REV.00 - 03/08/19

INTERNET SITE PRIVACY STATEMENT

This page describes the way this site processes the personal data of the users that visit the site. This statement, pursuant to Code as concerns the safeguarding of personal data for those that interact with web services that are accessible via the internet starting from the www.came.com/uk web site. This statement is provided only for this website and not for any other web sites that the user may visit by way of any links.

THE DATA CONTROLLER

The browsing of this website, implies that data concerning identifiable or identified persons can be processed.
The Data Controller in this case is CAME BPT UK, with registered office in 1B Sills Road, Willow Farm Business Park, Castle Donington, Derby, DE74 2US.

LOCATION OF THE DATA PROCESSING

Any processing as concerns web services on this site take place at the registered offices of CAME and are only performed by technical staff that are specifically assigned to undertake such processing, or, occasionally by other assigned persons for maintenance purposes. No datum deriving from the web services is either shared or diffused.

The personal data provided by users that request information material or register with the site’s data bank, are only used with the sole purpose of performing the requested service or services.

TYPES OF PROCESSED DATA

Browsing data

The data systems and software procedures in place for the running of this website acquire, during their normal operation, certain personal data, the transmission of which is implicit in the use of internet communication protocol use.

This information is not collected to be associated to any identified interested parties, but rather, due to its nature, because it could, after processing and associating with data managed by third parties, enable identifying the users.

In this category of data we find IP addresses or dominion names of the PCs used by users which connect to the site, the URI notation addresses of the requested sources, the request times, the method used to subject the request to the server, the size of the file that is obtained in reply, the numeric code indicating the status of the reply given by the server (successful, error, etc) and other parameters relative to the operating system and to the users’ informatics environment.

This data is used for the sole purpose of obtaining anonymous statistical information on site usage and to control its proper functioning and are deleted immediately after processing has taken place. The data could be used to ascertain responsibility in case of any hypothetical data crimes at the expense of the site: save for this possibility, as things stand, the web contact data does not linger for more than six months.

Data which is willingly provided by users

The optional, explicit or voluntary sending of email to the addresses shown on this site means that the senders’ addresses are then acquired by the site to reply to the requests, as are acquired other personal data included in the message. Specific synthesis statements will be progressively posted on those web pages which have been earmarked for particular on-demand services.

Cookies

No user personal data is acquired by the site to this end. Cookies are not employed to transmit personal information, nor are any so-called persistent cookies of any type used, meaning user tracking systems.

The use of so-called session cookies (which are not memorised persistently on the users’ PCs and disappear once the browser is exited) is strictly limited to the transmission of session identifiers (which consist of casual numbers generated by the server) needed to enable safe and efficient browsing of the site.

The so-called session cookies used in this site preclude the use of other data potentially prejudicial data processing techniques for the browsing privacy of users and do not allow any personal identifying user data to be acquired.

Log files and their storing

Log files will be traced for purposes of security, requiring the registering and maintenance of log files and their accessibility by the judiciary police if it so requests.

To this end, access log files are stored for a time frame not exceeding 6 to 12 months.
Any inspections of the accesses will be carried out in gradual manner and in complete respect of the law, particularly of the principles of necessity and proportionality.

OPTIONAL NATURE OF DATA PROVIDE

Apart from what is specified for browsing data, users are free to provide the personal data appearing on the request forms or indicated in contacts to request registration in the site database or for the sending of information material or other types of communication.
If not provided then requests may be rejected.

METHOD OF PROCESSING

The personal data are processed with automated tools only for the time that is strictly required to obtain the scope for which they are gathered. Specific security measures are observed to prevent loss, unlawful, improper or unauthorised use of said data.

SCOPE

The data is processed for purposes of carrying our activities and those of the subsidiaries and/or associated companies, especially to:

• provide services base on web interface (user details registration)
• provide commercial information related to CAME’s business activities
• provide information on willingly registered users of the site’s data bank (i.e. technicians, installers, etc.)
• provide information on CAME training activities
• statistical research

GDPR

“The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1] When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC)[2] of 1995. The regulation was adopted on 27 April 2016. It becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require national governments to pass any enabling legislation, and is thus directly binding and applicable.”

In reality there are a number of key points that every organisation must implement. These are:

• Make sure all key staff are aware of the change in the law to the GDPR.
• Document all personal data that your organisation holds.
• Review your privacy policy and update it in line with GDPR.
• Check your procedures cover all individual rights, especially when it comes to having data deleted.
• Update your procedures to reflect how you would handle an information request.
• Identify your lawful basis for processing data.
• Actively seek consent to hold data, ensure you follow a double opt-in process.
• Put in place systems to verify age and obtain parental consent where applicable.
• Put in place procedures to identify data breached.
• Assign a Data Protection Office, they need to be ensuring your organisation is compliant on a continuous basis.
• If you operate across international borders, ensure you comply with data protection guidelines.

One point that all organisations must ensure is that all suppliers and third parties delivering services for your organisation are also GDPR compliant. One source we have found very useful is the Information Commissioner’s Office (ICO). Have a look at this link and it provides up to date information on GDPR and practical advice on what you need to do to comply. We are constantly looking at our systems to ensure they meet all regulatory requirements and are currently updating them to ensure that by May 25th 2018, all our customers have compliant systems in place.

RIGHTS OF THOSE INVOLVED

The parties to whom the personal data refer to have the right, at any time, to obtain confirmation as to whether their data is being processed, or not, and to know the contents and origin, check their correctness or to request their integration or updating, or their rectification.

The web user has the right to ask that their data be deleted, transformed to anonymous form or blocked, in the event of any violations of law; or to oppose, in any case and for legitimate reasons, that they be processed.

Such requests need to be addressed to the Data Controller: CAME BPT UK, with registered office in 1B Sills Road, Willow Farm Business Park, Castle Donington, Derby, DE74 2US.

Privacy Statement – SENDING OF DATA THROUGH WEBSITE FORMS

We hereby notify users that:

1. providing the data is optional, but failure to do so, will prevent us from providing the requested services
2. sending data by clicking the “Send” button constitutes agreement to its processing, for purposes of registering users and activate the requested information and commercial services: registration in the site’s online data bank or sending of requested informative material
3. the email coordinates and any other data the web users provide us will be processed by specifically designated data-processing staff, to answer users’ requests
4. personal data will be also processed using automated methods by the Marketing department of CAME BPT UK, with registered office in 1B Sills Road, Willow Farm Business Park, Castle Donington, Derby, DE74 2US and transferred abroad.
    

Each communication of request to access the data can be sent by regular mail to the following address: CAME BPT UK, 1B Sills Road, Willow Farm Business Park, Castle Donington, Derby, DE74 2US

In the event you agree to said processing of your data, please know that you may object to this at any time, by sending an email specifying this to cuk.privacy@came.com or a fax to 0115 921 0431, as well as exercise all the rights therein including the rights of access, rectification, updating and cancellation.