Privacy Policy

Security and processing of personal data

This information, intended for all users browsing the website https://www.ircagroup.com  (hereinafter “Site”), is issued pursuant to article 13 of Regulation 2016/679 (hereinafter “GDPR”) and article 122 of the Legislative Decree 196/2003 (hereinafter "Privacy Code").

  1. Who the "data controller" of the processing of personal data is (i.e., who decides the purposes and means of processing) and how it can be contacted

    The data controller is Irca S.p.A., with registered office in Via degli Orsini 5, 21013 Gallarate (VA, Italy), VAT 09684290969, e-mail [email protected] (hereinafter, “Company”).  

  2. Categories of data processed

    2.1 Browsing data 
    The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These data are not collected to be associated with identified data-subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.

    Such data may be processed to:  

    • enable and monitor the proper functioning of the Site, perform maintenance activities;
    • obtain anonymous statistical information on the use of the Site;
    • ascertain possible liability in case of hypothetical computer crimes against of the Site and therefore exercise and/or defend the Company's rights in court.

    2.2 Data provided by the user 
    In certain sections of the Site, you may be asked to provide personal data. In this case you will be provided with the specific privacy policy pursuant to Article 13 of the GDPR.

    2.3 Cookie
    Our Site uses cookies.

    For further information please see the “Cookie Policy”.

  3.  Provision of personal data    

    Pursuant to Article 13(2)(e) of GDPR, the provision of navigation data is necessary to enable navigation on the Site. Therefore, any refusal or failure to provide navigation data will result in the inability to navigate the Site.

  4. Categories of recipients

    Data may be processed, on behalf of the Company, by third parties, appointed as data processors pursuant to Article 28 of the GDPR, such as natural and/or legal persons who carry out activities functional to the pursuit of the aforementioned purposes (e.g., service providers for the management of the Site, such as system outsourcers, companies that deal with connectivity services to the Internet network, consulting companies).

    Furthermore, data may be disclosed to autonomous data controllers, such as authorities and supervisory and regulatory authorities legally authorized to access to data, as well as to third party providers (or vendors) listed in the cookie policy tables containing the list of cookies, in which the link to the relevant policy is also provided.

    In addition, data are processed by Company employees who have been expressly authorised to process such data for the above-mentioned purposes and have received adequate operating instructions.

  5.   Extra EU data transfer

    Data may be transfer to entities established in countries outside the EU and the EEA, and in particular the USA. In such cases, the standard contractual clauses adopted by the European Commission pursuant to Article 46(2)(c) of the GDPR are used as appropriate safeguards, with the possible provision of "additional measures" to ensure a level of protection substantially equivalent to that required by EU law.

  6.   Rights of the data subject

    Data subjects may exercise against the Company the rights under Articles 15-22 of the GDPR and in particular:

    1. request access the data concerning the information under article 15 (purposes of processing, categories of personal data, etc.)  
    2. to obtain the erasure of data in the cases provided for by Article 17 GDPR if the Company no longer has the right to process them1;
    3. to obtain the rectification of inaccurate data or the right to have incomplete personal data completed;
    4. to obtain restriction of processing (i.e., the temporary subjecting of data to the storage operation only) in the cases provided for by Article 18 GDPR2;
    5. to object at any time, easily and free of charge, on grounds relating to the particular situation, to the processing of data carried out in the legitimate interest of the controller;
    6. where the processing is based on consent or contract and is carried out by automated means, to receive the data in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

    To exercise such rights, you may contact the Company at any time by sending your request by e-mail [email protected].
    Furthermore, you shall have the right to lodge a complaint with the Italian Data Protection Authority or the competent supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

    --

    [1] The data subject shall have the right to obtain from the controller the erasure of personal data in the following cases:

    1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
    3. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
    4. the personal data have been unlawfully processed
    5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
    6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).


    [2] The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: 

    1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
    2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
    3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;  
    4. the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.