Privacy Notice for Data Submitted via Google Forms
INFORMATION ON THE PROCESSING OF PERSONAL DATA SENT THROUGH GOOGLE FORMS PURSUANT TO ARTICLES 13-14 OF GDPR 2016/679
1. DATA CONTROLLER
The data controller is CMP Impianti Srl, with registered office at Via Amerigo Vespucci, 22, 25012 Viadana Bresciana (BS), Italy (hereinafter “CMP” or “Data Controller”), and can be contacted via email at email@example.com.
2. DATA PROCESSOR
Google Ireland Limited (“Google”), a company established and operating under Irish law (Registration Number: 368047), located at Gordon House, Barrow Street, Dublin 4, Ireland, is appointed as the Data Processor for data processing in the cloud through Google Forms and associated services, in accordance with Articles 4 and 28 of European Regulation 679/2016 and regulations concerning personal data protection.
As described in the Privacy Shield certification, Google complies with the regulations related to the EU-US Privacy Shield and the Swiss-US Privacy Shield, as established by the U.S. Department of Commerce regarding the collection, use, and retention of applicable personal information for both EU member states and Switzerland.
Google is responsible for any personal information provided to third parties for external processing on its behalf under the Onward Transfer Principle, as described in the section related to the sharing of user information.
For more information about the Privacy Shield program and to view Google’s certification, please visit the Privacy Shield website.
For more information on how Google handles data, you can visit the following link: https://policies.google.com/privacy/update
3. TYPES OF DATA PROCESSED AND PROCESSING PURPOSES
The processed data include the name, email address, and phone number of the data subject. User data is collected for the following purposes: contacting the user, managing addresses and sending email messages, interacting with external platforms, and statistical analysis. In particular:
- To respond to specific requests made to the Data Controller by the user through the website and its communication tools (contact forms, information request forms, and the like);
- For informational communications regarding the services provided by the Data Controller, following requests for information via email or completion of contact forms and other communication tools;
- For other purposes related to or connected with the above, and which fall within the scope of the website’s activities.
4. DATA PROCESSING AND ACCESS
Google’s service includes a suite of applications linked to the Gmail email account, including Google Cloud Platform (for document storage in the cloud), Documents, Sheets, Forms, and other Google applications and those of its partners that are used to create, store, and manage documents and attachments.
Communications intended directly or indirectly for the Data Controller are managed by Google’s servers.
The data transfer protocols used for information transmission over the network and the storage of data involve the HTTPS protocol (HyperText Transfer Protocol over SSL), a variant of the HTTP protocol that employs the SSL (Secure Sockets Layer) security layer in addition to TCP/IP, encrypting incoming and outgoing data through a mathematical algorithm.
The Data Controller accesses the Google account using a password.
Please be advised that the data you voluntarily provide via the questionnaire may be stored within the email reception system used by the website owner. This data will not be recorded on other media or devices, nor will other data resulting from your browsing on the website be recorded.
5. DATA LOCATION
List of Google data center locations:
6. DATA RETENTION PERIOD
As expressly provided in Article 5, paragraph 1, letter e) of the GDPR, the data is kept for the time necessary to carry out the requested service or for the purposes described in this document.
- Data collected for purposes related to the legitimate interests of the Data Controller will be retained until those interests are satisfied;
- Data collected based on the User’s consent may be retained until such consent is revoked;
- Data may be kept by the Data Controller for a longer period to comply with legal obligations or at the request of an authority.
Users can always request the cessation of processing or the deletion of data.
7. CONSEQUENCES OF NOT PROVIDING DATA
8. DATA SUBJECT RIGHTS