Privacy policy

PRIVACY POLICY

This policy contains important information on the protection of your personal data processed by us through our website www.vgvsrl.com (“Site”), as data controller, pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”).

Data controller
The data controller of your personal data is VGV S.r.l., with registered office in Via Cefalonia, 70 – 25124 Brescia (BS), tax code and VAT No. 03130410982 (“Data Controller”, “Controller” or “VGV”).

The Data Controller can be contacted at the following e-mail address privacy@vgvsrl.com

Categories of personal data
For the purposes set out in this policy, the Controller will process the data you voluntarily provide us with via the contact form in the “Contacts” and “News” sections of the Site, such as identification and contact data, along with other data you voluntarily fill in the body of the message you send us, as well as data collected automatically during browsing.

Click here for more details

a) Navigation data
The computer systems and software procedures used to run the Site may, in the course of their functioning, obtain certain personal data whose transmission is implicit in the use of Internet communication protocols. This data is not processed to be associated with identified data subjects, but by its very nature, it could, through processing and association with data also held by third parties, allow users’ identification. This category of data includes IP addresses or the type of device used by users who connect to the Site, the settings and characteristics of their device and the related system activity, the URI (Uniform Resource Identifier) addresses of the requested resources, the request time, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.

This data is used to allow correct navigation, to check the correct functioning of the Site, to allow the correct provision functions you request, and to ascertain possible liability in the event of potential cybercrimes to the detriment of the Site or third parties.

Concerning personal data collected via cookies, please see our Cookie Policy.

b) Personal data you provide us
We collect data that you voluntarily provide us, such as identification and contact data (e.g., name, e-mail address, and other data you may provide in the body of the message) when you contact us via the forms in the “Contact” and “News” sections of the Site.

Purpose and legal basis of processing
The Data Controller will process your personal data to allow you to browse the Site and ensure its proper functioning, to manage and respond to your requests for information, to comply with legal obligations, and for the purposes of protecting the rights of the Data Controller in court proceedings or out-of-court procedures.

With regard to the purposes we pursue, the legal basis are the performance of a contract or pre-contractual measures taken at your request, compliance with legal obligations, and our legitimate interest.

 

Click here for more details

Allowing you to browse the Site and ensuring its proper functioning. The legal basis of processing is the performance of a contract or pre-contractual measures taken at your request.

The provision of personal data for this purpose is necessary to enable you to browse the Site and to ensure the proper functioning of the Site.

Managing and responding to your requests for information received through the contact forms on the Site in the “Contact” and “News” sections. The legal basis of the processing is the performance of a contract or pre-contractual measures taken at your request.

You are not obliged to provide your data for the abovementioned purpose; however, providing this data is necessary to process your requests.

Complying with legal obligations the Controller is subject to (e.g., obligations under the Civil Code, as well as tax and financial obligations). The legal basis for processing is compliance with legal obligations to which the Controller is subject.

You are not obliged to communicate your data for the abovementioned purpose; however, communication is necessary to enable us to comply with the regulatory obligations we are subject to.

Exercising or defending legal claims in court proceedings or out-of-court procedures. The legal basis of processing is the Data Controller’s legitimate interest in exercising or defending its rights; the Data Controller considered that this legitimate interest does not affect your rights and freedoms.

In this case, you are not required to provide additional data since the Data Controller will pursue this further purpose, where necessary, by processing the data collected for the purposes deemed compatible with this additional purpose.

Methods of processing and retention periods

Your data will be processed with the support of electronic and telematic means. Your data will be protected by adequate technical and organizational security measures to ensure their confidentiality, integrity, and availability.

We only retain personal data as long as it is necessary to fulfill the purposes for which they were collected or for any other legitimate related purpose. Therefore, if personal data are processed for different purposes, we will retain such data until the purpose with the longer retention period ceases. In any case, we will no longer process personal data for purposes whose retention period has ended. Personal data that is no longer needed or for which there is no longer a legal basis for its retention will be irreversibly anonymized (and thus may be retained) or deleted.

Click here for more details

Browsing data are deleted at the end of your browsing session unless retention is necessary to ascertain any liability in case of potential cybercrimes to the Site’s or third parties’ detriment.

Personal data processed to manage and respond to your requests for information are retained for the time necessary to manage and respond to your request and immediately deleted.

Personal data processed to comply with legal obligations are retained for up to 10 years after the termination of the contractual relationship.

Where it is necessary to process data for legal actions or defenses in court, this data is retained for as long as the law allows the Controller to pursue such legal claims.

Categories of data recipients

Your personal data will be processed by persons authorized and instructed to process it under the direct authority of the Data Controller. In some cases, your personal data will be disclosed to other parties acting on our behalf as Data Processors, who have been given specific instructions on processing your data and whose list you can request from the Controller by emailing privacy@vgvsrl.com. Those companies, acting on our behalf as Data Processors, provide us with IT support services, cloud services, etc.

Click here for more details

In particular, your data may be disclosed solely for the purposes specified above to the following recipients:

  • companies providing website maintenance services and companies providing IT support services;
  • companies providing cloud and hosting services;
  • authorities and institutions (e.g. public authorities and law enforcement) to which law or regulations grant the right to access.

Transfer of personal data

The Data Controller stores and processes the personal data indicated in this Privacy Policy on servers based within the European Union.

Click here for more details

The Data Controller does not transfer personal data outside the European Union; in any case, where the Data Controller, due to any requirements related to where service providers are located, needs to transfer data outside the European Union or the European Economic Area to countries the European Commission has not issued an Adequacy Decision for, the Data Controller undertakes to ensure adequate levels of protection and safeguards together with contractual safeguards, in accordance with applicable laws, including the drafting of standard contractual clauses as per Art. 46(2)(c) of the GDPR, supplemented if needed by additional technical, legal, and organizational security measures necessary to ensure that the level of protection of personal data is equivalent to the one of the European Union.

For any further information on the transfer of your personal data, you can email privacy@vgvsrl.com 

Rights of the data subject

About the processing of your personal data, you will always be able to exercise your rights under the GDPR (Articles 15-22):

– receive confirmation of the processing of your personal data and access its content (right of access);
– update, amend and/or correct your personal data (right to rectification);
– request the erasure or restriction of personal data processed in breach of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or otherwise processed (right to erasure and right to restriction of processing);
– object to the processing at any time where the processing is based on our legitimate interest or where the data are processed for direct marketing purposes (right to object);
– in the cases provided, receive a copy of your data, provided in the context of the contract, in an electronic format and request that such data be transmitted to another Data Controller (right to data portability).

To exercise your rights, you can contact us at the following e-mail address: privacy@vgvsrl.com 

Other rights

If you believe processing your personal data via the website infringes data protection legislation, you have the right to lodge a complaint with the supervisory authority (in Italy, the Garante per la Protezione dei Dati Personali) or with the competent judicial authority.

Last updated: July 2023