Dear Madam, Dear Sir, in compliance with the requirements of Articles 13 and 14 of the European Union Regulation 2016/679 for the protection of personal data (hereinafter General Data Protection Regulation or GDPR), COSMED S.R.L. (hereinafter COSMED) provides you with the following information about the use of personal data (hereinafter Data) provided by you.
Purposes of the processing
The Data is collected for the management of the organizational and administrative procedures necessary to satisfy your request to receive commercial information, on COSMED and on the products and services offered (hereinafter "Main Processing"). Connected to the Main Treatment, it is the treatment for sending commercial communications (hereinafter "Accessory Processing"). The set of Main Processing and Accessory Processing will be defined below as "Purposes".
Methods of the processing
The data collected will be entered in the COSMED information system and will be processed legitimately by authorized and trained personnel pursuant to Article 29 of the GDPR, in a transparent and responsible manner, with manual and partially automated tools to carry out the operations indicated in Article 4.2 of the GDPR. , i.e. collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The Data will not be subjected to automated decision-making processes such as profiling.
Legal basis for the processing
Data processing is based on the GDPR and has your consent as its legal basis, to be considered necessary and aimed solely at fulfilling regulatory obligations.
Obligation of the consent to the processing
Your consent to the data processing is mandatory. Failure to consent will prevent the execution of the organizational, administrative and tax procedures related to the Purposes and will result in the immediate cancellation of the Data both in electronic and paper format.
Transfer of Data
The Data may be communicated by COSMED to external subjects and / or companies who will collaborate for the execution of the organizational, administrative and tax procedures related to the Purpose, and which may operate in countries outside the European Union. Reference is made to companies that perform administrative and accounting services, sales and assistance services on behalf of COSMED, and subsidiaries of COSMED. The Data may be disclosed to the Italian and European Union authorities and public bodies who will request it if there are legal obligations.
Types of data processed
The processing relates to the user’s personal data provided on SITES, for the purposes and with the methods already specified.
Furthermore, it is possible that also navigation data could be processed for the following purposes: information systems and software procedures collect personal data whose transmission is implicit in the use of Internet communication protocols, during their normal operation. Information is not collected to be associated with data subjects, but through processing and association with data held by third parties, it could be possible user’s identification. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters relating to the user’s operating system and computer environment. These data are only used to obtain anonymous statistical information on the use of the site and to check its proper functioning and are kept for the time defined by the applicable law. The data could be used to determine the liability in the event of suspected computer crimes against the SITES.
The Data will be stored for 5 (five) years, and will then be deleted, without prejudice to legal obligations.
Rights of the data subject
The Data will be managed considering your rights enshrined in Articles 15 to 22 of the GDPR, namely the rights: access, rectification, erasure, restriction of processing, portability, object to processing. You can request the application of your rights or propose complaints to complain of violations of the GDPR, to the Data Controller indicated below, or to the Data Protection Supervisor.