Introduction
BERTO’S SPA has developed this Internet Privacy Policy in order to conform its activities to those of a trusted party that guarantees, respects and maintains the right to privacy of the visitors online

BERTO’S SPA, a company established under Italian law and registered at number 01897800288 with registered address in Tribano (PD) is the Data Controller for any personal data that are collected through this website, according to the terms defined in European Regulation GDPR 679/2016. The Controller will process any data collected through this website (www.bertos.com) for the purposes and using the methods as specified below.

Personal data collection and processing purpose
BERTO’S SPA only collects and processes personal data that are voluntarily provided by visitors to this website. Visitors are able to browse the site without revealing any personal information or data. The outside systems used to collect user information, i.e. IP address, browser type, operating system used and webpages visited by the user to our website, do not collect personal data only anonymous data for statistics or security purposes. Each visitor to the site may decide to give BERTO’S SPA only limited personal data according to their request to obtain information about our services. Once the data are registered, they are only used for the services shown in the available information statement.

 Visitors to the site can provide their data for:

 •Registration with our newsletter
•Registration with events
•Sending their CV
•Requesting information about our services, products, offers, estimates

Communication to third parties
The collected personal data could be communicated within the EU and outside the EU exclusively for the purposes as specified above. For further information, send an email to privacy@bertos.com

Through the website, BERTO’S SPA does not deliberately collect any special categories of personal data or personal data relating to criminal convictions or offences, or related to security measures.

 The special categories of data, pursuant to art. of European Regulation GDPR 679/2016, include personal data that could reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or tradeXmembership, and data concerning health, sex life or sexual orientation.

 Criminal data include those personal data that could reveal measures as defined in article 3(1) letters a) to o) and r) to u) of D.P.R. n. 313 of 4 November 2002, regarding criminal records, database of administrative fines related to crimes and relative pending charges, or the state of being accused or investigated as per articles 60 and 61 of the Criminal Procedure Code. It is strongly advised not to give this sort of information in our website.

However should this be necessary (e.g. if you belong to a protected category if you wish to send your CV while seeking employment, in answer to a job announcement or if you express your interest in working with us) please send us a written consent statement that you authorize us to process this information.

 Integration of third party services and contents
•Google Analytics, Google-IP-Locator, Google Maps, Google Maps Distance Api, Google reCHAPTA
Owner: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
•YouTube-Inhalte,
Owner: Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.
•Soziales Netzwerk Facebook
Owner: Facebook Inc., Menlo Park, California, USA
•Soziales Netzwerk Google Plus
Owner: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
•Soziales Netzwerk Instagram,
Owner: Facebook Inc., Menlo Park, California, USA
•Soziales Netzwerk Twitter,
Owner: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland
•Vimeo
Owner: Vimeo Inc., 555 West 18th Street, New York, New York 10011
•Linked in
•Other external contents could be loaded through widget and iframe. To access the list of external contents send an email to privacy@bertos.com

Links to third party websites
Please note that www.bertos.com could contain links to other websites that are not governed by this privacy policy.

Data storage and deletion
Visitors’ personal information and data collected from this website, including data voluntarily provided in order to receive information and other communications by filling in the contact form in the site, are stored exclusively to provide the requested service and for as long as is strictly necessary. Once the service has been completed, all the personal data are destroyed in compliance with the BERTO’S SPA data storage policy, unless requested otherwise by the authorities and imperative storage needs as defined by law, or when indicated in this policy in the section “specific use of personal data”, or further to your express request.

Exercising the rights of the data subject
Pursuant to art. 15 and following of European Regulation GDPR 679/2016, at any time you can check your personal data that has been collected from the website and rectify, update or delete the data, or exercise the other rights granted by law, by writing to or contacting the data controller at privacy@bertos.com

Data security
Technical and organisational security measures are applied to protect the personal data from loss and improper use. BERTO’S SPA protects the personal data by applying internationally recognized security levels and specific security procedures to protect the data from:
•Unauthorised access
•Improper use and disclosure
•Unauthorised alteration
•Loss and destruction either accidental or due to illegal actions

Cookies/Advertising banners
Cookies are small text files that are saved on visitors’ computers when they visit certain websites. For the www.berto.com site and subdomains, we use cookies and request the user’s consent if required by law or applicable regulations, to facilitate browsing and customize the information addressed to the user. Systems are also used to collect information about the users e.g. IP address, browser type and operating system and/or webpages visited by the user, for statistics and security purposes. Cookies are not harmful for the visitor’s computer, tablet or smartphone. In the cookies generated from the www.bertos.com website no personal identification data is stored only encrypted data.

Specific use of personal data
Specific indications are given below about the functions of certain sections in the website:

•Section: Contact request
The “contact request” section in the website enables requesting information about our services, products and events and to request quotations and estimates. If you decide to send your personal data they will be processed exclusively for this purpose by specifically appointed operators, following the normal internal procedures, and the data will be stored for two years at most, barring other imperative storage times ordered by law.

•Section: Work
The "Work” section enables expressing an interest in working with our company or to answer a job announcement for vacant or new positions. If you decide to send your personal data they will be processed exclusively for this purpose by specifically appointed operators, following the normal BERTO’S SPA personnel management procedures, and the data will be stored for two years.

• Section: Newsletter
If the visitor to the website www.bertos.com decides to register for our newsletter they have to give their personal data (e.g. email address, etc.) by filling in the contact form in the “Newsletter” section. The collected data will be used to send the newsletter and as indicated in the information statement at the foot of the service registration page.

Minors under 16 years of age
The website www.bertos.com governed by this privacy policy is not designed for use by minors. We fully understand the importance of protecting information available to minors, especially online, and therefore we do not collect nor deliberately keep any personal data about minors.

CLIENT/SUPPLIER DATA PROCESSING STATEMENT, ART. 13 EU REGULATION 679/2016
In compliance with the provisions of EU Regulation 2016/679 regarding data privacy, in particular art. 13, with this statement BERTO’S SPA informs its clients/suppliers as follows:

 DATA CONTROLLER
The personal data controller, i.e. the person who makes the decisions regarding processing methods and purposes, is BERTO’S SPA, head office in Tribano (PD) in Viale Spagna 12, telephone 049 9588700, fax 049 9588799 email bertos@bertos.com.

To contact the Controller, please write to privacy@bertos.com.

The personal data you provide is necessary to satisfy our legal requirements.

Processing is done using automated and manual methods, in compliance with art. 32 of EU Regulation 2016/679. We also inform you that, in compliance with the general principle of accuracy, correctness, legality, transparency, privacy, limited storage, pertinence, non-excess and proportionality, pursuant to art. 5 of EU Regulation 2016/679 the data will only be stored for the time needed to fulfil the purposes they are collected and processed for.

PROCESSING PURPOSES
The company collects and processes the data for the duration of the contractual relations it establishes, and even after their termination, as part of its normal business and to pursue the following purposes:

a)Correct, complete stipulation of contracted relationships with its clients and suppliers, and to fulfil the relative contractual obligations.

b)To evade the purchase orders coming from/sent to the clients/suppliers, and in order to enable the company to fulfil the various administrative, commercial, accounts and fiscal activities related with the orders/supplies.

c)Fulfil obligations defined by laws, regulations, EU regulations and dispositions received from legally authorized authorities.

d)Pursue company business improvement and development and its commercial relations, also through marketing, promotions, information (e.g. sending newsletters), statistics, quality control, customer satisfaction surveys (directly or through outside companies specifically appointed or responsible for data processing), including using automated tools (e.g. fax, email, text, mms, automatic calls, etc.).

PROCESSING METHOD
As data controller, BERTO’S SPA and any outside appointed parties as identified below, manages and archives the personal data it collects using printed, digital or telematic methods and only for the time strictly needed to achieve the purposes the data are collected for. Personal data are processed within the limits and using the methods as defined in this statement, by employees or assistants of the company specifically appointed as responsible for processing, who receive adequate work instructions and work under the direct authority of the data controller.

Specific security measures, as envisaged by art. 32 of EU Regulation 2016/679, are observed to prevent data loss, illegal or incorrect use and unauthorized access.

The company protects personal data by applying internationally recognized security measures, and by specific security procedures to protect personal data:
•From improper use or disclosure
•From unauthorised alteration
•From accidental loss or destruction or which is caused by illegal acts.
The data are only handled by staff authorised by the data controller.
The company does not use any form of customer profiling nor uses automated decisional procedures for this purpose.

DATA STORAGE
The collected data are stored only for as long as needed for the purposes they are collected for, or subsequently processed in respect of the prescribed terms imposed by law.

In the event of data processing for marketing purposes the client/supplier always has the right to withdraw any consent they have given for this, and to object to their data being processed for marketing purposes, in particular by following the procedure for deletion from the mailing list they are included in (clicking on the link at the foot of the newsletter page “unsubscribe from this list”). The data will continue to be processed until such time as the client/supplier exercises this withdrawal by deleting the data from the mailing list they are included in.

NATURE OF TRANSFER
Transferring your data is not compulsory in itself, but is necessary because refusal to provide the data for the indicated purposes could mean the company is unable to establish or proceed with any contractual relations with its clients/suppliers. Data transfer for the purposes indicated in the paragraph “Processing purposes – letter d)” is totally optional and needs specific consent from the data subject and if consent is not given they will not be included in market research, analyses and statistics studies, and will not receive any commercial information or promotion offers.

DISCLOSURE TO THIRD PARTIES
The personal data are communicated to BERTO’S SPA to respond to information requests, and they could be communicated to outside bodies and institutions to fulfil any legal obligations, or to judicial authorities if requested. The collected personal data could be communicated within the EU and outside the EU exclusively for the purposes as specified above. Furthermore, the company also uses other companies and individuals for certain activities, such as sending emails, delivering parcels, making payments. Without prejudice to the obligations defined by laws, regulations, EU regulations and orders from legally authorized authorities, personal data are not disclosed but could be communicated to subjects and/or categories of subjects as follows:
-The company’s agents
-Shipping companies and transport operators
-Credit and financial institutions
-Factoring companies
-Insurance companies and credit insurance companies
-Professionals and consultants appointed by the company
-The company’s service providers, including for mailing commercial communications
-Audit and certification companies
-In order to protect our credit and better manage our rights with each commercial agreement, the data could be available for the following appointed and/or responsible categories: (i) credit recovery companies, (ii) database processing companies to assess the credit worthiness of businesses and/or to provide commercial information, (iii) financial advisors, (iv) legal advisors.
The above subjects only have access to the personal data strictly needed for them to perform their work. We emphasise the prohibition for them to use the data for any other purposes, and the obligation to process the data in compliance with this statement and current legislation.

DATA SUBJECT RIGHTS
Pursuant to Chapter III “Data Subject Rights” of EU Regulation n. 2016/679, the data subject has, at any time:
-Right of access to the collected and processed data – art. 15;
-Right to object to processing– art. 21;
-Right to refuse automated processing– art. 22;
-Right to withdraw consent at any time, without prejudicing the legality of processing based on consent given prior to withdrawal – art. 7;
-Right to lodge a complaint with a supervisory authority – art. 77;
plus all the other rights of “Rectification and deletion” as given in Section 3 of EU Regulation 679/2016.
Requests should be sent by writing to or contacting the data controller at privacy@bertos.com.