As provided by current legislation in force (art. 13 General Data Protection Regulation, hereinafter “GDPR”), users accessing the website www.bkt-tires.com (hereinafter also “the website”) are provided with the information concerning their personal data processing.
WHO IS THE DATA CONTROLLER AND HOW CAN I GET IN TOUCH?
The Data Controller is Balkrishna Industries Limited, BKT HOUSE, C/15, Trade World, Kamala Mills Compound, Senapati Bapat Marg, Lower Parel, Mumbai – 400013, India. The company can be contacted at the following email address firstname.lastname@example.org.
WHICH DATA ARE PROCESSED?
The processed data are browsing data and data spontaneously provided by the user.
The information systems and software procedures in use for operating this website collect during normal functioning a few personal data. The transmission of such data is implicit within the use of internet communication protocols.
Such data is not collected for the purpose of being associated to identified data subjects, yet they might, for their intrinsic nature, enable the identification of users by means of processing and associating data owned by Third Parties. This class of data includes IP addresses or domain names of computers employed by users connecting to the website, Uniform Resource Identifiers CURI) that identify web addresses of the requested resources, time of the request, the method used to forward the request to the server, the file dimension obtained as response, the numeric code indicating the state of the response by the server (positive outcome, error, etc.) and other parameters related to the user’s operating system and IT environment.
Data directly provided by the user
This class of data includes personal data conferred by the user on an optional basis (e.g. when asking for information writing to email addresses indicated on the website, or when registering for obtaining access to reserved areas and for using specific services).
WHICH ARE THE LEGAL BASES AND THE PURPOSE OF DATA PROCESSING?
Browsing data: purpose and legal bases
Browsing data are used for the purpose of obtaining statistical information on the website usage, for security reasons, and for controlling the correct functioning. These data might be used for ascertaining the responsibility in case of cyber crimes damaging the website.
The legal bases for the processing of such data is the lawful interest and, in case of request by Authorities, a legal obligation.
Data directly provided by the user: purpose and legal bases
Personal data conferred by the user on an optional basis are used for the purpose of proceeding with possible requests only, and for gaining benefits from subscribed services.
The legal basis of such data processing is hence the performance of pre-contractual measures and obligations deriving from the agreement.
Should it be necessary, the data might also be used for the Data Controller’s lawful reasons to proceed with defensive actions or to enforce or defend a right through legal action.
HOW ARE THE DATA HANDLED?
The collected data are processed by means of IT tools. Adequate security measures are taken in order to prevent data loss, unlawful or incorrect usage, and unauthorized access.
For web-services-related data processing, servers located within European territory are used. Data that are conferred directly by the user are stored for the time strictly necessary to proceed with requests and then cancelled, except for defensive needs (which might require a longer storage time).
WHAT HAPPENS IF DATA ARE NOT PROVIDED?
Except for browsing data that are necessary to proceed with IT and telematic protocols, the provision of data by users by means of several methods made available is on a voluntary and optional basis.
Nonetheless, the lacking provision of such data might result in the impossibility of proceeding with requests that have been forwarded or that the user is going to forward.
WHO CAN OBTAIN KNOWLEDGE OF THE DATA?
Data are processed by the Data Controller’s authorized staff members.
Besides, data are also processed by the group company, BKT Europe Srl, for activities performed in relation to the website management as Data Processor on behalf of the Data Controller.
In case of messages sent to group companies via the email addresses indicated on the page “Contact us”, the data might be known by the contracted companies.
The data might also be known by the competent Authorities in case of specific requests that the Data Controller is obliged to respond to by law, by counsels or companies providing IT supplies and assistance for activities performed on behalf of the Data Controller, and by counsels for dealing with disputes and legal assistance in case of possible controversies, which might make necessary their involvement.
It is understood that some of the indicated subjects operate as Data Processors and that the communication to those operating as autonomous Data Controllers is made due to legal obligations or the necessity to proceed with obligations deriving from the contractual relationship or the Data Controller’s lawful interest consisting in preserving the security of IT systems by means of maintenance operations on the part of competent staff and in performing defensive actions by means of legal counsels.
The data subject might ask the Data Controller the list of external subjects carrying out their activity as Data Processors.
Communication is hence limited to such data classes only, the transmission of which is necessary for carrying out activities and achieving purposes.
WHICH ARE THE DATA SUBJECT’S RIGHTS?
According to law, the data subject is entitled to ask the Data Controller to access his/her personal data, to rectify or cancel these, or to limit processing of his/her data, or to oppose against their processing. In addition, he/she has the right of data transferability.
The data subject can exercise his/her rights at any moment without any formalities addressing to the Data Controller by sending an email to email@example.com
Hereinafter the rights conferred by the current legislation in force on personal data protection are stated in detail.
- Access right, i.e. the right to obtain from the Data Controller a confirmation whether any of his/her personal data are currently processed, and in the affirmative case, to gain access to the personal data and the following information: a) purpose of processing; b) the personal data classes concerned; c) recipients or recipient classes to which personal data have been or will be communicated, in particular if directed to third country recipients or international organizations; d) if possible, the expected period of personal data storage, or if impossible, the criteria used to establish such a period; e) the existence of the data subject’s right to ask the Data Controller to rectify or cancel personal data, or to limit the processing of his/her personal data, or to oppose against their processing; f) the right to lodge complaint with a supervisory Authority; g) in the case that the data have not been collected from the data subject, all information available on their origins; h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logics used, as well as the importance and consequences for the data subject deriving from such processing. Should any personal data be transferred to a third country or an international organization, the data subject is entitled to be informed whether there are adequate existing guarantees concerning the transfer.
- Rectification right, i.e. the right to obtain from the Data Controller the rectification of incorrect personal data without any unjustified delay. Taking into account the purpose of the processing, the data subject is entitled to obtain the integration of incomplete data, even by means of an additional note.
- Cancellation right, i.e. the right to obtain from the Data Controller the cancellation of his/her personal data without any unjustified delay, if: a) the personal data are no longer necessary to the purpose for which they had been collected or processed; b) the data subject revokes his/her consent for data processing, and if there is no other legal ground for data processing; c) the data subject opposes against performed processing, since it is necessary for executing a task of public interest or is linked to the exercise of public powers the Data Controller is endowed with, or for pursuing a lawful interest and there is no prevailing interest for proceeding with processing, or opposes against data processing for the purpose of direct marketing; d) the personal data have been processed unlawfully; e) the personal data are to be cancelled in order to comply with a legal obligation provided by EU or the Member State’s legislation the Data Controller belongs to; f) the personal data have been collected in relation to the company’s services on information of under-age persons. However, the request for cancellation cannot be accepted if data processing is necessary for: a) exercising the right of freedom of expression and information; b) for complying with a legal obligation that requires data processing as provided by EU or the Member State’s legislation the Data Controller belongs to, or for executing a task performed in the public interest or exercising public powers the Data Controller has been endowed with; c) for reasons of public interest in the public health sector; d) for the purpose of filing based on public interest, scientific or historical research or for statistical purposes, to the extent the cancellation would be a risk of making impossible or compromising seriously the pursue of the objectives of such processing; or e) for ascertaining, exercising or defending a right in legal proceedings.
- Limitation right, i.e. the right to obtain that data are processed, except for storage, with the data subject’s consent only, or for ascertaining, exercising or defending a right in legal proceedings, or for the purpose of safeguarding another natural or legal person’s rights, or reasons of public interest relevant for the EU or a Member State, if: a) the data subject claims that the personal data are incorrect, for the period necessary to the Data Controller in order to verify the correctness of such personal data; b) data processing is unlawful and the data subject opposes against the cancellation of personal data requesting instead the limitation of usage; c) even though the Data Controller does no longer need the data for processing, the personal data are necessary to the data subject for ascertaining, exercising or defending a right in legal proceedings; d) the data subject has opposed against performed data processing, since it is necessary for executing a task of public interest or is linked to the exercise of public powers the Data Controller is endowed with or for pursuing a lawful interest by the Data Controller or third parties, waiting for the verification concerning possible prevalence of lawful reasons by the Data Controller compared to those of the data subject.
- Transferability right, i.e. the right to receive in a common structured format, readable by an automated device, his/her entire personal data to be delivered by the Data Controller, and the right to transmit such data to a different Data Controller without any impediment by one Data Controller towards the other, if technically possible, if processing is based on consent or a contract and processing is performed by means of automated devices. The right is applicable without prejudice to the cancellation right.
- Opposition right, i.e. the data subject’s right to oppose at any time, for personal reasons, against the processing of his/her personal data, which has been carried out, since it had been necessary for executing a task of public interest or is linked to the exercise of public powers the Data Controller is endowed with or for pursuing a lawful interest by the Data Controller or third parties. Should personal data have been processed for the purpose of direct marketing, the data subject is entitled to oppose at any time against his/her personal data processing, which has been performed for such purpose, including profiling to the extent it is linked to such direct marketing.
The data subject is hereby informed that in the case he/she should consider that the processing of his/her personal data is performed violating the provisions of GDPR, he/she has the right to lodge a complaint with a supervisory Authority as provided by art. 77 of the Regulation or to take appropriate legal action (art. 79 of the Regulation).