By browsing the above websites, the personal data of users may be processed.
1) Data controller.
The Controller of the data processed through the website is the company Top Quality Group S.r.l. with registered office in Città di Castello (PG), Via G. Sorel, 06012; Certified Email Address firstname.lastname@example.org;
2) Without prejudice to the full reference to the definitions in art. 4 GDPR, for the purposes of this information notice, the following shall mean:
Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Personal data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Special categories of data: personal data revealing racial or ethnic origin, political opinions, religious convictions or union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health and sexual orientation of the person;
Anonymous data: the data that originally, or as a result of processing, cannot be associated with an identified or identifiable data subject;
Data subject: the natural person to whom the personal data refer;
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing [of] personal data, including the security profile;
Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
Third party: the natural person authorised to perform processing operations by the controller or processor;
3) Principles of processing.
The principles of lawfulness, fairness and transparency shall apply to the processing of personal data. The personal data will be collected for specific, explicit and legitimate purposes (purpose limitation) and will be adequate, relevant and limited to the purposes for which they are processed (data minimisation). They will always be updated and accurate and kept for a period of time not exceeding what is necessary for the achievement of the purposes of the controller (limitation of retention), after which they will be erased. Lastly, they will be processed in a manner that ensures appropriate security guaranteeing their integrity and protection against unauthorised access by unauthorised third parties (integrity and confidentiality).
4) Nature of data processed.
a) Navigation data
Following consultation of the website, data relating to identified or identifiable persons may be processed.
The computer systems and software procedures used to operate this domain acquire, during normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the website, the Uniform Resource Identifier (URI) notation addresses of the requested resources, the time of the request, the method used to submit the request to the server, the file size obtained in response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical cyber crimes to the detriment of the website.
b) Data provided by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated in the different access channels to the website and the compilation of the data collection forms entail the subsequent acquisition of the user’s address, necessary to respond to his/her requests, as well as any other personal data included in the message.
In this case the acquired data will be processed exclusively to respond to user requests.
In order for us to better respond to questions, users may be contacted by email, telephone or other communication systems by an operator of the company.
In the event that it is necessary, specific summary information notices will be shown or displayed on the pages of the website prepared for particular services on request.
Please refer to the specific Cookies Policy published on the website to obtain all the necessary information on the type and method of operation of cookies and other services and features active on the website.
5) Purposes and legal bases.
The personal data will be processed in relation to the services offered by the company Top Quality Group through its portal, exclusively for the purposes that fall within its institutional tasks and for purposes of public interest or for the obligations required by law or regulation.
Within the scope of these purposes, the processing also concerns the data necessary for the management of relations with the company Top Quality Group, as well as to allow effective communication and to comply with any regulatory legal and/or contractual obligations.
The legal basis of this processing is established by the law in force.
In the case of requests for information from users, the legal basis of the processing consists in the exercise of the company’s commercial activities and the need to provide a response to the user.
As regards the provision of personal data to process the requests submitted to the company, it is not compulsory but it is necessary and indispensable for the release of what is requested and also to perform all the obligations that are attributed to the controller by law and regulations.
6) Data processing methods.
In relation to the indicated purposes, the data are processed electronically and on paper. The logic of the processing is strictly related to the purposes described above and the personal data will be subject to electronic and manual processing.
The processing of data takes place for the time strictly necessary to achieve the purposes of the company, including through the use of automated tools complying with security measures to prevent loss of data, illicit or incorrect use and unauthorised access.
7). Recipients of the data.
The personal data provided are processed by the employees of the controller specifically authorised therefor and by third parties who provide specific processing services or perform activities related, instrumental or auxiliary to those that are the object of the company functions, with which specific contracts have been signed appointing a data processor pursuant to art. 28 of the GDPR.
The personal data of the data subjects may be communicated to third parties, private companies and public bodies, which have relations with the controller for the performance of its activities.
8). Period of personal data retention.
The data processed for the aforementioned purposes will be erased as soon as they are no longer necessary, without prejudice to the retention obligations established by law for administrative-accounting purposes and for corporate documentary or archiving purposes.
9). Transfer of personal data abroad.
The data that form the object of the processing are kept in servers located in Italy. However, in the event of their transfer outside the European Union, as the servers of some service providers are located there, the controller will adopt all the adequate guarantees prescribed by the GDPR in order to protect the personal data of the data subjects.
10). Right of access.
Articles 15 to 22 of the GDPR entitle the data subject to exercise specific rights.
Art. 15 recognises the right of individuals to access their personal data and to obtain a copy thereof. The right to obtain a copy of the data must not affect the rights and freedoms of others.
By the request for access, the data subject has the right to obtain from the company confirmation as to whether or not personal data concerning him/her are being processed and to know the purposes and the categories of data processed, the third parties and processors to whom the data are communicated and if the data are transferred to a non-EU country with adequate guarantees. The data subject also has the right to know the retention period of their personal data.
11) Other rights.
With respect to the personal data, the data subject has the right to obtain the rectification of inaccurate data and the completion of incomplete personal data, the erasure (right to be forgotten) under the conditions indicated in art. 17 of the GDPR, the limitation of the processing and the right to object to an automated procedure for reasons connected to his/her particular situation.
The Controller may need to identify the data subject by requesting the provision of a copy of their identification document.
A response will be provided without delay and, however, within one month of the request.
12). Lodging a complaint with the supervisory authority.
In the event that the data subject considers that the processing of their personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the Italian Data Protection Authority based in Rome, pursuant to art. 77 of the GDPR, as well as have recourse to the judicial authority.