Privacy Policy

Data Controller

The company that will process your Personal Data for the purposes set out in this Privacy Notice, and that will therefore act as data controller, is BIORSAF S.r.l. Innovativa, with registered office at Loc. Ferro di Cavallo SNC, 58034 – Castell'Azzara (GR), Italy (the “Controller”).

The Controller can be contacted at the following email address: info@biorsaf.it.

Data Protection Officer

To facilitate relations with data subjects, the Controller has appointed a Data Protection Officer (the “DPO”).

As provided by Art. 38 of the GDPR, you may freely contact the DPO for any question relating to the processing of your Personal Data and/or to exercise your rights under this Privacy Notice, by sending a written communication to the email address dpo@biorsaf.it.

Purposes and Legal Basis of the Processing

While using the App and browsing the Controller's Sites, some of your Personal Data may be collected in the following ways.

Browsing data

The IT systems and software procedures used to operate the Sites acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes, by way of example: IP addresses, the type of browser used, the operating system, the domain name and addresses of websites from which access was made or exit occurred, information on pages visited by users within the Sites, time of access, time spent on each page, internal path analysis and other parameters relating to the user's operating system and IT environment.

Such technical/IT data is collected and used exclusively in an aggregated and non-identifying manner and may be used to ascertain responsibility in the event of hypothetical computer crimes against the Sites.

The processing is legally based on the Controller's legitimate interest in the proper functioning of its systems, the optimization and improvement of the browsing experience, the prevention of fraudulent activity and the improvement of the security of the Sites (Art. 6, paragraph 1, letter f, of the Regulation).

For more information on cookies and their use within the Sites, please see the dedicated Cookie Policy.

Data voluntarily provided by the visitor

This includes all Personal Data voluntarily released by the visitor in the App and/or on the Sites, for example to register and/or access the system, to request information about the service through the form, to subscribe to the newsletter service, to write to an email address or call a telephone number listed in the App or on the Sites to contact the company directly. Such processing will be lawful under Art. 6, paragraph 1, letter b, of the Regulation.

No Personal Data relating to your health is processed and, in general, no “special” categories of personal data referred to in Art. 9 of the Regulation.

In addition to the above, your Personal Data may be processed by the Controller for direct marketing purposes, based on the Controller's legitimate interest under Art. 6, paragraph 1, letter f, of the Regulation and Art. 130, paragraph 4, of the Italian Privacy Code. You may object at any time to the receipt of promotional communications, without prejudice to processing for other purposes.

Parties to Whom Your Personal Data May Be Communicated

Your Personal Data may be handled, on behalf of the Controller, exclusively by personnel expressly authorized to process data (pursuant to Art. 29 GDPR) and by third parties expressly appointed as data processors (pursuant to Art. 28 GDPR).

Where required by law or to prevent or suppress the commission of a crime, your Personal Data may also be communicated to public bodies or to the judicial authority.

Personal Data Retention Periods

In compliance with the principle of storage limitation (Art. 5.1, letter e, of the Regulation), your Personal Data will be processed by the Controller only for as long as necessary to pursue the purposes set out in this Privacy Notice.

In particular, your Personal Data will be processed until the end of the relationships between you and the Controller, as well as for an additional retention period that may be imposed by law.

Links to/from Third-Party Sites

From the Site it may be possible to connect, via specific links, to other third-party websites. The Controller cannot be held responsible for any processing of Personal Data by third-party websites or for the management of authentication credentials provided by third parties.

Rights of Data Subjects and How to Exercise Them

You may exercise at any time your rights under Articles 15 et seq. of the Regulation vis-à-vis the Controller. In particular, you have the right to obtain:

• Confirmation as to whether or not your Personal Data is being processed and access to such data and the following information: purposes of the processing, categories of personal data, recipients and/or categories of recipients to whom the data has been and/or will be communicated, and the relevant retention period.
• Rectification of your inaccurate Personal Data and/or completion of incomplete Personal Data, including by providing a supplementary declaration.
• Erasure of your Personal Data and restriction of processing in the cases provided for by the GDPR and applicable privacy legislation.
• Where applicable, portability of your Personal Data and, in particular, the possibility of requesting the direct transmission of your Personal Data to another data controller.
• Objection to the processing at any time, on grounds relating to your particular situation, to the processing of your Personal Data in full compliance with applicable privacy legislation.

To exercise your rights, you may contact the Controller or the DPO at the addresses indicated in this Privacy Notice, attaching a copy of an identity document.

In any case, should you consider that the processing of your Personal Data is contrary to privacy legislation, you will always have the right to lodge a complaint with the competent supervisory authority (Italian Data Protection Authority — “Garante per la Protezione dei Dati Personali”) pursuant to Art. 77 GDPR.

Place of Processing

Your Personal Data will be processed by the Controller within the territory of the European Union.

Should it become necessary, for technical and/or operational reasons, to rely on parties located outside the European Union, we inform you that such parties will be appointed as Data Processors pursuant to Art. 28 of the Regulation, and that the transfer of your Personal Data will be regulated in accordance with the provisions of Chapter V of the Regulation, adopting all necessary safeguards to ensure the utmost protection of your Personal Data.

In any case, you may request further details from the Controller if your Personal Data has been processed outside the European Union, requesting evidence of the specific safeguards adopted.