will be communicated, also on the basis of the purposes contained in specific areas, to subjects who will process the data as autonomous Data Controllers, or Data Processors (art. 28 GDPR) and processed by natural persons (art. 29 GDPR) who act under the authority of the Data Controller and Data Processors on the basis of specific instructions given regarding the purposes and methods of processing, for specific purposes according to the area of reference. The data will be communicated to recipients belonging to the following categories:

• Subjects providing services for the website and communication networks (including e-mail, host and website management);
• Competent authorities for the fulfilment of legal obligations, upon request.

The list of Data Processors art. 28 is available by writing to info@xtrimsolutions.com or at the contacts indicated above.

5. DOES THE DATA CONTROLLER TRANSFER DATA TO A THIRD COUNTRY AND/OR TO INTERNATIONAL ORGANISATIONS

Personal data will not be transferred to non-EEA countries. It should be noted, in particular, that the data will be stored in Italy for hosting, management, development and maintenance services of the site.

6. ARE PERSONAL DATA PROCESSED BY AN AUTOMATED MEAN?

Personal data will be object of a manual, electronic and automated processing. Please note that no automated decision-making processes are carried out.

7. DATA SUBJECTS RIGHTS. How can he exercise them?

You can exercise your rights as expressed in Artt. 15 et seq. GDPR, by contacting the Data Controller by writing info@xtrimsolutions.com, or to the other contacts above mentioned. You have the right, at any time, to request access to your personal data (Art. 15), rectification (Art. 16), deletion of the same (Art. 17), restriction of processing (Art. 18). The Data Controller shall inform (Art. 19) each of the recipients to whom the personal data have been transmitted of any rectification or erasure or restriction of processing carried out. The Data Controller shall inform the data subject of these recipients if the data subject so requests the cases provided for, you have the right to the portability of your data (Art. 20), in which case they will be provided to you in a structured, commonly used and machine-readable format. You have the right to object (Art. 21), at any time, to the processing of your data based on legitimate interest by writing to the contact details above with the subject “objection”. In the event that he/she considers that the processing of personal data carried out by the Data Controller is in breach of the provisions of Regulation (EU) 2016/679, the data subject has the right to lodge a complaint with the Supervisory Authority, in particular in the Member State where he/she normally resides or works or in the place where the alleged breach of the Regulation occurred (Garante Privacy https://www.garanteprivacy.it/), or to take appropriate legal action.

8. Changes to the disclosure

The Data Controller can change, modify, add or remove any part of this Privacy Policy. In order to facilitate the verification of any changes by he Customers, the Policy will contain an indication of the update date of the information.

Date of update: 23rd June 2023