Information on the processing of personal data. Effective from 07/26/2024
PREMISE
This notice takes into account the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and the Privacy Code (Legislative Decree 30 June 2003 No. 196). The document has also been drafted based on the Privacy Authority Guidelines (especially the Anti-Spam Guidelines issued by the Privacy Authority on 4 July 2013).
Data Controller: FISSORE Ceramics S.p.a., , STRADA Carignano, 35 – 10024 Moncalieri (TO), Chamber of Commerce of Turin, VAT 04917300016, Phone: +39 011 6406 653 | +39 011 644 488, Email: info@fissore.com
Website to which this privacy policy refers: https://www.fissore.com/en/ (Site).
The Data Controller has not appointed a DPO (Data Protection Officer). Therefore, you can send any information requests directly to the Data Controller.
GENERAL INFORMATION
This document describes how the Data Controller processes your personal data provided on the Site.
Below are the main treatments of your personal data. In particular, the legal basis for the processing is explained, whether the provision is mandatory, and the consequences of not providing personal data. To best describe your rights, if necessary, we have specified if and when a particular processing of personal data is not carried out. On the Site, you have the opportunity to enter personal data of third parties. In this case, you guarantee that you have obtained consent from these parties for the entry of their personal data. Therefore, you agree to indemnify and hold the Data Controller harmless from any liability.
Website Registration
The information and data requested during registration will be used to allow you both to access the reserved area of the Site and to use the online services. LINE offered by the Data Controller to registered users. The legal basis for the processing is the necessity for the Data Controller to execute pre-contractual measures adopted at the request of the data subject. Providing the data is optional. However, your refusal to provide the data will result in the inability to register on the Site.
Purchases on the Site
Your personal data will be processed to allow you to make purchases on the Site. In the case of placing an online purchase order, to enable the conclusion of the purchase contract and the correct execution of the operations connected to it (and, if necessary according to sector regulations, to fulfill tax obligations). This processing of personal data also includes the possibility of sending communications (e.g., tracking and order information) via automated tools such as SMS and/or WhatsApp. The legal basis for the processing is the obligation of the Data Controller to execute the contract with the data subject or to comply with legal obligations. Regardless of the above (and therefore of your consent), the Data Controller may process your data for purposes of c.d. "soft-spam", regulated by theART. 130 of the Privacy Code. This means that, limited to the email you provided in the context of a purchase through the Site, the Data Controller will process the email to allow the direct offer of similar products/services, provided that you do not object to such processing in the manner provided by this notice. The legal basis for the processing is the legitimate interest of the Data Controller in sending this type of communication. This legitimate interest can be considered equivalent to the interest of the data subject in receiving "soft-spam" communications. The Data Controller may send emails to remind the user to complete a purchase. The legal basis for this processing is the legitimate interest of the Data Controller in sending this type of communication.
Respond to Your requests
Your data will be processed to respond to your information requests. Providing your data is optional, but your refusal will make it impossible for the Data Controller to respond to your inquiries. The legal basis for processing is the legitimate interest of the Data Controller in addressing the user's requests. This legitimate interest is equivalent to the user's interest in receiving a response to the communications sent to the Data Controller. The Data Controller may process your personal data for the purpose of managing support tickets. The legal basis for processing is the legitimate interest of the Data Controller in responding to the data subject's request. This interest is equivalent to that of the data subject in receiving a response. Personal data will be retained for this purpose until the necessary time to manage the ticket has elapsed.
Generic marketing
With your prior consent, the Data Controller may process the personal data you provide in order to send you advertising material and/or newsletters related to its own or third-party products. The legal basis for this processing is your consent. Providing personal data for this purpose is entirely optional. Failure to consent to the processing of data for marketing purposes will result in the inability for you to receive advertising material related to the Data Controller's and/or third-party products/services, as well as the inability for the Data Controller to conduct market research, including those aimed at assessing user satisfaction, and to send you newsletters. These communications will be sent to the email address you provided on the Site.
Profiling
With your consent, the Data Controller may process your personal data for profiling purposes, meaning the analysis of your consumption choices through the disclosure of the type and frequency of purchases you make, in order to send you advertising material and/or newsletters related to products of your specific interest, whether they are from the Controller or third parties. The legal basis for this processing is your consent. Providing data for this purpose is entirely optional. Failure to consent to the processing of your personal data for profiling purposes will make it impossible for the Data Controller to develop your commercial profile by analyzing your purchasing choices and habits, as well as to send you advertising material related to the Controller's and/or third-party products of your specific interest. These communications will be sent to the email address you provided on the Site.
Data Transfer
The Data Controller does not disclose your personal data to third parties.
Geolocation
The Site does not implement IP address geolocation tools for the user.
Resume
Through the Site, it is not possible to submit resumes. Therefore, your data will not be processed for these purposes.
Appointment Booking
The Site does not have third-party systems for booking appointments with the Data Controller. Therefore, your data will not be processed for this purpose. However, you can always contact the Data Controller using the contact information provided above.
Photos and videos
The Data Controller does not request the publication of photographs and/or videos depicting you. Therefore, your data will not be processed for these purposes.
WEB Scraping
The use of any automated process or system to access, acquire, copy, or monitor any part of our site WEB, including but not limited to, techniques of WEB Scraping, crawling, or spidering is expressly prohibited. The Data Controller reserves the right to take all necessary measures, including legal actions, to prevent and pursue any unauthorized scraping activity. By using the Site, the user or any third party agrees not to: (i) use automated systems, such as bots, scrapers, or spiders, to access or interact with the Site; (ii) collect content, data, or other information present on the Site without explicit written authorization; (iii) distribute, display, publish, or otherwise use the content acquired through scraping techniques without consent. Any violation of this clause will be considered a substantial breach of the Site's terms of use and will result in appropriate measures being taken, including the possible suspension of access to the site and the initiation of legal actions to protect the interests of the Data Controller.
Communication of personal data
In the course of its ordinary activities, the Data Controller may disclose your personal data to certain categories of subjects. In Article 2, you can find the list of subjects to whom the Data Controller discloses your personal data. To facilitate the protection of your rights, Article 2 may specify in some cases when your data is not disclosed to third parties.
The "communication" of personal data to third parties is different from "transfer" (regulated in the preceding point). In fact, in communication, the third party to whom the data is transmitted can only use it for the specific purposes described in the relationship with the Data Controller. In transfer, however, the third party becomes an independent Data Controller of the personal data. Furthermore, your consent is always required to transfer your personal data to third parties.
Notwithstanding the above, it is understood that the Data Controller may still use your personal data to properly fulfill the obligations required by the laws in force.
SPECIFIC PRIVACY NOTICE
ART. 1. Processing Methods
1.1 The processing of your personal data will primarily be carried out using electronic or automated means, in accordance with methods and tools suitable for ensuring the security and confidentiality of personal data.
1.2 The information acquired and the methods of processing will be relevant and not excessive in relation to the type of services provided. Your data will also be managed and protected in secure IT environments appropriate to the circumstances.
1.3 The Site does not process "special categories of data." Special categories of data are those that can reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership in parties, unions, associations or organizations of a religious, philosophical, political or trade union nature, health status, and sexual life.
1.4 Judicial data are not processed through the Site.
ART. 2 Communication of personal data
The Data Controller may disclose your personal data to specific categories of subjects. Below are the subjects to whom the Data Controller reserves the right to disclose your data:
The Data Controller may disclose your personal data to all those entities (including Public Authorities) that have access to personal data by virtue of legal or administrative measures.
Your personal data may also be disclosed to all those public and/or private entities, individuals and/or legal entities (legal, administrative, and tax consulting firms, judicial offices, chambers of commerce, labor chambers and offices, etc.), if the disclosure is necessary or functional for the proper fulfillment of obligations arising from the law.
The Data Controller employs staff and/or collaborators in any capacity. For the proper functioning of the Site, the Data Controller may share your personal data with these employees and/or collaborators.
In its regular site management activities, the Data Controller uses companies, consultants, or professionals tasked with the installation, maintenance, updating, and, in general, the management of the Data Controller's hardware and software or those used by the Data Controller to provide its services. Therefore, solely for these purposes, your data may also be processed by these entities.
For sending its communications, the Data Controller uses external companies tasked with sending this type of communication (CRM platforms). Your personal data (particularly the email) may therefore be communicated to these companies.
The Data Controller does not use external companies to provide customer care services.
The Data Controller uses banks and companies that manage national and international payment networks for online payments of products and services purchased through the Site.
The buyer's personal data may be communicated to postal offices, couriers, or shippers responsible for the delivery of the Products purchased through the Site.
The Data Controller reserves the right to modify the above list based on its ordinary operations. Therefore, you are encouraged to regularly access this notice to check which entities the Data Controller communicates your personal data to.
ART. 3. Data Retention
3.1 This article describes how long the Data Controller reserves the right to retain your personal data.
Your personal data will be retained only for the time necessary to ensure the proper provision of the services offered through the Site.
For the purpose of executing the sales contract, the data will be retained for 10 years from the date of receipt of the purchase order. This is to allow the Data Controller to exercise their right of defense and to demonstrate that the contract has been correctly executed.
For customer care purposes, the data will be deleted once the assistance service is completed and, in any case, within a maximum period of 3 months from the last email exchange with the individual concerned.
As provided by Article 2220 of the Civil Code, invoices, as well as all accounting records in general, are kept for a minimum period of ten years from the date of registration, so that they can be presented in case of an audit.
For marketing purposes, unless consent is revoked earlier, the data is stored for 24 months from the time it is provided. After the revocation of consent or at the end of the 24-month period, the personal data will be deleted and no longer used for marketing purposes.
For "profiled" marketing purposes, unless consent is revoked earlier, the data is stored for 12 months from the time it is provided. After the revocation of consent or at the end of the 12-month period, the personal data will be deleted and no longer used for this purpose.
Through the Site (or by making a request to the Data Controller), it is possible to delete the user's account. In this case, all stored personal data will be deleted and will not be retained by the Data Controller for any purpose.
3.2 Notwithstanding the provisions of article 3.1, the Data Controller may retain your personal data for the time required by specific regulations, as amended from time to time.
ART. 4. Transfer of personal data
4.1 The Data Controller is based in a country that provides an adequate level of security from a regulatory standpoint. Should the transfer of your personal data occur in a country EXTRA-For the EU and for which the European Commission has issued an adequacy decision, the transfer is considered safe from a regulatory standpoint. This article 4.1 specifies the countries to which your personal data may be transferred and where the European Commission has issued an adequacy decision.
Your personal data may be transferred to the USA based on the adequacy decision established by the European Commission. With this decision, the European Commission has determined that the USA offers a level of personal data protection comparable to that provided by the European Union.
4.2 Notwithstanding the provisions of article 4.1, your data may also be transferred to countries EXTRA-EU and for which the European Commission has not issued an adequacy decision. You are therefore invited to regularly review this article 4.2 to ascertain to which of these countries your data may be transferred.
4.3 In this article, the Data Controller specifies the countries to which it may specifically direct its activities. This circumstance may imply the application of the laws of the reference country, in addition to those governing the relationship with the user as indicated in the Preamble.
At the user's request, the Data Controller will apply the potentially more favorable regulations provided by the user's national legislation to the processing of personal data.
ART. 5. Rights of the data subject
The Data Controller informs you that you have the right to:
request the Data Controller to access your personal data and to rectify or delete them, or to limit the processing concerning you, or to object to their processing, OLTRE to the right to data portability
withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
file a complaint with a supervisory authority.
The above rights can be exercised by making a request without formalities to the contacts indicated in the Introduction.
ART. 6. Modifications and Miscellaneous
The Data Controller reserves the right to make changes to this policy at any time, providing appropriate notice to the users of the Site and ensuring in any case an adequate and similar protection of personal data. To view any changes, you are invited to regularly consult this policy. In the event of substantial changes to this privacy policy, the Data Controller may also communicate them via email.
Powered by LegalBlink.