Privacy Policy (Art. 13 GDPR) – “Compomac Ordini”

Current version published at: https://www.compomac.it/Ordini/Site/Privacy/Policy

1) Data Controller

The Data Controller is Compomac S.p.A., with registered office at Via Angelelli 18/B, 40013 Castel Maggiore (BO), VAT no. 00682511209.

For privacy requests and to exercise your rights: info@compomac.it.

2) Who the app is for and age requirement

The web app Compomac Ordini is intended for private individuals and companies and may only be used by adults (18+).

3) Personal data processed

Data provided by the user

  • Email (required for registration and account management)
  • Company (required only for users registering as a company)
  • Phone number (optional)

Authentication data

  • Access credentials: the password is stored in a non-readable form (hash + salt), not in plain text.

Technical and usage logs

  • IP address and app usage information (access/operational logs) for security and technical management.

Data not processed

  • No payment data
  • No geolocation data

4) Purposes of processing and legal bases

  1. Registration, account management and app access

    Legal basis: performance of a contract/service (Art. 6(1)(b) GDPR).

  2. Use of the application

    • Viewing the Compomac catalog (for all users)
    • Placing orders (only for authorized users)

    Legal basis: performance of a contract/service (Art. 6(1)(b) GDPR).

  3. Security, abuse prevention and technical management

    Legal basis: legitimate interest in system security (Art. 6(1)(f) GDPR).

  4. Newsletter/marketing (only if the user explicitly opts in)

    Sending informational/promotional communications only to users who give explicit consent during registration.

    Legal basis: consent (Art. 6(1)(a) GDPR), which can be withdrawn at any time.

5) Cookies

The app uses only technical cookies necessary for operation and security (e.g., session management). No profiling or marketing cookies are used.

6) Data recipients and parties processing the data

Data may be processed by:

  • authorized Compomac staff;
  • BIOMAS S.r.l., as technical provider for hosting and SMTP, appointed as Data Processor (Art. 28 GDPR). The servers are located in the EU and BIOMAS administrators may access database data only for technical/support needs and system administration, under authorizations and security measures.

Data are not disclosed.

7) Place of processing and transfers outside the EU

Data are stored and processed in the European Union. No transfers outside the EU are planned.

8) Retention periods

  • Account data: retained as long as the account remains active. Upon deletion request, data are deleted or anonymized subject to technical times and legal obligations.
  • Security/usage logs: retained for 2 months, unless needed to handle incidents or investigate abuse/unlawful activity.

9) Security measures

Appropriate measures are adopted, including:

  • access via HTTPS
  • backups
  • MFA for administrative accounts

10) Data subject rights

Users may exercise the rights under Arts. 15–22 GDPR: access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent (where applicable).

For requests and account/data deletion: info@compomac.it.

11) Complaint

You may lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) or the competent supervisory authority.

12) Updates

Current version published at: https://www.compomac.it/Ordini/Site/Privacy/Policy