This page describes how the Cirmy site, whose domain is owned by Tcrea Srl, is managed. This information is drawn up and personalised for visitors to the portal, i.e. for all those who interact with the web services, by digital means, from the address:
corresponding to the home page of that site, irrespective of the request for Contacts.
This information is provided only for the indicated website and not for any other websites that the user may visit via any links.
The information is also inspired by Recommendation no. 2/2001 that the European authorities for the protection of personal data, brought together in the Working Party set up by Article 29 of Directive no. 95/46/EC, adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection, as well as the innovations introduced by European Reg. 2016/679 GDPR, Recitals 58 to 73, articles 12 to 23.
In addition to this sheet describing the choices made by Tcrea in the processing of data acquired through its web portal, you will find specific information in the Contact Section, in the information request forms or when chatting with the Data Controller using the Chat function, should you wish to collaborate as a partner or should you wish to purchase one or more of the items in the catalogue.
In these sections, Tcrea provides information pursuant to art. 13 of Reg. EU 2016/679, which also applies in the event that, using the contact details published on this website, you contact Tcrea, and on that occasion provide your personal data so that the Data Controller can respond to your request, provide you with information or otherwise.
In connection with the navigation of this site, data relating to identified and identifiable persons will be processed.
The Data Controller is Tcrea srl – Via Prà di Risi n.10 -33080 Zoppola (PN) Italy VAT No. 01759080938 REA No. PN – 102316 Tel (+39)0434-1831880 – E-mail: firstname.lastname@example.org – PEC (certified email) address email@example.com
DATA PROCESSORS AND AUTHORISED PERSONS
In application of current legislation, the Data Controller is Tcrea as identified above.
In order to carry out its activities and to provide a better service to users, Tcrea may make use of collaborators. These persons, when they process personal data and work in close cooperation with Tcrea, following its directives, have been appointed as data processors and have been authorised with precise limits, privileges, purposes and instructions limited to their tasks.
Tcrea will also make use of internal and/or external resources that support it in the execution of its business activities (technical or commercial functions), who are in charge of web marketing, graphics and social communication, and who, by reason of their duties, may have access to the mailing lists or other personal data of those who interact with the website, through social media or by sending communications, either individually or, possibly, through multiple mailing platforms (e.g. through Active Compaigne).
For technical or organisational needs, Tcrea makes use of the work of third parties, including individuals or companies providing computer and digital services, administrative and accounting services, graphic or artistic services (video production, photography, etc.), postal and archiving services, etc. These individuals do not process personal data in their role. Should they process personal data for specific tasks, they will either take on the role of external data processors or operate completely independently as separate data controllers or, if the conditions under Article 26 of Reg. EU 2016/679 apply, as Co-Controllers.
Those who have been formally qualified as External Processors have received and accepted in writing the relevant appointment and have undertaken to carry out the processing connected with the performance of their duties in full compliance with the instructions received, guaranteeing the implementation of the obligations of confidentiality and compliant processing, as well as adopting all technical and organisational measures required by the regulations in force.
The list of the aforementioned subjects is available to data subjects upon request.
In any case, the communication and possible dissemination of personal data will take place only in accordance with the provisions of the GDPR, with the consent of the persons concerned, or in the cases provided for by the law in accordance with the rules contained in articles 6 and 7 of Reg. EU 2016/679.
Under no circumstances is data disseminated or disclosed to an unconditional number of persons.
Tcrea has entrusted the function of System Administrator to an internal resource, duly selected and appointed after verifying his/her competence, professionalism and absence of incompatibility causes.
This person will ensure the implementation of all the operations of safekeeping, storage, retrieval and safeguarding of the data and the information systems where data is contained, also in compliance with the Recommendation issued by the Privacy Authority in 2009 and subsequent amendments and supplements.
This subject will support Tcrea in the event of a data breach involving computer systems or this web portal.
PLACE OF PROCESSING OF PERSONAL DATA AND RETENTION PERIOD
The processing operations connected to the web services of this Portal take place at the aforementioned registered office in Zoppola (PN) or, limited to some computer data, at the data centres of the Company that manages the hosting space (Vhosting) through its own data centres in Italy at Servereasy SRL c/o Irideos SPA (Milan), IT.Gate SPA (Turin), Aruba SPA (Ponte San Pietro, Arezzo) or in Germany at Hetzner Online GmbH (Nuremberg, Falkenstein) under GDPR compliant conditions.
In addition, Tcrea makes use of some cloud solutions or other sharing platforms, such as Google Drive or instant messaging services such as WhatsApp or platforms for sending multiple messages and newsletters such as Active Compaigne; therefore, your data will be transferred abroad in order to be able to use these applications, also outside the EU, but in compliance with the provisions of art. 44 et seq. of the GDPR, subject to verification of the existence of adequacy conditions or thanks to standard contractual clauses.
Google Drive cloud solutions are provided by a farm located in Belgium (Europe-west-1b).
In the Data Processing Amendement G Suite, art. 4 et seq. Google expressly declares to process data in compliance with European privacy regulations, ensuring data availability and integrity, as recommended by the Privacy Authority in 2012, by the Group of 29 in the Guidelines on the use of the cloud no. 5/2012 (July 2012) and by the European Commission in Communication COM (2012) 529 of 27.09.2012.
In addition, Google has the ISO27018 Certification for its Cloud Platform, which guarantees that data processing complies with Italian and European regulations.
The data concerning you will only be kept for as long as is strictly necessary; in particular:
- navigation data only for the duration of the connection session.
- the data you have freely provided in the email you sent us, for the time necessary to reply to you or to perform the service you have requested.
- the data provided by you in order to participate in questionnaires or to receive updates or newsletters, as well as in all cases for which you have given your express consent, for as long as the information service (newsletters, promotional information, etc.) is active and until you have explicitly withdrawn your consent or indicated that you are no longer interested. It should be noted that if you have already requested information on specific products offered by our Company, we may send you information or promotional communications regarding other products that we consider similar to the one in which you have already shown interest, without the need for your prior consent pursuant to article 130, paragraph 4 of Legislative Decree no. 196/2003 as amended by Leg. Decree 101/2018.
Tcrea may store your data for a longer period when required by specific legal provisions (e.g. for tax regulations) or for legal protection (e.g. data proving that you have given consent to the processing), limited to the period of prescription or forfeiture of the right to act or resist in court for contractual or non-contractual liability (5 or 10 years).
The data in the electronic archives is stored at the hosting company that maintains online the website portal and the relevant database on behalf of Tcrea, and is only handled by the technical staff appointed by the hosting company for the processing or by any persons in charge of occasional maintenance operations. The data will be kept for a period not exceeding 2 (two) years from the date of removal from the mailing list and, in any case, will not be processed other than for defensive purposes.
Data for marketing purposes will be stored for two years after its collection, without prejudice to the right to withdraw consent at any time.
PRIVACY SERVICE AND EXERCISE OF THE DATA SUBJECT’S RIGHTS
You may contact Tcrea’s Administration Service, reporting to the Data Controller, for feedback in the event of exercising your rights under Articles 15 et seq. (15-21) of Reg. EU 2016/679 and for any further information on the processing of personal data and, in particular, to:
- Obtain confirmation as to whether or not personal data concerning you exist, even if it has not yet been recorded, and obtain communication of such data in intelligible form.
- Obtain information on the origin of the personal data, the purposes or methods of processing, as well as the logic applied in the case of processing carried out with the aid of electronic instruments.
- Obtain the list of subjects or categories of subjects to whom the data is communicated or who become aware of the data in their capacity as Data Controllers or Data Processors.
- Request the updating or rectification of the processed data and, in the event of processing in breach of the law or in the cases referred to in article 17 of Reg. EU 2016/679, the deletion of the data (right to be forgotten), its transformation into anonymous form or its blocking.
- Request the restriction of data processing.
- Request, if you have an interest in doing so, the integration of data concerning you.
- Object, in whole or in part, to the processing of personal data for legitimate reasons, even if pertinent to the purpose of collection.
- Oppose the processing of your personal data for commercial or interactive commercial communication purposes and to be informed by the Controller, no later than at the time the data is communicated or disseminated, of the possibility of exercising this right free of charge.
- Have confirmation as to whether or not an automated decision-making process, including profiling as referred to in art. 22, par. 1 – 4 of Reg. EU 2016/679, and at least in these cases information on the logic used, as well as the importance of and the expected consequences of such processing.
- Request the portability of data concerning you to another data controller.
- Request to be notified of any event that may have led to a breach of your data, if this event has entailed a high risk for your rights and freedoms, under the conditions set out in article 34 of Regulation EU 2016/679.
Requests may be sent in paper form to the Controller’s registered office or by email to firstname.lastname@example.org. Rights relating to deceased persons may be exercised by anyone with an interest in them, as well as, of course, by legitimate heirs.
When exercising your rights, you may grant, in writing, proxy or power of attorney to natural persons or associations, provided that such proxies or powers of attorney are properly documented.
Tcrea undertakes to handle any requests by data subjects and the resulting assessments in the manner and within the limits set by the regulation, pursuant to art. 153..
TYPE OF PROCESSED DATA AND COLLECTION METHOD
DATA VOLUNTARILY PROVIDED BY THE USER
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the Portal or the forwarding of requests for information on the products offered by Tcrea entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the contact communication.
In particular, if you wish to request information, you can send us an email or chat with the Controller or fill in one of the forms available on the site.
Please indicate your email and request at the bottom of the text message or in the appropriate fields.
Providing this data is optional, but failure to consent to processing would prevent us from replying to you.
We need your data to enable us to:
- Send you the Delayed Response Information (all processed by email).
- Contact you for any problems or clarifications you may need about our services.
- Keep you up-to-date on the services in which you have shown interest, whether you wish to commission us or participate in a questionnaire.
Your data will not be disclosed.
Should Tcrea wish to process your data for commercial purposes, we will ask for your express consent prior to use, without which we will refrain from sending you any commercial communications or involving you in marketing campaigns.
The use of spamming is completely alien to Tcrea’s policy and ethics.
The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes:
- IP addresses or domain names of computers used by those connecting to the site.
- The addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.).
- Landing and exit pages.
- Parameters relating to the user’s operating system and computer environment.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation, and is deleted immediately after processing.
In addition, we have enabled Google’s retargeting functions to enable you to easily find our content and our site after you have left the portal, should you return to the Internet.
PROCESSING METHODS AND PURPOSES
Tcrea processes the acquired data, guaranteeing its appropriateness, its relevance to the purposes for which it was collected, its completeness, and its periodic updating. Tcrea undertakes to treat your data with the utmost confidentiality, care and diligence, in accordance with the current provisions on the protection of personal data.
In particular, we inform you that:
a) the processing that we intend to carry out with regard to the personal data of the data subjects will consist of its collection, recording, organisation, storage, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, erasure and destruction, as well as the combination of two or more of these operations;
b) the processing of personal data will have the purposes inherent to the professional activity of the data controller, in relation to the products marketed by Tcrea through its website
c) the processing operations listed above will be carried out using both paper and computer media.
Tcrea does not carry out profiling.
Even in the case of data processing for marketing purposes, however, it does not use an automated decision-making process.
Tcrea has taken all security measures required by law to prevent loss of data, illegal or incorrect use and unauthorised access.
PROCESSING OF SENSITIVE DATA
The tools you find on Tcrea’s site to send a request or message do not involve the request of any sensitive or particular data pursuant to art. 9 of Reg. EU 2016/679.
Tcrea periodically reviews its privacy and security policies and, where appropriate, revises them in relation to regulatory, organisational or technological changes. If the policies change, the new version will be published on this page of the site.
QUESTIONS, COMPLAINTS AND SUGGESTIONS
Anyone interested in more information, in contributing their own suggestions, in lodging complaints about the organisation’s privacy policies or the way Tcrea processes personal data, may do so by writing to the email address published on the website.
We remind you, however, that at any time you have the right to lodge a complaint with the Italian supervisory Authority (Garante della Protezione dei dati personali, www.garanteprivacy.it)