Bruschi complies with the General Data Protection Regulation of 27 April 2016, n. 679 (GDPR).
BRUSCHI SPA (VAT number 02926320157), with registered office in Abbiategrasso, Via Mendosio n. 26
Owner contact email: firstname.lastname@example.org.
The Data Controller is BRUSCHI SPA (VAT number 02926320157), with registered office in Abbiategrasso, Via Mendosio n. 26 - email: email@example.com. The Data Controller has not currently appointed the Data Protection Officer (“DPO”).
The data provided through the operations that the visitor / user will carry out on the Site or provided by the same to the owner of the Site ( eg name, surname, address, telephone number, email) are treated as required by the GDPR to respond to requests received via contact form or via email from users / visitors and offer and manage the services requested, such as the blog, for administrative operations, as well as to fulfill specific obligations established by law. The data may also be used, anonymously, for statistical extrapolation. The legal basis of the treatments described above consists in the execution of the relationship of which the interested party is involved and as required by law.
Where the user/visitor specifically consents to the processing of the aforementioned data may also be for marketing purposes, it being understood that to the user/visitor may notify at any time the will no longer to receive such communications. The legal basis of the data processing as described above consists in the manifestation of the consent expressed by the user/visitor.
The data may be disclosed to third parties who work in aid and on behalf of the Data Controller only for the purposes listed above for contractual and legal obligations. The secretarial staff as well as those responsible for the management and maintenance of the processing systems may come into contact with the data. The communication to the aforementioned individuals will in any case take place with a guarantee of protection of the rights of the interested party as required in the GDPR. The list of possible data processors is available at the Data Controller.
Any transfer of data outside the EU will take place in full compliance with the levels of protection and protection provided for in the GDPR.
The data will be stored in a form that allows the identification of the involved party for a period of time not exceeding the achievement of the purposes of the processing, compatibly with the other legal obligations, and in accordance with the data retention procedure adopted by the Data Controller. The interested party may request the retention times of their personal data at any time by writing to the following address: firstname.lastname@example.org.
As required by art. 13 of the GDPR, the interested party may at any time exercise the following rights:
a) right of access, rectification, cancellation, limitation, opposition: the interested party can access his data at any time, request its correction if incorrect, request the cancellation of overabundant data but not those required by law to the Data Controller, may limit the access of data to some figures;
b) right to data portability: the interested party has the right to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a data controller and has the right to transmit such data to another data controller without impediments on the part of the data controller to whom he provided them exclusively in the cases provided for by art. 20 of the GDPR;
c) right to withdraw consent at any time: the interested party may withdraw consent at any time, assuming the consequences without prejudice to the obligation for the Data Controller to continue to hold the personal data subject to this processing when this is necessary to fulfill a legal obligation of the Data Controller or for the execution of a task of public interest or connected to the exercise of public authority vested in the Data Controller.
d) the right to be able to lodge a complaint with a privacy supervisory authority.
e) with regard to marketing purposes, the possibility remains for the interested party who has given his consent: i. to request, at any time and free of charge, the Data Controller to receive communications exclusively through traditional contact methods such as paper mail or calls via an operator; ii. to object, at any time and free of charge, to the processing of their personal data for the aforementioned purposes. In this case, the interested party's right to object to the processing of their personal data through automated contact methods (eg e-mail, mms or sms type messages and social networks, etc.), extends to the traditional methods of contact; iii. to object, at any time and free of charge, to the processing of their personal data for the aforementioned purposes only in part, i.e. by expressing a choice on the methods of contact.
To exercise your rights write to: email@example.com.
The provision of data is mandatory given the nature of the contractual relationship that is established between the user / visitor and the Data Controller with regard to the services requested. The provision relating to marketing purposes is optional.
If the user / visitor refuses to provide the mandatory data requested in relation to the services requested, the Data Controller will not be able to provide its service. On the other hand, no consequence is foreseen for the failure to provide data of an optional nature except for the impossibility of receiving promotional communications.
No profiling activities are performed on the interested party or in any case any form of automated processing of personal data consisting in the use of such personal data relating to a natural person, in particular to analyze or predict aspects concerning professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or travel.
Last modification: June 29, 2021