Corman S.p.A. firmly believes that transparency is at the basis of the relationship with its customers and users. For this reason, it wishes to apply the utmost clarity to the way personal data is used. The following is a description of how the website is managed, with reference to the processing of the personal data of the users who consult it. This information is also provided pursuant to art. 13 of Regulation (EU) 2017/679 “Protection of individuals with regard to the processing of personal data and the free movement of such data” (in short GDPR) to those who interact with the web services of Corman S.p.A., accessible electronically from the address https://www.corman.it/. The information is also based on Recommendation no. 2/2001 that the European Authorities for the protection of personal data, meeting in the Group established by art.29 of Directive no. 95/46/EC, adopted on 17 May 2001, in order to identify the minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.
- Personal data controller
The data controller is Corman S.p.A., with registered office in Via Liguria, 3 – 20084 Lacchiarella (MI).
- Place of processing of personal data and persons responsible for processing
The processing operations connected to the web services of this website take place at the registered office of the Company in Via Liguria 3 – 20084 Lacchiarella (MI) and are carried out only by technical personnel of the Office in charge of processing pursuant to art. 29 of the GDPR. For the various specific services, the related data are processed by specialised companies, appointed as Data Processors pursuant to Article 28 of the GDPR. The complete list of Data Processors can be requested at firstname.lastname@example.org.
- Type of data processed
3.1 Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or the domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
3.2 Data provided by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message. For some specific services, the release of personal data may be required; in this case, detailed information is provided in the pages of the site set up for particular services upon request.
- Purposes and legal basis of data processing
Without prejudice to what has been specified for browsing data (see point 3.1), personal data provided by Users through the Site are processed for the following purposes:
- to allow the performance of operations strictly connected and instrumental to the management of relations with Users, such as – merely by way of example – the response to queries received through contact forms, the management for personnel selection purposes of the CV (curriculum vitae) and the management of other relevant information sent by the User;
- to allow the proper performance of the contractual obligations assumed by the Company towards Users and customers and vice versa, as well as the consequent accounting and tax obligations
- to allow the fulfilment of the obligations provided for by laws, regulations and EU rules, or provisions issued by authorities empowered to do so by law and by supervisory and control bodies; purposes necessary to ascertain, exercise or defend a right in court or whenever the judicial authorities exercise their jurisdictional functions
- purposes of research/statistical analysis on aggregate or anonymous data, without therefore being able to identify the User, aimed at measuring the correct functioning of the Site and its operational functions, including the resolution of any technical problems.
The legal basis for the processing of personal data for the purposes referred to in point a) is the provision of a service or the response to a request, which do not require the consent of the Users, pursuant to the applicable legislation. With regard to the purpose b), the processing is necessary for the execution of the existing contract with the Company, the purpose c) has as legal basis the fulfilment of legal obligations and the purpose d) the pursuit of a legitimate interest of the Company. As regards the purposes of point e), no personal data processing activity is envisaged.
- Third party advertisers and links to other websites
The Corman S.p.A. website may include advertisements from third parties and links to other websites and applications through which you can purchase services and products. Third-party advertising partners may collect information about you when you interact with their content, advertising and services.
- Processing methods and storage times
Personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorised access.
- Rights of the interested parties
The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or otherwise of such data and to know its content and origin, verify its accuracy or request its integration or updating, or rectification (art. 15 ff. GDPR). Pursuant to the same article, you have the right to request the deletion, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, their processing. Requests should be made by e-mail, to the address: email@example.com.