Privacy Policy for the website www.acqualieve.it

Respect for the privacy of our visitors is of the utmost importance to us, therefore the number and nature of the data collected during navigation has been reduced to a minimum and all the necessary precautions have been taken to guarantee their security. It should be noted that the information is provided only for the website www.acqualieve.it and not for other websites that may be consulted by the user through links on the aforementioned website. In compliance with the provisions of Legislative Decree 196/2003, Code regarding the protection of personal data and the General Data Protection Regulation – EU Regulation 2016/679, SIAMI Spa – Società Italiana Acque Minerali, represented for the purpose by the legal representative in office, as Data Controller, wishes to inform you of the following.

Personal data processed and purposes of processing

Data acquired automatically

The computer systems used to operate this site acquire, during normal navigation, some personal data whose transmission is connected to the use of Internet communication protocols (IP addresses, domain names of the computers used by users who connect to the site, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server, etc.) and other parameters relating to the operating system and the computer environment of the user. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data collected could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.

Data provided voluntarily by users

Personal data voluntarily provided by users by filling in contact forms or by other forms of communication that may be provided on our site are used for the sole purpose of responding to advanced requests and with your consent for all the purposes that require it. For example, entering an e-mail address in the contact form involves its acquisition, necessary to respond to requests made, as well as the acquisition of any other personal data included in the message. Your personal data may be communicated for the purposes indicated to our specifically authorized collaborators in the context of their duties. For the same purposes, if necessary, the data collected may be transferred outside the national territory where the conditions required by law exist.

Processing methods and storage times

The treatment will be carried out using paper and computerized media by the owner and by authorized subjects with the observance of all precautionary measures that guarantee its security and confidentiality. Your personal data communicated to us via forms and contact forms will be kept for the period of time necessary to respond to your requests. The personal data collected relating to navigation will be kept in order to ensure checks relating to the management of the site and its security for the necessary period of time which is, except in special cases, 6 months.

Optional provision of personal data

Apart from that specified for navigation data which is automatically recorded, the user is free to provide personal data (for example name, surname, address, email, …) requested in the forms on the site. Failure to provide such data may make it impossible to obtain what has been requested.

Communication of collected data

For the pursuit of the purposes described above, your personal data will be known by the employees, similar personnel and collaborators of the Data Controller, who will operate as subjects authorized to process personal data. Furthermore, your personal data will be communicated and processed by third parties belonging to the following categories:

  • a) subjects used by the Owner for the management of the Site;
  • b) companies that manage the Data Controller’s IT system;
  • c) companies and consultants who provide legal and/or tax consultancy services
  • d) supervisory and control authorities and bodies, and in general public or private subjects with public-related functions.

The subjects belonging to the categories listed above operate, in some cases, in total autonomy as separate Data Controllers, in other cases, as Data Processors specifically appointed by the Data Controller in compliance with Article 28 of the GDPR. The complete and updated list of subjects to whom your personal data may be communicated can be requested at the registered office of the Data Controller (privacy@siami.it)

Rights of the interested parties

In relation to the treatments described in this Information, as an interested party you may, under the conditions set out in the GDPR, exercise the rights set out in articles 15 to 21 of the GDPR and, in particular, the following rights:

• Right of access – article 15 GDPR: right to obtain confirmation as to whether or not personal data concerning you are being processed and, in this case, obtain access to your personal data – including a copy of the same – and communication, among others of the following information:

  • a) purpose of the treatment
  • b) categories of personal data processed
  • c) recipients to whom these have been or will be communicated
  • d) data retention period or the criteria used
  • e) rights of the interested party (rectification, cancellation of personal data, limitation of treatment and right to object to treatment
  • f) right to lodge a complaint
  • g) right to receive information on the origin of my personal data if they have not been collected from the interested party
  • h) the existence of an automated decision-making process, including profiling;

• Right to rectification – article 16 GDPR: right to obtain, without unjustified delay, the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data;

• Right to cancellation (diritto all’oblio) – article 17 GDPR: right to obtain, without unjustified delay, the cancellation of personal data concerning you, when:

  • a) the data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  • b) You have withdrawn your consent and there is no other legal basis for the processing;
  • c) You have successfully objected to the processing of your personal data;
  • d) the data has been processed unlawfully
  • e) the data must be deleted to fulfill a legal obligation;
  • f) the personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1, GDPR. The right to erasure does not apply to the extent that the processing is necessary for compliance with a legal obligation or for the performance of a task performed in the public interest or for the establishment, exercise or defense of legal claims in court.

• Right to restriction of processing – article 18 GDPR: right to obtain the limitation of the treatment, when:

  • a) the data subject contests the accuracy of the personal data;
  • b) the processing is unlawful and the interested party opposes the cancellation of personal data and instead requests that their use be limited
  • c)although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court;
  • d) the interested party has opposed the processing, as indicated below, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party;

• Right to data portability – article 20 GDPR: right to receive, in a structured format, in common use and readable by an automatic device, the personal data concerning you provided to the Data Controller and the right to transmit them to another data controller without impediments, if the treatment is based on the consent and is carried out by automated means. Furthermore, the right to obtain that your personal data be transmitted directly by the Data Controller to another data controller if this is technically feasible;

• Right to object – article 21 GDPR: right to object, at any time, to the processing of personal data concerning you based on the condition of legitimacy of the legitimate interest, including profiling, unless there are legitimate reasons for the Data Controller to continue the processing which prevail over the interests, on the rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court.

• Propose a complaint to the Guarantor Authority for the protection of personal data, Piazza di Montecitorio n. 121, 00186, Rome (RM). The above rights may be exercised, against the Data Controller, by contacting the references in the “Data Controller and Managers” paragraph. The Data Controller will take charge of your request and provide you, without unjustified delay and, in any case, at the latest within one month of receipt of the same, with information relating to the action taken regarding your request. The exercise of your rights as an interested party is free in accordance with article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Data Controller could charge you a reasonable fee, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request. Finally, we inform you that the Data Controller may request further information necessary to confirm the identity of the interested party.

Owner and Managers

The owner and manager of the treatment is SIAMI Spa – Società Italiana Acque Minerali in the person of its pro tempore legal representative. For any information relating to the processing of your personal data carried out through this site, you can contact the Data Protection Officer at the email addressprivacy@siami.it.

Cookie information