INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA EX ART. 13 OF REGULATION (EU) 679/2016 (General Data Protection Regulation – GDPR)

This information describes the methods and purposes about the processing of personal data of users who access and use the website https://www.phoenixcontact-dss.com/en (hereinafter, even only “Website”) in compliance with the regulations in force for the protection of personal data.

In accordance with the principles recognized by European Regulation 679/2016, this information also provides the user (interested in processing) with any further information necessary to ensure correct and transparent processing, in relation to the specific context in which the personal data is collected and subsequently treated.

  1. Data Controller

The Data Controller is Phoenix Contact S.p.A. (hereinafter “Phoenix”) with headquarter in Via Bellini 39/41 – 20095 Cusano Milanino (MI).

  1. Nature of data provision

To take advantage of certain services on the Website, the user may be required to provide the personal data necessary to ensure the use of the same services: in particular, for the purposes of completing the forms on the site for requesting information, the provision of data marked with an asterisk is required for handling and replying to requests made by the user. In any case, it is specified that the user is free to provide the requested data, in the sense that he is not legally obliged to share them.

  1. Types of data processed and purpose of processing

The types of data being processed include:

  1. the navigation data, collected in an aggregate form with automatic methods (including, by way of example, IP addresses, browsing times, geographic data, data concerning interaction with the Website and other parameters relating to the operating system and IT environment user); such information could, however, also through processing and / or associated with other data, held by the provider or by third parties, allow to trace the identity of the user;
  1. data provided voluntarily by the user, by filling in the forms on the Website to request information (name, e-mail address, city and any other personal data included in the subject or text of the message), or by sending , optional and voluntary, e-mail messages to the e-mail addresses indicated on the Website.

The user’s personal data is collected and processed for the following purposes:

  • navigation data: the IT systems and the communication protocols in charge of the functioning of the Webite acquire, during their normal operation, the information necessary to ensure the use of the services offered and to check its correct functioning. The data concerning the user’s interaction with the Website are also collected to obtain aggregated and anonymised information on the use of the Website (for example, the most visited pages, number of visitors by time slot or daily, geographical areas of origin , etc.), to identify the most appreciated contents and to direct marketing strategies. For more information on the collection, use and storage times of navigation data, please refer to the cookie policy;
  • data provided by the user:
  1. a) the data provided by filling in the contact forms are processed in order to identify requests for information from the user, which may be contacted by an internal Phoenix operator or through a local agent, on behalf of the Owner. Phoenix may also process user data, collected and entered in its databases, to send informational newsletters relating to its products, services and events (without prejudice, in any case, to the right of the interested parties to oppose the receipt of communications and updates of this type, pursuant to Article 21 of the GDPR);
  2. b) the optional and voluntary sending of e-mail messages to the e-mail addresses indicated on the Website, involves the acquisition of the sender’s e-mail address and any other personal data present in the message, in order to perform the processing activities necessary to answer to the requests of the interested parties.
  1. Data processing methods and storage times

The data processing will be carried out using paper and / or IT tools, also by means of subjects authorized to do so, who operate under the direct authority and according to the instructions given by the Data Controller, with logic strictly related to the purposes indicated and, in any case, in order to guarantee the security and confidentiality of the data processed.

The processing operations methods guarantee the security of the data and systems. Specific security measures are adopted in order to minimize the risk of destruction or loss, even accidental, of the data, unauthorized access, unauthorized processing or non-compliance with the purposes indicated in this statement.

The data provided by the user by filling in the contact forms will be stored in the Phoenix databases until the data subject has exercised his right to object to the receipt of communications and promotional updates. The data provided by the user by sending e-mail messages to the addresses indicated on the Website will be kept for the time necessary to provide feedback.

 

  1. Categories of recipients

The personal data of the interested partied may be disclosed to:

  • specially authorized collaborators and employees of the Data Controller, in the context of their duties;
  • commercial agents appointed by the Data Controller;
  • Aruba S.p.A. as a hosting provider.

Furthermore, access to users’ personal data could derive from the execution of some technical maintenance activities of the Website by Primaklasse Srl, which, in such eventuality, will treat the data acquired as an independent Owner.

In no case will the personal data be communicated, disseminated, transferred or otherwise transferred to third parties for illicit purposes and, in any case, without making suitable information to the Interested parties and acquiring their consent, where required by law. The communication of the data on request of the Judicial or Public Security Authority, in the ways and in the cases provided for by the law, remains unaffected.

Personal data will not be transferred abroad to countries or international organizations not belonging to the European Union that do not guarantee an adequate level of protection, recognized, pursuant to art. 45 GDPR, based on an adequacy decision of the EU Commission. In the event that it is necessary for the provision of the services of the Website, the transfer of personal data to countries or international organizations outside the EU, for which the Commission has not taken any adequacy decision pursuant to art. 45 GDPR, will take place only in the presence of adequate guarantees provided by the recipient Country or Organization, pursuant to art. 46 GDPR and on condition that interested parties have effective rights and effective remedies. In the absence of a decision on the adequacy of the Commission, pursuant to art. 45 GDPR, or adequate guarantees, pursuant to art. 46 GDPR, including the binding corporate rules, the cross-border transfer will take place only if one of the conditions indicated in the art. 49 GDPR.

  1. Rights of the interested parties

The interested parties have the right to access their personal data, to request the correction, updating and cancellation or limitation, if incomplete, incorrect or collected in violation of the law, as well as to oppose the processing for legitimate reasons or get portability.

The interested parties, in particular, pursuant to articles 15-22 of the Regulation (EU) have the right to obtain confirmation of the existence or not of personal data concerning them, even if not yet recorded, and their communication in intelligible form.

The interested parties also have the right to obtain the indication:

  1. a) of the purposes and methods of processing;
  2. b) of the logic applied in the case of processing carried out with the aid of electronic instruments;
  3. c) of the identification data concerning the Data Controller, the Data Processor and the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as authorized to process data.

The interested parties have the right to obtain:

  1. a) updating, rectification or integration of their data;
  2. b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those for which conservation is not necessary in relation to the purposes of the processing;
  3. c) the limitation of the processing, when one of the hypotheses referred to in Article 18 GDPR applies;
  4. d) certification that the operations referred in the previous points a), b) and c) have been brought to the attention of those to whom the data have been communicated or disseminated, except in the case where such fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right;
  5. e) the transmission of data concerning them, provided to the Owner and processed on the basis of the express consent of the Interested Parties for one or more specific purposes, in a structured format, commonly used and readable by an automatic device. According to the art. 20 GDPR, the Data Subject also has the right to transmit such data to another Data Controller without hindrance and, if technically feasible, to obtain direct transmission of personal data from one data controller to the other.
  6. f) if the processing is based on consent, revoke your consent at any time (ex art. 7, par. 3 GDPR).

The interested parties have the right to object, in whole or in part:

  1. a) for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of the collection;
  2. b) automated decision-making processes that significantly affect a person.

Without prejudice to any other administrative or judicial appeal, the interested parties have the right to lodge a complaint with a supervisory authority, particularly in the Member State in which they habitually resides, or works in the place where the alleged violation occurred.

  1. Exercise of rights

The above rights are exercised with a request addressed to the Owner of the personal data by sending an e-mail message to the following eamil address: info_it@phoenixcontact.com. The request is formulated freely and without formalities by the interested parties, whom have the right to receive an appropriate response within a reasonable time, depending on the circumstances of the case.

The interested parties can avail themself, for the exercise of his rights, of non-profit organizations, organizations or associations, whose statutory objectives are of public interest and which are active in the field of protection of the rights and freedoms of the Interested with regard to to the protection of personal data, granting a suitable mandate for this purpose. The interested parties may also be assisted by a trusted person.

You can receive more information on the purposes and methods of processing personal data, by writing to the following e-mail address info_it@phoenixcontact.com , pointing out in the subject “Privacy”.

To know your rights, make a complaint and always be up to date on the legislation regarding the protection of individuals with regards to the processing of personal data, the interested parties may contact the Guarantor Authority for the protection of personal data, consulting the following website https://www.garanteprivacy.it/web/guest/home_en