The present policy statement is given in compliance with art. 13 and following articles set out in the EU Regulation 679/2016, hereafter called GDPR” and articles 13 and 122 set out in the Italian Civil Code regarding personal data collection (D.Lgs. 196/03)  and it is made available to the users who connect to http://www.accessafe.eu website, hereafter called “website“.

Why this information

As per EU Regulation 2016/679 (hereafter called “Regulation” or also “GDPR”), this page describes how the personal data of visitors/users, who visit Access s.r.l. website at the following address https://www.accessafe.eu, will be collected and processed.

When the above mentioned website is visited, some data relative to an identified or identifiable physical person may be collected. In such a case, as illustrated below, and in conformity with the principle of transparency, Access s.r.l. wishes to inform you as the “Data Subject” (art. 4 item 1 GDPR), that the personal data you provide or that this company has otherwise acquired, will be processed respecting the current legislation in the matter of privacy and the principles of lawfulness, fairness and transparency to protect your privacy as described below.
The present information does not pertain to other websites, online pages or services which may be reached through hypertext links possibly published on our website. Such third-party links refer to external resources outside Access s.r.l. domain, which therefore will have their own privacy statements in place, describing how they process any personal data provided to protect your privacy. Such third-party privacy statements should be referred to, should the case be, and not the present policy regarding our company.

Data Controller

The “Data Controller” (art. 4 nr. 7 GDPR) is  Access S.r.l. with sole shareholder  an Italian regulated company based in Verderio (LC)  Via Provinciale 56 nr. 56, 62, 64 (C.F. and P.I. 05718410961 – REA LC-1843587)  appointed to the company’s pro tempore legal representative

Legal basis for data processing

The personal data listed in this page is processed by the Data Controller for the following purposes:
a) –  to perform a contract with the User and/or carry out pre-contract communications;
b) –  in absence of a contract, and within the lawful interest of the Data Controller to perform free economic enterprise (former art. 41 of the Italian Constitution)  accordingly to the institutional purposes of the website and its online services;
c) – to meet a legal obligation to which the Data Controller is subjected;

Type of data processed and purpose of data processing

Web-usage data
During their standard performance, information systems and software procedures in charge of running this website acquire some of the user’s personal data (be the user registered or not) when they use the website. The transmission of such data is implicit in the internet communication protocols.
Within this category there are:

IP address or users’ computer and terminal domain name in URI/URL format (Uniform Resource Identifier/Locator) of the requested resources, time of request, method used to submit request to server, file size received as a response, number code which states server data response status (successfully completed, error, etc.) and other parameters relative to the user’s operating system and computing environment.
Such data, required to use the web services, are also processed for the following purposes:
– to acquire statistical information regarding the use of the services provided (most visited pages, number of visitors per time of the day or days of the week, geographic areas of origin etc.);
– to check the correct functioning of the services offered;
Web-usage data does not remain recorded for longer than seven days (except in cases for which the Judicial Authorities need to ascertain possible violations).
Access s.r.l, without prejudice, can still process the above listed data in aggregated form, in compliance with the Data Protection Supervisory Authority requirements and as a result of the specific exemption from consent provided for by the same authority, for the following purposes:

data processing and analysis (for example: customer classification in homogeneous categories according to level of service, consumption, expenditure etc.) aimed at periodically monitoring the development and economic trend of Access s.r.l.’s business and orient its industrial and commercial processes, improve services, and also design and implement marketing campaigns.

Data communicated by user
Optional, explicit, and intentional sending of messages to the company’s contact addresses, private messages the users may send to institutional pages/accounts on social media (when such interaction is provided for), along with the filling and forwarding of forms present on the company’s websites, will lead to the acquisition of the sender’s contact data (needed to respond) and any other personal data included in the communication.
Specific notices will be published in the company’s website pages regarding the delivery of certain services (Newsletter –  E-commerce service).
The data the user has sent can be used for the following actions:

CONTACT FORM INTERACTION

This applies to on-line consultancy, estimates and quotation requests.
Besides the data which has expressly been entered by the user in the contact window (name, -mail, phone number when requested etc.), our database also records the following information:

• consent to data processing as provided for in the present statement;
• IP address from which the request has originated (such information is classified as “personal data” by the GDPR);
• type of browser employed and if a mobile device is being used;
• Anonymous identification of the user generated by an internal proprietary algorithm. Such identification is generated in order to prevent tracking the user’s IP address;
• in some cases, also the last page of the website visited just before forwarding the request;
• date and time of operation.

Registration to website

This action is applied when the user wishes to register to the website, open their personal account and use their reserved area.
The registered user’s log-in passwords are saved in a way which prevents tracking its original content.

Along with the data requested during registration (username, e-mail and password), we save all the information the user enters in their personal area after registration in dedicated archives.

Subscription to newsletters

This action applies to users who do not wish to register to the website but would like to subscribe to the newsletter.
In this case, we only record the user’s e-mail address entered by the user when subscribing, along with what listed in the contact form paragraph above.
The user can unsubscribe from the newsletter and its pertinent archives directly by clicking on the link at the bottom of each newsletter.
Registered users can also unsubscribe from the newsletter directly from their account.
In conformity with the GDPR, forwarding data for purposes connected to Contact Form interaction, website Registration and newsletter Subscription, requires explicit consent by ticking a specific field to be found in the different windows and from which the present statement can be viewed. If such consent is missing, the online request cannot be completed.
At present, the website does not collect any data regarding the user’s position.

Data recipients

Data recipients of the personal data collected when the website is visited have been appointed by the company, conforming with article 28 of the Regulation, in the role of “Responsible of data processing” and they can be part of the company organisation or external recipients.

External recipients are:
– ………………., as supplier of the website platform development and maintenance services;
– ……………….in relation to the website………………. And as supplier of the services regarding the development, supply and management of the technological platforms employed;
The Data Controller can be requested to provide the updated list of “responsible data processing” at any time.

Transferring data towards a third country

The Data Controller employs ……….. to fulfil all operations offered by the website whose servers are based in Italy ………………. there is no provision for personal data transfer towards third countries extra EU or international organisations.

Place of data processing

All data processing connected to the website online services occur at the Data Controller’s address, based in …….. and is carried out by authorised technical personnel.

Methods of data processing

The Data Controller implements all the appropriate safety measures to prevent unauthorised access, divulgation, modification and destruction of Personal Data. Data processing is carried out by means of electronic and/or computer devices employing organisational methods and logics strictly correlated to the herein listed purposes.

Personal data retention

Personal data will be retained for a period of time which is not longer than the time needed to pursue related purposes (“principle of data retention limitation” art. 5 of EU Regulation)  or according to the deadlines provided for by current legislations.
Data collected through cookies shall be retained for a period of time relatively to their nature: session cookie will expire when the user shuts down browser, persisting cookies will expire according to typical deadlines which, except in particular cases, are never longer than 20 days.

Optional consent

Unless clearly indicated, web-usage data is automatically acquired by the system. Visitors are free to provide their own personal data or not, which means that supplying personal data is optional. Nonetheless, refusal to supply part or full data, along with not supplying update communications when the data has been previously supplied, means that the Data Controller will not be able to contact or re-contact the data subject, to issue a contract or perform a contract if it has already been issued, or to allow to make use of a particular service, leading to a limited usage of the website and its contents.

Data Subject rights

As Data Subject in the matter of the data processing listed in the present privacy statement,  you can exercise your rights at any time by sending a written communication via e-mail at the following address privacy@accessafe.it  or a registered lettered with proof of receipt to Access s.r.l. at the above reported address.
The Data Controller, also through their designated units, shall take charge of your request and will provide you with the information concerning the steps taken to answer your enquiry, with no unjustifiable delay and anyway at the latest a month from receipt of such request.
Nonetheless, should the request prove to be evidently excessive or baseless, or even should it occur repetitively, the Data Controller may charge a reasonable contribution to the expenses, according to the administrative costs sustained to manage your request or to turn your request down.

Your rights, as provided for in the GDPR, are as follows:

• Right to revoke your consent at any time. the Data Subject can revoke their consent to processing of their personal data previously expressed.
• Right to oppose to the processing of your data. The Data subject can oppose to the processing of their data when this occurs on a different judicial basis to the one it was originally consented.
• Right to access your data.  The Data Subject has the right to receive information regarding the data processed by the Data Controller, or regarding specific aspects of the processing and has the right to receive a copy of the data being processed.
• Right to verify and rectification of your data. The Data Subject can verify the correctness of their personal data and request their update or rectification.
• Right to restriction to your data processing. In specific conditions, the Data Subject can request a restriction to their personal data processing. In such a case, the Data Controller will not process the data for any other purpose than its storage.
• Right to erase your personal data. In specific situations, the Data Subject can request the Data Controller to erase their personal data.
• Right to receive a copy of your personal data or request data portability.  The Data Subject has the right to receive their personal Data in a structured format which is commonly in use and can be read by an automatic device and, when technically feasible, request data portability. Such a possibility is applicable when Data is processed with automated devices and data processing is the result of Data Subject consent, of a contract the Data Subject is a party or of contract performance.
• Right to lodge a complaint. The Data Subject can make a claim to the competent data protection supervisory Authority or take legal action.

Further details on the right to oppose

When Personal Data is processed for public interest, or to exercise a public power the Data Controller is invested with, or to pursue a lawful right of the Data Controller, the Data Subject has the right to object to such processing for reasons connected to their special situation.

We inform the Data Subject that when their data is used for the purpose of direct marketing, they can object to data processing without supplying any motivation. To learn if the Data Controller processes the data with a direct marketing purpose, the Data Subject can refer to the pertinent sections of the present statement.

Specific notices

Upon the Data Subject’s request, on top of the information contained in this privacy policy statement, this application may provide the Data Subject with further pertinent information regarding specific Services or regarding Personal Data collection and processing.

Right to lodge a complaint

Data Subjects who believe their personal data processing through this website occurs in violation of what prescribed in the Regulation have the right to make a claim to the Supervisory Authority, as stated in article 77 of the same Regulation or to file a petition to the appropriate judicial branch (art. 79 of the Regulation).

Profiling

No automated decision-making process is applied to aggregated data for any other purpose different from a better management of the website.

Modifications to the present privacy policy statement

The Data Controller reserves the right to make modifications to the present privacy policy statement at any time and will inform the Users of this page, if possible, using this Application and by sending a notification to the User, when technically and legally feasible, by using one of the contact addresses made available to the Data Controller. We recommend you visit this page regularly and refer to the latest revision date reported at the bottom of the page.
Should such modifications affect data processing which require consent, the Data Controller will request  the User to provide a new consent if necessary.