PRIVACY POLICY

CMA Macchine per Caffè S.r.l.

Pursuant to art. No. 13 Reg. UE n. 2016/679 of 27/04/2016 (“ General Data Protection Regulation”, hereinafter “ GDPR”), we would like to inform you that your personal data as collected through this form will be processed by CMA Macchine S.r.l. Via Condotti Bardini, n. 1, 31058 Susegana (TV), Italia c.f. e P. IVA n. 04518950268, (“ Controller”) in its capacity as Data Controller in the case of User registration on this portal beans2cloud.com (“ Portal”) in order to process User account configuration and CMA services delivery (“ Services”) for the following purposes:

  1. PURPOSES OF DATA PROCESSING AND LEGAL BASIS

    Personal data (" Data") provided by the interested party are processed for the following purposes:

    1. execution of the requested Services: e.g. connected to services delivery through the use of the Portal including the collection, retention of User Data;
    2. in compliance with legal obligations, accounting requirements, administrative and contractual obligations linked to the Services.
    3. subject to specific consent, for the purposes of sending commercial and / or promotional communications on the products and services and to perform market research (" Direct Marketing");
    4. subject to specific consent, for the purposes of analyzing the behavior, habits and propensity to consume of the interested party, in order to improve products and services provided by the Controller, as well as to meet the specific needs of customers through individual or aggregate profiling and market research (e.g. to analyze consumption choices and purchasing habits and to compile statistics) (" Profiling");
    5. subject to specific consent, for the purposes of communicate the Data to other companies connected or related to Data Controller, as well as to partner companies that may process them and send commercial and / or promotional communications on products and services of the aforementioned companies, as well as perform market research (" Marketing third parts").

    Personal data may be processed by authorized Controller staff, employed in the marketing, IT system and sale departments, duly internally appointed. In addition, it might be processed on behalf of Controller by third parties duly appointed as data processors.

  2. TYPES OF DATA PROCESSED

    1. Internet navigation data : this category of data includes IP addresses or domains of computers used by users who connect to the site, addresses of the requested resources, time of the request, method used in submitting the request to the server, file size obtained in response, numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and user's computer environment.
    2. Data provided voluntarily by the user : the optional, explicit and voluntary sending of emails to the addresses indicated on this site entails the subsequent acquisition of the sender's address for the purposes of answering to requests, as well as any other data included in the format.
  3. INTERNATIONAL TRANSFER OF PERSONAL DATA

    Personal data are managed and stored on servers located within and outside the European Union owned and / or available to the Controllers and / or third parties, duly appointed as data processors.

    The data of third parties will be communicated by the Controller upon request.

  4. DATA STORAGE PERTIOD

    Data of the interested parties, collected through the website forms, are stored for the time necessary to give feedback to their requests.

  5. PROVIDING DATA

    As to sub 1.(a) and sub (b), users provide Data on a voluntary basis: the refusal to provide the Data, however, excludes the user from the service required. The consent to data processing for further purposes is optional.

  6. DATA PROCESSING METHODS

    Data processing for each of the aforementioned purposes is carried out using paper-based, automated or electronic methods also, but not limited to, mail or email, telephone (e.g. unsolicited calls, SMS, MMS), fax and any other IT channel (e.g. websites, mobile, app) suitable to guarantee security and confidentiality according to the so-called data protection by default, i.e. the application of measures to minimize the risks of data breach.

  7. AUTOMATED DECISION MAKING PROCESS

    Individual or aggregate profiling activity is aimed at the analysis of consumption choices and purchasing habits, as well as at the development of statistics. Only subjects aged over 18 years may subscribe to the website.

  8. RIGHTS OF THE INTERESTED PARTY

    Pursuant to GDPR, and subject to the conditions specified therein, the interested party holds the following rights:

    1. right of access , i.e. the right to obtain confirmation that Data are (not) being processed and, where that is the case, obtain access to it;;
    2. right to rectification and cancellation , i.e.: the right to obtain from the Controller the rectification of inaccurate Data and / or the completion of incomplete Data or erasure of Data;
    3. right to restriction of data processing , i.e.: the right to request suspension of Data processing;
    4. right to data portability , i.e.the right to receive Data in a structured, commonly used and machine-readable format, as well as the right to transmit Data to another controller;
    5. right to object , i.e.: the right to object to processing of Data, including the processing of Data for marketing and profiling purposes, as applicable;
    6. right to contact the national competent data protection authority: in case of unlawful processing of Data.

    You may in any event withdraw your consent and exercise your rights as established under articles by sending an email to the following address: cloud.astoria@astoria.com

  9. RECIPIENTS OF PERSONAL DATA

    The User's Data may be communicated by Controller to third parties for whom it is useful for the purpose of providing services which are functional to the provision of the Services or the fulfillment of legal obligations. These third parties will be entitled to know the only information necessary for the purpose and it will be required to them to adopt all security measures in accordance with current legislation. Personal data may be processed by authorized Controller staff, duly internally nominated. In addition, it might be processed on behalf of Controller by third parties duly appointed as data processors. Under no circumstances, will personal data be disclosed. For the purpose of the Services relating to the use of the ECS myIOT platform, which is used by the user through the Portal access, ECS s.r.l has been nominated as external Data processor by CMA in accordance to the present Privacy Policy.