Privacy

The company Barzanò & Zanardo S.p.a. (Tax Code: 05051840584 / VAT No.: 01347741009), represented by its legal representative, with registered office in Via Piemonte, 26, 00187 Rome, Italy, contacts: e-mail: privacy@barzano-zanardo.com – PEC: b-zmilano@pec.barzano-zanardo.com – Tel. +39 06 421771, owner of the website https://barzano-zanardo.com/it/ (hereinafter the “Website”), in its capacity as Data Controller of the personal data of the users of the Website (hereinafter the “Users”), provides the following privacy notice pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, the “Regulation” or the “Applicable Law”).

This Website and the services possibly offered through it are reserved for individuals who are at least eighteen years old. The Controller does not collect personal data relating to individuals under the age of 18. Upon request by Users, the Controller will promptly delete all personal data inadvertently collected relating to minors under 18 years of age.

The company has appointed a Data Protection Officer (DPO), pursuant to Article 37 of the GDPR, identified as Attorney Clementina Baroni (VAT No. 02001880356 / Tax Code: BRNCMN73T50L826B), with ad hoc appointment, with registered office in Via Domenico Francesco Cecati, 1/1, 42123 Reggio nell’Emilia (RE), Italy. Contacts: e-mail: dpo@studiolegaleavvbaroni.it – PEC: clementina.baroni@ordineavvocatireggioemilia.it – Tel. +39 0522506307.

The Controller takes the right to privacy and the protection of its Users’ personal data very seriously. For any information regarding this privacy notice, Users may contact the Controller at any time by sending:

• a registered letter with return receipt to: Barzanò & Zanardo S.p.a., Via Piemonte, 26, 00187 Rome, Italy;
• e-mail: privacy@barzano-zanardo.com
• PEC: b-zmilano@pec.barzano-zanardo.com

or by contacting the DPO, by sending:

• a registered letter with return receipt to: Attorney Clementina Baroni, Via Domenico Francesco Cecati, 1/1, 42123 Reggio nell’Emilia (RE), Italy;
• PEC: baroni@ordineavvocatireggioemilia.it
• e-mail: dpo@studiolegaleavvbaroni.it

1. Categories of Data Processed

The data subject to processing are as follows:

1. a) all personal data whose transmission is implicit in the use of Internet communication protocols, which the computer systems and software procedures responsible for the operation of the Website acquire during their normal functioning: IP addresses or domain names of the computers used by Users, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the User’s operating system and IT environment;
2. b) identifying personal data (e.g. name, surname, e-mail address, telephone number, address, IP address, log files, etc.);
3. c) data voluntarily entered by the User in the “Contact” form on the company’s website, such as: name, surname, company name, e-mail address, IP address, log files, etc.

Mandatory data are duly marked with an asterisk (*).

2. Purposes of Processing

The Users’ personal data will be lawfully processed by the Controller pursuant to Article 6 of the Regulation for the following purposes:

– provision of the service, i.e. to allow the User to browse the Website. The User’s data collected for this purpose include all data used solely to obtain anonymous statistical information on the use of the Website and to ensure its proper functioning. Without prejudice to what is set forth elsewhere in this privacy notice, under no circumstances will the Controller make Users’ personal data accessible to other Users and/or third parties.
– fulfilling the User’s request: Users’ personal data are collected and processed by the Controller solely for the purpose of fulfilling their request. No other processing will be carried out by the Controller in relation to Users’ personal data. Without prejudice to what is set forth elsewhere in this privacy notice, under no circumstances will the Controller make Users’ personal data accessible to other Users and/or third parties.
– administrative and accounting purposes, i.e. to carry out organizational, administrative, financial, and accounting activities, such as internal organizational activities and activities functional to the fulfillment of contractual and pre-contractual obligations.
– legal obligations, i.e. to comply with obligations provided for by law, by an authority, by a regulation, or by applicable legislation and to establish liability in the event of alleged cybercrimes against the Website.
– performance of a contract, where processing is necessary for the performance of a contract with the User and/or the execution of pre-contractual measures.

It is always possible to request the Controller to clarify the specific legal basis of each processing activity.

The provision of personal data for the processing purposes mentioned above is optional but necessary, as failure to provide such data will make it impossible for the User to submit their request to the Controller.

Personal data necessary for the pursuit of the processing purposes described in this section 2) are marked with an asterisk within the request form.

3. Methods of Processing and Data Retention Period

The Controller will process Users’ personal data using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the data.

Users’ personal data collected through the Website will be stored for the time strictly necessary to achieve the primary purposes described in section 2) above, or in any case as necessary to protect the civil interests of both the Users and the Controller.

4. Scope of Data Communication and Disclosure

Individuals responsible for managing the Website and Users’ requests may become aware of Users’ personal data. Such persons, who have been duly instructed by the Controller pursuant to Article 29 of the Regulation, will process Users’ data exclusively for the purposes indicated in this notice and in compliance with the provisions of the Applicable Law.

Third parties may also become aware of Users’ personal data and process them on behalf of the Controller as “External Data Processors”, such as, by way of example, providers of IT and logistics services functional to the operation of the Website, outsourcing or cloud computing service providers, professionals, and consultants.

Users have the right to obtain a list of any data processors appointed by the Controller, by requesting it in the manner indicated in section 6) of this policy.

5. Data Transfer

The data collected for the aforementioned purposes are not transferred to non-EU countries. However, the Controller reserves the right to use cloud services; in such cases, service providers will be selected from those offering adequate guarantees, as provided for in Article 46 of EU Regulation 2016/679.

6. Rights of Data Subjects

Users may exercise the rights granted to them by the Applicable Law by contacting the Controller by sending:

• a registered letter with return receipt to: Barzanò & Zanardo S.p.a., Via Piemonte, 26, 00187 Rome, Italy;
• e-mail: privacy@barzano-zanardo.com
• PEC: b-zmilano@pec.barzano-zanardo.com

or by contacting the DPO, by sending:

• a registered letter with return receipt to: Attorney Clementina Baroni, Via Domenico Francesco Cecati, 1/1, 42123 Reggio nell’Emilia (RE), Italy;
• PEC: baroni@ordineavvocatireggioemilia.it
• e-mail: dpo@studiolegaleavvbaroni.it

Users have the right to obtain:

– access to personal data in order to know (“reactive transparency”) the purposes of processing, the categories of personal data collected, the recipients of the data communication, in particular if recipients are third countries or international organizations, and the expected data retention period (Art. 15);
– rectification (Art. 16);
– the right to erasure of personal data, where these are no longer necessary in relation to the purposes for which they were collected and where there are no further legal obligations for retention (Art. 17 GDPR);
– restriction of processing (Art. 18);
– data portability (Art. 20);
– the right to object to processing on grounds relating to their particular situation (Art. 21 GDPR). In such a case, processing of personal data shall cease unless it can be demonstrated that compelling legitimate grounds exist for processing (e.g., for the defense of rights in legal proceedings).
– not to be subject to automated decision-making, including profiling (Art. 22);
– the right to withdraw consent at any time without prejudice to the lawfulness of processing based on consent before its withdrawal (Art. 7).

Finally, the data subject has the right to lodge a complaint with the Supervisory Authority pursuant to Art. 13(2)(d) of the Regulation as well as under Art. 77 of the Regulation.

The Italian Supervisory Authority is the “Garante per la protezione dei dati personali”, with registered office in Piazza Venezia 11, 00186 Rome (http://www.garanteprivacy.it/).

For all matters not expressly covered in this notice, reference should be made to Regulation (EU) 2016/679, Legislative Decree 196/03 as amended by Legislative Decree 101/2018 and subsequent amendments, as well as to any other measure issued by the Italian Data Protection Authority (“Garante”).

***

The Controller is not responsible for updating all links displayed in this Privacy Notice. Therefore, whenever a link is not working and/or updated, Users acknowledge and agree that they must always refer to the document and/or section of the websites referred to by such link. If the User does not accept the changes made to this privacy policy, they are required to cease using https://barzano-zanardo.com/it/ and may request the Controller to delete their Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to Personal Data collected until that time.