We inform you that your personal data acquired or being acquired by Gravitate GmbH, as "Data Controller", from the data subject or through third parties such as public databases, company registers, the Internet, other companies, will be processed in compliance with legal requirements and with your (hereinafter referred to as "data subject") rights. Personal data are referred directly to your organisation if it is a natural person or a sole proprietorship, or may consist of information relating to natural persons who represent, belong to or are otherwise related in any way to your organisation if it is a company or another public or private entity.
A) Processing method
The processing may include the following operations: collecting (by telephone, telematic or written means or from public registers, lists of deeds and documents and/or public and/or private databases (commercial information companies), or on websites of public and/or private bodies, or from other customers or suppliers), recording, organising, storing and processing on paper, magnetic, automated or telematic media, processing of data collected by third parties, changing, selecting, extracting, comparing, using, interconnecting also with data of other subjects on the basis of qualitative, quantitative and time criteria that are recurring or definable on a case-by-case basis, temporary processing for the purpose of rapid aggregation or transformation of data, discretionary (never fully automated) decision making, profiling and information notices, communication, deletion and destruction of data, or combining two or more of the abovementioned operations.
The Data Controller has also appointed one or more external or authorised internal data processors. Authorised internal data processors belong to the homogeneous functional areas of the company that need to process the data for the purposes indicated in this information notice, such as the purchasing office, the administration office, the IT department, the marketing office, the sales office, etc.
The processing is supervised by adequate technical and organisational security measures, such as, among other things, electronic files protected by authentication credentials, access reserved only for authorised and periodically updated profiles, firewalls, antivirus and antispamm programmes, back-up systems and data recovery in the event of incidents, maintenance services.
B) Processing purposes
The processing purposes are set below:
C) Legal basis for the processing.
The legal basis for the processing is that it is necessary i) for the performance of a contract you are a party to or for the performance of pre-contractual measures taken at your request (e.g. requests for information or commercial offers), or ii) for compliance with a legal obligation to which Gravitate GmbH is subject. In any case, it is a legitimate interest of our Company to be able to process data in order to effectively and efficiently manage the relation with its customers and/or suppliers and manage the related internal and external organisational processes (e.g. management of relations with any of its sub-suppliers functional to the supply requested by the data subject).
Limited to the processing for direct marketing purposes, it is carried out on the basis of your consent.
D) Data communication.
Without prejudice to the communication to third parties made in fulfilment of legal requirements or arising from regulations or other EU legislation, or at the request of courts or other third parties whose right is recognised by these provisions, the data may be communicated by us to the following categories of third party recipients:
The Data Controller appointed as external processors all the categories of third party recipients to whom he/she communicates the data, unless they take on the role of autonomous data controller in accordance with the regulations in force.
E) Transfer of data abroad.
Should the offered services indicate it, the Controller could make use of "Microsoft Azure" cloud services that would involve the transfer of data abroad.
In connection with such transfer(s), the controller informs that:
The "Microsoft Azure" cloud solution received an adequacy decision from the "Article 29 Working Party" body on its compliance with the security standards approved by the EU Commission.
F) Mandatory or optional consent and consequences of failure to provide consent.
For the processing aimed at the purposes referred to in the aforementioned letter B) points 1 to 3, your consent is not necessary. For the processing referred to in letter B point 4 (direct marketing purposes) the consent of the data subject may be freely withheld but any failure to consent will make it impossible to carry out the processing for these limited purposes. The consent given to us may be subsequently revoked by you at any time, by means of communication without any particular formalities to our Company at the email address indicated below.
G) Data retention period.
The data will usually be processed for the entire duration of the contractual relations established with the data subject, and, subsequently, only for the duration necessary for the fulfilment of our legal obligations (10 years). To the extent that personal data are processed for purposes of IT security (e.g. logs of transactions or choices made online on our website), retention will be for the time required to allow security checks and document the results (usually 1 year from collection). In the event of a dispute with the data subject and/or with third parties, the data will be processed for all the time strictly necessary to exercise the protection of the rights of Gravitate GmbH.
H) Data controller
The data controller of your personal data is Gravitate GmbH, with registered office in Germany, 90478 Nürnberg, E-Mail: firstname.lastname@example.org.
With regard to the processing of personal data, you can exercise the rights set out below, contacting without any particular formality our Company at the e-mail address indicated above:
The exercise of the so-called right to portability is without prejudice to the right of cancellation envisaged above;
For information and explanations, please contact: email@example.com
1. Purposes and principles of data processing. In compliance with the obligations set out in articles 13-14 of Regulation (EU) 679/2016 on privacy (GDPR), this document describes how to manage the website with regard to the processing of personal data of users who surf and interact with the web services accessible at: www.gravitate.eu.
We inform you that Gravitate GmbH will use your personal data to manage access to the portal and the services included therein, manage technical practices, carry out all the activities necessary or useful for the constant improvement of the provided service, and for determining the liability in the event of offences against the Site and/or offences committed through the Site. Specific further purposes relating to individual processing can be identified in detail, through additional information notices, within the various services included in the portal.
The consultation of the Site may involve the processing of data relating to identified or identifiable persons. The personal data provided by users who consult the Site are processed by the recipient of the communication in order to follow up the requests received.
Web surfing data
IT systems and software procedures for the operation of this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified data subjects but by their very nature could allow users to be identified through processing and associations with data held by third parties. This category of data includes IP addresses or domain names of computers of users who connect to the site, addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the number code indicating the status of the response from the server (successful, error, etc..) and other parameters relating to the user's operating system and IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site, making the features of the site technically possible, checking its correct operation and ensure the maintenance of its database. In these cases, the web surfing data do not allow the users concerned to be identified and are deleted immediately after being processed anonymously.
The web surfing data can also be used to determine the liability in the event of offences against the website or carried out through the Site.
Data supplied by the user
The processing involves data acquisition (e.g. the collection of the e-mail address of the sender - in order to respond to his/her requests - and any other personal data entered) and other operations.
The processing will be carried out, with or without the help of electronic instruments, according to principles of fairness, lawfulness and transparency so as to protect at all times the confidentiality and rights of the data subject, in accordance with the regulations in force.
The purposes of the processing are to respond to any requests from the user relating to the sending of information material (bulletins, newsletters, mailing lists, replies to questions, notices, acts and measures, other documents, etc.) or to perform the service requested by the user, and are communicated to third parties only in the event that this is necessary for the fulfilment of the aforementioned requests or for the fulfilment of obligations envisaged by the regulations in force in relation to the Controller of the Site.
After the termination of any contractual relation established between the Controller and the data subject, personal data will also be processed to fulfil all legal obligations related to or arising from the terminated relation.
In such cases, consent to the processing is optional and failure to consent may therefore make it impossible for the user to obtain the requested information from the Controller of the site or the requested service.
2. With specific consent (please refer to a special online and/or paper form), the data collected will also be used by us for commercial and promotional purposes, for marketing activities, for sending promotional material and for carrying out market surveys, through all means of communication (mail, e-mail, telephone, SMS, mms, social networks, etc.). Such consent is always optional, and any failure to consent will not result in the user being unable to use any of the requested services but simply the impossibility for the Site provider to use the data for these particular purposes.
3. Subjects who process data. The data collected are processed by persons in charge within Gravitate GmbH who need to know of them in the carrying-out of their activities (e.g. sales office, marketing office, administrative office, call centre, technical staff for the maintenance of the company IT system, etc.).
Moreover, in compliance with the provisions in force, the data may be communicated to factoring companies, debt collection companies, credit insurance companies, commercial information companies, distribution companies for the performance of its activities (e.g.: order management, activation contracts, after-sales service), transport companies, credit institutions for the management of collections and payments, third parties responsible for carrying out activities related to and instrumental to this processing (such as debt collection companies, credit insurance companies, lawyers and law firms, chartered accountants, accountants, auditors and auditing firms, members of the supervisory body pursuant to Legislative Decree 231/2001, statutory auditors, or third parties appointed to carry out maintenance services for IT systems and/or electronic files related to the site). In the sole case of any processing carried out for direct marketing, profiling or retention purposes, the data - prior to your consent (on which see the specific different section of this information notice) - may also be communicated to advertising agencies, web marketing companies, consultants and professionals to whom Gravitate GmbH entrusts activities functional to the pursuit of these purposes. The data are also communicated to authorities and public administrations in fulfilment of legal obligations. These third parties will process the data as external data processors or autonomous data controllers.
The data will not be disseminated.
4. The logic and forms of organisation of processing will be closely related to the individual purposes indicated above, respectively. Processing will take place electronically, telematically and/or on paper. The data during processing are subject to protective measures activated by Gravitate GmbH in order to protect the data against the risk of unauthorised access or processing. For example, personal data managed electronically can be accessed only by accessing various processing or data entry programmes, through the input of mandatory personal passwords, only by personnel authorised by Gravitate GmbH who must, however, comply with predetermined limits of use.
The persons in charge within the company belong to the homogeneous functional areas of the company that need to process the data for the purposes indicated in this information notice, such as the administration office, the human resources office, the IT maintenance office, the marketing office, etc.
Gravitate GmbH has also appointed as data processors all the categories of external subjects to whom the Company must communicate the data for the above purposes (when such external subjects do not assume the direct role of autonomous controllers by reason of their management autonomy with regard to the processing entrusted to them). An up-to-date list of controllers can be consulted at the request of the data subject.
5. Personal data are usually processed for the entire duration of the contractual relation established with the data subject, and, subsequently, for the only period necessary for the fulfilment of our legal obligations (10 years). After the termination of the contractual relation that may have been established between the Controller and the data subject, personal data will also be processed to fulfil all legal obligations related to the termination of the contractual relation. The data will be kept no longer than is necessary to fulfil the aforementioned obligations, tasks or purposes and to prove their fulfilment to the supervisory authorities (normally for 10 years after the termination of the contract), and will then be destroyed. Some data (e.g. name and surname, company name, VAT number, tax code, e-mail, telephone number, mobile phone, fax number, certified e-mail, address of registered office, names of internal contact persons, etc.) are kept even after the aforementioned ten-year term, as long as they are useful to satisfy the legitimate interest of the Controller in rationalising selection and commercial contacts with users, customers and/or suppliers. Conversely, where personal data are processed for purposes of IT security (e.g. logs), the data will be retained for a period of time sufficient to complete the relevant security checks and evaluate their results; normally a maximum of 1 year from the time of collection. In case of out-of-court or in court cases with the data subject and/or with third parties, the data will be processed for all the time strictly necessary to exercise the full protection of the rights of the Controller.
6. The legal basis for the processing is, as the case may be, Article 6, letter a), of Regulation (EU) No. 679/2016 or "GDPR", (the data subject has given his/her free and informed consent to the processing for a given purpose and has not subsequently revoked his/her consent), Article 6 let. b) GDPR (it is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject's request, e.g. requests for information or commercial offers), Article 6 let. c) GDPR (it is necessary for compliance with a legal obligation to which the data controller is subject) and/or Article 6, let. f) GDPR (it is necessary for the legitimate interests of the data controller or of a third party to be pursued, overriding the interests or fundamental rights of the data subject). In particular, the legitimate interest of the controller is to i) be able to process the data in order to effectively and efficiently manage the relation with its users, customers and/or suppliers and to organise the related internal organisational and management processes and ii), in the case of processing for profiling, direct marketing and retention purposes, to promote its products and/or services to target customers through offline and online methods. On the other hand, the legitimate interest of third parties is to receive personal data from the Controller and process them for the purposes of verifying the correct fulfilment of legal and contractual obligations with regard to the data subject or to third parties (e.g. verification by the public authority of compliance with tax obligations, verification by the board of statutory auditors or auditors of compliance with legal obligations, etc. ) or to receive personal data from the Controller and processing them in turn, in order to be able to manage the activities related to the Controller's request for support in managing the activities towards the data subjects.
What cookies are and how they are used
Cookies are short strings of information (text files) concerning the activity of the user on the website, which are stored, during the first surfing on the website, on the device (computer, smartphone or tablet) of the user who surfs the Internet, and then transmitted to the same sites at the next visit of the same user allowing our site to automatically recognise the user (or other users who use the same device) after the first visit and then improve its user experience.
Their operation is totally dependent on the surfing browser of the user and may or may not be enabled by the user.
In order to always ensure the best surfing possible, our site offers the best performance with cookies enabled. By default, almost all web browsers are set to automatically accept cookies.
Cookies can be:
Third party cookies fall under the direct and exclusive responsibility of the provider, and in relation to their installation the provider of the first-party site is simply a technical intermediary.
The Site uses or can use, even in combination, the following categories of cookies:
For the use of technical cookies, the law requires the mere release of the information notice to the data subject, as is the case with this communication and i.e. even without the creation of specific banners on the Site.
On the other hand, for all non-technical cookies, the regulations in force make their installation conditional on prior consent being given in the simplified forms provided for by the Measure of 8/5/2014 of the Italian DPA and i.e., through the publication of synthetic banners viewable by the user on the first "landing" on the site and which makes it possible to generate a further action of use of the Site (based on "scroll", or on the continuation of surfing within the same web page) with which the user can implicitly communicate his/her consent, or, alternatively, to access an analytics cookie information (i.e. this information notice), within which the user can express his/her required consent or non-consent. This consent or non-consent may be given by the user not in reference to individual cookies installed but in relation to broader categories of cookies, or to specific producers and/or intermediaries with which the Site has established business relations.
Such analytics cookies can be considered technical cookies only if they are created and used directly by the first-party site (therefore, without the intervention of third parties). For example, the site uses log files (i.e. it records the history of operations as they are carried out) and registry files (which include IP addresses, browser type, operating system used by the user's device, Internet Service Provider (ISP), date, time, page of entry and exit and the number of clicks, but also the pages visited on the site, third-party sites from which the user comes). All this in order to analyse the trends of user behaviour and administer and optimise the site. The information collected in this way is not personal as the data are collected and analysed anonymously.
On the other hand, if analytics cookies are created and/or used by third parties (other than the controller of the first-party site), they cannot be considered technical cookies and have a different legal treatment.
List of cookies actually present on the website
The introduction above does not automatically imply that this website currently uses all the categories of cookies indicated above. The list of cookies actually used by Gravitate GmbH is as follows.
Function (technical, analytics, advertising)
The Site also uses Google Analytics cookies (Google Inc. cookie, which is an American company, third party). We would like to point out that Google Analytics does not collect any strictly personal information, but only in aggregate statistical form, data on age, gender and preferences of our visitors (in order to better evaluate the use of our website and the activities carried out by the visitor and better target the provided services). These cookies are stored on servers that may be located in the United States or other countries. Google reserves the right to transfer the information collected with its cookie to third parties where this is required by law or where the third party processes information on its behalf.
However, the "Analytics" function is configured by Gravitate GmbH by default, in such a way as to significantly mask portions of the IP address of the user/visitor, and therefore the data relating to the IP address thus collected are already anonymised at source and therefore the analytics cookie does not allow to trace the identity of the user/visitor even indirectly - and in particular through further processing. For this reason, Gravitate GmbH, which is the website provider from time to time, is not obliged by law to comply with the obligations and fulfilments envisaged by the regulations on cookies (e.g. notification of the processing of cookies to the Italian DPA).
In the event that Gravitate GmbH should in the future decide to modify at any time the configuration of the "Analytics" function in such a way as to allow the collection of data relating to the user consisting of the last three numbers that make up the user's IP address, this choice must be notified in advance to the Italian DPA by the data controller carried out through the portal or site, to protect the user.
Please note that Google also guarantees that it will not associate the user's IP address with any other data held by Google in order to obtain a more detailed user profile.
This site does not use personal profiling cookies, i.e. cookies based on personal identification data.
Our site does not use remarketing lists and display network ads, i.e. online ads based on categories of general interest expressed by categories of users through previous web surfing.
Without prejudice to the generality of the foregoing, our website does not use the special advertising functions of Google Analytics, which allow you to activate additional functions not available through the standard implementations of Google Analytics and related cookies.
These advertising functions, if any, also allow the collection of traffic data (via Google advertising cookies and anonymous identifiers) in addition to data that we already collect through a standard Google Analytics implementation. The advertising functions of Google Analytics are as follows:
For more information on online behavioural advertising and some suggestions on possible measures, in particular to disable the display of advertisements based on online interests: www.youronlinechoiches.eu/en.
Therefore, the management of information and ways to delete such social cookies is regulated by the social media sites themselves: we invite the user to consult their privacy policies, at the following links:
The use of such cookies is purely anonymous; no personal information is collected unless the user intends to provide it explicitly by sending contact forms and/or forms requesting information.
Further information on privacy and the use of social cookies can be found directly on the sites of the respective third-party providers.
How cookies work and how you disable them
Here are the links for the configuration of the most popular browsers that describe how to manage cookies:
To change cookie settings on browsers other than those listed, please refer to the help documentation prepared by the producer of your browser.
You can also selectively disable Google Analytics by downloading and installing on your browser the additional opt-out provided by Google for your browser at the following link:
Remember that you must set cookie preferences for each device and each browser used when web surfing.
To delete cookies from the web browser of your smartphone/tablet, please refer to the user guide of your device.
For more information on cookies and privacy, please consult the document prepared by the Italian DPA at the following link:
8. The data controller is Gravitate GmbH, with registered office in Fürther Str. 27, 90429 Nuremberg, e-mail: firstname.lastname@example.org.
9. With regard to personal data processing, you can exercise the rights under Article 15 to 22 of Regulation (EU) 2016/679.