For the processing of personal data carried out through cookies, please refer to the specific information notice [click here].
1. DATA CONTROLLER AND CONTACT DETAILS OF THE DATA PROTECTION OFFICER (DPO)
The data controller (i.e., the subject who determines the purposes and means of the processing of personal data) is Gexcel s.r.l., with registered office in Brescia, via Branze 45 c/o CSMT Polo Tecnologico, tax code 02943490983, phone (+39) 030 6595001, e-mail This email address is being protected from spambots. You need JavaScript enabled to view it.
2. PURPOSES OF THE PROCESSING
Personal data may be processed for the following purposes:
- proper functioning and security of the Website (website operation purpose);
- management of sales services, including the drafting of offers, and customer support (contractual purpose);
- promotion of products and services via e-mail (including newsletters) (direct marketing purpose);
3. TYPES OF DATA PROCESSED AND COLLECTION METHODS
The data processed belong to the category of common data, such as those indicated below. With reference to the contractual purpose, personal data processed will include identifying data, data related to the purchase made and related payment, including payment instruments. The systems and programs used for the operation of the Website collect some personal data whose transmission is implicit in the use of Internet communication protocols (“Browsing Data” e.g., IP addresses or domain names of the computers used by users connecting to the Site, URI -Uniform Resource Identifier- addresses of requested resources, time of the request, method used to submit the request to the server, size of the file received in response, numerical code regarding the status of the response given by the server -success, error, etc.- and other parameters related to the user’s operating system and IT environment). Although this information is not collected to be associated with identified data subjects, by its nature, it could, through processing and association with data held by third parties, allow users to be identified and is therefore considered Personal Data. Regarding the browsing information collected, please also refer to our Cookie Policy [click here].
4. MANDATORY OR OPTIONAL NATURE OF DATA PROVISION AND LEGAL BASIS FOR PROCESSINGAs stated, the transmission of Browsing Data is inherent to the use of the Website and the legal basis for processing Personal Data for the website operation purposeis the legitimate interest of the Controller in carrying out its business activity, including security and protection against abuses. The provision of data requested in relation to information provided in contact communicationsby the User is optional, and failure to provide such data will only result in the User possibly not being able to receive the requested responses. The legal basis for the processing of such data is, pursuant to letter b) of Article 6 GDPR, the necessity to respond to pre-contractual or contractual requests from the User (e.g., requests for product information or quotes; configuration of purchased products). Regarding the direct marketing purpose, the provision of personal data is optional, and any failure to provide it will have no consequence for the contractual relationship or the possibility to use the Website’s services. Such processing is carried out only with the recipient’s consent (in this context, consent is also required for legal persons), which is always revocable (see section 8 “Data Subject’s Rights” below), and constitutes the legal basis for the processing.
5. PROCESSING METHODS AND DATA RETENTION PERIODS
The processing will be carried out:
- using manual and automated systems;
- by personnel specifically authorized and trained to perform the relevant tasks;
- employing appropriate measures to ensure data confidentiality and prevent unauthorized access by third parties.
Browsing data is deleted – unless unlawful activity is detected – no later than 24 hours after collection. For marketing purposes, data will be processed for a period not exceeding 48 months from the granting or renewal of consent. Data relating to Website services will be retained for as long as necessary to provide the service and verify its execution; ordinarily, data will not be retained beyond 6 months after use of the service. Data relating to a contractual relationship will be retained for the entire duration of the relationship and, after termination – limited to the data still necessary – for the fulfillment of all legal obligations and for the needs of legal protection, including contractual needs; ordinarily, data will not be retained beyond 10 years from the termination of the contractual relationship.
6. DATA DISCLOSURE
Collected data may in any case be disclosed, exclusively for the purposes specified above, to:
- all entities entitled to access such data by virtue of regulatory provisions;
- collaborators, suppliers of the Controller, within the scope of their duties and/or contractual obligations related to the execution of the contractual relationship with Data Subjects; among the Controller’s suppliers, by way of example, are listed banks and credit institutions, insurance companies, legal consultants, shipping managers, software suppliers and related support. The Data Subject may request a complete and updated list of entities appointed as Data Processors by contacting one of the Controller’s contact details indicated in this notice. In the event of contract conclusion, invoice data will be shared with the tax authorities in accordance with the relevant legislation. Data are not subject to dissemination.
7. DATA PROCESSING LOCATION
Personal Data will be processed within the European Union, and there is no intention to transfer them outside this territory.
8. DATA SUBJECT'S RIGHTS
The GDPR grants the Data Subject the exercise of the following rights with reference to the personal data concerning them (the summary description is indicative; for the full statement of the rights, including their limitations, please refer to the Regulation, in particular Articles 15-22):
- access to personal data (the Data Subject has the right to obtain, free of charge, information regarding their personal data held by the Controller and its processing, as well as to obtain a copy in an accessible format);
- rectification of personal data (upon notification by the Data Subject, correction or integration of personal data – not expressing evaluative elements – that are incorrect or inaccurate, also if they have become so due to being outdated);
- erasure of personal data (right to be forgotten) (for example, data are no longer necessary for the purposes for which they were collected or processed; have been processed unlawfully; must be erased to comply with a legal obligation; the Data Subject has withdrawn consent and there is no other legal ground for the processing; the Data Subject objects, where conditions apply, to the processing);
- restriction of processing (in certain cases – contesting the accuracy of the data, for the time necessary for verification; contesting the lawfulness of the processing with opposition to erasure; need for use for the Data Subject’s legal claims, while they are no longer useful for processing purposes; if there is opposition to processing, while necessary verifications are carried out – the data will be kept in such a way as to be eventually reinstated, but, in the meantime, will not be accessible by the Controller except in relation to the validity check of the restriction request by the Data Subject, or with the Data Subject’s consent or for the establishment, exercise, or defense of a legal claim, or to protect the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State);
- objection in whole or in part, for reasons related to the particular situation of the Data Subject, to processing carried out on the basis of the legitimate interest; to object to processing for marketing or profiling purposes, you do not even need to state your reasons;
- data portability (if processing is based on consent or on a contract and is carried out by automated means, upon request, the Data Subject will receive, in a structured, commonly used, and machine-readable format, the personal data concerning them and may transmit them to another Controller without hindrance from the Controller to whom they have provided them and, if technically feasible, may have such transmission made directly by the latter).
Furthermore, if processing is based on consent (see previous section 4), it will be possible to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (as indicated above, with reference to marketing data processing, consent to processing may also be withdrawn for only one of the communication modes, traditional or automatic). The easiest way to withdraw consent will be the link at the bottom of our communications or the personal panel in the reserved area of the Site.
The Data Subject also has the right to lodge a complaint with the Italian Data Protection Authority if they believe that the processing concerning them violates the personal data protection regulations; the Italian Data Protection Authority can be contacted using the details indicated on the Authority’s website “www.garanteprivacy.it”. In any case, we would like to have the opportunity to address any concerns of Data Subjects in advance, who may contact This email address is being protected from spambots. You need JavaScript enabled to view it. or the other contact details of the Controller indicated above for any clarification regarding the processing of personal data concerning them and for the exercise of their related rights, including withdrawal of consent.
