In accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (hereafter referred to as ‘the Regulation’ or ‘GDPR’), we would like to inform users of the methods and purposes of processing the personal data of individuals interacting with this website.
Please note that this privacy policy does not apply to any other websites that users may access via links on this website, even if they are operated by the same owner. The owner of this website is not responsible for the content of any third-party websites.
The Data Controller
The Data Controller responsible for the personal data collected through this website is Andriani S.p.A., whose registered office is located at Via Niccolò Copernico s.n. – Zona PIP, 70024 Gravina in Puglia (BA), Italy – Tax Code and VAT number: 03789990987 (hereinafter also referred to as the ‘Company’ or the ‘ Controller’), telephone number: +39 080 3255801.
Data Protection Officer (DPO)
You can contact the Data Protection Officer at Andriani S.p.A. directly via email at dpo@andrianispa.com, or by contacting the Controller’s headquarters.
Purpose of processing, legal basis and nature of provision
For the purposes outlined in this policy, we will only process non-sensitive personal data.
Personal data will be processed in accordance with the lawfulness conditions set out in Article 6 of the Regulation in order to:
- enable navigation on this website and the technical management of links to the website
During normal website operation, and only during the session, the computer systems used to run the websites gather some personal data. This data is transmitted automatically whenever internet communication protocols are used. Although this information is not collected with the intention of associating it with identified data subjects, it could enable users to be identified through processing and association with data held by third parties. This category of data includes, for example, the IP addresses or computer names used by users when connecting to websites, the URI (Uniform Resource Identifier) addresses of the requested resources, the characteristics of the browser used for navigation, the size of the browser window that was opened on the user’s device, and other parameters relating to the user’s operating system and IT environment. The data is used exclusively for the purpose of obtaining anonymous statistical information regarding website usage and to verify the functionality of the websites. The data is deleted immediately after processing. If computer crimes were to be committed against the websites, the data could be used to determine who was responsible.
Legal basis for processing: the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).
This data is requested for the indicated purposes and is necessary for users to navigate the website.
- respond to any requests for information or contact made by users/customers via the contact details provided on the website or data collection forms
If a user chooses to receive communications via the contact details provided on the website, or if they enter their details into the provided form to request information, personal data such as their name, email address and telephone number will be collected. This information is necessary for following up on requests, as is any other personal data entered in the message, such as a fax number, should the user wish to communicate this way.
Legal basis for processing: performance of a contract to which the data subject is a party, or performance of pre-contractual measures taken at the data subject’s request (Article 6(1)(b) of the GDPR).
For us to be able to respond appropriately to requests, data subjects are required to provide the requested data for the specified purposes. Failure to provide the requested data will make it impossible for us to send or receive requests from, or respond to, the data subject.
Data Processing
Processing will be carried out using manual, computerised and telematic tools in accordance with applicable laws, and in line with the principles of correctness, lawfulness, transparency, relevance, completeness, proportionality and accuracy. Data organisation and processing will be strictly aligned with its intended purpose and, in any case, the safety, integrity and confidentiality of the data will be guaranteed, in compliance with the organisational, physical and logical measures provided for by current regulations.
Data retention period
In accordance with Article 5(1)(e) of Regulation (EU) 2016/679, the collected personal data will be stored in a form that allows identification of the data subjects for no longer than is necessary to fulfil the purposes for which the personal data is processed. Whether or not personal data is retained depends on the purpose of processing:
– – browsing this website, see the cookies policy;
-– for contact and information requests, 1 year;
After the specified time has passed, the data will either be deleted or anonymised, unless it needs to be stored for longer to meet legal obligations or comply with orders issued by Public Authorities and/or Supervisory Bodies.
Nature of data provision
Users are free to provide their personal data. Users who do not provide the requested data may have their request rejected or be unable to use the Data Controller’s web services.
Nature of data provision
To pursue the aforementioned purposes, or if it is necessary or required by law or the relevant enforcement authorities, the Controller reserves the right to disclose the data to the following categories of recipients:
- entities that provide IT maintenance or related services;
- entities that provide services for managing the Data Controller’s information system and telecommunications networks, including email and website management;
- Authorities, Supervisory and control bodies and, more in general, public or private entities performing public functions (e.g.: Prefecture, Police Headquarters and the Judicial Authority, but only within the limits established by applicable legislation);
- The data may also be disclosed to the Controller’s staff, including interns, contract workers, consultants, and employees of external companies, for the purpose of carrying out assigned tasks. All of these individuals are specifically authorised to process the data.
Data transfers abroad
Personal data will be processed in both EU and non-EU countries (including indirectly through its suppliers) that have been recognised by the European Commission as providing an adequate level of protection under Article 45 of the GDPR. The transfer of personal data to countries or international organisations outside the EU, for which the European Commission has not adopted an adequacy decision under Article 45 of the GDPR, is permitted where necessary to provide services, provided that the recipient country or organisation provides adequate safeguards under Article 46 of the GDPR, and provided that data subjects have enforceable rights and effective legal remedies. In the event that the Commission fails to issue an adequacy decision in accordance with Article 45 of the GDPR, or if adequate safeguards are not in place under Article 46 of the GDPR (including binding corporate rules), cross-border data transfers will be permitted only if one of the conditions set out in Article 49 of the GDPR is met.
Data dissemination
Users’ personal data will not be disclosed.
Rights of the data subject
Art. 15, 16, 17, 18, 20, 21 and 22 of the GDPR confer specific rights to the data subject, which can be obtained from the Data Controller.
In particular, the GDPR provides the following rights to data subjects:
- right of access: the right to obtain confirmation that your data is being processed and obtain access to your personal data, including a copy thereof;
- right to rectification: the right to obtain rectification of inaccurate personal data concerning you and/or integration of incomplete personal data;
- dright to erasure (right to be forgotten): the right to have your personal data erased, if no longer necessary for the purposes of the Controller, when consent is withdrawn (and there is no other legal foundation for the processing) or when you oppose processing, when the processing is illegal or any other case where there is a legal obligation to erase. The right to erasure does not apply when the processing is necessary to fulfil a legal obligation or to carry out a task in the public interest, or for the exercise or defence of a right before the courts;
- right to restriction of processing: the right to restrict data processing when a) the subject has issues with the accuracy of personal data; b) the processing is illegal and the subject opposes the erasure of personal data asking instead to restrict its processing; c) personal data are necessary for the subject to exercise or defend a right before the courts;
- right to data portability:the right to receive personal data in a structured, common use format that can be read by an automatic device and transmit them to another Controller without impediments, if the processing was based on consent and carried out with automated means;
- right to object: the right to object to the processing at any point, if the personal data is processed for purposes other than those for which consent was given;
- automated decision-making: the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Data subjects who have reason to believe that their personal data is being processed in violation of the Regulation are entitled to file a complaint with the Italian Data Protection Authority (Piazza Venezia n. 11, 00187 Rome) as set out in Article 77 of the Regulation. Alternatively, the matter can be brought before the relevant courts (Article 79 of the Regulation).
If you want to know more about your rights, you can get in touch with the Data Controller or visit the official website of the Data Protection Authority:
https://www.garanteprivacy.it/web/guest/regolamentoue/diritti-degli-interessati
This Privacy Policy was updated in May 2025.
The Data Controller
Andriani S.p.A.