PRIVACY POLICY
INFORMATION DOCUMENT ARTICLE 13 EU REG. 2016/679- GDPR
INFORMATION ON THE PROCESSING OF PERSONAL DATA COLLECTED FROM THE PERSON CONCERNED
In accordance with the provisions of EU Regulation 2016/679 (European Regulation for the Protection of Personal Data) we provide you with the necessary information regarding the processing of personal data provided.
This information is not to be considered valid for other websites that may be accessed through links on the websites of the owner, who is not to be considered in any way responsible for the websites of third parties.
This information is provided pursuant to art. 13 of EU Regulation 2016/679 (European Regulation for the Protection of Personal Data) to all those who visit the website https://ozzio.com/ (the “Site”) with reference to the processing of personal data of surfers (“Users”) who use it and is also inspired by the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, on Cookies and the provisions of the Provision of the Guarantor Authority for the Protection of Personal Data of 08.05.2014 on cookies.
1. SUBJECTS OF THE PROCESSING
The data controller, pursuant to Articles. 4 and 24 of EU Regulation 2016/679 is the company “POZZOLI GROUP S.r.l.” hereinafter referred to as “Owner” with registered office in Bovisio Masciago (Mb) Via Brughetti, 17 Tax Code and VAT No. 04070240967 REA n. 1723612 in the name and on behalf of the Legal Representative Colla Emanuele, born in Desio (Mb) on 25 April 1966, domiciled for the office at the registered office, available at the following e-mail address: emanuele.colla@ozzio.com
2. TYPE OF DATA PROCESSED PURPOSES AND LAWFULNESS OF TREATMENT
The personal data provided will be processed in compliance with the conditions of lawfulness ex art. 6 Reg. UE 2016/679 without the need for express consent for the following purposes referred to in point a):
a) Management of inherent data processing:
– navigation data:
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified subjects, but by its very nature could allow users to be identified.
This category includes (i) IP addresses or domain names of computers used by users connecting to the Site, (ii) URI (Uniform Resource Identifier) of requested resources, (iii) the time of the request, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numerical code indicating the status of the response from the server (successful, error) and (vii) other parameters relating to the operating system and computer environment of the user.
Legal basis of the processing: execution of the requested service and correct execution of the contractual relationship relating to access to the site;
– statistical data:
The services contained in this section allow the Data Controller to monitor and analyse adequately anonymised traffic data and are used to keep track of the User’s behaviour.
Legal basis of the processing: our legitimate interest in monitoring traffic data on this site for the purpose of analysing statistical data for market research.
– personal data:
Personal data: personal and contact data such as name, city, country, e-mail and profession may be requested in order to proceed with the compilation of:
. data collection form for sending a request for a quote or other information;
. log in for access to reserved areas to take advantage of other dedicated services, such as downloadable materials (eg photos, videos, price lists, catalogs).
. to send you marketing communications, market research by email and/or through the company’s official pages on social networks (“Marketing”)
Legal basis of the treatment: our legitimate interests to answer your questions and to inform you promptly on the evolution of our Site, on changes to our terms and conditions of business and changes to this Privacy Policy.
3. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF DATA
The personal data provided may be communicated to recipients, appointed pursuant to art. 28 of EU Regulation 2016/679, who will process the data in their capacity as managers and / or natural persons acting under the authority of the owner and manager, in order to comply with contracts or related purposes. Precisely, the data may be communicated to recipients belonging to the following categories:
– Subjects that provide services for the management of the information system and communication networks of the Owner (such as third party technical service providers, hosting providers, IT companies, communication agencies, including e-mail);
The subjects belonging to the above categories are responsible for the processing of data, or operate in total autonomy as separate data controllers.
The list of designated data processors is constantly updated and available at the registered office of the Data Controller.
This is without prejudice, in any case, to the communication of data requested, in accordance with the law, by police forces, judicial authorities, information and security bodies or other public bodies for purposes of defence or state security or for the prevention, detection or repression of crimes.
We inform you that the database may be provided to the Public Administration upon simple request made to the person who is legally entitled to have judicial and extrajudicial relations with the Public Administration.
4. DATA TRANSFER TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANISATION
The personal and particular data provided may be transferred abroad, either internally or externally.
of the European Union (United States subject to the Privacy Shield) only with your express consent and only if this is necessary for the achievement of the purposes referred to in point a) and b). Data processing takes place at the registered office of the Data Controller and in any other place where the parties legitimately involved in the processing are located.
5. STORAGE PERIOD OR CRITERIA
The Owner shall process the personal data of the Users adopting appropriate security measures aimed at preventing unauthorised access, disclosure, modification or destruction of the personal data.
The processing is carried out by means of computerised and non-electronic and/or telematic instruments with organisational methods and with logic strictly related to the purposes indicated, guaranteeing an adequate level of protection of personal data.
In compliance with the provisions of Article 5, paragraph 1, letter e) of EU Regulation 2016/679, the personal data collected will be kept in a form that allows the identification of those concerned for a period of time not exceeding the achievement of the purposes for which the personal data are processed. To know the criteria underlying the period of data retention write to the address given in point 1 of this information notice.
6. NATURE OF THE CONFERMENT AND REFUSAL
Apart from that specified for navigation data, the user is free to provide personal data in dedicated areas on the site.
The provision of personal data for the purposes referred to in point a) of this information document is necessary to improve the specific functions and use the services offered to the Data Controller,
for example to receive feedback on your request for information. Failure to provide personal data may make it impossible to obtain the service requested or to use the services offered by the site.
Personal Data processed for the purpose of “Marketing” will be stored until you withdraw your consent. You are not obliged to give your consent for this purpose, and you can withdraw it at any time, no longer receiving marketing communications from the company. You can withdraw your consent by following the instructions in Paragraph 7.
7. RIGHTS OF THE INTERESTED PARTIES
You may exercise your rights as expressed in Articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679 by contacting the Data Controller at the address given in point 1 of this notice.
You have the right, at any time, to ask the Data Controller to access your personal data, rectify, delete them and limit the processing.
Furthermore, you have the right to object, at any time, to the processing of your data (including automated processing, e.g. profiling) and to the portability of your data.
Without prejudice to any other administrative and jurisdictional appeal, if you believe that the processing of your data violates the provisions of EU Regulation 2016/679, pursuant to art. 15 letter f) of the aforementioned EU Regulation 2016/679 you have the right to lodge a complaint with the Guarantor for the protection of personal data and, with reference to art. 6 paragraph 1 letter a) and art. 9, paragraph 2 letter a), you have the right to revoke at any time the consent given.
In the case of a request for data portability, the Data Controller will provide you with your personal data in a structured format, commonly used and readable by automatic means, without prejudice to paragraphs 3 and 4 of Article 20 of EU Regulation 2016/679.
The Data Controller may process the personal data of users in order to pursue his own legitimate interest, consisting in ensuring the security of the Site and the information exchanged on it, i.e. the ability of this Site to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted and the security of the related services offered or made accessible.
If the User believes that his rights have been violated, he has the right to lodge a complaint with the Guarantor for the protection of personal data and / or other competent supervisory authority under the law. More information can be found at the following link
http://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-nostri-dati-personali?#reclamo
8. CHANGES TO THIS PRIVACY POLICY
The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to Users on this page, including due to developments or changes in the relevant legislation. Therefore, please periodically consult this page or section of the Site, which the User agrees to accept without reservation.
INFORMATIVE PURSUANT TO ART. 13 OF REGULATION 679/2016 (art. 3, of the DECREE-LAW 21 September 2021, n. 127)
“Urgent provisions on the use of COVID-19 green certifications in private work”
GIVEN THAT
The company “POZZOLI GROUP S.r.l.” based in Bovisio Masciago (Mb) Via Brughetti 17 Fiscal Code and VAT no. 04070240967 REA n. 1723612 in the name and on behalf of the Legal Representative Colla Emanuele, born in Desio (Mb) on April 25, 1966, domiciled for the office at the registered office, as data controller, will process information of a personal nature as soon as before access to the workplace of the subjects indicated in art. 3 paragraphs 1 and 2 of the DECREE-LAW 21 September 2021, n. 127, the identity of the holder of the green certification will be verified through the specific digital channels functional to the reading of said certification and the valid identification document will also be verified if necessary;
it is possible to contact the Data Controller to exercise the rights referred to in Art. 12 and following and / or for any clarifications regarding the protection of personal data at the following e-mail address: privacy@ozzio.com;
in compliance with the provisions of art. 13 paragraph 2 letter d) the interested party may exercise his right to lodge a complaint with the supervisory authority to the following link: http: //www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924;
Verification procedure
the Certification is requested by the verifier to the interested party who shows the relevant QR Code (in digital or paper format);
- The Verification C19 App reads the QR Code, extracts the information and proceeds with the check of the qualified electronic seal;
- The Verification C19 App applies the rules to verify that the Certification is valid;
- The Verification C19 App graphically shows the verifier the actual validity of the Certification without other detailed information other than the name, surname and date of birth of the holder of the same;
- The interested party, at the request of the verifier, exhibits a valid identity document for the purpose of verifying the correspondence of the personal data in the document with those displayed by the App;
ALL OF THAT
Purpose, Legal Basis and Processing Methods: as required by art. Art. 3 “Urgent provisions on the use of COVID-19 green certifications in private work” DECREE-LAW 21 September 2021, n. 127, anyone who works in the private sector is obliged, for the purposes of accessing the places where the aforementioned activity is carried out, to possess and exhibit, upon request, the green COVID-19 certification referred to in article 9, paragraph 2.
Pursuant to art. 13, paragraph 4 of the Prime Ministerial Decree of 17 June 2021, the processing of personal data consisting of verification by the subjects referred to in art. 13, paragraph 2, of the identity of the holder of the green certification, by requesting the production of an identity document.
The purpose of this treatment is the prevention of the contagion from COVID-19 and in a residual way the defense of a right in the context of litigation.
The legal basis of the processing is the implementation of the anti-contagion security protocols originally introduced by the Prime Ministerial Decree of 17 June 2021 (Article 6, letter e), as well as, to the extent necessary, art. 9, lett. b), GDPR). As for the defense of a right in a dispute, the legal basis is represented by the legitimate interest of the owner.
The data will be treated in accordance with Art. 6 GDPR in a lawful manner, according to correctness and with the utmost confidentiality.
Mandatory nature and consequences of the refusal: the display of the Green Pass and the eventual presentation of the identification document are necessary conditions to be able to access the places where the work is carried out. Any refusal will make it impossible to access the workplace with the consequences set out in art. 3 paragraph 6 of the aforementioned DECREE-LAW.
Subjects to whom personal data may be communicated: The personal data processed pursuant to this information will be managed by the staff of the Data Controller. The Data Controller has defined the operating procedures for organizing the checks, providing priority, where possible, that such checks are carried out at the time of access to the workplace, and identifying with a formal deed the persons in charge of ascertaining breaches of obligations. .
Communication to third parties: Any personal data of which the Data Controller will become aware will not be disclosed or communicated to third parties outside the specific regulatory provisions or to protect a legitimate interest in the context of litigation.
Transfer to third countries: No personal data processed pursuant to this information will be transferred and stored in third countries.
Retention period of personal data: The Data Controller does not keep any personal data acquired with reference to both the verification of the Green Pass and the presentation of the identification document.
In any case, once the state of emergency has ceased, any personal data stored by the Data Controller pursuant to this information will be deleted.
Rights of the interested party:
In relation to the data subject to the processing referred to in this information, the interested party is recognized at any time the right to:
- Access to data (Article 15 of EU Regulation no. 2016/679);
- Data rectification (Article 16 of EU Regulation no. 2016/679);
- Deletion of data (Article 17 of EU Regulation no. 2016/679);
- Limitation to data processing (Article 18 of EU Regulation no. 2016/679);
- Data portability, understood as the right to obtain from the data controller the data in a structured format of common use and readable by an automatic device to transmit them to another data controller without impediments (Article 20 of EU Regulation no. 2016/679) ;
- Opposition to processing (Article 21 of EU Regulation no. 2016/679);
- Propose a complaint to the Guarantor Authority for the Protection of Personal Data (Article 51 of EU Regulation no. 2016/679).
How to: User opt-out of Matomo Web Analytics
The User may opt out of the tracking done via Matomo Analytics by following the link here and then clicking the opt-out option on the presented page. Please note that the opt-out works by applying a cookie to the User’s browser, which signals to Matomo not to register the particular User.
This means that the User needs to opt out again when visiting this site in another browser or another device.