PREAMBLE

Casta S.r.l., headquartered in Zona Industriale Villa Selva, 47122 Forlì (FC), pec (certified email address) castasrl@cert.cna.it, according to art. 13 of Regulation EU 2016/679 “General Data Protection Regulation”, pursuant to and for the purposes of the “Personal Data Protection Code” integrated with the amendments introduced by Legislative Decree 101 dated 10 August 2018, entitled “Measures to adapt the national legislation to the provisions of regulation EU 2016/679 of the European Parliament and of the Council, dated 27 April 2016, on the protection of natural persons with regard to the processing of personal data, and on the free movement of such data and which repeals directive 95/46/EC (general data protection regulation)” (in issue 205 of the Official Gazette dated 4 September 2018), is required to provide accurate information on the processing of your personal data, pursuant to art. 13 of Regulation EU 2016/679 “General Data Protection Regulation” (hereinafter “GDPR”) and of Leg. Dec. 196/2003 “Privacy Code” as amended, on the rights of those who enter into a contract with the aforementioned company. We invite you to read this privacy policy carefully in order to knowingly express your wish on the handling of your data for the purposes and with the procedures set out below.

The Data Controller, pursuant to Legislative Decree 196/2003 (Privacy Code), integrated with the amendments introduced by the Legislative Decree 101 dated 10 August 2018 and Regulation EU 679/2016 (GDPR), intends to guarantee the privacy and security of the personal data of each visitor, as set out in the privacy policy below.

TYPE OF DATA PROCESSED

The Internet website offers information on Casta S.r.l. and its activities. Whilst browsing, the Data Controller may acquire information in the following ways:

1. Browsing data

Like all websites, this site www.fourteentec.com also uses log files. Consequently, when browsing them, said websites acquire personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes: IP addresses, type of browser used and parameters of the device used to connect to the website, the name of the internet service provider (ISP), web page of origin of the visitor (referral) and exit page, the information on the pages visited inside the website, access and exit time, length of time spent on the website and on the single page.

PURPOSE AND LEGAL GROUNDS FOR PROCESSING

Data is collected and processed for the following purposes; each corresponds to suitable and relevant legal grounds of the processing.

PURPOSE

Browsing the website: detection of user experience, monitoring of smooth operation of the website, guarantee website security.

LEGAL GROUNDS

The processing activities are based on the pursuit of a legitimate interest of the Data Controller.

SCOPE OF DATA CIRCULATION

The data processed pursuant to purpose 1) will never be provided to third parties, for any reason, unless it is a legitimate request from the Judicial Authority and only in cases provided for by law.

TRANSFER OF DATA TO NON-EU COUNTRIES

The data processed pursuant to purpose 1) will never be transferred to non-EU countries, for any reason, unless it is a legitimate request from the Judicial Authority and only in cases provided for by law.

ROLES AND RESPONSIBILITY – PRIVACY

Your data is processed by Casta S.r.l., in its capacity as Data Controller, in the person of its pro-tempore legal representative.

It is possible to contact the Data Controller at the e-mail address castasrl@cert.cna.it.

DATA PROCESSING METHODS

Personal data is processed primarily using procedures and electronic supports for the time strictly necessary to pursue the purposes for which it has been collected and, in any case, in accordance with the principles of lawfulness and correctness, without excess and relevance, provided for by the current privacy legislation in force.

DATA RETENTION

Data related to the browsing logs, at point 1) in the section entitled type of data processed, where recorded, will be retained by the Data Controller for a period of 15 days.

The data will be retained beyond the prescribed time limits exclusively to fulfil legal obligations, to defend or to claim a right or to fulfil any further obligations of law or orders of the Authority.

RIGHTS OF THE DATA SUBJECTS

The individuals to whom the above data refer (so-called data subjects), are entitled to exercise their rights according to the ways and limits provided for by the privacy legislation in force.

In relation to the processing of your personal data, you are entitled to ask the Data Controller for the following:

• Access: you may ask for confirmation as to whether or not personal data relating to you is being processed, in addition to further clarifications regarding the information of this Privacy Policy, and receive the same data, within reasonable limits;
• Correction: ask to correct or integrate data which you have provided to us or which is in any case in our possession, if inexact;
• Cancellation/right to be forgotten: you may ask that your data acquired or processed by Casta S.r.l. be cancelled, if it is no longer necessary for our purposes or where there are no existing disputes or litigations, in the event of withdrawal of consent or opposition to the processing, in the event of unlawful processing, or where a legal obligation exists to cancel them;
• Restriction: you may request restriction of the processing of personal data, when one of the conditions of art. 18 of the GDPR applies; in that case, the data will not be processed, except for retention purposes; an exception is made for what is explained in the same article at paragraph 2;
• Opposition: you may object to the processing of your personal data at any time on the basis of our legitimate interest, unless we have legitimate grounds to proceed with the processing which prevail over yours, for example to exercise our rights or to defend our interests in judicial settings;
• Portability: you may ask to receive your data, or to have it transmitted to another data controller indicated by you, in a structured and commonly used machine-readable format.

Furthermore, we inform you that pursuant to art. 7 paragraph 3 of the GDPR, you may, at any time, exercise your right to withdraw your consent, without adversely affecting the lawfulness of the processing activity based on the previously given consent. If consent is withdrawn and this is essential to provide the services of the website, the latter will be interrupted, except for the right of portability.

Finally, we inform you that you have the right to lodge a complaint with the Supervisory Authority, which in Italy is the Italian Data Protection Agency, located in Piazza di Monte Citorio N°. 121 – 00186 Rome – tel. 06.6967771 – fax. 06.69677.3785 – e-mail: garante@gpdp.it – pec: protocollo@pec.gpdp.it.

To exercise these rights, report problems or ask for clarifications on the processing of your personal data you can send an e-mail to castasrl@cert.cna.it.

RIGHT TO BE FORGOTTEN

If you want to assert your right to be forgotten with reference to your personal data which may be contained in the articles on the website, you can address the Data Controller.

CHANGES TO THE PRIVACY POLICY

The possible entry into force of new sector regulations, as well as the constant update of services and of the website, could imply the need to change the methods and terms of this privacy policy. This document may be subject to changes over time. We invite you to regularly consult this section of the website.

We will post any changes to the privacy policy on this page and, if the changes are important, we will report them with visible and appropriate notification.

The previous versions of this privacy policy will be archived to allow for their consultation.

COOKIE POLICY

What are Cookies?

Cookies are packets of information sent by a web server (e.g. the site) to the user’s Internet browser. The browser automatically saves the information on the computer and automatically sends it to the server each time the website is accessed thereafter. Most browsers automatically accept cookies by default.The cookies are usually installed:

• directly by the owner and/or person responsible for the website (so-called first-party cookies);
• by persons responsible external to the website visited by the user (so-called third-party cookies). Unless otherwise specified, we remind you that these cookies fall under the sole and direct responsibility of the same operator. Further information on privacy and its use may be found directly on the websites of the respective operators.

This website may use the following types of cookies and combinations thereof. They are classified according to the guidelines issued by the Privacy Authority and the Opinions issued by the European Work Group pursuant to art. 29 of the GDPR:

Session: cookies that are not permanently stored on the user’s computer and that are deleted once the browser session is terminated. They are strictly limited to the transmission of session identifiers required to enable the safe and efficient exploration of the website preventing the use of other IT techniques, which might jeopardise the user’s privacy when browsing.

• Permanent: cookies that remain stored on the hard drive of the computer until their expiry or deletion by the users/visitors. Using these cookies, the visitors who access the website (or any other users who use the same computer) are automatically recognised at each visit. The visitors may set the browser to accept/refuse all cookies or to display a warning each time a cookie is proposed, to decide whether or not to accept it. The user can, in any case, change the default configuration and disable the cookies (block them permanently) by setting the highest level of protection.
• Technical: cookies used for authentication purposes, to make use of multimedia content such as flash player or to choose the browser language. Usually, it is not necessary to acquire the prior and informed consent of the user. The cookies used to statistically analyse the accesses/visits to the site fall within this category only if used exclusively for statistical purposes and through the collection of information in aggregate form.
• Non-technical: all cookies used for profiling and marketing purposes. Their use on the terminals of the users is forbidden if these have not been informed accordingly beforehand and they have not given their valid consent according to the opt-in procedure. These types of cookies can be grouped according to the functions they carry out into:
• Analytics: cookies used to collect and analyse statistical information on the accesses/visits to the website. In some cases, associated with other information like the credentials entered to access restricted areas (their e-mail address and the password), they can be used to profile the user (personal habits, websites visited, content downloaded, types of interactions performed, etc.).
• Widgets: all the graphic components of a program user interface which has the purpose of facilitating the user’s interaction with the program. Cookies of Facebook, Google+, Twitter are an example.
• Advertising: cookies used to advertise inside a website. Google and Tradedoubler fall within this category.
• Web beacons: this category includes code fragments that allow a website to transfer or collect information through the request of a graphic image. Websites can use them for different purposes, such as to analyse the use of websites, control activities and reports on advertising and to customise advertising and contents.

Cookies present on the website https://casta.com:

• Technical session cookies that do not require consent.

UPDATES

These privacy and cookie policies were last updated on 17.10.2018.