What are cookies?
A cookie is a small text file consisting of letters and numbers placed by a website on a user’s computer when they access a site. They are stored by the browser (e.g. Explorer or Chrome) on your computer, smartphone or other device and allow websites to store and use information about user preferences in order to recognise a user when they access the site and respond accordingly. In the course of browsing a site, the user may also receive cookies from different sites or web servers (so-called “third-party” cookies); this happens because the website visited may contain elements such as, for example, images, maps, sounds, specific links to web pages of other domains residing on servers other than the one on which the requested page is located. Cookies are used to perform computer authentication, session tracking and storage of specific information about users accessing the server and are usually present in each user’s browser in very large numbers.
Definition and legal references
Personal data (or Data)
Personal data is any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number.
Usage Data
This is the information collected automatically by this Application (or by the third party applications that this Application uses), including: the IP addresses or domain names of the computers used by the User who connects with this Application, URI (Uniform Resource Identifier) notation addresses, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various time connotations of the visit (e.g. the time spent on each page) and details of the itinerary of the visit (e.g. the time spent on each page). ) the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (e.g. the length of time spent on each page) and the details of the itinerary followed within the Application, with particular reference to the sequence of pages consulted, the parameters relating to the operating system and the User’s IT environment.
User
The individual who uses this Application, who must coincide with the Data Subject or be authorised by him/her and whose Personal Data are processed.
Data Subject
The natural or legal person to whom the Personal Data refer.
Data Controller (or Owner)
The natural person, legal entity, public administration and any other body, association or body which is responsible, even jointly with another owner, for deciding the purposes, methods of processing of Personal Data and the instruments used, including the security profile, in relation to the operation and use of this application. The Data Controller, unless otherwise specified, is the owner of this Application.
This Application (or website)
The hardware or software tool through which Users’ Personal Data are collected.
Cookie
A small piece of data stored within the User’s device.
Service
The Service provided by this Website as defined in the relevant terms (if any) on this site/application.
European Union (or EU)
Unless otherwise stated, any reference to the European Union in this document shall be deemed to extend to all current member states of the European Union and the European Economic Area.
Legal references
This privacy policy is drafted on the basis of multiple legislative orders, including Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and Legislative Decree 196/2003 (Privacy Code). Unless otherwise specified, this privacy policy relates exclusively to this Application.
Types of cookies used by the site
Technical cookies
Technical cookies are strictly necessary to move around the site and use all its features. Cookies of this type are necessary for certain areas of the site to function correctly.
Third party cookies
Third party cookies are cookies set by a website other than our own. We integrate services such as Facebook and Instagram into our site. These services may issue cookies for their operation.
YouTube widget (Google Inc.):
YouTube is a video content display service operated by Google Inc. that enables this Website to embed such content within its pages.
Data collected: Cookies and Usage Data.
Place of processing: United States – Privacy Policy
Google Fonts (Google Inc.):
Google Fonts is a font style display service operated by Google Inc. that allows this Application to integrate such content within its pages.
Personal Data collected: Usage Data and various types of Data as specified by the privacy policy of the service.
Place of processing: USA – Privacy Policy
Google Maps Widget (Google Inc.)
Google Maps is a map display service operated by Google Inc. that allows this Application to integrate such content within its pages.
Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy
Statistics Cookies
The services contained in this section enable the Data Controller to monitor and analyse traffic data and serve to keep track of the User’s behaviour.
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). We use Google Analytics to collect traffic data anonymously for this website, for the sole purpose of tracking and analysing the use of this website by users, e.g. to find out who is visiting the site (language, location, device, browser and operating system), what the classic traffic data is (page views, average time, ranking of most viewed pages, etc.), and where it comes from.
Personal data collected: Cookies and Usage Data.
All the information that Google Analytics collects comes to us anonymously, as we have anonymised the IP address of users accessing our website, which means that when a user arrives here, Google Analytics hides part of the information about their geographical location, so the information we see is a little less precise. So we don’t know what your name is, where you live, what your email address is, what pages you’ve seen, how long you’ve been on the site and where you’ve come from, but only that a certain number of people in a certain period of time have come to the site, have been there for a total amount of time and have seen certain pages, etc.
The information that Google Analytics collects is on Google Analytics and nowhere else, we don’t keep any copies of this data and when we need to look at traffic data we go to Google Analytics to look at it.
To block Google Analytics, please use the appropriate extension made available by Google – Opt Out.
Place of processing: USA – Privacy Policy – Opt Out
How to disable cookies?
You can disable cookies from the settings of the browser you use while browsing: Chrome, Mozilla Firefox, Internet Explorer, Safari, Opera, Google Chrome.
Data Controller
The Data Controller is:
Plastimur s.r.l.
S.P. Rocciola Scrofani km 4,400, 97015 Modica, p.iva: 01185290887
Procedures for exercising rights
In the event of such requests or any complaints regarding how your personal data has been processed, you can still send an email to commerciale@plastimur.it. Since the installation of Cookies and other tracking systems operated by third parties through the services used within this Website cannot be technically controlled by the Data Controller, any specific reference to Cookies and tracking systems installed by third parties is to be considered indicative. To obtain complete information, the User is invited to consult the privacy policy of any third party services listed in this document.
Users’ rights
Right to be informed
Organisations must provide users with information about their data processing activities. This information should be provided at the time personal data is obtained, usually through a privacy statement/policy. The information should be concise, transparent, understandable, easily accessible, written in clear and simple language (especially if addressed to a child) and free of charge.
If the data is collected from the actual user to whom it relates, then the privacy policy must be provided to them at the time of obtaining the data, however, if the personal data is obtained from a source other than the individual to whom it relates, then the user must be provided with the privacy policy within a ‘reasonable period’ after the data is obtained. This period may not exceed one month in general; if it uses the data to communicate with the user, the communication must take place at the latest when the first communication takes place.
Right of access
Users have the right to access their personal data and information on how their personal data are processed. If the user so requests, data controllers must provide an overview of the categories of data being processed, a copy of the actual data and details of the processing. Details should include the purpose, how the data was acquired and with whom it was shared. In addition, the organisation must provide the applicant with a copy of its personal data free of charge (a reasonable fee may be charged for additional copies). The requested data must be provided to the data subject without undue delay and, at the latest, within one month of receipt of the request; the exact number of days available to the organisation to honour a request depends on the month in which the request was made.
The right of access is closely related to the right to data portability, but these two rights are not the same thing. It is therefore important that there is a clear distinction between the two rights in your privacy policy.
Right of amendment
Users have the right to have their personal data rectified if inaccurate or incomplete. This right also implies that rectification must be communicated to all third parties involved in the processing of the data in question, unless this is impossible or disproportionately difficult. If requested by the user, the organisation must also inform the user of these third-party recipients. Requests may be extended by a further two months if the request is complex or if numerous requests have been received from the individual. The individual must be informed within one month of receipt of the request with an explanation of why the extension is necessary. Requests must be fulfilled without undue delay and no later than one month after receipt of the request. In most cases, organisations must comply with a request for rectification without charging a fee, however, if a request is judged to be ‘manifestly unfounded or excessive’, a ‘reasonable amount’ may be charged to execute the request or refuse to deal with the request. In both scenarios, the decision must be legitimately justified. If a request is refused, the person must be informed (along with the justification) without undue delay and within one month of receipt of the request.
Right to object
Under the GDPR, users have the right to object to certain processing in relation to their personal data carried out by the Controller. In a nutshell, users may object to the processing of their data whenever the processing is based on the legitimate interest of the Controller, or the performance of a task of public interest/exercise of public authority, or for scientific/historical research and statistical purposes. The user is required to give reasons for his or her objection, unless the processing is carried out for direct marketing purposes, in which case no reasons are required to exercise this right. If an objection to the processing of personal data is received and there are no grounds for refusal, the processing activity must cease. Although the processing activity (including storage) must stop for the particular processing activities objected to, erasure may not be
appropriate if the data are processed for other purposes (including fulfilling a legal or contractual obligation) since the data will have to be retained for those purposes.
Requests must be fulfilled without undue delay and at the latest within one month after receipt of the request. Requests may be extended by a further two months if the request is complex or if numerous requests have been received from the individual. The individual must be informed within one month of receipt of the request with an explanation of why the extension is necessary.
In most cases, organisations must honour an objection (where there are no grounds for refusal) without charging a fee, however, if a request is found to be ‘manifestly
unfounded or excessive”, a “reasonable fee” may be charged for honouring the request or the request may be refused. In both scenarios, the decision must be legitimately justified. If a request is refused, the person must be informed (along with the justification) without undue delay and within one month of receipt of the request.
Portability
Users have the right to obtain (in a machine-readable format) their personal data in order to transfer them from one controller to another, without being prevented from doing so by the controller. Both ‘provided’ and ‘observed’ data are included in this rule. This right only applies to personal data and as such does not apply to truly anonymous data (data that cannot be linked to the person).Requests must be fulfilled without undue delay and at the latest within one month of receipt
of the request. Requests may be extended by a further two months if the request is complex or if numerous requests have been received from the individual. The individual must be informed within one month of receipt of the request with an explanation of why the extension is necessary. In most cases, organisations must comply with a request without charging any
fee, however, if a request is judged to be ‘manifestly unfounded or excessive’, a ‘reasonable charge’ may be required to execute the request or the request may be refused. In both scenarios, the decision must be legitimately justified. If a request is refused, the person must be informed (along with the justification) without undue delay and within one month of receipt of the request.
Deletion
Where data are no longer relevant to the original purpose or where users have withdrawn their consent, or where personal data have been unlawfully processed, users have the right to request the deletion of their data and the cessation of any dissemination. Requests must be complied with without undue delay and at the latest within one month of receipt of the request.
Requests may be extended by a further two months if the request is complex or if numerous requests have been received from the individual. The individual must be informed within one month of receipt of the request with an explanation of why the extension is necessary.
The right to erasure may be refused
– where personal data are processed for archiving purposes in the public interest (e.g. scientific research);
– where the data are necessary for defence in court; or
– to fulfil a legal obligation;
– for the performance of a task carried out in the public interest;
– in the exercise of official authority vested in the data controller;
– where the data are necessary for the exercise of the right to freedom of expression;
– where the data are processed for health purposes in the public interest.
The right to restrict processing
Users have the right to restrict the processing of their personal data in cases where:
– they have contested its accuracy;
– the user has objected to the processing and the organisation is considering whether there is a legitimate reason overriding that right;
– the processing is unlawful but the user requests restriction rather than deletion;
– the data are no longer needed but the user needs them to establish, exercise or defend a legal claim.
The restriction must be communicated to all third-party recipients involved in the processing of the data in question, unless this is impossible or disproportionately difficult. If requested by the user, the organisation must also inform the user of these third-party recipients. Requests shall be complied with without undue delay and at the latest within one month of receipt
of the request. Requests may be extended by a further two months if the request is complex or if numerous requests have been received from the individual. The individual must be informed within one month of receipt of the request with an explanation of why the extension is necessary. In most cases, organisations must comply with a request without charging a fee, however, if a request is judged to be ‘manifestly unfounded or excessive’, a ‘reasonable charge’ may be required to execute the request or the request may be refused. In both scenarios, the decision must be legitimately justified. If a request is refused, the person must be informed (along with the justification) without unnecessary delay and within one month of receipt of the request.
Rights relating to automated decision-making and profiling
Users have the right not to be subject to a decision when it is based on automated processing or profiling and produces a legal effect or a similarly significant effect on the user. Organisations may only carry out automated decision-making if it is necessary for the performance of a contract; authorised by EU state law applicable to the data controller; does not have a legal or similarly significant effect on the user; or is based on the explicit consent of the individual. Automated decisions may be made on the basis of special category data only with the explicit consent of the user or for reasons of substantial public interest