PRIVACY & COOKIE POLICY

Why A Privacy Policy?

This page will describe, in compliance with the principle of transparency, how we collect, move, process and archive personal data from our website.
This information notice is provided in pursuance of article 13 of Regulation (EU) 2016/679 on the protection of personal data (GDPR) to any entity having to do with the web-based services that are made available by DPTLab via electronic networks from the following address: www.dptcorporate.com, which corresponds to the home page of DPTLab official website.
This information notice only applies to the aforementioned website and does not concern any websites that may be visited by a user via external links present on websites owned by the Controller, which is not in any way responsible for third-party websites.


1. Data Controller

Visiting this site may result into the processing of personal data concerning identified or identifiable persons (Data Subject). The Data Controller is DPTLab S.r.l., located in Bologna (BO – Italy), viale Masini 12, c/o Regus, 40126, Phone: + 39 051 0923545, E-mail: info@dptcorporate.com. Legal representative: Monica Gavina.

The Data Controller handles user data also through its internal officers and/or internal and external people in charge, specifically designated, authorized and provided with instructions (even verbal) for the correct processing of personal data.


2. Place Where Data Is Processed

The processing operations related to the web-based services that are made available via this website are carried out in the DPTLab offices, Bologna (BO – Italy), viale Masini 12, c/o Regus, 40126, exclusively by the DPTLab staff in charge.


3. Categories of Processed Data

Data collected from this site is exclusively adequate, relevant and not excessive for the legitimate purpose.

NAVIGATION DATA

The information systems and software procedures relied upon to operate this website acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. Such information is not collected in order to relate it to identified data subjects, however it might allow user identification per se after being processed and matched with data held by third parties. This data category includes IP addresses or the domain names of the computers used by any user connecting with this website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment. These data are only used to extract anonymous statistical information on website use as well as to check its functioning; they are erased immediately after being processed.
Retention period: navigation data will be stored until deemed necessary for providing the services requested, unless it might be used to establish liability in case computer crimes are committed against the website; except for this circumstance, any data on web contacts is currently retained for no longer than seven days.

DATA PROVIDED VOLUNTARILY BY USERS

Sending e-mail messages to the addresses mentioned on this website, which is done on the basis of a freely chosen, explicit, and voluntary option, entails acquisition of the sender's address, which is necessary in order to reply to any request, as well as of such additional personal data contained in the message(s). Specific summary information notices will be shown or displayed on the pages that are used for providing services on demand.
Retention period: data provided by users will be stored until deemed necessary for the provision of services requested.

COOKIES

This website uses cookies. No personal data concerning users is acquired by the website in this regard. No cookies are used to transmit personal information, nor are so-called persistent cookies or user tracking systems implemented. Use of the so-called session cookies – which are not stored permanently on the user's computer and disappear upon closing the browser and/or by clearing the browser's cache – is exclusively limited to the transmission of session ID's – consisting of server-generated casual numbers – as necessary to allow secure, effective navigation. The so-called session cookies used by this website make it unnecessary to implement other computer procedures that are potentially detrimental to the confidentiality of user navigation, whilst they do not allow acquiring the user's personal identification data.


4. Purposes and legal basis on which data are being processed

Data voluntarily provided by users will be processed as the GDPR requires, in order to perform the website's own functionalities. In particular, personal data provided by users will be managed by the Controller - also through its internal officers and/or internal and external people in charge, specifically designated, authorized and provided with instructions - for the following purposes:

A) Fulfillment of precontractual and contractual obligations (for example, sending quotes, processing purchase orders, support also through accessing the Customer Care portal, etc.)
Lawful basis for processing: contractual necessity and legitimate interests.
Providing data is necessary for the exact execution of the contractual and pre-contractual services; otherwise, we won’t be able to execute them.

B) Subscription to (and subsequent sending of) the Newsletter
Lawful basis for processing: consent and legitimate interests.
Not providing consent does not imply consequences on the contractual relationship.

C) Direct Marketing
The Controller sends commercial, advertising and promotional (marketing) information about DPTLab products via e-mail.
Lawful basis for processing: consent and legitimate interests.
Not providing consent does not imply consequences on the contractual relationship.

D) Fulfillment of legal obligations (for example accounting and tax obligations)
Lawful basis for processing: compliance with legal obligations.
Providing data is necessary for the exact execution of the legal obligations; otherwise, we won’t be able to execute them.


5. Retention Period, Optional Data Provision and Consequences of Refusal

The following are the retention periods in relation to the different purposes listed above:
- Personal data collected for purposes related to the execution of a contract between the Data Controller and the user will be retained until the rights arising from the contractual relationship are prescribed.
- Personal data collected for purposes related to the legitimate interest of the Data Controller will be retained until the satisfaction of such interest.
- When the processing is based on the user's consent, the Data Controller may keep personal data until such consent is revoked.
- The Data Controller may be obliged to keep personal data for a longer period in compliance with a legal obligation or by an order of an authority.
- The navigation data will be kept for the technical time necessary for handling the purposes for which they were collected.


6. Processing Arrangements

Personal data will not be disseminated or managed by a fully automated decision process, including profiling. Personal data are processed using mostly automated tools (and sometimes with the support of paper means), with procedures and tools that guarantee maximum security and confidentiality, for the time strictly necessary to achieve the purposes for which data were collected (see paragraph 5 above) and, in any case, in accordance with the relevant regulations in force. As far as the current state of the art allows, specific security measures are implemented to prevent the data from being lost, used unlawfully or inappropriately, and accessed without authorization.
In addition to the Data Controller, in some cases, other parties involved in the organization of this website (administrative, commercial, marketing and legal staff or system administrators) or external subjects may have access to data, and they may be also appointed, if necessary, Data Processors by the Data Controller.


7. Scope of communication and dissemination

The data processed will not be disclosed, except within the limits stated, and may be disclosed abroad to companies contractually linked to the Controller (within or outside the European Union), in accordance with and within the limits of the GDPR and/or authorized according to specific EU decisions or agreements (for example the Privacy Shield), in order to comply with the requested service or related purposes.
Data may be disclosed to third parties belonging to the following categories:
- persons providing services for managing the IT system used by the Controller and the telecommunications networks (including e-mail);
- firms or companies providing assistance and consultancy or contractually linked to the Controller;
- banks and insurance companies;
- competent authorities for the fulfilment of obligations under law and/or provisions of public bodies, upon request.

Any further communication or dissemination will only take place with the explicit consent of the person concerned. It is also stated that the law provides for cases where there is an obligation to communicate data collected to third parties; in such cases, data may be made available to third parties who will deal with them independently and solely for the aforementioned purposes (for example, in the case of a request from the police, the judiciary or other competent bodies).


8. Transfer of personal data abroad

Data are stored in secure data centers located in Italy or within the European Union. Depending on the user's location, data transfers may involve transferring the user's data to a country other than their own. If, for technical and/or operational reasons, it is necessary to rely on subjects located outside the European Union, or it is necessary to transfer some data to third-party technical systems (platforms for managing mailing lists) and to services in the cloud located outside the European Union, the processing will be regulated in compliance with the provisions of Chapter V of the Regulation and/or authorized according to specific EU decisions or agreements (for example the Privacy Shield), by adopting all the necessary precautions to ensure that the level of protection guaranteed by the Regulation is not prejudiced.


9. Data subjects' Rights - How to exercise rights

Each data subject, in relation to the aforementioned arrangements, has the following rights as stated in the articles 15-22 of the GDPR:
a) The right of access to personal data and information (Article 15 GDPR);
b) The right to rectification of incorrect personal data and/or integration of incomplete personal data (Article 16 GDPR);
c) The right to erasure of personal data in the presence of the conditions established by the Regulations (Article 17 of the GDPR);
d) The right to restrict processing only to some personal data, if one of the reasons provided for by the Regulations exists (Article 18 of the GDPR);
e) The right to data portability of the data that the user provided to the Data Controller, in a structured commonly-used and machine-readable format, also to transmit those data to another Controller (art. 20 GDPR);
f) The right to object, wholly or partly, to the processing of personal data in the presence of the conditions established by the Regulations (Article 21 of the GDPR);
g) Rights related to automated decision making, profiling included (art.22 GDPR);
h) The right to withdraw consent, at any time, in the event that the processing is based on explicit consent, without prejudice to the lawfulness of the processing carried out before the revocation;
i) The right to lodge a complaint, pursuant to art. 77 and subsequent ones of the Regulation, to a supervisory authority, which - for the Italian State - is identified in the Authority for the Protection of Personal Data (website www.gpdp.it);

These rights may be exercised by giving written notice to the Data Controller via e-mail at info@dptcorporate.com.


10. Changes to the Privacy and Cookie Policy

The Controller may modify or simply update, even in part, the Privacy Policy of the website, also in view of the amendment of the law or regulations governing this matter. It is important therefore to regularly access this section to check the publication of the latest and up-to-date Privacy Policy. In order to facilitate this verification, the information notice contains the date of update.



Last updated: 18 May 2023