In respect of the provisions of EU Reg. 2016/679 (General Data Protection Regulation), we hereby provide you with the due information on the processing of any personal data you may provide.
Athena S.p.A. takes all technical and organisational security measures necessary to protect your personal data from any loss and misuse. In some cases, your personal data is encrypted during transmission using the Secure Sockets Layer (SSL) software technology.
1. Data Processing Controller
In accordance with Articles 4 and 24 GDPR, the Data Processing Controller is Athena S.p.A., with registered office in Via delle Albere, 13, 36045, Alonte (VI) – Italy - VAT No 00589040242; REA (Economic and Administrative Register) No VI-139951; Tel. +39 (0)444 727272; Fax +39 (0)444 727222; e-mail: email@example.com.
For information as well as to exercise the rights indicated in Art. 7 of Italian Legislative Decree 196/2003 (Privacy Code) and indicated in Articles 15-22 GDPR or for any additional information on privacy, please contact the Controller.
2. Internal Data Processor
Athena S.p.A. informs you that it has appointed an Internal Data Processor whose name, along with an updated list of the Internal Privacy Function Managers, is available by sending an e-mail to the Controller at the following e-mail address firstname.lastname@example.org.
The Internal Data Processor governs the necessary processing of personal data and coordinates the privacy function managers, in relation to the various company functions represented by specific processing areas.
3. Personal Data
Personal data are specific information in relation to personal or factual characteristics concerning a natural person determined or determinable in accordance with Art. 2 of Italian Legislative Decree 196/2003 and Art. 4 GDPR.
That category includes information such as your personal name, address, telephone number, email, tax code, bank details. Information that cannot be connected directly to you - for example, favourite websites or number of users of a certain website - is not considered personal data.
4. Provision of Data
5. Types of data processed and processing purposes
- Browsing data: the IT systems and software procedures that facilitate the operation of this Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols.
This category of data includes IP addresses or domain names of the computers or terminals used by you, addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to your operating system and computer environment.
These data are used only to obtain anonymous statistical information on use of the website, to control its correct functioning and to ascertain liability in the case of hypothetical computer crimes in detriment to the website.
- Data provided by you voluntarily: data provided by you voluntarily will be processed by the Controller in respect of the conditions of lawfulness, in accordance with Art. 6 GDPR, for the following purposes.
1. To allow for your registration on the website: the Controller will process your data to enable access to the part of the Company Website dedicated to online sales of its Products and consequently to allow you to complete all purchase procedures. You are informed that access and browsing on the Website is free, but entering into a remote contract with the Controller is only possible after registering.
2. To pursue pre-contractual and contractual purposes such as responding to specific requests by you, fulfilling contractual obligations, holding collaboration relationships, providing assistance, support and technical information on the products and services subject to the relationship.
3. To fulfil obligations laid down by law, regulations or EU legislation, to prevent or discover fraudulent activity or abuses harmful to the website, for the pursuit of the legitimate interest of the Controller or third parties, provided that your interests or rights or fundamental freedoms do not prevail, and to handle any complaints and/or disputes.
4. To select personnel to be inserted into its workforce: the personal data processing is done exclusively as part of the conduct of personnel search, selection and assessment activity, as well as the creation of a database functional to the pursuit of those purposes. In the search and selection phase, the Controller does not need to collect so-called “sensitive” data (likely to reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organisations of religious, philosophical or trade union nature, as well as personal data likely to reveal the state of health or sex life); therefore, please include in your curriculum the data necessary to assess your profile and do not indicate such sensitive information.
5. To pursue promotional, advertising and marketing purposes such as the sending of newsletters, market research, participation in prize events, games and competitions, products and/or services referable to the Controller, aimed at rewarding and/or gaining the loyalty of Customers and for statistical analysis purposes.
6. Recipients or Categories of Recipients of Data
Data of personal nature provided may be communicated to employees or collaborators of the Controller who, acting under the direct authority of the latter, process data and are appointed as internal processors or processing officers in accordance with Articles 29 and 30 of the Italian Legislative Decree 196/2003, or System Administrators and they will receive in that regard adequate operating instructions from the Controller; the same will occur - by the Processors appointed by the Controller - in relation to employees or collaborators of the Processors.
The Personal Data may also be brought to the attention of external Processors of the Controller, appointed pursuant to Art. 28 GDPR, such as third party companies or other entities that perform outsourced activities on behalf of Athena S.p.A.
Categories of External Processors: a) third party suppliers, manufacturers, distributors, retailers and commercial partners of Athena S.p.A.; b) persons, companies or professional firms, providing activity of support, consultancy or collaboration to Athena S.p.A. on accounting, administrative, legal, tax and financial matters; c) credit institutions for profiles relating to the fulfilment of receipts and payments; d) companies that perform on behalf of Athena S.p.A. outsourced activities therein including IT technicians who manage the websites and respective electronic communication infrastructures required for that purpose; e) external suppliers who provide to Athena S.p.A. support services; f) agents.
The list of appointed Processors is constantly updated and available at the office of Athena S.p.A. and can be consulted by sending an e-mail to the following address: email@example.com.
7. Indication by the Data Subject of personal data of third parties
You acknowledge that any indication (for example, when completing the Website registration form) of the data of any third party other than the data subject represents personal data processing with respect to which you are the autonomous controller, assuming all obligations and responsibilities laid down by law. In that sense, you guarantee to Athena S.p.A. that any data of third parties indicated by you (which will consequently be processed as if the third party had provided informed consent for processing in that regard, if mandatory) was acquired by you in full conformity with the existing regulations on data protection. In that regard, you provide the broadest indemnity with respect to any dispute, demand, claim for compensation for damages from processing, etc… that may be received by Athena S.p.A. from any third party due to the provision of data indicated by you in violation of the applicable rules on personal data protection.
8. Place, Method of Processing and Data Storage Period
The Personal Data are processed mainly at the office of the Controller and in the locations in which the External Processors are located. For further information, contact the Controller.
The Personal Data will be processed on paper medium and with electronic/automated media, by means of operations of collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, block, communication, archiving, erasure and destruction of the data.
The processing will be carried out in automated and/or manual form, with methods and instruments aimed at guaranteeing the utmost data security and confidentiality, by persons specifically instructed for that purpose.
In respect of the provisions of Art. 5 paragraph 1 letter e) GDPR the personal data collected will be stored in a form that allows for the data subjects to be identified for a period of time not exceeding the achievement of the purposes for which the personal data are processed, and in any case erased without unjustified delay.
To find out about the criteria at the basis of the data storage period, write to firstname.lastname@example.org.
The Controller has adopted a large variety of security measures to protect you against the risk of loss, abuse or alteration of the Data.
It uses the Data encryption technology established by the AES Standards and the protected data transmission protocols known as HL7 and HTTPS; it respects the ISO/IEC 27000, WG3 and WG4 standards. In addition, it stores your Data on Servers located in the European territory or, in the case of electronic platforms, such as Google, they may be transferred to the USA.
The data will not be in any way disseminated or communicated to external entities, without prejudice to legal obligations in that sense.
9. Transfer of Data to a Third Country and/or International Organisations
The Website does not share, sell, transfer or otherwise disseminate your personal data to third parties located in a third country and/or to international organisations and it will continue not to do so in future, subject to legal obligations, unless this is necessary for the purposes laid down by the contract or if you have provided your explicit consent to that processing.
For requirements strictly linked to the implementation of the contract and the provision of the services, some of your personal data may be communicated to other Group companies, based in non-European third countries.
To enhance the protection of the personal data transferred by Athena S.p.A. based in a State of the European Economic Area (EEA) to a company of the Athena Group in a State outside the EEA, the Athena Group has decided to adopt the Data Protection Guidelines for all companies that guarantee an adequate level of protection of personal data confidentiality.
All Users are, therefore, invited to read the public version of the Athena S.p.A. Data Protection Guidelines by sending a request to the Processing Controller.
The Website does not contain any information intended directly for minors. Minors must not provide information or personal data to Athena S.p.A. in the absence of consent from their parent or guardian.
Therefore, Athena S.p.A. invites all parents and guardians to inform minors of the safe and responsible use of the Internet and to implement all procedures indicated from time to time in relation to the initiatives in which Athena S.p.A. intends to process the data of minors.
Therefore, please consult this page periodically to see our most recent version.
12. Third-Party websites
If the Website contains links to other websites or services owned or controlled by third parties, Athena S.p.A. is not responsible for the privacy policies or practices of those third-party websites or services. You are required to check that the policies and practices are acceptable before use.
13. Dispute resolution - ODR (Online Dispute Resolution)
In accordance with Art. 14 of Regulation 524/2013 Athena S.p.A. informs you that in the case of a dispute, you may lodge a complaint by way of the ODR platform of the European Union which can be accessed at the following link.
The ODR platform is an access point for users wishing to resolve disputes on an out-of-court basis deriving from sale contracts or online services.
For further information, contact the Controller at the following e-mail address: email@example.com.
14. Rights of Data Subjects
You have the right to invoke the rights as expressed by Articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, by contacting the Controller, by writing to the address firstname.lastname@example.org.
You have the right, at any time, to ask the processing Controller for access to your personal data, their transformation into anonymous form, their copying, update, rectification, erasure, the restriction of processing, the block of data processed in violation of the law in accordance with the provisions of Art. 7 of Italian Legislative Decree 196/2003, sending a written communication to the indicated address: email@example.com
In addition, you have the right to object, at any time, to the processing of your data (including automated processing, e.g. profiling) as well as to the portability of your data.
Without prejudice to any other administrative and jurisdictional recourse, if you believe that the processing of data relating to you violates the provisions of EU Reg. 2016/679, in accordance with Art. 15 letter f) of the aforementioned GDPR, you have the right to make a complaint to the Data Protection Supervisor and, with reference to Art. 6 paragraph 1, letter a) and Art. 9, paragraph 2, letter a), you have the right to revoke at any time the consent provided.