As provided by current legislation in force (art. 13 General Data Protection Regulation, hereinafter “GDPR”), users accessing the website www.bktcarbon.com (hereinafter also “the website”) are provided with the information concerning their personal data processing.
WHO IS THE DATA CONTROLLER AND HOW CAN I GET IN TOUCH?
The Data Controller is Balkrishna Industries Limited, BKT HOUSE, C/15, Trade World, Kamala Mills Compound, Senapati Bapat Marg, Lower Parel, Mumbai – 400013, India. The company can be contacted at the following email address email@example.com.
WHICH DATA ARE PROCESSED?
The processed data are browsing data and data spontaneously provided by the user.
The information systems and software procedures in use for operating this website collect during normal functioning a few personal data. The transmission of such data is implicit within the use of internet communication protocols.
Such data is not collected for the purpose of being associated to identified data subjects, yet they might, for their intrinsic nature, enable the identification of users by means of processing and associating data owned by Third Parties. This class of data includes IP addresses or domain names of computers employed by users connecting to the website, Uniform Resource Identifiers CURI) that identify web addresses of the requested resources, time of the request, the method used to forward the request to the server, the file dimension obtained as response, the numeric code indicating the state of the response by the server (positive outcome, error, etc.) and other parameters related to the user’s operating system and IT environment.
Data directly provided by the user
This class of data includes personal data conferred by the user on an optional basis (e.g. when asking for information writing to email addresses indicated on the website, or when registering for obtaining access to reserved areas and for using specific services).
WHICH ARE THE LEGAL BASES AND THE PURPOSE OF DATA PROCESSING?
Browsing data: purpose and legal bases
Browsing data are used for the purpose of obtaining statistical information on the website usage, for security reasons, and for controlling the correct functioning. These data might be used for ascertaining the responsibility in case of cyber crimes damaging the website.
The legal bases for the processing of such data is the lawful interest and, in case of request by Authorities, a legal obligation.
Data directly provided by the user: purpose and legal bases
Personal data conferred by the user on an optional basis are used for the purpose of proceeding with possible requests only, and for gaining benefits from subscribed services.
The legal basis of such data processing is hence the performance of pre-contractual measures and obligations deriving from the agreement.
Should it be necessary, the data might also be used for the Data Controller’s lawful reasons to proceed with defensive actions or to enforce or defend a right through legal action.
HOW ARE THE DATA HANDLED?
The collected data are processed by means of IT tools. Adequate security measures are taken in order to prevent data loss, unlawful or incorrect usage, and unauthorized access.
For web-services-related data processing, servers located within European territory are used. Data that are conferred directly by the user are stored for the time strictly necessary to proceed with requests and then cancelled, except for defensive needs (which might require a longer storage time).
WHAT HAPPENS IF DATA ARE NOT PROVIDED?
Except for browsing data that are necessary to proceed with IT and telematic protocols, the provision of data by users by means of several methods made available is on a voluntary and optional basis.
Nonetheless, the lacking provision of such data might result in the impossibility of proceeding with requests that have been forwarded or that the user is going to forward.
WHO CAN OBTAIN KNOWLEDGE OF THE DATA?
Data are processed by the Data Controller’s authorized staff members.
Besides, data are also processed by the group company, BKT Europe Srl, for activities performed in relation to the website management as Data Processor on behalf of the Data Controller.
In case of messages sent to group companies via the email addresses indicated on the page “Contact us”, the data might be known by the contracted companies.
The data might also be known by the competent Authorities in case of specific requests that the Data Controller is obliged to respond to by law, by counsels or companies providing IT supplies and assistance for activities performed on behalf of the Data Controller, and by counsels for dealing with disputes and legal assistance in case of possible controversies, which might make necessary their involvement.
It is understood that some of the indicated subjects operate as Data Processors and that the communication to those operating as autonomous Data Controllers is made due to legal obligations or the necessity to proceed with obligations deriving from the contractual relationship or the Data Controller’s lawful interest consisting in preserving the security of IT systems by means of maintenance operations on the part of competent staff and in performing defensive actions by means of legal counsels.
The data subject might ask the Data Controller the list of external subjects carrying out their activity as Data Processors.
Communication is hence limited to such data classes only, the transmission of which is necessary for carrying out activities and achieving purposes.
WHICH ARE THE DATA SUBJECT’S RIGHTS?
According to law, the data subject is entitled to ask the Data Controller to access his/her personal data, to rectify or cancel these, or to limit processing of his/her data, or to oppose against their processing. In addition, he/she has the right of data transferability.
The data subject can exercise his/her rights at any moment without any formalities addressing to the Data Controller by sending an email to firstname.lastname@example.org
Hereinafter the rights conferred by the current legislation in force on personal data protection are stated in detail.
The data subject is hereby informed that in the case he/she should consider that the processing of his/her personal data is performed violating the provisions of GDPR, he/she has the right to lodge a complaint with a supervisory Authority as provided by art. 77 of the Regulation or to take appropriate legal action (art. 79 of the Regulation).