Processing of personal data
DISCLOSURE PURSUANT TO ARTICLE 13 OF THE EU REGULATION N ° 2016/679
Who is the Data Controller?
The data controller is Building S.p.A (P.Iva 04366300012) with registered office in Turin (TO), Via Alfieri 6.
The updated list of data processors and data processors is kept at the aforementioned office.
For any clarification, question or requirement related to your privacy and the processing of your personal data you can contact us by email by writing to the email address email@example.com
Who will handle your data?
Your data is processed by the internal staff of Building S.p.A, duly instructed and specifically authorized. Furthermore, your data could be processed by our suppliers only for organizational and functional requirements inherent to the services requested by you (see paragraph “With whom we can share your data”).
What personal data do we collect?
Personal data are all information that identifies the User / Customer.
When accessing the building.it site or the App and through the functions provided therein, the categories of information we collect are as follows:
Browsing data such as the website from which the page was called (so-called “referral”), the IP address, the date and time of the request or access, the request by the visitor’s browser or other client as well as the operating system used;
Data relating to the geographical location in real time of the device via IP Address, Bluetooth, crowd-sourced wi-fi hotspots, GPS and repeater position if you use location-based features by activating geolocation services on your device and / or computer (which can be deactivated in any time by changing the settings related to the geolocation services of your device);
Communications exchanged with us or addressed to us via email;
Through the form “Book the table”, we collect: Your name and surname, telephone number, e-mail address, the content of the communications exchanged with us and the relative sensitive data communicated (i.e. food intolerances).
Through the App reservation / order system, payment data will also be collected.
On the occasion of events organized or promoted by Building S.p.A, we may also collect the images of Your face, through photographs and / or videos, which could be published on our social channels and / or on our website. It should be noted that even in the latter case it is always possible to oppose the relative processing. If the image of your face, in the foreground, has already been taken or resumed with your consent, even tacit (eg you asked our photographer that a photo was taken of you), you can write to us at the email address info @ building .it or by registered letter sent to our registered office, opposing its publication, requesting its deletion and / or possibly its removal (if already published).
Purpose of the processing
The personal data provided by you and collected on / from the building.it site will be recorded on electronic databases owned by the Data Controller, as well as on paper and are necessary for:
processing of your requests (in the cases referred to in points 3 and 4 of the previous paragraph);
to obtain statistical information on the use of the site / app in order to identify the pages preferred by the users and thus provide adequate contents and to check its correct functioning;
fulfill the contractual obligations assumed;
publication of social channels (only in the case of data collected during events referred to in the last point of the previous paragraph)
fulfill the obligations of law, regulations and community rules.
Finally, at the request of the Judicial Authority, the data could be used to ascertain responsibility in the event of hypothetical computer crimes against Building S.p.A or its Users / Customers.
In the cases referred to in points 3 and 4 above, you are free to give us your data or not, but in the absence of the requested data we will not be able to conclude or execute your requests.
Legal basis of the processing
The legal basis of the processing of personal data referred to in this statement, is given, depending on the case, from:
– consent of the interested party;
– contractual relationship;
– legal obligations.
How we treat and secure your data
Your personal data will be processed by the Data Controller in accordance with the principles of correctness, lawfulness and transparency and with the methods and procedures necessary to provide the services requested, to fulfill legal obligations and contractual obligations undertaken. The data collected will be recorded on electronic databases owned by the Data Controller, as well as on paper. Consequently, the processing will be carried out in paper and / or automated form, in compliance with the provisions of art. 32 GDPR 2016/679 on security measures, by persons specifically appointed by Building S.p.A and in compliance with the provisions of art. 29 GDPR 2016/679.
It should be noted that for the protection of the data acquired, the Data Controller adopts technical and organizational measures appropriate to the purposes of the processing (c.d. privacy by design and privacy by default). Strict security procedures have been followed in the storage and disclosure of personal data, to protect them against accidental loss, destruction or damage. The data you have provided to us is protected with SSL (Secure Socket Layer) technology, or other comparable technology, which is the standard method of encrypting personal data and credit card numbers that allows their safe transfer on the Internet .
All payment data is transmitted via SSL throughout the dedicated network infrastructure and stored in accordance with the Payment Card Industry Data Security Standards (PCI DSS).
In case of violation of the aforementioned measures for the protection of personal data acquired, we will, as Data Controllers, without undue delay notify the aforementioned violation to the supervisory authority – and, where possible, within 72 hours from the time of which it became aware of – if this violation poses a risk to the rights and freedoms of individuals. In this case, we will promptly send you a communication containing the indication of the data violated.
How long and how do we keep your information?
Your personal data collected will be recorded and stored also on protected electronic media and treated with adequate security measures, also associating them and integrating them with other DataBases. In compliance with the principles of lawfulness, limitation of purposes and minimization of data, pursuant to art. 5 GDPR 2016/679, subject to the release of your free and explicit consent, your personal data will be kept for the period of time necessary to achieve the purposes for which they were collected and in any case up to Your request for cancellation formulated through the site building.it or by registered letter addressed to the headquarters of the Tirolare (Building SpA) and in compliance with the terms of conservation required by law.
With whom we can share your personal data
We inform you that the data collected will not be disclosed and will not be subject to communication without your explicit consent, except for the necessary communications to third-party companies that carry out on behalf of the Owner tasks of a technical, organizational, administrative or accounting nature instrumental to the supply of the services requested as well as for fulfill legal obligations.
This may include media and advertising partner cookies that will be stored by the computer or any other device whenever you visit our website / App.
At any time, in accordance with articles 15-22 of the EU regulation n. 2016/679, the right to:
request confirmation of the existence or not of your personal data;
ask for information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the storage period;
obtain the correction and deletion of data;
obtain the limitation of the treatment;
obtain data portability, ie receive them from the Data Controller in a structured, commonly used and legible format