In accordance with applicable privacy laws (EU Regulations n. 679, 2016 and D. Lgs June 30th  2003 n. 196), Ivangog Srls with legal head office located in Via Giuseppe Petroni, 16 – 40126 Bologna, VAT number n. 03758921203, REA BO – 544152 would like to inform you that your personal information will be processed in an ethical and transparent manner, only for lawful purposes.

PERSONAL DATA COLLECTED

DATA VOLUNTARILY PROVIDED BY USERS

Those data voluntarily provided by users through form submission, product purchase or email conversations.

They are collected and processed for the following purposes:

 A. To obtain and confirm product purchase, and to provide such services as requested. 


B. To comply with applicable administrative, accounting and tax regulations or Law Enforcement inquiring.


C. To send you advertising messages and updates on special rates and promotions. For this purpose, upon obtaining your consent, your information will not be disclosed to third parties. You may revoke your consent at any moment.

DERIVATIVE DATA

Information our servers automatically collect when you access the website, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the website. 



PROCESSING METHOD AND PERSONAL DATA RETENTION PERIOD

Data will be processed with automated electronic tools and administrative, technical, and physical security measures will be used to protect personal information.
When you place an order through the website, we will maintain your Order Information for our records up to 10 years, unless and until you ask us to delete this information.
Ivangog Srls doesn’t allow permanent data retention, so the period is defined according to data minimization principle.

SUBJECTS AUTHORIZED FOR DATA PROCESSING  AND COMMUNICATION OF DATA

Processing of collected data is carried out by internal staff of Ivangog Srls identified and authorized for this purpose according to specific instructions given in compliance with current legislation.

The data collected, if necessary or instrumental for the execution of the aforementioned purposes, may be processed by third parties appointed as external data processors, or, depending on the case, communicated to them as independent owners, and precisely:
– Companies belonging to our corporate group;

  • People, companies, associations or professional firms that provide assistance and consultancy to Ivangog Srls;
  • Companies, organizations, associations that perform services connected and instrumental to the execution of the aforementioned purposes (market analysis and research service, management of payments by credit card, maintenance of IT systems, shipment of goods);
  • Companies that purchase and / or resell the services of Ivangog Srls;

For purposes other than those mentioned above, the personal data collected will not be disclosed or exchanged with subjects other than the Data Controller, the Manager and the persons in charge, without the express consent of the interested party.



DATA INTERNATIONAL TRANSFER

Ivangog Srls does not transfer your data outside of Italy and the European Economic Area (EEA) for the direct execution of its services.

In case the personal data collected have to be transferred to countries outside the European Economic Area, whose legal provisions on the protection of personal data are different from those of the European Union, Ivangog Srls ensures the protection of personal data by signing Standard Contract Clauses or other protection tools defined by law.

SAEFTY

We use organizational, administrative, technical and physical security measures to safeguard your data and to ensure that it is processed in a timely, accurate and complete manner. We also ask our suppliers to safeguard your data and to use it only for the specified purposes.

  • Privacy by default and by design

Our software and systems have been designed and built following the “Data protection by default and by design” concept.

  • Data integrity and security

We use data encryption for which we are required to ensure a level of security appropriate to the risk of their loss or theft. A procedure is also active to digitally sign the log files and give them a certain date in accordance with Italian legislation.

  • Log storage according to law

We keep the logs in accordance with the law for the period prescribed by Italian law, in order to be able to follow up on investigations and requests from the judicial authorities.

  • Confidentiality of data

All data that transits for the execution of our services are protected by SSL / TLS encryption.

  • Vulnerability Management

To detect any software vulnerabilities and block the spread of Viruses / Malware, we use tools designed to check and discover vulnerabilities and criticalities in systems and software. We continuously monitor to verify that the process is compliant.

  • Data backup and availability

We make sure that all data collected and stored are treated with principles that guarantee their availability and integrity for the execution of existing contracts. To this end, we carry out periodic backups, check them, monitor that systems and applications are always available and running.

  • Authorized personnel

All the collaborators of Ivangog Srls follow internal training courses relating to the provisions of the GDPR and are constantly updated and made aware of the issues of security and data protection that we process also through the signing of specific confidentiality agreements.




CUSTOMER’S RIGHTS

With relation to the provided personal data, the Data Subject can exercise the following rights guaranteed by the Regulation: f) access right; g) right to rectification, modification and cancellation of personal data or the right of restriction of the processing of the former; h) right to object the processing; i) right to withdraw the consent j) right to send a complaint to the competent Supervisory Authority (Garante)

ROLES

Ivangog Srls as data controller and Ivangog Srls as data controller

The concepts of “data controller” and “data protection manager” are important in understanding what a company’s responsibilities are.

Depending on the scenario, a company can be a data controller, a data protection manager, or have both roles and take on specific responsibilities. Consequently:



DATA CONTROLLER

A company has the role of data controller when it is responsible for deciding why and how (the “purposes” and “means”) personal data are processed.

Data controllers will need to take compliance measures that include how the data is collected, the purpose for which it is used and the retention period. They will also need to make sure that people can access the data they have provided.

Data controllers must ensure that data controllers comply with their contractual commitments regarding the safe and lawful processing of data.

For example, when Ivangog Srls processes the customer’s tax data, such as issuing an invoice, it holds the role of Data Controller.



DATA PROTECTION MANAGER

A company is defined as a data protection manager when it processes personal data on behalf of a data controller. Data protection managers have an obligation to process data securely and legally.


QUESTIONS OR COMPLIANTS

For any issues or question concerning our privacy policy, email us at info@gost-x.it