PERSONAL DATA PROTECTION

Information Notice on the processing of the web site users’ personal data

Articles 13 and 14 of the EU Regulation 2016/679 (hereinafter also called “GDPR”)

CORBARA srl (hereinafter also called “Company” or “Data Controller”) respects and protects your privacy and wants you to feel safe both during the simple surfing of the web site and in case you decide to register, providing us with your personal data in order you to enjoy the services made available to our Users and/or Customers.

With this page, the Company wants to provide information on the processing of the personal data of the users that surf or consult the web site accessible through PC, smartphone or any other device at the address www.corbaraweb.com (the “web site”). The Information Notice is provided only for the web site of the Company and not for other web sites possibly consulted by the user through a link (for which you should refer to the relevant information notices/policies on data protection).

The reproduction or use of pages, materials and information contained in the web site, with any means and on any device, isn’t allowed without having obtained the written consent by the Company. The copy and/or printing only for personal use (and not for commercial use) is allowed. For requests and clarifications please contact the Company at the contact details below. Other uses of contents, services and information present on this web site are not allowed.

As to the contents offered and the information provided, the Company will keep the contents of the web site reasonably updated and reviewed, without guaranteeing the suitability, exactness or completeness of the information provided, expressly declining all responsibilities for possible errors and omissions in the information provided in the web site.

Origin – Surfing data

The Company informs that the personal data provided by you and acquired at the moment of the information and/or contact request, at the registration to the web site and at the employment of the services through PC, smartphone or any other device used to access the Internet, as well as the data needed to provide such services, inclusive of the surfing data and the date used for the possible purchase of products and services offered by the Company but also the so-called “surfing data” of the web site by users, will be processed in compliance with the applicable regulation.

The information systems and the software procedures used for the operation of this web site acquire, during their normal exercise, some personal data whose transmission is implicit in the employment of the Internet.

They are information collected to be associated to identified Data Subjects, but which for their nature, through processing and associations with data in possession of third parties, could allow to identify the surfing users. To this category of data belong the “IP Addresses” or the domain names of the PCs used by the users that connect to the web site, the URI (Uniform Resource Identifier) notation addresses of the resources required, the time of the request, the method used to submit the request to the web server, the size of the file obtained as an answer, the numerical code specifying the status of the answer provided by the web server (successful, error, etc.) and further parameters concerning the operation system and the IT environment of the user.

These data are used only in order to obtain anonymous statistical information on the employment of the web site and to control the correct operation of the Company’s web site. We’d like to underline that the above-mentioned data could be used to ascertain the responsibilities in case of cyber-crimes damaging the Company’s web site or other web sites connected to it: without prejudice to this possibility, currently the data on the web contacts remain only for a few days.

Origin – Data provided by the user

The Company collects, keeps and processes your personal data in order to provide the products and services offered on the web site, or to meet legal obligations. With reference to some specific services, products, promotions, etc., the Company can process your data even for commercial purposes. In such cases, a specific, separated, optional consent will be required, that can be always revoked with the methods and to the contact details specified below.

The optional, explicit and voluntary sending of e-mails to the addresses specified in the special section of the web site, as well as the filling in of forms (for example, contact forms), the communication through chat, push notification through APPs, social networks, call centres, etc., entails the following acquisition of some personal data, inclusive of the ones collected through the employment of Apps and relevant services, needed to answer your requests.

We’d like to underline that, while using the mobile connection to access the contents and digital services offered directly by the Company or by our partners, it could be necessary to transfer your personal data to such third parties. Please, consider that you could access the web site or connect to areas where you can be enabled to publish information through blogs or notice boards, to communicate with others, for example coming from the company page on Facebook®, LinkedIn®, YouTube®, and other social networks, see again products and offers and publish comments or contents. Before interacting with such areas, you are kindly asked to carefully read the Employment General Conditions, considering that in some cases the information published can be displayed by anyone who accesses the Internet and all information included in your publications can be read, collected and used by third parties.

Purposes of the processing and legal framework

Your data are processed:

1) For purposes strictly connected and needed for the registration to the web site www.corbaraweb.com, to the services and/or applications developed or made available by the Company, to use the relevant information services, for the management of the contact or information requests, to purchase the products and services offered through the Company’s web site;

2) For ancillary activities connected with the management of the User/Customer’s requests and the sending of an acknowledgement that could provide the transmission of promotional material; for the finalization of the order for the purchase of products and services offered, inclusive of the aspects concerning the payment with credit card, the management of shipments, the possible exercise of the right of withdrawal provided for the remote purchases, the updating on the availability of products and services temporary not available;

3) To meet the obligations provided by Community or national provisions and for purposes connected with the protection of the public order, the assessment and repression of crimes;

4) For direct marketing, that is the sending of advertisement material, direct sale, market researches or commercial communications of products and/or services offered by the Company; such activity can concern even products and services of companies of the group and be carried out through the sending of advertisement/information/promotional material and/or invitations to take part in initiatives, events and offers aimed at rewarding the users/customers, carried out with “traditional” methods (merely by way of an example, regular mail and/or calls by operator), or through “automated” contact systems (merely by way of an example, SMS and/or MMS, calls without the intervention of an operator, e-mails, fax, interactive applications), pursuant to article 130, paragraph 1 and 2 of Legislative Decree 196/03 and following modifications.

The provision of data for the purposes of points 1), 2) and 3), connected with a pre-contractual and/or contractual stage, or needed to answer a user’s request or provided by a specific regulation, is compulsory and, in case of denial, it will be impossible for you to receive the information and access the possibly required services; as to point 4) of this Information Notice, the consent to the processing of data by the user/customer is free and optional and can be always revoked without consequences on the use of the products and services, a part from the impossibility for the Company to keep the users/customers updated on the new initiatives or on particular promotions or advantages possibly available.

The Company can send commercial communications on products and/or services similar to the already provided ones, pursuant to the EU Directive 2002/58, using the e-mails or postal address provided by users in such occasions. Users can oppose to this, with the methods and to the contact details specified below.

Processing methods and logics, storing time and security measures

The processing is carried out also with the aid of electronic or automated devices, both by the Company and/or by third parties of which the Company can avail in order to store, manage and transmit such data.

The data processing will be carried out with organizational and processing logics of your personal data coming from the logs originated by the access and use of the services made available through the web, of products and services used, connected with the above specified purposes and, anyway, in order to ensure the security and confidentiality of data. The personal data processed will be stored for the time required by the applicable regulation.

As to data security, in the sections of the web site needed for particular services, where personal data are asked to the user, the data are encrypted through a security technology called Secure Sockets Layer (SSL). The SSL technology encodes the information before they are exchanged through the Internet between the user’s PC and the Company’s main systems, making them incomprehensible to those who are not authorized and ensuring in this way the confidentiality of the information transmitted; besides, the transactions carried out using electronic payment systems are realized by using directly the platform of the payment services supplier (PSP) and the Company keeps only the minimum set of information needed to manage possible disputes.

With reference to the personal data protection, the user/customer is invited, pursuant to article 33 of the GDPR, to inform the Company on possible circumstances or events from which could derive a possible data breach, in order to allow an immediate evaluation and the adoption of possible actions aimed at hindering such event, sending a communication to info@corbaraweb.com or contacting the Customer Service.

The measures adopted by the Company don’t relieve the customers of taking the needed care and use, where needed, a suitably complex password/PIN, that they will have to update periodically, most of all in case they fear it has been violated/is known by third parties. They also have to store it with care and make it inaccessible to third parties, in order to avoid improper and unauthorized uses.

Data communication and transfer fields

In order to achieve the above specified purposes, the Company can communicate and let process, both in Italy and abroad, the users/customers’ personal data to third subjects with which the Company has relationships, in case the third parties provide services required by it.

The Company will provide to the third parties only the information needed to carry out the services required, taking all measures needed to protect the users’ personal data. The data can be transferred outside the European Economic Space in case it’s needed for the management of the contractual relationship with the user. In such case, the recipient subjects will be obliged to protect them and to adopt suitable security measures equivalent to the ones guaranteed by the Data Controller.

In case of use of services offered directly by the partners, we’ll provide only the data strictly needed for their execution. Anyway, only the data needed to achieve the provided purposes will be communicated and, where needed, the guarantees applicable to the transfers of data towards third countries will be applied.

For marketing reasons, we could even communicate the personal data to our commercial services providers, who will be appointed as external Data Processors. Besides, personal data can be communicated to public subjects and authorities in order to meet legal obligations or to ascertain responsibilities in case of cyber-crimes damaging the web site and communicated, or allocated, to third subjects (as Data Processors or, in case of electronic communication services providers, as autonomous Data Controllers) providers of information and computerized services (for example, hosting services, web site management and development) of which the Company avails itself to carry out tasks and activities even of technical and organizational natural instrumental to the operation of the web site. The subjects belonging to the above-mentioned categories operate as autonomous Data Controllers or Data Processors appointed on purpose by the Company.

The personal data can be communicated to employees/consultants of the Company, who are specifically trained and appointed as persons in charge of the processing.

The categories of recipients to which the data can be communicated are available by contacting the Company at the contact details below.

Data Subjects’ rights

You can exercise at any moment the rights recognized by the law, among which the right to:

a) access your personal data, obtaining an evidence of the purposes pursued by the Data Controller, of the categories of data involved, of the recipients to which they can be communicated, of the applicable storing time, of the existence of automated decision-making processes;

b) obtain without delay the modification of wrong personal data;

c) obtain, in the cases provided, the cancellation of your data;

d) obtain the limitation of processing or oppose the processing, when possible;

e) ask the portability of the data you have provided to the Company, that is, the right to receive them in a structured, commonly used format, readable from an automated device and even to transmit such data to another Data Controller, within the limits and with the restrictions provided by article 20 of the GDPR.

Besides, you can make a claim to the Data Protection Authority pursuant to article 77 of the GDPR.

For the processing operations specified in the point 4) of purposes, the Costumer can always revoke the consent and exercise the right of opposition to the direct marketing (in a “traditional” and “automated” form). The opposition, in lack of a contrary specification, will be referred both to traditional and to automated communications.

Data Controller

The Data Controller, pursuant to article 4 of the Code and of the GDPR, is CORBARA srl, Via Mecio Gracco, 6 – 84131 Salerno (SA) VAT Number: 03314600655 – Fiscal Code: 03314600655

The above-specified rights can be exercised upon request of the Data Subject with the methods communicated by the Customer Service or specified on the web site of the Company or obtained by sending an e-mail to info@corbaraweb.com.

The employment of the web site, inclusive of the ones destined to tablets and/or smartphones, by the Customer and/or User, implies the full knowledge and acceptance of the content and possible specifications included in this version of Information Notice published by the Company when the user accesses the web site. The Company informs that this Information Notice can be modified without any notice and therefore it recommends you reading it periodically.

The Data Controller

CORBARA srl