GDPR – policy

 

Information regarding the processing of personal data of users of the website

Pursuant to Article 13 of the EU Regulation No. 2016/679 (“GDPR”)

 

The company Cimbali Group S.p.A., in carrying out its business pays the utmost attention to the security and confidentiality of personal data of users (hereinafter, the “Users” or “User“, singular) of its website www.cimbaligroup.com (hereinafter, simply the “Site“) and wishes to provide the same with information relating to the processing of their personal data.

1.     Data Controller of the processing

The data controller is Cimbali Group S.p.A. with registered office in Via A. Manzoni 17 – 20082 Binasco (MI) (hereinafter the “Company“, or the “Data Controller“); e-mail address: privacy@cimbaligroup.com; Telephone: +39 02900491.

For any request regarding the processing of personal data, as well as to exercise the rights recognized by the GDPR and better described in paragraph 7, you can contact the Company at the following email address: privacy@cimbaligroup.com or send the request by registered mail A/R to the following address Via A. Manzoni 17 – 20082 Binasco (MI).

2.     For what purposes the Company processes personal data

Through the Site, the Company collects some personal data of Users, which are processed for the purposes described below. In addition, the Site uses cookies and other tracking tools, for which please refer to the cookie policy available at the page “Cookie Policy”.

A Purpose of processing Categories of processed data Legal basis and conferment
 1

 

 

 

 

 

 

Management of User requests.

 

The Company processes the personal data of Users in order to manage and respond to requests for information submitted by filling out the “Contact” form on the Site.

Personal and contact data: name, surname, e-mail address.

 

Other data: content of the request, date and time it was sent.

Legitimate interest of the Company responding to Users’ requests for information (Article 6 (1) (f) GDPR).

 

The provision of personal data is not mandatory; otherwise, the Company will not be able to respond to the User’s requests.

 2

 

 

 

 

 

 

 

Sending communications for marketing purposes.

 

The Company, subject to the User’s consent, processes personal data for marketing and advertising purposes, aimed at informing the User about promotional sales initiatives or for market research and statistical surveys carried out using automated methods of contact (e-mail, SMS, instant messaging, social networks – i.e. LinkedIn and Twitter -, push notifications and other mass messaging tools etc.) and traditional methods of contact (telephone call with operator).

 

Personal and contact details: name, surname, telephone number, e-mail address. Consent (Art. 6 (1) (a) GDPR).

 

Consent is optional and may be revoked at any time, with effect for subsequent processing, by sending a communication to the address: privacy@cimbaligroup.com

 3

 

 

 

 

 

 

 

Defending your rights

 

The Company may process personal data for the defence of rights during judicial, administrative or extrajudicial proceedings and in the context of disputes arising in relation to the services and products offered, including the prevention of fraud.

As appropriate, personal data collected for purposes 1 through 4 will be processed. Legitimate interest of the Company in the protection of its rights (Art. 6 (1) (f) GDPR).

 

A new and specific conferment is not required since the Company will pursue this further purpose, where necessary, by processing the data collected for the purposes referred to above.

 4

 

 

 

 

 

 

Fulfilment of legal obligations/requirements from supervisory and control authorities or bodies

 

The Company may process personal data in order to fulfil the obligations it is required to fulfil by laws, regulations or Community legislation, by provisions/requirements of authorities empowered to do so by law and/or by supervisory and control bodies.

As needed, personal data collected for purposes 1 through 4 will be processed. Fulfilment of a legal obligation (Art. 6 (1) (c) GDPR).

 

The conferment of personal data for this purpose is compulsory because if it is not provided, the Company will be unable to fulfil specific legal obligations.

3.     How we keep your personal data secure

The Company takes appropriate security measures in order to ensure the protection, security, integrity and accessibility of Users’ personal data. Appropriate security measures are designed to prevent unauthorized access, disclosure, modification or destruction of personal data.

All personal data are stored on the Company’s protected computer devices (or appropriately stored hard copies) or on those of its suppliers and are accessible and usable according to Company’s security standards and policies (or equivalent standards for suppliers).

4.     How long does the Company store personal data of the Users?

The Company retains the User’s personal data only for as long as necessary to fulfil the purposes for which it was collected or for any other legitimate related purposes.

Personal data that are no longer required, or for which there is no longer a legal basis for their storage, will be irreversibly anonymized (and thus stored) or securely destroyed.

If personal data is processed for more than one purpose, the data will be deleted or made anonymous as soon as the retention period for the last purpose has expired.

·       The data collected and processed for contractual purposes will be kept for a period not exceeding 10 years from the end of the effects of the contract concluded with the User.

·       Personal data collected for marketing purposes will be retained for 24 months after collection. However, we will periodically refresh your consent for such purposes to respect your choices.

·       Personal data collected for profiling purposes, as acquired from time to time, will be retained for a period not to exceed 12 months from collection.

·       With reference to the judicial protection of the rights of the Company or in case of requests by the Authority, the personal data processed will be kept for the time necessary to process the request or to pursue the protection of the right.

5.     With whom does the Company share Users’ personal information.

The personal data can be accessed by employees and / or subjects belonging to the Company and duly authorized professionals, as well as external suppliers, appointed, if necessary, responsible for processing, which provide support for the provision of services related to the relationship between you and the Company and / or made on the Site.

Recipients of personal data may also be communications companies that carry out commercial communication and profiling on behalf of the Company and companies that offer information services.

The Company invites Users to contact it in the manner indicated in paragraph 1 if they wish to request to see the list of data processors and other entities to which the Data Controller communicates their personal data.

In any case, any communication of your personal data will take place in full compliance with the provisions of the GDPR and applicable regulations.

6.     Transfers to third countries

In order to carry out some of the activities involved in the processing of your personal data, the Company communicates the same to external parties located in countries that do not belong to the European Union (EU) or the European Economic Area (EEA) (hereinafter “Third Party Country(ies)”).

In particular, the Company informs you that your personal data are transferred to the United States of America, as a Third Country; the lawfulness of this transfer is, in any case, guaranteed through the instruments provided for by Article 46 of the GDPR, the Company having signed the Standard Contractual Clauses approved by the European Commission (supplemented, where necessary, by additional technical/organizational/legal measures).

In any case the Company, if it deems it appropriate, reserves the right to conclude specific separate agreements obliging such subjects to adopt adequate security measures, including organizational measures, aimed at offering appropriate guarantees for your rights. These external subjects will process your personal data as autonomous data controllers or as data processors, duly appointed by the Company in accordance with the legislation on the protection of personal data (depending on the role they play in relation to the processing).

You may write to the Data Controller at any time, using the contact details given in paragraph n.1, asking which subjects your personal data are communicated to, and to receive a copy of the personal data processed and a copy of the guarantees adopted for the transfer.

7.     Personal data protection rights and the right to lodge complaints with the Supervisory Authority

Each User has the right to ask the Company, subject to the existence of the legal prerequisite underlying the request:

a)      Access to personal data, as provided for in Article 15 of the GDPR;

b)      the rectification or integration of personal data in the possession of the Company deemed inaccurate, as provided for in Article 16 of the GDPR;

c)      The deletion of personal data for which the Company no longer has any legal basis for processing, as provided for in Article 17 of the GDPR;

d)      the limitation of the way in which personal data are processed, if one of the cases provided for in Article 18 of the GDPR applies;

e)      the copy of the personal data provided to the Company, in a structured, commonly used and machine-readable format and the transmission of such data to another data controller (so-called portability), as provided for in Article 20 of the GDPR

f)       revocation of consent, where the processing is based on that legal basis;

g)      the right to object, as a contracting party, free of charge and at any time to the receipt of commercial communications from the Company;

h)      the right to lodge a complaint with the Guarantor Authority, as provided for in Article 77 of the GDPR.

Right to object: in addition to the rights listed above, the User is always entitled to object at any time to the processing of personal data carried out by the Company in pursuit of its legitimate interests. In addition, the User may always object at any time if the personal data are processed for direct marketing purposes. The User can always object to the processing carried out for marketing purposes even if only part, for example by opposing only the sending of promotional communications carried out through automated and/or digital means, or the sending of paper communications and/or the receiving of telephone communications.

The exercise of these rights, which can be done through the contact details of the Company indicated in paragraph 1, is free of charge and is not subject to formal constraints. It will be the responsibility of the Company to verify that the User is entitled to exercise the right and to reply, as a rule, within one month.

In the event that the User believes that the processing of their personal data is in violation of the provisions of the GDPR has the right to complain to the Guarantor for the protection of personal data, using the references available on the website www.garanteprivacy.it, or to take legal action.

Please note that it may be necessary to make changes to this privacy policy in the future. Consequently, the Company reserves the right to update or modify this privacy policy at any time, undertaking to give prior notice to the User and, if necessary, requesting the necessary consents by means of a specific pop-up on the Site or by different means and/or computer tools. However, please read and review this policy periodically, and in particular before any personal data is provided.

 

Last updated: October 18, 2023