Cookie Policy

INFORMATION

on the processing of personal data for site navigation and cookies

Articles 12 et seq. of Regulation (EU) 2016/679 (GDPR)

 

FOREWORD 

In compliance with the provisions of the EU Regulation 2016/679 (hereinafter GDPR) we provide, in the following, information regarding the processing of personal data provided by the data subject, with regard to relations with the Companies of the Zucchetti Group to be understood as Zucchetti Spa and the subsidiaries or affiliates or associated companies and companies controlling the same (hereinafter referred to as the Companies. The information is provided in accordance with Art.13 of GDPR

 

1. IDENTITY AND CONTACT INFORMATION

In relation to the different areas in which the processing will be carried out for the purposes of this information, the Companies may hold the role of Data Controller under Art 4 of GDPR or of Joint Controller under Art 26 of GDPR.

The list of the Joint Controller Companies can be found at the following links (https://www.zucchetti.it/website/cms/societa-del-gruppo.html / https://www.zucchetti.it/website/cms/zucchetti-mondo.html) and the joint controller arrangement is made available upon the request of the data subject, who can send an email to ufficio.privacy@zucchetti.it.

The Companies can be contacted at the following addresses: via Solferino n. 1 – 26900 Lodi (LO), tel: 0371/5941; email: ufficio.privacy@zucchetti.it.

 

2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER (DPO)

The Data Protection Officer is, for the Group companies that have made the designation, Dr. Mario Brocca, tel. 0371/5943191, email: dpo@zucchetti.it; pec: dpogruppozucchetti@gruppozucchetti.it.

For any other designations of Data Protection Officers related to the Companies, further clarification can be obtained from ufficio.privacy@zucchetti.it.

 

3. PURPOSES OF THE PROCESSING FOR WHICH THE PERSONAL DATA ARE INTENDED

For all users of the website, personal data may be used for:

• allowing navigation through the public web pages of the website;
• responding to requests received through the e-mail addresses posted on the website;
• obtaining anonymous statistical information about the use of the website (e.g., analysis of the most visited pages);
• obtaining anonymous statistical information on geographic areas of origin;
• monitoring the proper functioning of the website;
• the establishment of any liability in the event of wrongdoing to the detriment of the website.

The personal data of users who register on the site will be processed not only for the purposes described above, but also for purposes related to the services requested and in particular for:

• requesting information on the products and services of the Companies;
• viewing information materials and demos of the Companies’ products and services;
• allowing navigation through the restricted pages of the website;
• registering the user for the requested service;
• fulfilling the contractual obligations of the requested service, where applicable;
• sending technical communications and/or related to the management and delivery of the requested services;
• marketing and remarketing purposes;
• sending advertising and promotional information through e-mail;
• direct sales through the web.

 

4. COOKIES

We inform you that browsing the website will download cookies defined as technical, namely:

• session cookies used to “fill the cart” in online purchases; authentication cookies; cookies for flash player type multimedia content that do not exceed the duration of the session; customisation cookies (e.g., for choosing the browsing language), etc;
• cookies (so-called “analytics”) used to statistically analyze access/visits to the website that pursue only statistical purposes and collect information in aggregate form.

There are also statistical and profiling cookies, including third-party cookies to which you may be redirected while browsing.

The complete and up-to-date list of cookie types can be found in the cookie detection and management tool banner.

 

5. LEGAL BASIS FOR PROCESSING

This website processes data on the basis of consent. By using or consulting this website, the data subject implicitly consents to the possibility of storing only those cookies that are strictly necessary (hereinafter “technical cookies”) for the operation of this website. For other types of cookies, he/she can express or deny consent through the appropriate flags in the banner that appears when opening the site.

With specific reference to commercial banners operated by Google ADS, it should be noted that consent may be denied directly within the banner in the marketing and/or statistics section.

 

6. STORAGE PERIOD OF YOUR DATA

Personal data collected during browsing will be kept for as long as necessary to carry out the specified activities and no longer than 26 months. Data voluntarily provided by the user will be kept until the data subject withdraws consent. Consents expressed with reference to non-technical cookies will be valid for 6 months, after which consent will be requested again.

 

7. PERSONAL DATA COLLECTED AND MANDATORY OR OPTIONAL NATURE OF PROVIDING DATA AND CONSEQUENCES OF REFUSAL

Just like all websites, this site also makes use of log files, which store information collected automatically during user visits. The information collected could be as follows: 

• internet Protocol (IP) address;
• browser type and parameters of the device used to link to the site;
• internet service provider (ISP) name;
• date and time of visit;
• visitor’s source (referral) and exit web pages;
• possibly the number of clicks.

The above information is processed in an automated form and collected for the purpose of verifying the proper functioning of the site, for statistical and security reasons.

For security purposes (spam filters, firewalls, virus detection), automatically recorded data may possibly also include personal data such as IP address, which could be used, in accordance with relevant laws, in order to block attempts to damage the site itself or to harm other users, or otherwise harmful or criminal activities. Such data are never used for user identification or profiling, but only for the purpose of protecting the site and its users. 

The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.

Apart from what has been specified for browsing data, the user is free to provide personal data additional to those previously indicated by registering on the site.

Failure to provide personal data may result in the impossibility of obtaining what you have requested, the impossibility of providing certain services, and your browsing experience on the website may be adversely affected.

Finally, by accessing the site, anonymous data will be recorded in order to understand the user experience.

The companies specify that under no circumstances sensitive data are collected from data subjects.

 

8. PROCESSING METHODS

Pursuant to and in accordance with Articles 12 et seq. of the GDPR, the personal data of the data subjects will be recorded, processed and stored in the electronic archives of the Companies, adopting technical and organisational measures aimed at data protection. The processing of personal data of data subjects may consist of any operation or set of operations among those indicated in Article 4, paragraph 1, point 2 of the GDPR. 

Personal data will be processed through the use of appropriate tools and procedures to ensure their security and confidentiality and may be carried out, directly and/or through delegated third parties by means of computer or electronic tools.

 

9. SCOPE OF KNOWLEDGE OF YOUR DATA

The data of the data subject may be processed by employees of the corporate departments of the Companies dassigned to the pursuit of the above purposes. These employees have been expressly authorised to process and have received appropriate operating instructions pursuant to and in accordance with Article 29 GDPR.

Data may also be disclosed by the Companies to: 

• • Zucchetti Group companies;
  • Business partners;
  • Consulting companies.
  • Zucchetti Academy offices;
  • Managers of trust services provided by Zucchetti.

 

10. COMMUNICATION AND DISSEMINATION

The data subject’s personal data, provided through registration, may be disclosed, meaning by this term the giving of knowledge to one or more specific persons, by the Companies to third parties in order to implement all necessary legal and/or contractual obligations. In particular, the data subject’s personal data may be disclosed to public bodies or offices or supervisory authorities in accordance with legal and/or contractual obligations.

The data subject’s personal data may be disclosed in the following terms:

• to subjects who can access the data by virtue of law provisions, regulation or EU legislation, within the limits provided by these rules;
• to subjects needing access to the data for purposes auxiliary to the relationship between the data subject and the Companies, within the limits strictly necessary to carry out the auxiliary tasks;
• to consultants and/or professionals, to the extent necessary to perform their duties at the Companies, their organisation, subject to a letter of assignment from the Companies imposing the duty of confidentiality and security.

 

Dissemination – The Companies will not indiscriminately disseminate the personal data of the data subject, nor will they give knowledge of it to unspecified individuals, including by making it available or consultation.

Trust and Confidentiality –  Companies value the trust shown by data subjects who have consented to the processing of their personal data and therefore undertake not to sell, rent or lease such personal information to others.

 

11. DATA TRANSFER TO NON-EU COUNTRIES

Data provided by the data subject will be processed only in countries located within the European Union. If the data subject’s personal data are processed in a non-EU state, the rights granted to the data subject under EU law will be guaranteed and the data subject will be promptly notified.

 

12. HOW TO DISABLE COOKIES?

Most browsers (Internet Explorer, Firefox, Chrome, etc.) are configured to accept cookies. Cookies stored on your device’s hard drive can still be deleted, and you can also disable cookies by following the directions provided by major browsers, at the links below:

Chrome                              https://support.google.com/chrome/answer/95647?hl=it

Firefox                                http://support.mozilla.org/it/kb/Eliminare%20i%20cookie

Internet Explorer             https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies#

Opera                                  https://help.opera.com/en/latest/web-preferences/#cookies

Safari                                  https://support.apple.com/it-it/HT201265 

 

13. RIGHTS OF THE DATA SUBJECT

Pursuant to Articles 15 et seq. of the GDPR, the data subject may exercise the following rights:

1. access: confirmation or non confirmation that processing of the data subject’s personal data is taking place and the right to access the same; requests that are manifestly unfounded, excessive or repetitive cannot be answered;
2. rectification: to correct/obtain correction of personal data if incorrect or outdated and to complete them if incomplete; 
3. erasure/oblivion: to obtain, in some cases, the deletion of the personal data provided; this is not an absolute right, as the Companies may have legitimate or legal reasons for retaining them;
4. limitation: data will be stored, but can neither be processed nor processed further, in the cases provided for in the regulations;
5. portability: moving, copying or transferring data from the Companies’ databases to third parties. This applies only to data provided by the data subject for the execution of a contract or for which consent and express consent has been given and processing is carried out by automated means;
6. opposition to direct marketing;
7. withdrawal of consent at any time if the processing is based on consent.

Pursuant to Article2-undicies of Leg. Decree 196/2003 the exercise of the rights of the data subject may be delayed, limited or excluded, by reasoned notice given without delay, unless such notice would compromise the purpose of the limitation, for such time and to the extent that this constitutes a necessary and proportionate measure, having regard to the fundamental rights and legitimate interests of the data subject, in order to safeguard the interests referred to in subsection 1, letters a) (protected money laundering interests), e) (to the conduct of defensive investigations or the exercise of a right in court)and f) (to the confidentiality of the identity of the employee who reports wrongdoing of which he/she has become aware by reason of his/her office). In such cases, the rights of the data subject may also be exercised through the Data Supervisor in the manner set forth in Article 160 of the same Decree. In such a case, the Supervisor will inform the data subject of having carried out all the necessary verifications or of having carried out a review, as well as of the data subject’s right to appeal.

 

It should also be noted that – prior to processing requests – the Companies may carry out a verification of the identity of the data subject in order to assess the legitimacy of the request received.

 

To exercise these rights, the data subject may contact the Joint Controller Companies at  ufficio.privacy@zucchetti.it or by contatcting ++390371/594.3191 or by sending a message to Ufficio Privacy Zucchetti, via Solferino n. 1 – 26900 Lodi.

The Companies will respond within 30 days of receiving the formal request sent by the data subject. 

As a reminder, in the event of a breach of the data subject’s personal data, the data subject may file a complaint with the competent authority: “Data Protection Supervisor.”

 

 

ZUCCHETTI GROUP COMPANIES