PERSONAL DATA PROCESSING INFORMATION SHEET

Pursuant to art. 13 of the (EU) Regulation 2016/679 (the "GDPR")

 

This page describes the features of the processing of the personal data of users (the "Users") of thewww.bipod.it website ("Site").

 

* * *      *      * * *

 

The information you find on this page does not apply to sites, apps and content of third parties of any kind, even if accessible via the website by clicking on links found on the website pages.

In these cases the provisions on data protection supplied by said third parties shall apply, which maybe different from these and which we suggest you consult before communicating any data.

 

* * *      *      * * *

 

  1. Data controller, Data Protection Officer and contact data

For the purposes of this information sheet, the data controller is  SAES Getters S.p.A., with registered offices in Viale Italia 77, 20045 - Lainate (MI), tax code and VAT no. 00774910152, (henceforth simply the “Company” or "Controller”).

 

If in doubt regarding how the Controller processes personal data, the Controller may be contacted:

  • via the e-mail address privacy@saes-group.com; or
  • by contacting the Legal & Compliance Office of SAES Getters in writing to the address Viale Italia 77, Lainate (MI).

 

For a number of activities, which include website creation, support and maintenance and the management of the payment and mail-marketing system, the Controller has involved technical partners, including the Shopify Inc. and Klavyio companies, as well as other third party subjects appointed as data processors or data process sub-contractors.

 

A complete list of all data processors and data process sub-contractors can be requested by contacting the Controller at the addresses provided above.

 

The Data Protection Officer (DPO) appointed by SAES Getters is LCA SERVIZI S.r.l. (Mr. Gianluca De Cristofaro) can be reached at the following address: Via della Moscova 18, 20121, Milano, e-mail: dpo@lcalex.it

 

  1. Method of data collection and types of data processed

Browsing data collected automatically from the Site: access and browsing data

Whenever a User accesses the Site, the IT systems and the software procedures that run the Site, during their normal operation, acquire the access and browsing data, for example: information on the browser used by the User, pages visited, date, time and duration of each visit, as well as parameters related to the User's operating system and IT environment (henceforth the "Browsing Data").

 

Data communicated spontaneously by the Users

On the site there are data collection forms that are needed to (i) create an account, (ii) purchase a B!pod product (the "Product"), (iii) subscribe to the newsletterservice. In these cases the User is required to provide the following data:

  • common identification data, such as name and surname;
  • common contact data, such as an e-mail address;
  • if a product is being purchased, the data required to proceed with the payment and shipping: company name (where applicable), VAT no. (where applicable), shipping address, invoicing address;
  • additional information required to issue an invoice for the payment made, for example: the tax code, the residential address, a phone contact number, the details of the payments made (date, place, amount and type of payment);

(henceforth the "Data communicated spontaneously by the Users")

 

Cookies

IT techniques are used on the site for the direct acquisition of personal data that identifies the User, which are made up of "strings of code": the "cookies".

All personal data acquired by the cookies will be processed according to the procedures stated on the relative information sheet.

 

The various types of personal data listed above, are jointly referred to in the following text also as "Data".

 

 

  1. Purpose and legal basis for the processing

The Browsing Data will be used: (i) to monitor the Site's correct operation; (ii) in anonymous and aggregate form for statistical purposes in order to understand how the Site is used by Users, to improve ease of access and increase its appeal, as well as (iii) to promptly detect any technical problems.

The legal basis for the processing is founded on the legitimate interest of the Company to improve its products and its digital services, and is compatible with the position of the data subjects given that: (a) the monitoring of the Site's operation and the statistical data linked to its use do not entail and form of direct identification; and (b) the Company's interest reasonably matches that of the Users, who will therefore be able to enjoy an increasingly high performance and optimised Site.

 

The data spontaneously provided by the Users, will only be used to:

 

  1. fulfil the requests made by the users themselves, and especially the process of subscribing to the Site and purchasing the Product. The legal basis of this processing is theexecution of the pre- contractual and contractual measures adopted as requested by the user and the fulfilment of all legal obligations.

 

The provision of the aforementioned data by the User, albeit optional, is required in order to fulfil the requests received and, therefore, failure to provide them may lead to the impossibility of accepting the requests received and fulfilling these.

 

  1. to send you, with your explicit consent, the SAES newsletter containing news and updates on the Controller's new products or services. The legal basis for this processing is the consent of the data subject.

 

The data to be used for these purposes is provided as a result of your explicit and prior consent: the refusal, or subsequent opposition, will make it impossible for the Controller to send you communications and updates on its activities.

You may withdraw consent you have granted at any time by following the procedure indicated in each e-mail or by sending a specific request to be forwarded to the contact details provided in article 8 below. If you withdraw consent this will not prejudice the lawfulness of the processing based on the consent you granted prior to withdrawal.

 

  1. to exercise the Controller's rights, for example the right to defence in court, based on the Controller's legitimate interest. This legitimate interest is to be considered to be prevailing as it coincides with a constitutionally guaranteed right and, as such, is socially recognised as prevailing over the interests of the single data subject.

 

 The provision of the Data for said purposes is required to enable the Controller to present a defence in legal proceedings.

 

  1. Data Recipients

The Data will be communicated and may be disclosed (i) to Company employees and collaborators, duly instructed and appointed to perform the processing; (ii) by third parties that provide services that are accessory or instrumental to the Company's activities, relative to the development, provision and operating maintenance of the Site or the management of the payment system, specifically appointed as data processors; and (iii) external subjects operating as independent controllers such as, by way of example, Authorities and supervisory and control bodies and generally speaking subjects, including private entities, that may legitimately request the data (for example accounting and legal consultants), Public Authorities that make an express request for administrative or institutional reasons, in accordance with the provisions of current national and European legislation.

 

  1. Location of processing and transfer of the Data abroad

The processing of the User's Data will take place on the premises of the Company indicated above, and the Data will be stored on servers located within the European Union.

 

Any transfer of the Data abroad - and in particular to the USA - may take place within the context of the involvement of third parties. These transfers will take place following the adoption, by the Controller, of suitable guarantees such as the underwriting of the Standard Contractual Clauses approved by the European Commission.

 

 

 

  1. Processing method, security measures and Data retention period

The Data will be processed in both paper form and using electronic, computer or automated tools, using systems that ensure the Data's protection, security and confidentiality.

The Company has also adopted specific and appropriate logical, judicial, organisational and technical security measures to prevent the loss of Data, the illicit or forbidden use of the same and unauthorised access.

 

The Browsing Data - which do not allow the User's identification - shall remain as long as the Site is viable.

 

The Data spontaneously provided by the User by filling in the various forms collected in order to:

 

  1. register an account on the Site or purchase a Product, shall be retained for the time required to fulfil the requests made by the Users themselves, and, in any case for the entire duration, if identifiable, of the contractual relationship and, once the same is terminated for whatever reason, for a period equal to the standard prescription term amounting to 10 years;

 

  1. subscribe to the newsletterservice, based on your optional consent, which may be withdrawn at any time, will be conserved for a maximum of 24 months from the time consent is granted;

 

  1. be used for the judicial protection of the Data Controller, and in the specific instance of a legal dispute, and will be retained for the entire duration of the same, until the terms for filing of all appeal actions have lapsed.

 

The Data may be retained for longer periods of time whenever they are required to fulfil statutory and/or legal obligations, as well as to ensure the judicial protection of the Company's rights, in compliance with standard terms of prescription.

 

  1. The User's rights

The Users, as data subjects (meaning subjects to whom the data refers), are entitled to the rights granted by the GDPR. In particular, pursuant to articles 15-22 of the GDPR, the data subjects have the right, at any time, to request and obtain access to their personal data, information the processing performed, rectification and/or updating of personal data, the erasure and restriction of processing. They also have the right to object to processing and request data portability (meaning the right to receive their personal data in a structured, commonly used and machine readable format). Finally, the data subjects always have the right to withdraw their consent at any time (this, in any event, without prejudice to the lawfulness of processing carried out based on the consent provided prior to withdrawal) and to file a complaint with the control authority (in Italy: the Data Protection Authority "Garante").

 

  1. Contact data

The rights detailed above may be exercised at any time, by sending a simple request to the Controller, to be sent:

 

  • via the e-mail address privacy@saes-group.com; or
  • by contacting the Legal & Compliance Office of SAES Getters in writing to the address Viale Italia 77, Lainate (MI).

 

For any further information or clarifications relative to the rights detailed above, the Company can be contacted at the same contact details above.

 

The Company may modify this information sheet to upgrade it following future expansions or changes to the Site.

Information updated on 30/03/2022.

 

* * *      *      * * *

 

The data subject:

 

  • hereby states that he/she has read thePrivacy Information Sheet on the processing of personal data, provided pursuant to art. 13 of the European Regulation (GDPR (compulsory)

 

  • Agrees to the processing of his/her personal data in order to receive updates on upcoming events, exclusive promotions and offers on SAES Getters products and/or services (optional)