Legal & privacy

Your navigation on the Site may entail the collection and subsequent processing of your personal data by Bolton. This Privacy Policy allows you to find out, even before accessing the various sections of the Site, how Bolton will process your personal data, always in compliance with EU Regulation no. 2016/679 and national legislation on the protection of personal data.

OWNER

The data controller is Bolton Group S.r.l., with registered office in via G.B. Pirelli 19, 20124 Milan, Italy, VAT no. 05983890152 , (hereinafter the "Company" or the "Data Controller").

The Data Controller can be contacted for any information on processing at the following e-mail address: privacy@boltongroup.it.

DATA PROTECTION OFFICER - DPO

The Controller has appointed a Data Protection Officer (DPO) who can be contacted at the following e-mail address: DPO@boltongroup.it

CATEGORIES OF PERSONAL DATA

For the purposes set out in this notice, the Controller will process data collected automatically during navigation.

Navigation data 

The computer systems and software procedures used to operate the website may acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the devices used by users connecting to the website, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment. 

This data is used for the sole purpose of monitoring the proper functioning of the site, to enable the correct provision of web services and functions requested by you, as well as to ascertain possible liability in the event of hypothetical computer crimes against the site or third parties. 

With regard to personal data collected via cookies, please see our Cookie Policy. 

SOURCE OF DATA

NATURE OF CONTRIBUTION

-                The provision of personal data processed for the purpose of enabling correct navigation on the site, providing the web services and functionalities requested, as well as checking their correct functioning, is necessary. Failure to provide data for this purpose may result in the incorrect functioning of web services and the impossibility to navigate correctly on the site.

-                The provision of personal data processed for the purpose of handling and processing requests for information received is necessary. Failure to provide data for this purpose will make it impossible for the Data Controller to manage and process the requests received.

RECIPIENTS OF PERSONAL DATA

For the performance of certain processing activities, the data may be communicated to external entities that act as data controllers or that process personal data on behalf of the Company, in the capacity of data processors. In particular, personal data may be communicated to the following categories of recipients:

-                companies that provide us with hosting services;

-                companies that provide us with IT services and assistance in connection with the site;

-                company that provides us with the platform for managing consent in relation to cookies (CMP);

-                consultants and law firms;

-                authorities to which the right to access data is granted by law or regulation (e.g. public safety authorities, police forces).

You can request the complete list of recipients of personal data by sending an e-mail to privacy@boltongroup.it.

PERSONAL DATA TRANSFERS

The company stores the data in servers located within the European Union. 

Should the Company, due to future requirements related to the location or processing sites of its suppliers, need to transfer data outside the European Union to countries for which the European Commission has not issued an Adequacy Decision, the Company undertakes to guarantee adequate levels of protection and safeguards, including contractual ones, in accordance with the applicable rules, including the stipulation of standard contractual clauses, supplemented if necessary by additional technical, legal and organisational measures necessary to ensure that the level of protection of personal data is equivalent to that of the European Union.

RIGHTS OF THE INTERESTED PARTIES

In the cases provided for, you may exercise the following privacy rights in relation to the processing of your data:

-                the right to receive confirmation as to whether or not personal data are being processed and the right to know what personal data are being processed and how they are being used (right of access);

-                the right to request the updating, amendment and/or correction of personal data (right of rectification);

-                the right to request deletion of data (right to be forgotten);

-                the right to request the restriction of processing (right of limitation);

-                the right to receive a copy of the data in electronic form and to request that such data be transmitted to another data controller (right to data portability);

-                the right to object to processing where the processing is based on a legitimate interest of ours or in the case of processing carried out for marketing purposes, including processing based on profiling (right to object).

Should you exercise any of the aforementioned rights, it shall be the duty of the Controller to verify that you are entitled to exercise them and you shall be acknowledged, as a rule, within one month.

To exercise these rights and obtain further information on the processing of your data, you can:

-                contact the Company by writing to the following e-mail address: privacy@boltongroup.it;

-                contact the DPO at DPO@boltongroup.it.

RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

If you consider that processing violates data protection rules, you have the right to lodge a complaint with the competent supervisory authority (in Italy, the Garante per la protezione dei dati personali - www.garanteprivacy.it).