(UE) 2016/679 (GDPR)
In principle it is possible to use the BrianTel S.r.l website and related pages without providing any personal data. When the user uses the services offered by BrianTel S.r.l through the website, the processing of his personal data may be necessary. If the processing of personal data is necessary without there being a legal basis for doing so, we will always request the consent of the interested party. An exception is the cases in which data processing is permitted by virtue of legal provisions.
BrianTel S.r.l. (for the sake of “BrianTel”) it is the Company that processes its data and for the purposes of the Law, it is considered the Data Controller. In this capacity, it is responsible for ensuring the application of the organizational and technical measures necessary and adequate for the protection of its data. The Company’s operational headquarters is in Via Bergamo 60 – 23807 Merate (Lc) – Italy. E-mail: firstname.lastname@example.org – tel. 039.9399920.
The Companỳ has appointed the Data Protection Officer (DPO) to be responsible for ensuring compliance with the rules for the protection of its Privacy, which can be contacted for questions relating to the processing of its data, at the following email address: email@example.com. More information in the space dedicated to her: “Privacy rights”.
Type of data processed
Data communicated by the interested partyThe optional, explicit and voluntary sending of messages to the contact addresses, the compilation and forwarding of the forms present on the owner’s site, involves the acquisition of the sender’s contact data, necessary to reply, as well as all personal data included in communications. specifically:
Type of data processed
Data communicated by the interested party
The optional, explicit and voluntary sending of messages to the contact addresses, the compilation and forwarding of the forms present on the owner’s site, involves the acquisition of the sender’s contact data, necessary to reply, as well as all personal data included in communications. specifically:
- Identification data
- Contact details
Personal data freely provided by the interested party, which are indicated as optional
The explicit and voluntary choice by the interested party to register and / or access the B-wireless reserved area of this site entails the subsequent acquisition of the authentication credentials that will allow the interested party to be recognized, continue browsing and access the services, products and any other kind of your request that we are able to satisfy.
Data collected during the connection to the website necessary for navigation (navigation data)
During their normal operation, the IT systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of internet communication protocols. This category of data includes:
- IP address of the computer used
- Date and time of access
- Date, URL and amount of data retrieved Tracking data of the Internet browser and the operating system of the computer used
- Websites from which access to this site occurred or from which the user was transferred to this site (Referer, i.e. origin)
- Name of the user’s Internet provider
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.
Cookies: for more information on the cookies used by this website, see the cookies policy at the following link. (Https://www.aboutcookies.org/)
Specific information: specific information will be present on the pages of the Site in relation to particular services or processing of the Data provided.
The interested party assumes responsibility for the personal data published or shared through the use of the website and declares to have the right to communicate or disseminate them, freeing the owner from any liability to third parties.
The processing of personal data
The processing of personal data consists of the operations indicated in art. 4 no. 2 GDPR and precisely: collection, registration, organization, storage, processing, modification, selection, extraction, use, interconnection, blocking, communication, cancellation and destruction of data. The data are processed and stored at the Data Controller’s operating office, will be processed using manual or automated tools, also by inserting them in databases, lists and lists suitable for storing, managing and transmitting in the ways and within the limits necessary for pursuit of the aforementioned purposes. No personal data is provided to third parties for commercial purposes. The sale or rental of personal data is not carried out. The treatment will not be subject to automated decision-making processes.
Access to data
Persons authorized to process operate under the direct authority of the Company. The person in charge / authorized / designated is a physical person, employee or collaborator of BrianTel, legally bound to respect the data protection obligations, and by confidentiality agreement. He must follow the instructions given to him by the owner, the only person required to adopt the appropriate technical and organizational measures to guarantee the protection of the data processed.
Purpose A: Information on processing
The Data Controller informs you that your personal data will be processed in relation to:
Website navigation: Legitimate interest art. 6 lett. f) and recital 47: Activities strictly necessary for the functioning of the site and the provision of the navigation service on the platform. These data are used to obtain anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site or more generally of the Company; to ensure network and information security, i.e. the ability of a network or information system to withstand, at a given level of security, unexpected events or unlawful or malicious acts that compromise availability, l authenticity, integrity and confidentiality of personal data stored or transmitted and the security of the related services offered or made accessible through these networks and systems.
Nature of the provision
The provision of data implicitly provided by the User takes place automatically by browsing the Site. Therefore, if the User does not intend to provide any personal browsing data, he is asked not to visit this Site, not otherwise use this Site or send requests or communication through this Site, or not give your consent when this option is offered to you pursuant to the Privacy Law.
Voluntary use of services by users, such as comment services, communication services, reserved area (chat, contact forms and e-mail sending,):
- Based on the execution of pre-contractual measures also adopted at the request of the interested party
- The need to respond to your request
Data retention: 1 year
Nature of the provision
Failure to provide data will make it impossible to obtain what is requested or to use the services of the data controller. Therefore, the acquisition of consent by the interested party is not necessary since the refusal to provide the data will not allow the contractual relationship to be established and / or the fulfillment of the consequent obligations.
Transfer of data
Personal data may be transferred and / or processed by external managers also outside the European Economic Area (EEA + Norway, Liechtenstein, Iceland) provided that the adequacy of the third country or organization is recognized by decision of the European Commission ( art.45 GDPR). In the absence of such a decision, the transfer is allowed if the owner or the data controller provide adequate guarantees that provide for actionable rights and effective remedies for the interested parties (art.46 GDPR); between companies of the same group also widespread in third countries, where there are binding corporate rules (BCR) approved by the National Control Authority (art 47 GDPR) if the exemption situations specified in art. 49 GDPR.
Transfer of data to non-EU countries
This site may share some of the data collected with services located outside the European Union area. In particular, with Google, Facebook and Microsoft (Linkedin) through social plug-ins and the Google Analytics service. The transfer is authorized based on specific decisions of the European Union and the Guarantor for the protection of personal data, in particular the decision 1250/2016 (Privacy Shield – here the information page of the Italian Guarantor), for which no further consent is required. The companies mentioned above guarantee their adhesion to the Privacy Shield.
Disclosure, communication of personal data to third parties
The personal data provided will be shared with subjects, who will process the data as managers (art.28 of the EU Reg. 2016/679) and / or as natural persons who act under the authority of the owner and manager. (art.29 of EU Reg. 2016/679), for the purposes listed above. In specific:
- entities that provide services for the management of the information system used by BrianTel and telecommunications networks; including email, and management of the institutional web page; freelancers, studies or companies in the context of assistance and consultancy relationships;
- to public and private entities, also following inspections or verifications or for the fulfillment of obligations deriving from the law or mandatory regulations, from Community legislation or from national legislation.
In the event of a merger or corporate acquisition, personal data may be transferred to third parties involved in the merger or acquisition.
The third parties to whom your Personal Data may be communicated act as: 1) Data Controllers, that is, subjects that determine the purposes and means of the processing of Personal Data; 2) Data processors, i.e. subjects who process Personal Data on behalf of the Data Controller or 3) Data Controllers who jointly determine the purposes and means of the same.
BrianTel has introduced measures to protect the security of user data. It treats visitor / user data in a lawful and correct manner, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. It undertakes to protect the security of your personal data during their transmission, using the Secure Sockets Layer (SSL) software, which encrypts the information in transit. The treatment is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. Third parties will process your personal data only on the basis of our instructions and to the extent that they have accepted to treat this data confidentially and to keep them safe.
The company adopts a contextualization prototype that incorporates the fundamental elements of the GDPR:
Accountability and risk-based approach
Data Protection by design and by default
Census of treatments and Privacy risk assessment (Master Policy)
Register of treatment activities
DPO and privacy supervision
Data breach intervention policy
Technical and organizational security measures of BrianTel.it SRL
For the following description of the status quo of elementary data protection measures, it is not possible to cover all the security measures adopted by BrianTel.it SRL. In particular, as regards data protection and security, it is not possible to provide detailed descriptions of the confidential measures, since the protection of security measures to avoid unauthorized disclosure is at least as important as the security measure itself . The User is encouraged to speak about every single issue concerning the technical and organizational measures with the DPO and, where appropriate, with the Security Manager.
BrianTel will notify the Guarantor of the violations of personal data of which it becomes aware, within 72 hours and in any case “without undue delay”, if it considers it probable that from this violation risks for the rights and freedoms of the interested parties derive (recital 85).
Therefore, notification of the violation to the Authority is not mandatory, being subordinatethe risk assessment for the interested parties which is up to the owner.
BrianTel will follow the guidelines for the data breach notification of the “WP29” Group, available here: www.garanteprivacy/regulationue/databreach.
Privacy Rights (ex Articles 12-23 of the Regulations)
You have the right to ask the Data Controller, at any time, to access your Personal Data, to correct or delete them or to request the limitation of the processing in the cases provided for by art. 18 of the Regulation, as well as obtaining the data concerning you in a structured format, commonly used and readable by an automatic device, in the cases provided for by art. 20 of the Regulation. You can make a request to object to the processing of your data pursuant to art. 21 of the Regulation in which to give evidence of the reasons that justify the opposition: the Data Controller reserves the right to evaluate your application, which would not be accepted in the case of the existence of binding legitimate reasons to proceed with the processing that prevail over your interests, rights and freedoms .
Exercise of rights by interested parties
Pursuant to art. 13.2 of Regulation (EU) 2016/679, the interested party may at any time exercise the rights listed above and envisaged by the GDPR: the request must be made by e-mail to the address firstname.lastname@example.org by attaching a valid identification document *.
* To guarantee the correct exercise of the rights, you must make yourself identifiable unequivocally. The organization undertakes to provide feedback within 30 days and, in the event of impossibility to respect these times, to motivate any extension of the deadlines. The feedback will take place free of charge except in cases of unfoundedness (e.g. there are no data concerning the interested party) or excessive requests (e.g. repetitive over time) for which a contribution will be charged that does not exceed the costs actually incurred for the research carried out in the specific case. The rights relating to personal data concerning deceased persons can be exercised by those who have their own interest or act to protect the data subject or for family reasons worthy of protection.
Right to complain
In the event that they believe that the processing of personal data referred to them is carried out in violation of the provisions of the GDPR EU 679/2016, the interested parties have the right to lodge a complaint with the Guarantor, as required by art. 77 of the GDPR UE 679/2016 itself, or to appeal to the appropriate judicial offices pursuant to art. 79 of the GDPR UE 679/2016.
Last updated March 2020