Privacy Policy and Information Notice Pursuant to Article 13 of EU Regulation 2016/679
All personal data requested is
collected through our website and processed electronically to fulfill contact
and information requests.
Components Engine s.r.l.
Via Calcinaro 2085/1 47521 Cesena - FC - Italy
VAT No. 03827740402
E-mail: info@componentengine.com
Third parties may have access to
users’ personal data and may process such data on behalf of the Data Controller
as "External Data Processors." These third parties may include, but
are not limited to, IT service providers necessary for the Company’s
operations, outsourced or cloud computing service providers, professionals, and
consultants. Users have the right to request a list of any data processors
appointed by the Data Controller by submitting a request using the contact
details provided below.
The
personal data provided will be retained by the Data Controller for the
following purposes, in compliance with EU Regulation 2016/679 (GDPR):
1. Installing optional technical cookies on the user's device, as specified in
the cookie policy;
2. Making data available to third parties for purposes strictly necessary to
fulfill the requested services (e.g., contractual relationship management,
information requests, potential supply, quotations, etc.) or to comply with
legal obligations;
3. Managing user data to provide responses;
4. Processing requests for the exercise of data subject rights;
5. Ensuring proper and lawful data processing while safeguarding
confidentiality, including the application of appropriate security measures;
6. Sending promotional offers and other service-related information through a subscription
to our newsletter service.
All
processing activities carried out through this website will be conducted using
electronic or telematic tools, in accordance with the purposes for which the
data was collected and in compliance with applicable security regulations. Consent
for such processing, except for the installation of optional cookies, is
mandatory; failure to provide consent will make it impossible to manage the
activities listed in points 1 to 5 above.
Regarding
point 6, explicit consent is required. Such consent is optional, and refusal to
grant it will not affect the provision of our services.
For
purposes related to the provision of the service to which the data subject has
subscribed, data will be made available to third parties acting as data
processors. These third parties provide instrumental services to fulfill the
user's request or require data disclosure to comply with legal, regulatory, or
EU legislation (e.g., public authorities). Data may also be made available to
law enforcement authorities (e.g., for the prevention and suppression of
crimes, including cybercrimes), the judiciary, and competent public authorities
or entities in their respective fields, for institutional activities or in
cases where it is necessary to assert or defend rights in legal proceedings. A
full list of these third-party entities can be requested directly from the Data
Controller through the methods specified in this Privacy Policy.
Personal data will be accessible only to individuals expressly authorized by
the Data Controller —who may, where necessary, be designated as authorized data
processors—performing processing activities essential for achieving the
purposes stated above. The categories of these authorized individuals are
specified in the relevant information notices. Generally, they include
personnel responsible for providing specific services, administration, and IT
service management.
The data provided will not be transferred outside the European Economic Area
(EEA).
Based on the identified purposes, the following data retention periods apply:
1. Installation of technical and analytics cookies and other optional cookies on the user’s device: as specified in our Cookie Policy available on the same website;
2. Making data available to third parties for purposes strictly necessary to execute the requested services or to comply with legal obligations: until a deletion request is made by the user or for the periods required by applicable laws;
3. Processing requests to exercise the data subject’s rights: up to 10 years from the date of collection.
The retention periods of personal data are documented in our processing activity records.
Regarding marketing processing (see Section 6 on processing activities), the retention period is set at 7 years from the date of subscription to our specific service.
The following rights are guaranteed to the data subject:
– Right of access (Art. 15 EU Regulation 2016/679)
– Right to rectification (Art. 16 EU Regulation 2016/679)
– Right to erasure (Art. 17 EU Regulation 2016/679)
– Right to restrict processing (Art. 18 EU Regulation 2016/679)
– Right to data portability (Art. 20 EU Regulation 2016/679)
– Right to object (Art. 21 EU Regulation 2016/679)
If the data was collected based on consent, the data subject has the right to withdraw consent at any time.
Furthermore, if the data subject believes that one or more of their rights have been violated, they may file a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) according to the procedures described at the following link: https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali.
Additionally, the Data Controller does not use automated decision-making processes.
All the above rights may be exercised at any time and at no cost by writing to the following e-mail address: info@componentengine.com
The
security standards used by the Data Controller to keep your personal
information confidential and protected, including firewalls and data
transmission via SSL (Secure Socket Layer), are the highest available according
to current technology. Additionally, specific techniques are employed to
safeguard this data from unauthorized access by third parties. In any case, the
minimum security measures required by the Privacy Code and subsequent
amendments are guaranteed.
You can check whether you are operating in secure mode in several ways:
• Receiving a security alert from your web browser;
• Checking that the webpage address begins with "https";
• Looking for a symbol in the bottom left or right corner of your browser
window—if you see a complete key or a closed padlock, it means SSL is active.
In any case, the Data Controller adopts appropriate and preventive security
measures to safeguard the confidentiality, integrity, completeness, and
availability of personal data. In compliance with the regulations governing
data security, technical, logistical, and organizational measures are
implemented to prevent damage, accidental loss, alteration, misuse, or
unauthorized access to data. Similar preventive security measures are also
adopted by third parties (data processors) entrusted with processing operations
on our behalf, who must comply with specific security protocols and procedural
guidelines established by the Data Controller, who also supervises their correct
implementation.
The Data Controller is not responsible for inaccurate information provided
directly by the user (e.g., the accuracy of the email address, postal address,
or other personal details) nor for any information about the user that has been
provided by third parties, including fraudulent submissions.
The IT
systems and software procedures that enable the operation of this website
acquire, during their normal operation, certain personal data whose
transmission is inherent to the use of Internet communication protocols. This
information is not collected for the purpose of identifying users but, by its
very nature, could allow user identification through processing and association
with data held by third parties. This category of data includes IP addresses or
domain names of computers used by users connecting to the website, URI (Uniform
Resource Identifier) addresses of requested resources, the time of the request,
the method used to submit the request to the server, the size of the file
obtained in response, the numerical code indicating the server's response
status (successful, error, etc.), and other parameters related to the user's
operating system and IT environment. These data are used solely to obtain
anonymous statistical information on website usage and to verify its correct
functioning. They are deleted immediately after processing. The data may be
used to determine liability in the event of potential cybercrimes against the
website.