Privacy Policy

PRIVACY AND COOKIES POLICY
Dear User,
this privacy policy is provided pursuant to Article 13 of European Regulation 2016/679 on the matter of personal data protection to users who access the website https://www.greenbone.it. It is related to all the personal data, which the Data Controller collects and retains on its users.
This privacy policy is provided for the internet site and not for other websites and/or applications, which may be consulted by the user through links to external pages of third parties.

DATA CONTROLLER
The Data controller is GREENBONE ORTHO SPA, Via Albert Einstein 8 – 48018 Faenza (RA), VAT n°. 02493440396, e-mail info@greenbone.it .

DATA PROTECTION OFFICER
The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted for all matters related to processing of your personal data and the exercising of related rights, writing to the following addresses: dpo@greenbone.it or Greenbone Ortho Spa – Data Protection Officer (DPO), Via Albert Einstein n. 8 – 48018 Faenza (RA).

CATEGORIES OF PERSONAL DATA, LEGAL BASIS AND PURPOSES OF THE PROCESSING
The personal data collected from the website, independently or through third parties, refers to the following types.
1. Data communicated by users
The optional, explicit and voluntary sending of messages to the contact addresses of the Data Controller and filling in and sending the forms made available on the websites implies the acquisition of the contact data of the recipient necessary to respond, as well as all the personal data included in the communications.
The legal basis for the processing activity is the performance of a contract of which the data subject is part or the performance of pre-contractual measures adopted on request of the same.
The purpose of the processing activity for these categories of data is to manage the requests for support, assistance or any other request for information arrived to the Data Controller through the addresses made available through the website.

The user takes full responsibility for the correctness and truthfulness of the data provided and guarantees, if necessary, to have the right to communicate third party personal data, releasing the Data Controller from any responsibility.
2. Browsing data
The Data Controller automatically gathers some data, so called browsing data, through website browsing. The I.T. systems and the software procedures responsible for operating this website acquire some personal data during their – normal operation, whose transmission is implicit in the use of Internet communication protocols. This is information which is not gathered to be associated to identified data subjects, but which for it s very nature could, through processing and association with data held by third parties or by the data controller, allow to identify the users. This category of data contains the IP addresses or the domain names of the computers used by the users who conne ct to the website, the addresses of the resources requested in URI notation, the time of the request, the method used in submitting the request to the server, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the I.T. environment of the user.
The legal basis for the processing activity is the Data controller legitimate interest for ensuring the security and functioning of the web site.
The purpose of the processing activity for these categories of data is the control of the correct operation of the website and available services.
3. Cookie
No cookies are used to profile users.
Please see the specific paragraph “Use of Cookies” for more information.

RECIPIENTS
The personal data provided can be processed by the data controller in the context of its organization in compliance with the provisions of the law and with the requirements indicated in this data protection policy.
The personal data provided can be also communicated to appropriately appointed recipients who can process the data in their capacity as Data Processors and/or Data Controller. Specifically, the personal data of the Data Subject can be communicated to recipients belonging to the following categories:
– competent authorities to comply with laws in force and/or the provisions of public entities, on request;
– repair and/or maintenance companies of I.T. equipment;
– companies that manage the website and carry out technical, logistic, and other kinds of activities on our behalf.
Our suppliers only have access to the personal data which is necessary to carry out their tasks, they commit to not using the data for other purposes and are required to process the personal data in compliance with relative laws and regulations in force.
In any case, the dissemination of processed personal data is excluded.
The complete list of data processors, joint data controllers and persons in charge of the processing of personal data can be requested by sending a specific request to the email address dpo@greenbone.it.

NATURE OF DATA PROVISION
Data collected automatically, through browsing, are necessary to use the web services, and their provision is compulsory to be able to access the site and the services made available.
About data communicated by users to manage their requests, the provision is optional, but failing to do so will make it impossible to proceed with the management of the request for information or support.
Please see the specific paragraph “Use of Cookies” for more information.

METHOD OF PROCESSING AND DATA RETENTION
The personal data is processed with automated and manual tools for the time strictly required to pursue the purposes for which it was collected.
Specifically, browsing data collected are retained for 30 days; data communicated by users to manage their requests are retained for the time strictly necessary to respond, unless additional time limits to protect Data Controller’s rights.
Specific security measures are observed to avoid the loss of data, illicit or incorrect use, and unauthorized access.

TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION
If the personal data is transferred outside the European Union for technical operational reasons and to guarantee a high continuity of service, the Data Controller ensures that the transfer will take place in accordance with the appropriate international data transfer mechanisms and standards, to ensure that the level of protection of the natural persons guaranteed by the relative law and regulation in force and in particular by EU Regulation 2016/679 is not affected.

RIGHTS OF THE DATA SUBJECT
Pursuant to Articles 15 – 22 of EU regulation 2016/679, each data subject has a series of rights:
– Right of Access: pursuant to Article 15, the data subject has the right to obtain confirmation as to whether or not personal data concerning him or her is being processed and, where that is the case, to obtain a copy of it. They also have the right to obtain access to personal data relating to them, to further information concerning the purposes of the processing, categories of recipients, the data retention period and the exercisable rights;
– Right to rectification: pursuant to Article 16, the data subject has the right to obtain rectification of inaccurate personal data concerning him or her or to supplement it;
– Right to erasure: the data subject has the right to obtain erasure of personal data concerning him or her, without undue delay, where one of the reasons under Article 17 exists;
– Right to restriction of processing: the data subject has the right, in cases provided for by Article 18 of Regulation 2016/679, to obtain the restriction of processing;
– Right to data portability: the data subject has the right to receive the personal data concerning him or her in a structured, commonly used and machi ne- readable format and has the right to transmit that data to another Data Controller without hindrance according to Article 20 of Regulation 2016/679;
– Right to object: the data subject has the right to object to the processing of personal data concerning him or her according to Article 21 of Regulation 2016/679.
The data subject also has the right to lodge a complaint before the competent supervisory authority, the Privacy Guarantor.
The requests at the preceding points must be made in writing to the Data Controller or the Data Protection Officer who will provide a timely response to the requests of the data subjects to exercise their rights.

USE OF COOKIES
A cookie is a small text string that stores certain information about users’ Internet browsing and is sent from websites to your terminals (computers, smartphones, tablets, etc.).
Cookies are used for different purposes: to perform computer authentications, monitoring sessions, store information on specific configurations concerning users accessing the server, etc. They therefore make it possible to identify the user’s device each time they access the site, guaranteeing more efficient operation, enriching the visiting experience and providing information to the administrators of the same website.
Some cookies are automatically deleted at the end of the browsing session, while others remain stored in the terminals, normally hosted in the browser used.
The cookies we use:
Technical cookies
They are cookies that are used to make browsing or to provide a service requested by the user. They are not used for other purposes and are always sent directly from our domain.
Without the use of these cookies, some operations may not be carried out because they allow you to make and keep the user identification in the session and are therefore indispensable.
Third party analytics Cookies
– Google Analytics (Google Inc.):
These are cookies which collect statistical data in aggregate form in order to improve the presentation of the Website and make browsing easier.
– Youtube (Google Inc.):
these are cookies that allow use on the site of videos hosted directly on the youtube.com site.
The following are the updated links to the notices and consent forms of third parties who install cookies via the Website, in order to check on their practices and relative control systems:
http://www.google.com/policies/privacy/
https://tools.google.com/dlpage/gaoptout?hl=en
With reference to the purposes of processing personal data conveyed through cookies, the legal basis of the processing is your possible freely given consent (pursuant to Article 6, paragraph 1, letter a of Privacy Regulation 2016/679), the consent is acquired as laid down by current legislation (banners, scrolls, user clicks on active content of the web page).
The user can decide whether to accept cookies using your browser settings.
Attention: the total or partial disabling of technical cookies can compromise the use of the website features.
You can change these settings to block cookies or to warn you that cookies are sent to your device referring to the instruction manual or to your browser’s help screen.
If you are using Internet Explorer
In Internet Explorer, click “Tools” then “Internet Options.” On the Privacy tab, move the slider up to block all cookies or to the bottom to allow all cookies, and then click OK.
If you are using the Firefox browser
Go to the “Tools” menu of your browser and select the “Options” menu. Click the “Privacy” tab, uncheck the “Accept cookies” and click OK.
If you are using the Safari browser
The Safari browser, select the “Edit” and select “Preferences” menu. Click on “Privacy”. Place the “Block cookies” setting to always and click OK.
If you use the Google Chrome browser
Click the Chrome menu on the browser toolbar. Select “Settings”. Click “Show advanced settings”. In the “Privacy” section, click the “Content Settings” button. In the “Cookies” section, select “Do not allow sites to store data” and block “cookie control, and the third-party site data”, and then click OK.
If you use any other browser, look in the browser settings of the cookies are handled.
Continuing navigation without changing your browser settings, you accept the use of cookies.

UPDATES AND MODIFICATIONS
The Data Controller reserves the right to periodically modify, supplement or update this privacy policy according to the applicable law or regulation or provisions adopted by the Italian Data Protection Authority.
The aforementioned modifications or supplements will be made known to the data subjects by email and via links to the Privacy Policy page pre sent in the website.
Each data subject is, in any case, invited to regularly refer to the Privacy Policy to verify the updated policy.
Last updates November 13, 2020.