- Ownership, Data processing and Data Protection management
The owner and recipient of the data processed through the Website is QURA S.R.L. (tax code and VAT number 03663360364), with legal headquarters in VIA DI MEZZO 23, 41037 MIRANDOLA (MO), Italy, e-mail address firstname.lastname@example.org, (hereunder referred to as the ‘Owner’).
The updated list of the recipients of any data processed through and by the Website can be disclosed upon request by the Users and/or visitors involved.
The company has not appointed a manager for Data Protection as of now.
- Information gathered indirectly by the Website – Cookies
- a) Information gathered automatically
As all websites do, our Site also employs log files, in which information, gathered automatically during a visitor’s session on the web page, is collected. The IT systems and software processes involved in operating the Website automatically acquire information as they work; this information is collected through the use of protocols inherent to Internet communication.
The information we gather is the following:
- The Internet Protocol (IP) address or the domain name of the device in use;
- The type of browser and settings of the device used to connect to the Website;
- The URI (Uniform Resource Identifier) addresses of the resources requested or the method employed to send a request to the server;
- The name of the internet service provider (ISP);
- The date and time when the Website was accessed;
- The source web page (referral) and target web page of the User;
- In some cases the number of clicks;
- The dimensions of the file received by the Website;
- The numerical code that determines the status of the server at the time it received a request of communication (error, successful request, etc.);
- Other parameters regarding the operative system and environment the device operates with.
This information is processed automatically and is gathered exclusively as a bundle to ensure and verify the correct mode of operation of the Website.
- How we process the personal data you provide by using the Website.
The personal data we require and which the Users provide are necessary to authorize access to the site www.quramed.com (hereunder referred to as the ‘Site’) and to allow Users the following services (the ‘Site Services’):
- access to the Catalogue/Products/Services sections;
- access to the Restricted Area of the Site;
- be Contacted;
- access to the section WORK WITH US;
- access to the NEWSLETTER Service;
- use of the DOWNLOAD Service.
Data is processed for the following purposes:
- technical management of the Website (ALL);
- acquiring the website’s users’ referrals through filled forms provided to them, in order to obtain contact information for informative/marketing communications (CONTACTS);
- contacting subscribers through a recurring newsletter on relevant details activities and updates concerning the company (NEWSLETTER);
- analyzing preferences, habits, interests and consumer choices, including the type, frequency, location of purchases made with the intent to process statistics, to create specific profiles for the website’s users, and to carry out predictive consumer research on future purchases (profiling activity);
- sharing commercial technical information (PRODUCTS/SERVICES CATALOGUE);
- potential establishment of a future partnership (WORK WITH US);
- allowing access to dedicated content, exclusive to registered users (RESTRICTED AREA);
- allowing users to download technical information and details regarding products or services offered on the Site (DOWNLOAD)
In compliance with the “Guidelines on Marketing and against Spam” dated July 4, 2013, we would like to point out that consent given to the reception of commercial, promotional and marketing communications through automated channels will extend to traditional means of contact as well.
The data provided will be processed mainly with IT tools under the authority of the Owner of the information, by specifically appointed individuals who have been tasked, authorized and trained to process the data in compliance with articles 28 and 29 of the Privacy Regulation. We inform Users that adequate safety measures were taken in compliance with articles 5 and 32 of the Privacy Regulation to prevent data loss, illicit or unlawful use, and unauthorized access to the data.
- Consent to provide mandatory or optional data, consequences for denying to provide the information and the legal nature of data processing
We specify that for the purposes of paragraphs (i), (ii), (v), and potentially those that followed under the aforementioned article 3, the provision of personal data is mandatory, as failure to provide it will prevent the use of Services offered by the Site.
Conversely, providing personal data is not mandatory but optional for the purposes of paragraphs (iii) and (iv) of the aforementioned article 3. Failure to provide data for these purposes will prevent us from providing the Newsletter service, Marketing Services, and to perform Profiling Activity. Because of this, the User can choose whether or not to volunteer their consent for these purposes without necessarily restricting the possibility to access Services offered by the Site.
We would like to remind our Users that at any moment and for whatever reason they can reserve the right to contact the Owner to request that data be deleted, through a simple informal communication to be sent at the contact information found at the aforementioned article 1.
Regarding purposes mentioned in paragraphs (i), (ii), (v), and potentially those that followed under the aforementioned article 3, the legal basis for data processing concerns the execution of services provided and requested by and to the Website (in compliance with article 6, comma 1, point (b) of the Regulation); whereas for the purposes of paragraphs (iii) and (iv) of the aforementioned article 3, the legal basis for data processing is the potential consent, freely volunteered and given (in compliance with article 6, comma 1, point (a) of the Regulation).
- In which cases and to whom we will disclose the data
Data can be communicated, within the EU, in full compliance with the provisions of the Privacy Code and Privacy Regulation, to the following individuals:
(i) to the financial administration and/or other public authorities, where applicable by law or upon their request;
(ii) to external structures, individuals and societies the Owner relies on to carry out activities related to, essential to, or resulting from the execution of the Services provided by the Site – including storage services related to cloud computing –, related to the transmission of Newsletters, and related to Profiling Activities;
(iii) to external consultants (for example, to oversee tax obligations), when they have not been appointed in writing as managers for Data Processing;
(iv) to credit institutions, when they oversee operations essential to the potential acquisition of goods/services, when specified in any part of the website’s content.
Information gathered automatically by the Site, provided for in paragraph 2, as well as some anonymous data regarding the amount and type of interactions connected to loyalty programs, strictly speaking, could be transferred to Third Party cloud servers located outside of the EU, in the event that this operation is necessary to allow the Site to provide Site Services requested by the User. The legal basis for data processing in this case falls under article 49, comma 1, point (b) of the Privacy Regulation.
- Your rights
- confirmation as to whether or not any personal data is stored, with the relative indication of the data’s source, and the possibility to verify the data’s accuracy or to request that the data is updated, amended, compounded;
- the ability to access, amend, delete data or limit access of those who are tasked to process the data;
- the ability to delete, to anonymously change or to block data processed in violation of law.
The User can also resist processing of personal data previously provided.
Regarding the Newsletter service, the User can rightfully request that data processing ceases for information that was gathered through automated means of contacting as well as traditional means. Moreover, the User can also exercise this right partially, for example, by requesting that promotional communications, done through one or several of the channels and tools previously authorized by and to which the User consented to, ceases.
- Duration of data processing
With no prejudice to law obligations, personal data will be stored for a fixed length of time, depending on criteria subject to the nature of the service provided.
Specifically, data gathered for Profiling or Marketing purposes will be stored for no longer than 12 and 24 months respectively from the time they are collected.
- Safety measures
Through the Website, data is processed in compliance with applicable law and through the usage of adequate safety measures pursuant to the current regulations and in compliance with articles 5 and 32 of the Data Protection Regulation.
Regarding this, we hereby state that appropriate safety measures aimed at preventing unauthorized access, data theft, and the unauthorized disclosure, alteration or destruction of data collected and processed, are implemented and in use.
This statement was released in September 2018.