Updated to European personal data protection regulation no. 679/2016, GDPRand Legislative Decree no. 101/2018
Our site respects and protects the privacy of users, implementing proportionate measures so as not to infringe their rights.
TYPES OF DATA PROCESSED
Personal data of Users that they upload personally in the Contacts form, i.e. basic information to manage requests and communicate with them about our services.
Data provided voluntarily by the User.
The optional, explicit, and voluntary sending of e-mail to the addresses indicated involves the subsequent acquisition of the sender’s address required to reply to information requests, and any other personal data included in the communication.
The IT systems and software procedures for operation of the website acquire, during normal operation, some personal data the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified data subject. However, by its very nature, it may allow identifying users by means of processing and association with data held by third parties. This category of data includes:
internet protocol (IP) address associated with the device used to connect;
type of browser and device parameters used to connect to the site;
name of the internet service provider (ISP);
date and time of visit;
web page of origin of the visitor (referral) and exit;
any number of clicks made within the site and any preference expressed
other parameters relating to the operating system and the user’s IT environment
This data may be used to obtain anonymous statistical information regarding website use and to verify its correct operation as well as:
to fulfill the requirements dictated by national and community regulations;
to ascertain responsibility in the event of hypothetical computer crimes against the site and for investigations in the event of any disputes
Only the data collected for supervisory purposes remain on the servers for a period of 12 months.
In addition, our site uses Google Signal, which is a Google product that includes site and application session data that Google associates with users who are logged into their Google accounts and have ad personalization activated.
The crossing of this data by Google with the users who have logged in allows taking advantage of cross-device advertising and reporting features.
Analytics retains Google Signal data for up to 26 months.
Through the form FIND DEALERS and FIND OIL, Bardahl also collects information about the location of the device if the user uses the location-related functions, and for diagnostic and troubleshooting purposes. Various technologies are used to determine location, including IP, GPS, Bluetooth signals, and information about nearby Wi-Fi access points, beacons, and cells.
In addition to providing the fastest product search service and geo-located reseller close to the user, we can also collect, use, store user information to:
respond, under applicable law or regulations, to legal proceedings or government requests;
identify, analyze, prevent and manage fraud and other illegal activities or technical or security problems;
protect the rights, property and safety of Bardahl and Users
Our website that uses geo-localized browsing may request the user’s location also through the browser to offer faster searches. In addition, in this case, this service is optional. The position of users is not transmitted through Firefox or Chrome without their explicit consent. The service is managed in full respect of the privacy of users.
LEGAL BASIS OF PROCESSING
Data processed on the basis of consent
Legalbasis for the processing of all data for marketing/newsletter, profiling, geolocation purposes
The provision of data and therefore Consent to collection and processing is optional.
Users can deny consent for marketing, profiling, and geolocation purposes and can revoke consent already provided at any time.
However, denying consent for geolocation purposes will make it impossible to correctly provide the Find retailers and Find oil searches.
The data will be mainly processed with electronic tools and can be used:
to enter personal data in the company’s IT databases;
to manage customer relations;
to issue quotes and offers to active and/or potential customers;
to issue requests for quotes and offers to active and/or potential suppliers;
to send the newsletter;
to geolocate products or retailers;
to carry out market and statistical, marketing and service preference surveys;
to carry out direct and indirect sales and placement activities;
to meet the obligations established by law, regulations, community legislation, civil and tax laws;
to fulfill the requirements dictated by national and community regulations;
for security purposes to block attempts to damage the site itself or to cause damage to other users, or in any case harmful activities or constituting a crime
Personal data processing secondary purposes
The personal data collected for the aforementioned purposes may also be processed to carry out customer satisfaction activities: the provision of data for these purposes is optional and consent is required for the processing of such data.
By granting consent to processing for marketing purposes, the data subject specifically takes note of said promotional, commercial, and marketing purposes in the broad sense of the processing (including the consequent management and administrative activities) and expressly authorizes them, once consent has been given based on the procedures envisaged, pursuant to the EU Regulation.
As required by article 21 of the EU Regulation, it is informed specifically and separately that if personal data is processed for direct marketing purposes, data subjects have the right to object at any time to the processing of personal data concerning them carried out for said purposes. If the data subject objects to the processing for direct marketing purposes, personal data may no longer be processed for said purposes.
THIRD-PARTY SERVICE PROVIDERS
Bardahl uses other companies and individuals to carry out certain activities on our behalf.
It is noted that the computer systems and software procedures used to operate the apps (Apple Store, Google Play) acquire, during their normal operation, some data in any case referable to the user, the transmission of which is implicit in the use of internet communication protocols, smartphones and devices used.
The Data Controller is not involved in such processing and may not be held responsible for it.
SECURITY MEASURES AND PROCESSING METHODS
Personal data is processed by automated tools for the time strictly necessary to achieve the purposes for which it was collected.
For the duration of the processing, please refer to the Data Retention Policy in the company documentation.
Specific security measures are observed to prevent data loss, illicit or incorrect use, and unauthorized access, such as encryption and pseudo-minimization techniques and specific methods of selective access to data.
COMMUNICATION AND DISSEMINATION
The personal data collected will not be disclosed, sold, exchanged, or communicated with third parties other than the Data Controller, without the express consent of the data subject. Communication to third parties, other than the Data Controller, by external and designated managers within the company structure, appointed pursuant to article 13, paragraph 1 letter e) of the EU Regulation is envisaged for the exclusive pursuit of the purposes referred to in the paragraph LEGAL BASIS OF PROCESSING of this Policy and in any case, within the limits thereof, possibly to: subjects and third-party companies for supply and technical and IT assistance, affiliated companies or third parties that provide Bardahl with information processing services or activities complementary to those of the company, to allow the execution of the contract, all engaged in the correct and regular pursuit of the purposes described.
In any case, processing by third parties shall be carried out fairly and in compliance with the provisions of applicable law.
Therefore, we may communicate the personal data of Customers/Users to other companies or third parties in one of the following cases:
when the data subject has given his consent to the communication;
when the communication is necessary to comply with the requests of the Customer/User or to provide the requested service;
DATA CONTROLLER AND PLACE OF PROCESSING
The data collected by the site are processed by the Data Controller in accordance with the laws in force, by the company Maroil s.r.l. – Bardahl Italia, Località Ponte alla Ciliegia n. 11, 55011 – Altopascio (Lucca) and may be contacted at: firstname.lastname@example.org
TRANSFER OF DATA TO NON-EU COUNTRIES
This website may share some of the data collected with services located outside the European Union area. In particular, with Google, through the Google Analytics service. Transfer is authorized based on specific decisions of the European Union for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
Pursuant to European Regulation 679/2016 (GDPR) and as provided by Privacy Decree no. 101/, Users may, in accordance with the procedures and within the limits established by current legislation, exercise the following rights:
request confirmation of the existence of personal data concerning them (right of access);
have information about the logic, methods and purposes of processing;
request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including data no longer necessary for the pursuit of the purposes for which it was collected;
in cases of consent-based processing, receive only at the cost of any support, its data provided to the data controller and held by it, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
the right to file a complaint with the Privacy Guarantor or the Judicial Authority;
pursuant to article 2- terdecies of the Privacy Decree no. 101/2018, all rights (article 15 to 22 of the EU Regulation) referring to personal data concerning deceased persons, may be exercised by those who have an interest of their own or act to protect the data subject, as agent, or for reasons of family members worthy of protection
as well as, more generally, to exercise all the rights that are recognized by the applicable provisions of the law
Requests shall be submitted to the Data Controller.
If the data is processed based on legitimate interests, the rights of parties concerned are however guaranteed (with the exception of the right to portability that is not provided for by the regulations), in particular the right to oppose processing that can be exercised by sending a request to the data controller. It is possible to oppose processing of personal data:
for legitimate reasons;
(without the need to justify the opposition) when the data is processed for commercial or marketing purposes
WITHOUT PREJUDICE TO THE LIMITATIONS TO THE RIGHTS OF THE DATA SUBJECT REFERRED TO IN ARTICLE 2- undecies and 2-duodecies Legislative Decree no. 101/2018
If Users consider that the aforementioned rights regarding the protection of personal data have been violated, data subjects may file a complaint with the Privacy Guarantor pursuant to article 77 of the Regulation and article 141 of the Privacy Decree. They may also appeal to the Judicial Authority pursuant to article 78 and 79 of the EU Regulation and pursuant to article 152 and following Privacy Decree.