WHY WE PROVIDE THIS INFORMATION NOTICE
This information notice describes the methods of processing of the personal data of the users, identified or identifiable natural persons, who consult, after having downloaded it on their device, the KATO IMER Web App, property of the company KATO IMER Spa.
The information notice is provided only for the KATO IMER Web App and does not apply to other applications and external websites that the user may consult by following links.
KATO IMER Spa, Location Cusona, 53037 San Gimignano (SI), Tel: +39 0577 95121, Fax: +39 0577 982400, e-mail: firstname.lastname@example.org
PURPOSES OF AND LEGAL BASIS FOR THE PROCESSING
The personal data provided through the Web App will be processed by the company KATO IMER Spa for the following purposes:
- to grant the user access to the Web App, following an identification procedure (login), as simple GUEST or as OWNER of a KATO IMER Spa vehicle; or
- to grant the user fast access to the Web App (fast login) in case the user has a Facebook or Google+ account;
- for the provision of generic services, such as reading or downloading of data sheets and/or operating manuals for the vehicles or for sending a request to which we will reply;
- for the provision of specific services: use of the user's geolocation coordinates to identify the nearest dealership/workshop, or
- to allow us to send communications via e-mail or push notification regarding commercial, promotional and advertising activities, direct sales of the services of our company.
- for the fulfilment of a legal obligation of the controller;
- to ascertain, exercise or defend a right in court or whenever the judicial authorities exercise their judicial powers;
- in aggregated or anonymous form to carry out statistical research/analyses, without the possibility to identify the user, aiming to quantify the operation of the Web App, the traffic and to evaluate its functionality and appeal;
the legal basis in cases a., b. is the fulfilment of regulatory obligations to which the controller is subject, and specifically: to guarantee a safe environment where users may enter and save their personal data; the data are absolutely necessary for the use of the Web App.
the legal basis in case c. is the execution of precontractual measures adopted following a request by the user or, possibly, the performance of a contract to which the user is a party;
the legal basis in both cases d. and e. is the express, freely given and unconditional consent of the user; in case such consent is not given: in the case of point d., if we are not able to use the geolocation coordinates of the user’s device, we will provide the user with a generic list of our dealerships/workshops; in the case of point e., we will not send the user advertising/promotional messages, but the user may use the services provided by the Web App;
In both cases, where necessary, the user may read the specific information notices that have been published at the following links:
In addition, we may use your data
TYPES OF DATA PROCESSED AND ERASURE TIMES
Data communicated by the user
For the purposes described above, we only use the user’s personal and contact details (e.g. e-mail, telephone number, if provided by the user), including the access password (always in compliance with adequate security criteria that include encryption), as well as data pertaining to the vehicle owned by the user (model and serial number), if the user has registered as OWNER. In case the user accesses the App via his/her Facebook or Google+ accounts, the data provided by the user will not be saved and we will use his/her e-mail as access password (with this access method, the user will be able to make limited use of the web app).
If the user decides to send messages to the contact addresses mentioned in the Web App, or by filling in and sending modules/forms, aside from the personal and contact details of the user, which are necessary for us to reply to requests, we may gain knowledge of personal data included in the communications.
In general, we will delete the data that refer or that may refer to the user and which we hold when they are no longer necessary for the achievement of the described purposes. However, for promotional activities, the user may, at any time, withdraw the intention expressed by accessing his/her reserved area and modifying the settings, or with a message sent to the controller at the addresses that the user may find at the end of this document; in addition, at the end of the e-mails that we send to you, you can find out how to cancel your registration (unsubscribe). In order to make it easy for the user to access the app after the first login, we save certain personal and contact details (Name, E-mail, User role (Guest/Owner), Language) in the app’s “local storage”; the data will be deleted when the user empties the browser’s cache or logs out. The user is, in any case, free to delete his/her data used by the web app at any time by cancelling the registration by accessing his/her reserved area.
The IT systems and software procedures that allow the operation of this Web App acquire, during their normal operation, certain personal data, the transmission of which is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or the domain names of the computers and terminals used by the users, addresses in URI/URL notation (Uniform Resource Identifier/Locator) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code that indicates the status of the reply given by the server (success, error, etc.) and other parameters related to the user’s operating system and IT environment.
Such data are used in order to retrieve anonymous statistical information regarding the use of the Web App and to control its correct operation; to allow - taking into account the architecture of the systems used - the correct performance of the various functionalities requested, for security reasons and in order to ascertain liability in case of computer crimes to the detriment of the application or of third parties, and are deleted after 7 days, at the latest.
For the purposes described under point e., we use technical information relating to your device in order to provide you with a reply and only the geolocation coordinates of your device, without systematically and continuously tracking your position; the GPS coordinates are not stored and will, therefore, be deleted as soon as the system has selected the dealership/workshop nearest to you.
Cookies and other tracking systems
Our Web App uses third-party analytical cookies to collect information in aggregated and anonymous form on the number of users and on how they visit the Web App; it also uses session and technical (non persistent) cookies strictly limited to the extent necessary for the safe and efficient browsing of the Web App. The third parties whose services we use (e.g. YouTube videos, Goggle maps, Google+, Facebook) use persistent profiling cookies, while our company does not. For detailed information related to cookies, including the possibility to select which cookies to install and their deletion times, the user may access the Cookies policy.
RECIPIENTS OF THE DATA
The recipients of the data collected following the consultation of the Web App are as follows:
- Più Communication Srl for the construction, maintenance and update of the Web App and for the archiving of the database integrated in the application, for the provision of services among which the analysis of the Web App, which acts, together with external persons who it uses for the provision of certain services, in the capacity of data processor on behalf of the controller;
- our staff that has been authorised for processing and which acts on the basis of specific instructions (e.g. the controller’s employees and associates);
For a full list of the data processors, you may contact the data controller at any time.
TRANSFER OF THE PERSONAL DATA TO THIRD PARTIES OR INTERNATIONAL ORGANISATIONS
As we are using third-party services, your data will be transferred to the server farm of Google, LLC in the United States of America; the company has signed the Adequacy Decision with the name Privacy Shield USA-EU or alternatively appropriate guarantees in accordance with art. 46, par. 1 of RGPD 2016/679 and provides, through electronic documents, adequate guarantees in its capacity as data processor.
The company does not perform processing based on an automated decision-making process, including profiling, that produces legal effects that concern you or significantly affect you.
RIGHTS OF THE DATA SUBJECTS
In your capacity as data subject you may exercise the rights of articles 15 to 21 of the GDPR (EU) 2016/679, a summary of which you will find below, by addressing the data controller at any time.
Specifically, you may access the personal data that concern you, obtain their rectification or erasure, the restriction of the processing and the portability of the data.
RIGHT TO LODGE A COMPLAINT
The data subjects who believe that the processing of the personal data that concern them and which is performed by this Web App violates the provisions of the Regulation have the right to lodge a complaint with the Personal Data Protection Authority, as provided for by art. 77 of said Regulation, or the right to an effective judicial remedy (art. 79 of the Regulation).
CONTACT DATA FOR THE EXERCISE OF THEIR RIGHTS BY THE DATA SUBJECTS
Date controller, KATO IMER Spa, Location Cusona, 53037 San Gimignano (SI), Tel: +39 0577 95121, Fax: +39 0577 982400, email: email@example.com