Personal data processing policy pursuant to art. 13 and 14 of EU Regulation 2016/679
Laminam S.p.A. , with head office in Fiorano Modenese (MO) via Ghiarola Nuova 258, VAT/Tax ID 01969990355, e-mail: email@example.com, in its capacity as Data Controller of personal data (hereinafter the “Data Controller” or the “Company“), informs the persons (identified or identifiable) who visit and consult its enterprise website, accessible from the address https://www.laminam.com/(hereinafter the “Site “),or who voluntarily interact with the Company (hereinafter the “User(s)”), regarding the use of their personal data.
This information is provided only for the Site and not for any other websites that may be consulted or accessed via hypertext links or widgets (e.g. social networks) published on the Site but referring to resources outside the Owner’s domain.
- Personal data processed
The Data Controller can process:
- Navigation data:
- data collected during the visit to the Site, which the computer systems and software procedures used to operate the Site acquire by default in the course of their standard activity. This data category includes IP addresses or domain names of computers and terminals used by users, the URIs/URLs (Uniform Resource identifiers/Locators) of requested resources, request times, the method used to submit requests to the server, the size of the file obtained in response, the numerical code specifying the status of the response provided by the server (successful, error, ..) and other parameters pertaining to the OS and the user’s IT environment;
- data collected through Google Analytics by taking every measure to reduce the possibility of identifying Users. These include, for example: the type of device used to connect, the city from which the User connects, the duration of the visit to the Site, ..;
- Data disclosed by the Users:
personal data provided voluntarily by the User who interacts with the Controller through the Site by filling in and submitting any forms on the Site and/or by explicitly and spontaneously sending messages to the Controller’s contact details indicated on the Site or on social media, to the Company’s profiles/corporate pages accessible from the Site (where this possibility is provided for). In such cases, the Company acquires the data necessary to respond to the communication sent by the User or to activate the service requested by the latter, such as the User’s identification data and contact information (name, surname, e-mail address), as well as any further personal data voluntarily included by the User in the communications and requests sent to the Company and the data useful to the latter to respond to and manage the request submitted. Users are reminded of:
- communicating only data that is up-to-date, relevant and not excessive for the specific purposes of the processing;
- in the event that they need to communicate data of third parties, complying with the legal requirements concerning the protection of personal data and, in particular, duly and promptly inform third parties of the communication of their data to the Company and of the characteristics of the processing.
Any unnecessary data will be immediately deleted or anonymised.
Specific information statements, should they contain different or more detailed information than this, will be published on any pages of the Site containing forms or set up for the provision of certain services. In this regard, Users who have activated the “Conventional Guarantee for Laminam Kitchen Tops” through the Site are reminded that the information concerning the processing of personal data carried out by the Company in that context can be viewed in the relevant section of the Site, with the exception of the Site use and navigation data of those same Users which remain, instead, included in this information statement.
(hereinafter, all “Personal Data“)
- Data collected by means of cookies while Users are browsing the Site.
- Purposes of the processing and legal bases:
The Controller processes Personal Data collected in the context of the Site for the purposes and under the legal bases indicated in the following table:
|What are the PURPOSES of the treatment?||What are the LEGAL BASIS of the processing?|
|1)||Fulfilment of a legal obligation in connection with civil, fiscal and administrative provisions, Community legislation, standards, codes or procedures approved by Authorities and other competent Institutions, as well as to comply with requests by the competent administrative or judicial authorities and, more generally, by public entities in compliance with legal procedures.||Compliance with a legal obligation to which the Data Controller is subject.|
|2)||Asserting and defending one’s rights, including through extrajudicial initiatives and also through third parties, as well as preventing criminal offences (such as, for example, fraud, identity theft, computer crime, etc.).||Pursuit of the legitimate interest of the Controller in exercising their right of defence.|
|3)||To enable Users to access and browse the Site in the best way, and to handle requests received through the Site.||Execution of pre-contractual (and in the case contractual) measures taken at the User’s request.|
|4)||Limited to Users’ browsing data under par. 1 point a), for security purposes of the Owner’s systems, to obtain statistical information on the use of the Site (such as the Site’s most frequently visited pages, the average time spent on each page, etc…), as well as to check the proper functioning of the Site and identify actions aimed at improving it.||Pursuit of the Owner’s legitimate interest in ensuring the effectiveness, updating, security of the Site and systems.|
|5)||To manage subscription to the newsletter and to send e-mails for information and promotion of the Company’s products and services and activities (events, trade fairs, etc…), also personalised on the basis of the data communicated by the User (such as geographical origin, profession), as well as interests expressed, products purchased, responses to market research, etc…||Specific consent of the User (given when voluntarily filling in the newsletter subscription form), which can be revoked at any time in accordance with Section 5 of this information statement.|
- Compulsory release of requested data and consequences of non-release
Except as specified for browsing data (and, in the relevant policy, for cookies), the User is free to provide their personal data (via forms – on the pages that allow it – or by other means to the Data Controller’s contacts) in order to send requests for information or to subscribe to the newsletter or to spontaneously apply for open positions on the Site. It is understood that failure to provide, or the partial provision of, the personal data required to handle any request made by the User may prevent the Controller from carrying out what the User has requested (such as, for example, the sending of promotional e-mails), as well as from fulfilling any related obligations.
- Processing methods and recipients/categories of recipients of Personal Data
Personal Data will be processed by means of both manual and computerised tools exclusively by authorised and specially trained persons.
In particular, Users’ Personal Data may be known by/communicated to:
- authorised processors of the Controller (collaborators, employees and operators);
- where applicable, employees and collaborators of Laminam’s subsidiaries/associates;
- third party service providers to the Controller (including providers of technical and IT services, including Site maintenance and data storage, hosting providers, web editors, managers of e-mail marketing platforms, as well as companies or entities providing legal, insurance services, .. );
- companies and third-party professionals appointed to enforce rights, interests, claims of the Controller arising from the relationship with the Users;
- State administrations, judicial or administrative authorities, public and private entities, also following inspections and audits;
- persons who can access the data by virtue of legal provisions or secondary or EU regulations.
The above recipients will act as data controllers, autonomous data controllers or authorised persons, as the case may be. To know the updated list of recipients or receive additional information, you can write to the Controller at the addresses indicated in this information statement.
The newsletter service is carried out by e-mail via the Mailchimp platform.
- Period of Personal Data retention
Personal Data will be kept by the Controller for the time strictly necessary for the purpose for which it was collected; specifically, the Controller will keep:
- Users’ browsing data for the duration of the browsing session and in any case for no longer than seven days, except in the event of system failures, in which case they will be retained until the problem is resolved;
- the data communicated by the Users (indicated in par. 1 sub b):
- with regard to the personal data required to send the newsletter to Users registered for the service, for a period of 24 months from the date of registration, extendable by a further 24 months from the date of the last contact with the User, unless the User revokes consent before the expiry of this period: (i) by clicking on the appropriate link at the bottom of each newsletter sent; (ii) by writing to the Company at the contact details indicated in par. 7 of the information statement;
- in other cases, for the time needed to process the relevant request;
- Personal Data whose processing is necessary in connection with legal obligations for the time-period prescribed by law;
- Personal Data whose processing is aimed at ensuring the right of defence of the Data Controller: at least until the possible exercise of the Users’ right of objection, it being understood that in the event of the occurrence of problems, failures, disputes or controversies, including non-judicial ones, the Personal Data shall be retained for a period equal to the limitation period of the relevant actions, increased by a prudential period of six months for the establishment, exercise or defence of a right of the Data Controller.
In all cases, upon expiry of the respective terms, all Personal Data will be deleted or anonymised. This is without prejudice to the fact that the periods indicated may be extended in cases where storage for a later period is required in the event of litigation, requests by the competent authorities or pursuant to applicable law.
- Transfer of Personal Data to a third country or international organisation
If, in order to fulfil the purposes set out in par. 2, it becomes necessary to transfer Personal Data to Third Party Countries, such transfer will take place in accordance with the requirements prescribed by European law and therefore in the presence of conditions and guarantees that ensure a level of protection of Personal Data that complies with that required by the GDPR (such as prior verification of the existence of adequacy decisions, the adoption of standard contractual clauses, etc…).
- Rights of data subjects – right to lodge complaint
Should the circumstances and conditions provided for by law apply, users (or other data subjects) may exercise – at any time and normally free of charge – the following rights towards the Company to access their personal data (to obtain confirmation as to whether or not personal data concerning them are being processed); to rectify/supplement inaccurate/incomplete personal data; to erase their personal data; to restrict processing of their personal data (to request the marking of personal data stored with a view to limiting their processing in the future) to data portability (to receive in a structured, commonly-used and machine-readable format the personal data concerning them that they have provided to the Company and to request the Company to transmit such data to another data controller, in cases where the processing is carried out by automated means on the legal basis of contract or consent).
Users (or other data subjects) also have the right to:
- oppose, at any time, on grounds relating to their particular situation, the processing of their Personal Data based on the legitimate interest of the Controller in the pursuit of the processing purposes set out in par. 2 – no. 2 and 4;
- as well as, in relation to subscription to the newsletter , to revoke in the manner set out in par. 5 the consent previously given.
The above rights may be exercised by writing to the Company:
- by e-mail to firstname.lastname@example.org;
- by standard mail at the registered office in Fiorano Modenese (MO), 41042, via Ghiarola Nuova no. 258.
In addition, Users (or other data subjects) who consider that the processing of Personal Data relating to them carried out through the Site is in breach of the GDPR are entitled to lodge a complaint with the national supervisory authority of the European Union member state in which the User (or other data subject) has their usual residence or place of work or where the alleged breach of their right occurred (in case such state is Italy, the competent entity is the Italian Data Protection Authority) or to take appropriate legal action (art. 79 of the GDPR).
The Company has appointed a DPO, in the person of Ivan Frioni, lawyer, who can be contacted at the following addresses: email@example.com
Updated on 8th July 2022