This policy describes the procedures followed by Business Integration Partners S.p.a. (hereinafter ”Bip“ or the ”Controller“ or the “Company”) in relation to the processing of personal data collected through every website property of Bip or property of its subsidiaries (hereinafter the ”Website“).
Unless otherwise stated, this policy also applies as an information notice – in accordance with art. 13 of Regulation (EU) no. 2016/679 (hereinafter the ”GDPR“) – rendered to those who interact with the Website (hereinafter the ”User“).
Information on the processing of detailed personal data is provided, where necessary, in the pages relating to the individual services offered through the Website. Such information is aimed at defining the limits and methods of processing the personal data of each service, on the basis of which the User can freely express his consent, where necessary, and possibly authorize the collection of data and their subsequent processing.
Data Controller. Data Processors.
The Data Controller is Bip, with registered office in Piazza San Babila 5, 20122 Milan (Italy), tel. +39 024541521, e-mail address [email protected]. The updated list of any data processors is available at the registered office of the Controller.
Data Protection Officer.
The Data Protection Officer appointed by the Controller can be contacted by:
- ordinary mail, at Piazza San Babila 5, 20122 – Milan, (Italy), to the Data Protection Officer;
Types of data processed.
They may be collected and processed through the Website:
- navigation data;
- personal data provided voluntarily by the User through the forms present within the Website.
Cookies are small text files that websites you visit send to your terminal, where they are stored, and then retransmit to the same websites the next time you visit. Cookies allow websites to function properly and efficiently to improve your experience by allowing the website to store information in the memory of your computer or other devices.
The Website uses technical cookies. Such cookies, due to the technical nature, do not require the prior consent of the User to be installed and used.
In particular, the cookies used on the Website are traceable to the following subcategories:
- browsing or session cookies, which ensure normal browsing and use of the Website and to collect anonymous information about how users use the website and how many visitors has the website, where they come from, and the other websites they have visited. As they are not stored on the user’s computer, they disappear when the browser is closed;
- analytical cookies, such as, for example, those used by Google Analytics, with which statistical information are collected and analyzed, through the computer and other devices, on the number of users of the website, or on the number of clicks on the page during their navigation, or from which website users come and the pages they have visited;
Our site does not use third-party cookies; our site does not use profiling cookies to provide targeted advertising to users.
The third party cookies installed on the Website are listed below. For each of them, there is a link to the relative information notice on the processing of personal data carried out and the methods for deactivation of any cookies used. With regard to third party cookies, the Controller is only obliged to insert the link to the third party’s website in this policy. On the other hand, the latter is required to provide information and indicate how to consent to and/or deactivate cookies.
Google Analytics: https://support.google.com/analytics/answer/6004245
Twitter, Facebook, LinkedIn, YouTube
Cookies may be disabled by the User by checking and/or changing their browser settings based on the instructions made available by their providers to the links listed below.
Purpose and legal basis of the processing.
Personal data collected through the Website will be processed:
a) for the management of requests for information submitted by the User.
The processing of personal data for the purposes under a) does not require the consent of the User as the processing is necessary to meet specific requests of the subject concerned under art. 6, par. 1, lett. b) of the GDPR.
Provision of data and consequences in case of failure to provide.
The provision of personal data for the purposes under a) is optional and failure to provide them shall result, as a consequence, the only impossibility for the Data Controller to manage and process requests or to send commercial communications on products and services of the same or to carry out the activities specified.
Recipients or categories of recipients.
Personal data may be made accessible, brought to the attention of or communicated to the following subjects, who will be appointed by, depending on the case, as processors or authorized persons:
- companies of the group to which the Controller belongs (parent companies, subsidiaries, affiliated), employees and/or collaborators in any capacity of the Controller and/or companies in the group to which the Controller belongs;
- public or private entities, natural or legal persons, which the Controller uses to carry out activities instrumental to achieving the above mentioned purpose or to which the Controller is required to communicate personal data, by virtue of legal or contractual obligations;
In any case, personal data will not be disclosed.
The data shall be stored for a maximum period of time equal to the period of prescription of the rights that can be activated by the Controller, as applicable from time to time.
Rights of access, deletion, restriction and data portability.
Concerned subjects are entitled to the rights set out in art. 15 to 20 of the GDPR. By way of example, any concerned subject may:
(a) obtain confirmation as to whether or not personal data relating to him are being processed;(b) where processing is ongoing, to obtain access to personal data and information relating to the processing and to request a copy of the personal data;(c) rectify inaccurate personal data and integrate incomplete personal data;(d) to obtain, where one of the conditions laid down in art. 17 of GDPR are satisfied, the deletion of personal data concerning him;(e) to obtain, in the cases provided for in art. 18 of the GDPR, the restriction of processing;(f) receive their personal data in a structured format that is commonly used and machine-readable, and request their transmission to another controller if technically feasible.
Right of objection.
Every concerned subject has the right to object at any time to the processing of his/her personal data carried out in order to pursue a legitimate interest of the Controller. In the event of objection, personal data will no longer be processed, unless there are legitimate reasons to carry out the processing that prevail over the interests, rights and freedoms of the concerned subject or for ascertaining, exercising or defending a right in court.
Right to revoke the consent.
In the event that consent is required for the processing of personal data, each interested party may, at any time, revoke the consent already given, without prejudice to the lawfulness of the processing based on consent given before the revocation.
Right to complain to the Supervisory Authority.
In addition, any concerned subject may lodge a complaint with the Italian Data Protection Authority in the event that he/she believes that his/her rights under the GDPR have been violated, in accordance with the procedures indicated on the Italian Data Protection Authority’s website accessible at: www.garanteprivacy.it.