Privacy policy

PRIVACY POLICY BTS SPA

Information document pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 (GDPR)

WHY THIS INFORMATION
Pursuant to Regulation (EU) 2016/679 (hereinafter “GDPR”), this page describes the methods of processing personal data. This information is provided pursuant to art. 13 GDPR. The information is not to be considered valid for other third-party websites, which may be consulted via links on this website, for which we assume no responsibility.

Personal data that can be processed
Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social (C26, C27, C30 GDPR).
Data of contractors/users.

Navigation data
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

Data communicated voluntarily
The optional, explicit and voluntary sending of messages to the contact addresses indicated on this site and/or the compilation of data collection forms involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered.

Information about the processing of personal data carried out through Social Media platforms
Regarding the processing of personal data carried out by the managers of the Social Media platforms used by the Data Controller, please refer to the information provided by them through their respective privacy policies. The Data Controller processes the personal data provided by users through the dedicated Social Media platform pages, to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation.

Specific information
Specific information may be present in the pages of the Site as to particular services or processing of the data provided.

Cookies and other tracking systems. What are they? What are they for?
For Cookies and other tracking systems, see the cookies policy shown in the footer of the website and at the following link.

WHO IS THE DATA PROCESSING OWNER? HOW TO CONTACT HIM?
The Data Controller is BTS SPA, with registered office in Viale Forlanini, 40, 20024 Garbagnate Milanese, in the person of its pro-tempore Legal Representative, who you can contact for any information by telephone +3902 366 490 00, e-mail privacy @btsbioengineering.com.

PURPOSE OF THE TREATMENT, LEGAL BASIS, PERIOD OF DATA STORAGE AND PROVISION NATURE

PURPOSE OF THE TREATMENT	LEGAL BASIS	PERIOD OF DATA STORAGE	PROVISION NATURE
Navigation on this website. The data necessary for the use of web services are also processed to: obtain statistical information on the use of the services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.); check the correct functioning of the services offered. The data will be used to ascertain responsibility in the event of hypothetical computer crimes against the website.	The processing is necessary for the pursuit of the legitimate interest of the data controller or of third parties, provided that the interests or fundamental rights and freedoms of the data subject who require the protection of personal data do not prevail, considering the reasonable expectations nourished by the interested party and the activities strictly necessary for the functioning of the website and for the navigation itself. (Art. 6, par. 1 letter f and C47 of the GDPR)	The retention of navigation data will be up to the duration of the navigation session and in any case, they will not persist for more than seven days (except for any need to ascertain crimes by the judicial authorities).	The provision of data is necessary for browsing the website.
Use of cookies and comparable technologies. See the cookie policy in the footer of the website.	For necessary non-technical cookies and similar technologies, the processing is based on consent to the processing of personal data (art. 6 par. 1 letter and C42, C43 of the GDPR). The consent is given through the banner and the cookie policy of the website.	See the cookie policy in the footer of the website.	See the cookie policy in the footer of the website.

In addition to browsing, personal data will be processed for:

PURPOSE OF THE TREATMENT	LEGAL BASIS	PERIOD OF DATA STORAGE	PROVISION NATURE
A) CONTACTS, sending contact requests, information, by filling in the “contacts” section of the Website	The processing is necessary for the execution of a contract of which the interested party is a part or for the execution of pre-contractual measures adopted at the request of the same; (C44). Art. 6 par. 1 lit. b) of the GDPR.	Maximum 24 months	The provision is necessary. Failure to provide the necessary data will make it impossible to be contacted and receive information.
B) SUBSCRIPTION TO THE NEWSLETTER, to receive the BTS SPA newsletter, by filling in the form in the “contacts” and “newsletter” sections of the Website	The processing is based on consent to the processing of personal data (C42, C43). Art. 6 par. 1 lit. a) of the GDPR.	Until withdrawal of consent. (Or opt out)	The provision is optional. Failure to provide the necessary data will make it impossible to receive direct marketing communications.
C) MANAGEMENT OF YOUR REQUESTS and requests from other interested parties, pursuant to art. 15 and following of the GDPR (rights of the interested party)	The processing is necessary for compliance with a legal obligation to which the controller is subject (C45). Article 6 par. 1 lit. c) of the GDPR.	5 years from the closure of the request, barring disputes.	The provision of personal data is mandatory, as it is essential to be able to implement legal obligations.
D) SELECTION OF PERSONNEL, by filling in the form in the “WORK WITH US” section of the Website. See specific information in the dedicated area.	The processing is necessary for the execution of a contract of which the interested party is a part or for the execution of pre-contractual measures adopted at the request of the same; (C44). Art. 6 par. 1 lit. b) of the GDPR.	Maximum 24 months. In principle, the data collected during the recruitment process will be deleted as soon as it becomes evident that no offer of employment will be made or that the offer will not be accepted by the candidate.	The provision is necessary. Failure to provide the necessary data will make it impossible to apply.

TO WHOOM WILL THE PERSONAL DATA BE COMMUNICATED? DATA RECIPIENTS
Personal data will be communicated, also on the basis of the purposes envisaged in specific areas, to subjects who will process the data as independent data controllers, or data processors (art. 28 GDPR) and processed by natural persons (art. 29 GDPR ) who act under the authority of the Data Controller and the Managers on the basis of specific instructions provided regarding the purposes and methods of processing, for specific purposes based on the reference area. The data will be communicated to recipients belonging to the following categories:

Subjects that provide services for the website and for communication networks, including e-mail, hosting and website management.
Companies that provide platforms for the management of promotional activities.
Competent authorities to fulfill of legal obligations and/or provisions of public bodies, upon request

The list of data processors is available by writing to [email protected] or to the other addresses indicated above.

WILL DATA BE TRANSFERRED TO NON-EEA COUNTRIES?
Personal data will be transferred to non-EEA countries, to comply with related purposes based on the processing purposes indicated above. The data will be transferred based on Article 44 et seq. of the GDPR:

art. 45 towards third countries international organizations for which the Commission has intervened with an assessment of adequacy;
towards subjects who have provided adequate guarantees, with standard contractual clauses (SCC) of the European Commission (Article 46, paragraph 2, letter c and letter d).

For information about the guarantees concerning the transfer of data outside the EEA, write to [email protected].

IS THERE AN AUTOMATED PROCESS?
Personal data will be subjected to traditional manual, electronic and automated processing. It should be noted that fully automated decision-making processes are not carried out.

WHAT ARE YOUR RIGHTS? HOW CAN YOU EXERCISE THEM?
You will be able to assert the rights as expressed by the articles 15 and following GDPR, by contacting the Data Controller at the email address [email protected], or at the contacts indicated above. You have the right, at any time, to request access to your personal data (art.15), rectification (art.16), cancellation of the same (art.17), limitation of treatment (art.18 ). The data controller communicates (art. 19) to each of the recipients to whom the personal data have been transmitted any corrections or cancellations or limitations of the treatment carried out. The data controller communicates these recipients to the interested party if the interested party requests it. In the foreseen cases, you have the right to the portability of your data (art.20) and in this case they will be provided to you in a structured format, commonly used and readable, by automatic device. You have the right to object (art.21), at any time, to the processing of data based on legitimate interest, and in cases where the legal basis is consent, you have the right to revoke the consent given without prejudice to the lawfulness of the processing based on consent before revocation.

To stop receiving automated direct marketing communications (e-mail, SMS-type messages, instant messaging) write an e-mail to [email protected] with the subject “unsubscribe from automated” or use our automatic cancellation systems provided for emails only (opt-out).

To stop receiving traditional direct marketing communications (telephone calls with operator and paper mail), write an e-mail to [email protected] with the subject “unsubscribe from traditional”.

To stop receiving any marketing communications, write an e-mail to [email protected] with the subject “unsubscribe from marketing”.

In the event that he believes that the processing of personal data carried out by the Data Controller is in violation of the provisions of Regulation (EU) 2016/679, the interested party has the right to lodge a complaint with the Supervisory Authority, in particular in the Member State in where he habitually resides or works or in the place where the alleged violation of the regulation has occurred (Privacy Guarantor https://www.garanteprivacy.it/), or to take the appropriate judicial offices.

POLICY CHANGES
The Owner reserves the right to modify, update, add or remove parts of this information. To facilitate the verification and modification of the text, the information will contain the date updated.

Date updated: November 30, 2022