Table of contents
Company processes Personal Data as a Controller (or Joint Controller, as the case may be), as defined in the National Data Protection Laws and in the GDPR. The identity and contact details of Company are specified in the Website.
The Controller processes Personal Data in accordance with:
- provisions of the GDPR and, in particular, with the principles set forth in the same, such as, inter alia, lawfulness, fairness and transparency, purpose limitation, data adequacy and minimisation, accountability, accuracy, and – prior to any processing activity – the principles of privacy by design and privacy by default;
- guidelines and decisions issued by the competent supervisory authority (“Supervisory Authority”).
Company processing activities relate to
- any individual visiting the Website (“Visitors”); and
- any individual/entity with which Company establishes relationships, when registering for Company events and/or signing up for information, informational materials, newsletters and other communications (“Users”).
- in its capacity as Controller, the Users’ Personal Data – as hereinafter specified – provided by Users;
- Navigation data, such as IP addresses, domain names of the computers used by any Visitor connecting with the Website, the URI (Uniform Resource Identifier) addresses of requested resources, the time of request, the server query method, the answered file dimension, the server status code (good, error etc.), other parameters related to the Visitors’ operating system and informatics environment; these data, however, will only be used to extract anonymous statistical information on the Website and its functionalities and will be immediately cancelled at the end of the respective processing activity;
- Personal Data provided voluntarily by Users, such as first name and surname (including first name and surname of the legal representative of the Company/entity for which Users are working), tax and VAT code numbers, location/domicile (also for tax purposes), contact details (including mobile numbers, facsimile numbers and/or other identification numbers), postal and email addresses (including business email addresses of employees/collaborators of Users and, where applicable, certified email addresses), postal code numbers, bank accounts details and/or data referred to payments etc.
The activities that may be carried out through the Website do not require any provision of Special Data, so that Data Subjects are requested to not supply and/or anyway make available to Company any Special Data. Unless expressly agreed in writing, Special Data inadvertently provided by Data Subjects, shall be cancelled and/or removed or however anonymized by the Controller.
The legal basis for the processing of Personal Data is: (i) the Data Subjects’ consent; (ii) the legitimate interest of Company, in particular when the processing of Personal Data is necessary for the purposes of preventing fraud or where the processing activity is carried out to accomplish formalities required by law or for direct marketing purposes, subject however to the GDRP requirements.
The Controller processes Personal Data for the following purposes, as specified in the table here in below, in which is furthermore highlighted
- if an express consent to processing of Personal Data is needed (or not ) as well as
- the period of data retention:
Allow Marchesini Group to accomplish all formalities required by law, including those of administrative and tax/fiscal nature
Improve the Website by analyzing how Visitors and/or Users navigate and/or use the Website
Not applicable (aggregate or anonymous data)
Send communications and reply to queries concerning the Company Activities
Send newsletters of a general informational, promotional and advertising nature and/or other materials for marketing communication purposes, in relation to the Website’s functionalities, to Marchesini Group and Company Activities
Required for newsletters, other materials for advertising or direct e-marketing communication purposes (i.e.: marketing communications sent over electronic communication channels, such as e-mail, facsimile, SMS and MMS-type messages), questionnaires and surveys. Not required for postal and/or email marketing communications sent to clients, according to applicable laws
Until the withdrawal of consent or the denial has been communicated
Communicate Personal Data to Marchesini Group companies in order to receive commercial information, newsletters and/or materials above (under letters C and D)
Until the withdrawal of consent
Process Personal Data for statistical analysis purposes
Not applicable (aggregate or anonymous data)
Subject to what specified above as to navigation data, the provision of Personal Data is fully optional and free. However, failure to provide Personal Data may entail failure to be provided with the communications and/or replies and/or activities requested.
In relation to the purposes specified under the letters C), D) and E) of the Table above, Data Subjects express their consent to processing activities by addressing queries or communications to Company or ticking the appropriate box following the procedures and instructions given on the Website. Data Subjects may revoke their consent by informing Company by any means and in written form; however, having particular regard to the purpose specified under letter D), in order to facilitate accomplishment of all relevant formalities, related to the request concerned, including the cancellation and removal of the email address from the mailing list, Data Subjects are invited to follow the instructions specified in every newsletter. If Data Subjects revoke their consent in relation to the purposes specified under letters C), D) and E) of the Table above, the relevant Company processing activities will be interrupted.
The Website may include hypertext links to other websites that are not managed or otherwise associated to Company. The Controller hasn’t any kind of access to or control of such websites. Data Subjects are requested by Controller to read the privacy policies of such third parties websites to which Data Subjects may access from the Website, in order to know the personal data collection and processing methods.
The analysis of the newsletter opening and consultation Personal Data is carried out for statistical analysis purposes in order to provide Company with information on the use of the same, which may be useful to amend its contents and formats.
The Personal Data of Data Subjects are processed almost exclusively through automated procedures, by using computerized systems and software or, in a limited number of cases, through manual means (e.g. on paper), provided however that in any event such Personal Data are processed adopting methods which are strictly related to the purposes for which such data have been collected and anyway to ensure their security, in accordance with the GDPR and the National Data Protection Laws.
Processing of Personal Data is made in the headquarters of the Controller and/or – if appointed – of the processors and/or joint controllers. Personal Data are stored in the headquartersof the Controller where the physical servers are and in some cases on servers of third parties, which may provide cloud services to allow storage of Personal Data.
Personal Data exclusively consisting in e-mail address may be transferred for organizational and/or commercial purposes only to Marchesini Group S.p.a. or to other Marchesini Group companies, whether they are located in EU or in third countries outside the EU, provided however that in the latter case, the transfer of Personal Data as above specified shall be made subject to the Controller’s assessment of full compliance with the provisions of the GDPR and in particular with articles 44 and 45 of the same.
When Personal Data are collected offline (e.g. on paper), all documents where said data are contained, are stored in the head offices of the Controller or of the processors and service providers, where appointed, and inserted in appropriate archives.
Personal Data will not be disseminated. Personal Data may be communicated to external processors and/or service providers (e.g. welfare providers) or – subject to limitations set out in art. 7.3 above – to Marchesini Group S.p.a. or Group companies.
Personal Data will not be disseminated.
The above notwithstanding, according to articles 13 and 15 of the GDPR, Data Subjects, when they are individual/natural persons, may lodge a complaint with the competent Supervisory Authority, in order to enforce their rights, as specified above.