Megadyne S.p.A adheres to the latest data protection regulations.
This policy describes the procedures followed by Megadyne S.p.A (hereinafter "Megadyne" or the "Controller") in relation to the processing of personal data collected through the website https://www.challengept.com (hereinafter the "Website").
Unless otherwise stated, this policy also applies as an information notice - in accordance with art. 13 of Regulation (EU) no. 2016/679 (hereinafter the "GDPR") - rendered to those who interact with the Website (hereinafter the "User").
Information on the processing of detailed personal data is provided, where necessary, in the pages relating to the individual services offered through the Site. Such information is aimed at defining the limits and methods of processing the personal data of each service, on the basis of which the User can freely express his consent, where necessary, and possibly authorise the collection of data and their subsequent processing.
The Data Controller is Megadyne, with registered office in Via Trieste 16 - 10075 Mathi (Turin), tel. +39 011 926 8052, e-mail email@example.com. The updated list of any data processors is available at the registered office of the Controller.
Types of data processed.
They may be collected and processed through the Website:
- navigation data;
- personal data provided voluntarily by the User through the forms present within the Website.
Cookies are small text files that websites you visit send to your terminal, where they are stored, and then retransmit to the same websites the next time you visit. Cookies allow websites to function properly and efficiently to improve your experience by allowing the website to store information in the memory of your computer or other devices.
The Website uses technical cookies. Such cookies, due to the technical nature, do not require the prior consent of the User to be installed and used.
In particular, the cookies used on the Website are traceable to the following subcategories:
- browsing or session cookies, which ensure normal browsing and use of the Website and to collect anonymous information about how users use the website and how many visitors has the website, where they come from, and the other websites they have visited. As they are not stored on the user's computer, they disappear when the browser is closed;
- analytical cookies, such as, for example, those used by Google Analytics, with which statistical information are collected and analyzed, through the computer and other devices, on the number of users of the website, or on the number of clicks on the page during their navigation, or from which website users come and the pages they have visited;
- social widgets and plugins: some widgets and plugins made available by social networks may use their own cookies to facilitate interaction with the website of reference.
- security tokens, login tokens and shopping cart/quotation request information.
The third party cookies installed on the Website are listed below. For each of them, there is a link to the relative information notice on the processing of personal data carried out and the methods for deactivation of any cookies used. With regard to third party cookies, the Controller is only obliged to insert the link to the third party's website in this policy. On the other hand, the latter is required to provide information and indicate how to consent to and/or deactivate cookies.
- Google Analytics: https://support.google.com/analytics/answer/6004245
- Youtube and Google Maps: https://www.google.it/intl/en/policies/privacy/
- Addthis Widget: http://www.addthis.com/privacy/privacy-policy
Cookies may be disabled by the User by checking and/or changing their browser settings based on the instructions made available by their providers to the links listed below.
Purpose and legal basis of the processing.
Personal data collected through the Website will be processed:
- a. for the management of requests for information submitted by the User;
- b. for sending commercial communications about products and services, by e-mail, text message, mms, fax or the like and/or by postal service or operator telephone calls.
The processing of personal data for the purposes under a) does not require the consent of the User as the processing is necessary to meet specific requests of the subject concerned under art. 6, par. 1, lett. b) of the GDPR. The processing of personal data for the purposes under b) requires the consent of the User pursuant to art. 6, par. 1, lett. a) of the GDPR.
Provision of data and consequences in case of failure to provide.
The provision of personal data for the above purposes is optional and failure to provide them will result, as a consequence, the only impossibility for the Data Controller to manage and process requests or send commercial communications on products and services of the same.
Recipients or categories of recipients.
Personal data may be made accessible, brought to the attention of or communicated to the following subjects, who will be appointed by, depending on the case, as processors or subprocessors:
- companies of the group to which the Controller belongs (parent companies, subsidiaries, affiliated), employees and/or collaborators in any capacity of the Controller and/or companies in the group to which the Controller belongs;
- public or private entities, natural or legal persons, which the Controller uses to carry out activities instrumental to achieving the abovementioned purpose or to which the Controller is required to communicate personal data, by virtue of legal or contractual obligations.
In any case, personal data will not be disclosed.
Personal data will be stored for 24 months, as a rule, from their registration, for the purposes indicated above; in the event that there is a legitimate interest on the part of Megadyne in the storage of such data for a period longer than that indicated above, Megadyne shall provide additional information.
Rights of access, deletion, restriction and data portability.
Concerned subjects are entitled to the rights set out in art. 15 to 20 of the GDPR. By way of example, any concerned subject may:
- (a) obtain confirmation as to whether or not personal data relating to him are being processed;
- (b) where processing is ongoing, to obtain access to personal data and information relating to the processing and to request a copy of the personal data;
- (c) rectify inaccurate personal data and integrate incomplete personal data;
- (d) to obtain, where one of the conditions laid down in art. 17 of GDPR are satisfied, the deletion of personal data concerning him;
- (e) to obtain, in the cases provided for in art. 18 of the GDPR, the restriction of processing;
- (f) receive their personal data in a structured format that is commonly used and machine-readable, and request their transmission to another controller if technically feasible.
Right of objection.
Every concerned subject has the right to object at any time to the processing of his/her personal data carried out in order to pursue a legitimate interest of the Controller. In the event of objection, personal data will no longer be processed, unless there are legitimate reasons to carry out the processing that prevail over the interests, rights and freedoms of the concerned subject or for ascertaining, exercising or defending a right in court.
Right to revoke the consent.
In the event that consent is required for the processing of personal data, each interested party may, at any time, revoke the consent already given, without prejudice to the lawfulness of the processing based on consent given before the revocation. Consent can be revoked by writing an email to firstname.lastname@example.org..
Right of objection and revocation of consent in relation to the processing carried out for marketing purposes.
With reference to the processing of personal data for the purposes under b) each concerned subject may revoke at any time any consent given or object their processing, by writing an email to email@example.com. Objection to the processing exercised through these methods also extends to the sending of commercial communications by postal service or telephone calls with an operator, without prejudice to the possibility of exercising this right in part, objecting for example only the processing carried out through automated communication systems.
Right to complain to the Supervisory Authority.
In addition, any concerned subject may lodge a complaint with the Italian Data Protection Authority in the event that he/she believes that his/her rights under the GDPR have been violated, in accordance with the procedures indicated on the Italian Data Protection Authority’s website accessible at: www.garanteprivacy.it.