Biesse S.p.A. would hereby like to provide you with some information regarding the processing of your personal data, as is required in order to browse this website (hereinafter, “the Site").
The data controller is Biesse S.p.A., with registered office in Via della Meccanica, 16, Pesaro (PU), telephone number +39 0721 439100, Tax Code and VAT number IT 00113220412, email email@example.com (hereinafter, the "Company" or the "Data Controller").
Biesse has appointed a DPO who can be contacted at the following email address firstname.lastname@example.org.
The IT systems and software procedures in place to ensure that the website runs smoothly acquire, during their normal functioning, certain personal data which are implicitly sent when the internet communication protocols are used. This information is not collected to be associated with identified data subjects, but instead consists of information which, by its very nature, when processed and associated with data held by third parties, could lead to the identification of the users of the site. This data category includes the IP addresses or domain names of the computers used by those who connect to the website, the URIs (Uniform Resource Identifiers) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relative to the user’s operating system and IT environment. These data are used for the following purposes:
- to obtain anonymous statistical information about the use of the website and to check that it is working properly;
- for the technical administration of the website:
- to ascertain any liability in case of alleged computer crimes committed to the detriment of the website.
The purpose of the optional, explicit and voluntary sending of data - as requested by various sections of this website - is to meet the requests of the user. In this case, the user will be provided with a specific notice issued pursuant to Article 13 of the GDPR regarding the processing of the personal data requested in relation to the specific purposes to be fulfilled.
Cookies (or markers) are small text files that are sent by the web server visited by the user to their device (usually to the browser), when the user accesses a specific website. Their purpose is to store and send information. They are memorised so that the device can be recognised the next time the website is visited. Indeed, at each subsequent visit, the cookies are re-sent by the user's device to the website
As a general rule, each cookie contains the name of the server from which the cookie was sent, the expiry date and a value, usually a unique number generated at random by the computer.
First-party and third-party cookies
Cookies can not only be installed by the manager of the website visited by the user (first party cookies), but also by a different website that installs these via the first website (third party cookies) and is capable of recognising them. This occurs because the visited website can host elements (images, maps, sounds, specific links to pages of other domains, etc.) that lie on different servers from the one on which it is hosted.
Technical, analytical and profiling cookies
Depending on their purpose, the cookies can be divided into technical cookies and profiling cookies.
Technical cookies are cookies used only to “send a communication on a digital communication network or, to the extent strictly necessary, to the supplier of a service who has been explicitly asked by the subscriber or user to provide the aforementioned service” (see Article 122, paragraph 1 of the Privacy Code).
These cookies enable the user to browse the websites and make use of the functionalities thereof (they are referred to as "essential" or "strictly necessary" cookies). They are usually used to enable efficient navigation between pages, to store user preferences (language, searches carried out, etc.), to memorise information on specific user configurations, to perform user authentication operations, and to save items in the shopping cart during online purchases, etc.
"Statistical" or "analytical" cookies (also known as "performance cookies") collect information on how a website is used, on the pages visited and on which links are clicked on, with a view to improving the site functions.
Pursuant to the aforementioned Article 122, paragraph 1 of the Privacy Code, user consent is not required for the use of technical cookies; however, there is an obligation to inform these users of the presence of such cookies.
Pursuant to the Provision, so-called analytical cookies are treated the same as technical cookies - and, therefore, user consent is not required for their installation - if:
- they are created and used directly by the first party website operator (without, therefore, the intervention of third parties) for the purpose of optimising the website to collect aggregate information on the number of users and how they visit the website, as well as
ii) they are created and made available by third parties, where:
- they are used by the first party site for purely statistical purposes, if suitable minimisation measures are adopted in order to reduce their power to be used for identification purposes (e.g. by masking appropriate portions of the IP address), and used solely for the production of aggregate statistics and in relation - as a rule - to a single site or single mobile application, so as not to allow the tracking of the individual's browsing habits as they use different applications or visit different websites;
- the third parties who provide the web measurement service to the site do not combine, enrich or cross-reference the data - even where this information has been minimised as above - with other information available to these third parties (e.g. customer files or statistics regarding visits to other sites), or transmit the data to other third parties.
Profiling cookies, meanwhile, are used to track the user's browsing habits, analyse user behaviour for marketing purposes and create user profiles based on their tastes, habits, choices, etc., in order to send targeted advertising messages in line with the preferences expressed by the latter when browsing online. Pursuant to Article 122 of the Privacy Code, these cookies can only be installed on the user's device if the latter provides his/ her consent after having being informed using the simplified methods indicated by the Data Protection Authority in the Provision (by means of a "short" notice published on the site, in the form of a banner that appears immediately on the home page (or other page through which the user can access the site); this short notice refers to an "extended" notice that can be accessed by means of a link which the user can click on).
Persistent and session cookies
Based on their duration, cookies can be classed as persistent cookies, which remain memorised until their expiry on the user's device, unless the latter removes them, and session cookies, which are not persistently memorised on the user's device and disappear when the browser is closed.
Technical cookies are used on the site, and are installed by the company itself or by third parties for the purposes listed below.
This type of cookie cannot be disabled, and, as indicated above, the installation of these cookies does not require the prior consent of users, pursuant to Article 122 of the Privacy Code.
The name, any third party and the purpose and duration of each cookie used are specified below.
Anonymised analytical cookies
The website uses analytical cookies created and made available by third parties to statistically analyse accesses or visits to the website itself, allowing the company to improve its structure, browsing logic and content, and to collect information on the use of the website.
For more details and information, visit the following link: https://support.google.com/analytics/answer/1011397.
These cookies, appropriately anonymised (by masking significant parts of the IP address), allow aggregate information to be collected on the number of users and how they visit the website, without enabling individual users to be identified. As such, the prior consent of users is not required, in accordance with the Provision.
The name, any third party and the purpose and duration of each cookie used are specified below.
Gather statistics on how the visitor uses the site
In order to browse the site, users must provide their personal data in order to enable the various IT and telematic protocols to be carried out. The freedom of the user to give or withhold consent to profiling using the above-mentioned tracking tools remains unaffected.
The data may also be processed on behalf of the company by third parties, designated as data processors pursuant to Article 28 of the GDPR; these may include natural and/or legal persons who carry out activities that enable the fulfilment of the purposes indicated above - for example, the company that manages and maintains the website, and the company that provides the CRM software (and in particular the Salesforce Services - i.e. Sales Cloud, Service Cloud, Chatter and Communities - and Marketing Cloud services); currently, this is salesforce.com EMEA Limited, with registered office in the UK.
The data may be communicated to autonomous data controllers, such as supervisory and control authorities and bodies that are entitled to request/receive the data, as well as to any third-party providers (or vendors) as listed in the tables above which contain the list of cookies - in these tables, the link to the relevant notice is also provided, including for those operating outside the European Union. In this instance - i.e. the transfer of data to "third" countries, where such countries have not been deemed "adequate" by the European Commission - the "transfer tools" referred to in Article 46 of the GDPR, such as standard contractual clauses, will be used.
In addition, the data are processed by employees of the company - from the departments responsible for pursuing the aforementioned purposes - who have been expressly authorised to process this information, and who have received adequate operating instructions.
Users can also express their cookie preferences through their browser settings. Even in cases where the web browser used by the user is set to automatically accept cookies, the latter can change the default configuration via the settings menu, and can delete and/or remove all or some cookies, preventing cookies from being sent altogether or limiting this to certain sites. Disabling, blocking or deleting cookies may prevent certain areas of the site from being used optimally, or may block access to certain functionalities of the site, as well as affecting the function of third-party services. The links to the cookie management guides for the main browsers are provided below:
For browsers other than those listed above, see the relevant guide for details on how to manage cookies.
The data may be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) that have not been deemed "adequate" by the European Commission. In this instance, the transfer tools established under Article 46 of the GDPR (such as the standard contractual clauses, "SCCs", or the binding corporate rules, "BCR") will be used, evaluating whether any "additional measures" need to be adopted in order to ensure a level of protection that is essentially equivalent to that required under EU law.
Salesforce.com has adopted the BCR for Processors to legitimise the transfer of personal data outside the European Union, to companies within its group that process such data on behalf of Data Controllers established in a member state, in their capacity as Data Processors and/or Sub-Data Processors.
Salesforce's Processor Binding Corporate Rules are available at the following link
For further information, please see the following links: FAQ (“Where is my Salesforce instance located?”).
With regard to the processing of personal data carried out by the Data Controller, the user, as the data subject (i.e. the subject to whom the personal data refer), may - in addition to the rights referred to in paragraph 7 (and the right to withdraw consent in particular) - exercise the rights set out in Articles 15 to 22 of the GDPR, where applicable; of these, the data subject may request access to data concerning them and to the information referred to in Art. 15 (processing purpose, categories of personal data, etc.), erasure in the cases provided for by Art. 17, rectification of inaccurate data, integration of incomplete data and restriction of processing in the cases provided for by Art. 18, as well as the right to receive the data in a structured format, commonly used and readable by an automatic device, and, if technically feasible, to have it sent to another data controller without impediment (“right to data portability”), where the processing is based on consent or on the contract, and is carried out using automated tools.
To exercise their rights, the data subject may contact the Data Controller by writing to email@example.com, or by using one of the contact methods indicated in Section 1.
In addition, the data subject has the right to lodge a complaint with the competent supervisory authority in the Member State where he/ she habitually resides or works, or in the Member State where the alleged infringement has occurred.