INX SRL – Privacy Policy

The Holder of the Personal Data Treatment related to the users of https://www.inxsrl.eu/ is:
INX SRL – Via delle Industrie, 8 – 26835 Crespiatica (LO)
Email address of the Owner: info@inxsrl.eu

———————————

This Website collects certain Personal Data about its Users.

Information in accordance with Articles 13 and 14 of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

It is important to specify that the term “USER” does not mean only natural persons who have directly entered into a contract with INX srl, but all others who are in any case considered parties within the meaning of Article 6(1)(B) of the RGPD, including natural persons who have contributed to the execution of pre-contractual measures taken at their own request (possible customers).

 

Holder of the Personal Data Treatment

The Holder of the Personal Data Treatment related to the users of https://www.inxsrl.eu/ is:
INX SRL – Via delle Industrie, 8 – 26835 Crespiatica (LO)
Email address of the Owner: info@inxsrl.eu

 

PURPOSES AND METHODS OF DATA TREATMENT

Navigation: The data are collected and used to allow navigation of the Site and for statistical purposes and to allow interaction with social networks and external platforms as well as viewing content from external platforms.
Possible forms on the site or other contact methods: the personal data provided by users who request services or information, through the use of specific forms in the sections of the site or by sending e-mails to the contact references on the site, and are used to process the request, without prejudice to the possibility of using them for further purposes with the express consent of the person concerned.

The processing is carried out using automated tools (e.g. using electronic procedures and supports) for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, in compliance with the relevant regulations in force. Specific security measures are observed to prevent the loss of data, unlawful or incorrect use and unauthorized access.

 

TYPE OF DATA PROCESSED AND LEGAL BASIS

Navigation data: the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is collected anonymously and cannot be associated with identified interested parties. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the response given by the server (e.g. successful, error, etc.) and other parameters relating to the user’s computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site, to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Site. The legal basis for the processing of this data is the consent provided for the use or consultation of this site by the visitor. With regard to consent to cookies, see below and the see the cookie policy.

Dati forniti volontariamente dall’utente: l’invio facoltativo, esplicito e volontario di dati nei moduli web o di posta elettronica agli indirizzi indicati in questo Sito comporta la successiva acquisizione dell’indirizzo del mittente, necessario per rispondere alle richieste, nonché degli eventuali altri dati personali inseriti nella missiva.

Per le eventuali richieste relative a specifici servizi all’interno dei quali viene proposta la compilazione di apposito form con l’obbligatorietà di inserimento di alcuni dati da parte dell’utente, viene richiesta l’apposizione di flag nell’apposita casella di presa visione e/o accettazione da parte dell’utente. La base giuridica per il trattamento dei dati è il consenso fornito esplicitamente mediante flag su apposita casella presente nelle sezioni specifiche, ivi compreso consenso per finalità ulteriori e specificate nelle sezioni stesse.

Dati acquisiti con modalità differenti dal sito web Riguardo i dati personali forniti o acquisiti con modalità differenti dal sito web costituiscono base giuridica:

  • L’esecuzione di un contratto con l’interessato e/o l’esecuzione di misure precontrattuali;
  • L’adempimento di un obbligo legale al quale il Titolare è soggetto;
  • L’interesse pubblico o il legittimo interesse del Titolare o di terzi, negli esclusivi casi previsti dalla normativa europea e nazionale applicabile;

E’ comunque sempre possibile richiedere al Titolare di chiarire la concreta e specifica base giuridica di ciascun trattamento.

 

OPTIONAL DATA PROVISION

Apart from that specified for navigation data, the user is free to provide personal data to request the services offered by the Owner. Failure to provide them may make it impossible to obtain the service requested.

 

PLACE OF TREATMENT

The data collected are processed at the headquarters of the Data Controller and, in some cases, at the data centre of the web Hosting Server Plan.

 

STORAGE PERIOD

The data are processed and stored for the time required by the purposes for which they were collected. In particular:

  • Personal data collected for purposes related to the execution of a contract between the Owner and the User will be retained until the execution of such contract is completed;
  • Personal data collected for purposes related to the legitimate interest of the Owner will be retained until such interest is satisfied.
    In the case of processing based on consent, the Owner may retain the personal data until the consent is revoked by the data subject.

The above, except for the use of data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period the data are deleted.

 

LINKS TO OTHER WEBSITES AND BANNERS

This Privacy Policy refers exclusively to this Site. The Site contains links to third party websites, over which the Owner has no form of control. The Owner will therefore in no way be responsible for the processing of personal data that users may provide while browsing these sites. Advertisements or commercial information relating to third parties (companies or individuals) may appear on the Site. The Owner has no control over such banners and the processing of personal data carried out by third party advertisers.

 

RIGHTS OF INTERESTED PARTIES (Articles 11 and 12 of the European Regulation D. Lgs. 679/2016)

The subjects to whom the personal data refer have the right to obtain, at any time, confirmation of the existence or not of the same data and to know its content and origin, verify its accuracy or request its integration or updating, or correction. In particular:

Art. 15 c.3 Right of access – The user has the right to access and receive a copy of the personal data being processed. This right may also be allowed through direct consultation, remotely and securely, of your personal data;

Art.16 Right of rectification – Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing consistent statements;

Art. 17 Right to deletion – The User has the right to obtain from the data controller the deletion of personal data concerning him/her, in the cases provided for in letters a) – f) and with the exceptions provided for in c. 3, including the obligation on the part of the Data Controller to inform other data controllers who process the deleted personal data of the request for deletion, to include any link, copy or reproduction (c.2);

Art. 18 Right to limitation of processing – The User has the right to obtain the limitation of processing when the hypotheses under letters a) – b) apply;

Art. 20 Right to data portability – The User has the right to data portability for the data provided;

Art. 21 Right to object – The User has the right to object, at any time, for reasons related to his particular situation, to the processing of personal data concerning him pursuant to Article 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions.

Moreover, it is without prejudice to the right to lodge a complaint to the supervisory authority, also with reference to Articles 141-144 of Legislative Decree 101/2018.

To exercise the rights, please contact the Owner using the contacts indicated above.

Further information in relation to the processing of personal data may be requested at any time to the Data Controller using the contact details.

Media

If you upload images to the website, you should avoid uploading images that include embedded position data (EXIF GPS). Visitors to the website can download and extract any position data from the images on the website.

 

PLUGIN WORDPRESS

YouTube

This website incorporates YouTube (managed by Google) for viewing videos.
When you visit pages with YouTube plugins inside, a connection to YouTube servers is made. If you visit one of our pages with a YouTube plug-in, a connection to YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you are logged into your YouTube account, YouTube allows you to associate your browsing behavior directly to your personal profile. You can avoid this by logging out of your YouTube account. YouTube is used to make our website attractive. This constitutes a justified interest according to art. 6 (1) (f) DSGVO.
Further information on the handling of user data can be found in YouTube’s data protection declaration at page https://policies.google.com/privacy

Google Web Fonts

For a uniform representation of fonts, this page uses the web fonts provided by Google. When you open a page, the browser loads the required web fonts into the browser cache to display text and fonts correctly.
For this purpose, your browser must establish a direct connection to Google’s servers. Google then realizes that our website has been read by your IP address. The use of Google’s web fonts is carried out in the interest of a uniform and attractive presentation of our plug-in. This constitutes a justified interest according to art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard fonts is used from your computer.
Further information on the handling of user data can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.

 

HOSTING AND BACKEND INFRASTRUCTURE

Server Plan

This type of service is intended to host Data and files that enable this Web Site to function, enable its distribution and provide a ready-to-use infrastructure to provide specific features of this Web Site.
Some of these services operate through servers located geographically in different locations, making it difficult to determine the exact location where Personal Data is stored.
Linux Server on Provider Server Plan

Server Plan is a provider that offers a hosting service.
Personal Data collected: various types of Data as specified in the privacy policy of the service.
Place of processing: Italy – see also: Privacy Policy Server Plan.

 

SAVING AND BACKUP MANAGEMENT

This type of service is intended to host Data and files that enable this Web Site to function, enable its distribution and provide a ready-to-use infrastructure to provide specific features of this Web Site.

Server Plan backup
Server Plan Internet service provider makes backups of the site content.
Personal Data collected: various types of Data as specified in the privacy policy of the service.
Place of processing: Italy – Privacy Policy Server Plan.

 

VIEWING CONTENT FROM EXTERNAL PLATFORMS

This type of service allows you to view content hosted on external platforms directly from the pages of this Website and to interact with them.
If a service of this type is installed, it is possible that, even if Users do not use the service, it may collect traffic data relating to the pages where it is installed.

Google Maps Widget (Google Inc.)

Google Maps is a map display service operated by Google Inc. that allows this website to integrate such content into its pages.
Personal Data Collected: Cookies and Usage Data.
Place of processing: United States – Privacy Policy Google. Subject adhering to the Privacy Shield.

INTERACTION WITH SOCIAL NETWORK AND EXTERNAL PLATFORMS (if any)

This type of service allows interactions with social networks, or other external platforms, directly from the pages of this Website. The interactions and information acquired by this Website are in any case subject to the User’s privacy settings relating to each social network.
If a social network interaction service is installed, it is possible that, even if Users do not use the service, it may collect traffic data relating to the pages where it is installed.

Facebook Like button and social widgets (Facebook, Inc.)

Like button and Facebook social widgets are social network interaction services provided by Facebook, Inc.
Personal Data Collected: Cookies and Usage Data.
Place of Processing: United States – Privacy Policy Facebook.

Twitter Tweet Button and Social Widgets (Twitter, Inc.)

The Tweet button and social widgets of Twitter are services of interaction with the social network Twitter, provided by Twitter, Inc.
Personal Data Collected: Cookies and Usage Data.
Place of Processing: United States – Privacy Policy Twitter.

LinkedIn Button and Social Widgets (LinkedIn Corporation)

The LinkedIn button and social widgets are LinkedIn social network interaction services provided by LinkedIn Corporation.
Personal Data Collected: Cookies and Usage Data.
Place of Processing: United States – Privacy Policy LinkedIn.

Social Button and Widgets of Instagram (Facebook, Inc.)

Social Button and Widgets of Instagram (Facebook, Inc.)
The Instagram button and social widgets are services of interaction with the Instagram social network, provided by Facebook, Inc.
Personal Data Collected: Cookies and Usage Data.
Place of processing: United States – Privacy Policy Instagram.

 

STATISTICS

The services contained in this section allow the Data Controller to monitor and analyse traffic data and serve to keep track of the User’s behaviour.

Google Analytics (Google Inc.)

Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc.
Google uses the Personal Data collected for the purpose of tracking and analyzing the use of this website, compiling reports and sharing them with other services developed by Google.
Google may use Personal Data to contextualize and personalize the ads of its advertising network.
Personal Data collected: Cookies and Usage Data. IP addresses collected through Google Analytics are anonymized.
Duration of Data Retention: 14 months.
Place of Processing: United States

 

 

More information about the treatment

Defence in court

The User’s Personal Data may be used by the Owner in court or in the preparatory stages for its possible establishment for the defence against abuse in the use of this Website or related Services by the User.
The User declares to be aware that the Owner may be obliged to disclose the Data by order of public authorities.

 

Specific information

Upon your request, in addition to the information contained in this privacy policy, this Website may provide you with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.

 

System Log and Maintenance

For operational and maintenance needs, this Website and any third party services used by it may collect System Logs, i.e. files that record interactions and may also contain Personal Data, such as the User IP address.

 

Information not contained in this policy

Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

 

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page and, if possible, on this Website and, if technically and legally feasible, by sending a notification to Users through one of the contact details in the Data Controller’s possession. Therefore, please consult this page regularly, referring to the date of last modification indicated at the bottom.

If the changes involve treatments whose legal basis is the consent, the Owner will again collect the User’s consent, if necessary.

 

Video surveillance: second level information

This information note on the processing of personal data refers to the processing carried out by means of video surveillance systems at the company’s plants and appliances.
INX SRL, at the offices of Via delle Industrie 8, 26835 CRESPIATICA (LO) – ITALY.
INTRODUCTION:
The video surveillance system located in Via dell’Industria, 8 is equipped with:
(a) no. 14 fixed orientation cameras;
b) n. 1 monitor for real-time display of images located at the company’s headquarters;
c) n. 1 recording equipment protected by password.
The video cameras are placed, with a special report through simplified information, in the perimeter areas of the plant, at the accesses marked on the map. with logic of minimization in relation to the field of shooting, subjects authorized to access the images, duration of the recording.
The precise position of the cameras is indicated on the plans available at the offices of the owner and can be consulted at the request of the interested party.
The processing of data, in accordance with the provisions of the Workers’ Statute (art. 4, Law no. 300/1970) has been authorized by the National Labour Inspectorate of … with provision no…. of ……
1: WHO PROCESSES THE DATA
The Data Controller is the person who takes the decisions on how to process the data, then – among other things – on what precautions to take to protect them, where to store them (if in server or cloud, if in paper mode, etc..), on what data to ask the Customer, on what to process and for what purpose, on what and to whom to transfer them, how to manage the relationships and rights of customers, who to choose as a collaborator, responsible or simply appointed to process data, on what instructions to employees, etc.. So, since the owner of the data processing is very important, know the Customer that it is:
INX SRL, with headquarters in Via delle Industrie, 8 – 26835 Crespiatica (LO)
P.IVA 03766410967
TEL./FAX 0371484491
Email: info@inxsrl.eu
PEC: inxsrl@pec.gmail.itThen, as far as possible accessory functions are concerned, the Owner makes use of third parties, as appointees (duly authorized and instructed) or mostly as managers or sometimes autonomous data controllers:
– Employees in charge of viewing the images;
– External parties to whom the security management may be delegated;
– External or internal subjects who perform the functions of computer system administrator;
– External or internal subjects who carry out maintenance and repair functions for the video surveillance system;
2: WHAT DATA ARE TREATED AND WHAT THE INTERESTED PARTIES ARE
The data that will be processed are the following:
– Image of the person;
– Additional secondary data: from the vision of the worker’s image, it is theoretically possible to indirectly deduce information related to his work activity, such as the concrete modalities of execution of the service, in time and manner, habits, etc.. This information is not subject to control through video surveillance.
– Additional secondary data of third parties: from the vision of the image of third parties other information can be inferred, such as the company or entity to which it belongs, working hours, the means in use, etc.. The data may concern:
– Employees of the Owner;
– Suppliers (or possible suppliers) of the Owner;
– Employees of the Owner (agents, etc.);
– Customers (or possible customers) of the Owner;
– Third parties accessing the headquarters (Visitors, couriers, postal workers, etc.).
3: HOW THE DATA ARE CONFERRED AND CONSEQUENCES OF REFUSAL TO CONFER THEM
The images are taken from the video systems.
The conferment of data is necessary as it is strictly instrumental to access the company premises. Failing this, the Owner will be unable to let the interested party access the premises themselves. In any case, without prejudice to the possibility of viewing the warning sign of the presence of a video surveillance system, the interested party is allowed to access and be filmed.
4: FOR WHICH PURPOSES THE DATA ARE PROCESSED
The data are processed for the following purposes
A) Protection of company assets: the deterrent function of the cameras and their ability to document events acts as a deterrent and therefore has the purpose of protecting the company’s assets both as property and as movable property (including intangible assets – data and know-how).
Legal basis: legitimate interest of the employer in the protection and conservation of heritage.
Interested parties: third parties, suppliers, collaborators, customers and, in case of unlawful acts, also employees.
Duration of storage: 72 hours, unless extended in case of closure of the plant (in which case the images are stored for 72 hours after reopening). In case of aggression (theft, damage, unauthorized access, etc.) to the company’s assets (even if only suspected) the images are kept for a further time and until the consequent litigation (i.e. until the end of the consequent civil, criminal, administrative or disciplinary action);B) Organisational or production needs: the images are used to manage dangerous or unmanned or immediately visible accesses for personnel or to manage flows of materials, means or objects.
Legal basis: legitimate interest of the Owner to guarantee the safety of the people present at the company headquarters.
Interested parties: third parties, suppliers, collaborators, customers and employees.
Duration of storage: 72 hours, unless extended in case of closure of the plant (in which case the images are stored for 72 hours after reopening). In case of anomalous events (theft, damage, unauthorized access, accidents, etc.) the images are kept for a further time and until the consequent litigation (i.e. until the end of the consequent civil, criminal, administrative or disciplinary action);C) Safety at work: in case of access to dangerous areas, the images are monitored to manage such access.
Legal basis: protection of vital interests of people, legitimate interest of the employer to protect the health and safety of employees and collaborators.
Duration: 72 hours except for unauthorized access. In this case, the images are stored for a further time and until the resulting litigation (i.e. until the end of the resulting civil, criminal, administrative or disciplinary action);D) Claims documentation (insurance): in case of claims or other unlawful acts, the images will be used to document such events in the appropriate locations (judicial, mediation, extra-judicial, insurance).
Legal basis: legitimate interest of the Owner.
Duration of preservation: until the consequent litigation has been completed (i.e. until the end of the consequent civil, criminal, administrative or disciplinary action);
The use of the images for other purposes is not foreseen and in particular the purpose of remote control of the work activity is excluded.
5: WHERE THE DATA ARE PROCESSED
The Customer’s personal data are processed at the headquarters of the Owner.
They are also processed externally in cases of remote access to images.
6: HOW THE DATA WILL BE PROCESSED AND STORED
All personal data of the Customer will be stored on computer at the headquarters of the Owner.
The data are also processed using mobile devices with remote access to images.
7: WHO CAN ACCESS THE DATA AND TO WHICH SUBJECTS CAN BE COMMUNICATED
Images can be accessed:
– Employees in charge of displaying images at the company or remotely.
– Subjects (also external) in charge of the management, maintenance, administration of the video surveillance system;
– Subjects (also external) entrusted with the concierge and surveillance service, subjects entrusted with the surveillance service;
– Any professionals who support the company with consulting or legal activities;
– INSURANCES;
– Police forces and/or judicial authorities, in case of request.
8: HOW LONG WILL THE DATA BE STORED
The images will be stored, by setting, for 72 hours.
If the factory is closed, the images will be stored for 72 hours from the time of reopening.
In case of events (see point 4), the images will be further stored until the end of the resulting litigation (i.e. until the end of the resulting civil, criminal, administrative or disciplinary action).
9: LEGAL BASIS OF TREATMENT
The legal basis for processing is primarily the legitimate interest of the employer (see point 4).

10. RIGHTS OF THE DATA SUBJECT
Customers are beneficiaries of a number of rights.
First, the customer has the right to be informed about:
– Categories of data that are processed (see point no. 2);
– Origin of the data, i.e. to know where the lawyer has obtained his data from (see point no. 3);
– Purpose of the data processing, i.e. for what purposes the data is processed (see point no. 4);
– Methods of data processing (see point no. 6);
– Contact details of the data controller and any data processors (see point no. 1);
– Subjects to whom the data is communicated (see point 7);
– Storage and processing time of the data (see point 8);
– Right to lodge a complaint before the privacy guarantor by accessing the following
– link:http://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-nostri-dati-personali
– Existence or non-existence of a profiling process by the Vincenzi Law Firm;
– Legal basis for the treatment (see point 9);
– Right to revoke consent;
– Interests pursued by the owner through the processing: exclusively that of carrying out the task entrusted to him/her in the best possible way.

Then there are rights not simply of information but of operation:
– updating and rectification.
– deletion and anonymisation: this right can be exercised if the data is no longer necessary for the purpose for which it was processed.
– Copy.

11. PROCEDURE FOR EXERCISING YOUR RIGHTS
The rights listed in the previous point can be exercised by the Customer by sending an e-mail to info@inxsrl.eu indicating in the text which right you wish to exercise.
The Owner must respond within thirty days (which may be extended for another two months, but the Owner must give reasoned notice of the delay to the user).
The Owner may refuse, if he or she has reason to do so, to comply with the user’s request (this refusal must be communicated to the user within one month) only in the case of manifestly unfounded or repetitive requests. In this case he must give a reasoned reply. In any case the user can contact the “Privacy Guarantor” (see link below) or the Judge.
The Owner must reply using the same channel (e-mail, telephone, etc.) used by the user for the request, unless the user asks for a different answer. In case of request coming from an email address different from the one indicated in the account, the requester must prove that he is the interested party.
Where the Owner has doubts about the identity of the person making the request or exercising one of the rights listed below, he may request further information to confirm the identity of the applicant. In case of request coming from an email address different from the one indicated in the account, the applicant will have to prove that he is the person concerned.
Requests and answers are free of charge, unless they are repetitive. In the latter case the Holder may charge the live costs he or she faces for the reply (i.e. personnel costs, material costs, etc.).
In any case, the interested party may contact the Guarantor Authority (http://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-nostri-dati-personali) or the competent Jurisdictional Authority for the exercise of his/her rights.
12: HYPOTHESIS OF DATA BREACH
In case one or more of the following events should occur with respect to the data: access, theft, loss, destruction, disclosure, unauthorized modification (so-called Data breach), the Owner, without prejudice to the urgent technical measures to be taken to block (as far as possible) the event and to reduce its harmful effects, undertakes to:
– restore the service as soon as possible in an efficient way, recovering the available data from the last useful backup made;
– inform the interested parties, directly if circumstances permit or generically (by means of a notice on the home page of the website or by means of a communication sent to all users, including those for whom there may have been no events on the data) of the type of event, the time in which it occurred, the measures taken (without going into detail in order not to facilitate any new attacks) to reduce the damage and to avoid new similar events, as well as the measures and precautions that the user should – for its part – put in place to reduce the probability of new events and limit the consequences of those already occurred.Text in force since 1 July 2020