Galletti APP - Privacy Policy

PERSONAL DATA PROCESSING POLICY pursuant to art. 13 et seq. of EU Regulation no. 2016/679

This policy contains the information provided, pursuant to art. 13 et seq. of European Regulation no. 679/2016 on the protection of personal data (“GDPR”), by the Company (as defined below), as Data Controller, to the parties (hereinafter referred to as the “Customer”) who have requested the use of services involving the remote monitoring of the device through the app called Galletti App.

The term "Company", Data Controller, means Galletti S.p.A., with registered office in Bentivoglio (BO) at Via Romagnoli 12/a.
Bologna Register of Companies;
VAT/Taxpayer identification no.: 00605791201/03230760377

The Company, the Data Controller, may be contacted according to the procedures provided for in this policy (indicated in point 8 of this document).

1. TYPE OF DATA PROCESSED

The Company is the Data Controller of the Customer's personal data.

The personal data processed by the Company includes, by way of non-exhaustive example only, name, surname, telephone number, company name, address, country, state, province, e-mail address, postal code, city, and data relating to the purchased products.

Personal data are provided, even voluntarily, directly by the Customer or, in the case of Automatic Data, collected during the use of this app. Unless otherwise specified, all Data requested are mandatory. If the User refuses to provide such Data, it will be impossible to provide the requested Service. The categories of the Customer's personal data indicated above are collectively referred to as the "Data".

2. PURPOSES OF THE PROCESSING

The Customer's Data are processed by the Company using manual and IT tools.

The Customer's Data are collected by the Company in order to allow the provision of the requested Services.

Marketing activities: the data collected through the app will not be used by the Company to perform marketing activities.

3. LEGAL BASIS FOR THE PROCESSING

Data processing is based on the Customer's consent.

The provision of your data is not mandatory; therefore, in case of failure to sign the consent or subsequent withdrawal of consent, it will not be possible to provide the service presented in the app, and no data processing will be carried out.

4. PROCESSING METHODS

The Data are processed by the Company with electronic and manual systems according to the principles of fairness, honesty, and transparency provided for by the applicable laws and regulations on the protection of personal data and protecting the confidentiality of the data subject through security, technical, and organisational measures that guarantee an adequate level of security.

5. RETENTION OF DATA

The Data are kept for the period of time during which the service will be requested – i.e. until the app is uninstalled – after which they will be automatically deleted.

6. INTENDED USE AND DISSEMINATION OF DATA

For the purposes set forth in paragraph 2, the data may be provided to suppliers of technical support and consulting services. These recipients process the customers' data as data controllers, data processors, or persons in charge of data processing, depending on the circumstances. The complete and updated list of the parties that process the Data as data processors is available upon request to the Data Controller.

7. TRANSFER OF DATA ABROAD

The personal data collected are not subject to transfer outside the European Union.

8. RIGHTS OF THE DATA SUBJECT

In relation to the processing of the Data described in this policy, the data subject may, at any time, exercise the rights provided for by the GDPR (Articles 15-22), including:

• receiving confirmation of the existence of the data and accessing their content (right of access);
• updating, amending, and/or correcting the data (right to rectification);
• requesting the erasure or restriction of the processing of the Data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the Data were collected or otherwise processed (right to be forgotten and right to restriction);
• objecting to the processing at any time and also in the case of processing for direct marketing purposes (right to object);
• withdrawing consent, where given, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
• submitting a complaint to the supervisory authority (Italian Data Protection Authority www.garanteprivacy.it) in the event of a violation of the regulations on the protection of personal data;
• receiving an electronic copy of the Data concerning him/her as the Data Subject, and requesting that such Data be transmitted to himself/herself or to another Data Controller (right to data portability).
• obtaining information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to which the personal data have been or will be disclosed and, where possible, the retention period;
• obtaining data portability, i.e. receiving the data from a data controller, in a structured, commonly used, and machine-readable format, and transmitting them to another data controller without hindrance;
• objecting to an automated decision-making process relating to natural persons, including profiling.