The Gruppo Colorobbia respects the privacy of its Customers and Visitors of this portal.
Any data transmitted by users to Gruppo Colorobbia will be treated with the utmost confidentiality and all the necessary measures will be taken to ensure their protection in full compliance with the Italian law in force on data confidentiality.
INFORMATION ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO THE REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE
(GENERAL DATA PROTECTION REGULATION – GDPR)
1. Data controller and Data Protection Officer
The Data Controller is Colorobbia Italia S.p.A., the registered office of which is at Via Pietramarina n. 53, 50059 Sovigliana, Vinci (Florence) Italy, VAT-Id IT-00435210489.
The Company has designated Marsh Risk Consulting, La Badessa Pietro, as its Data Processor Officer pursuant to Art. 37 ff. of the GDPR.
With regard to all issues related to processing of personal information, the Data Subject may contact the data protection officer by emailing at: firstname.lastname@example.org
For detailed information on the rights of the Data Subject, please refer to the Section “Rights of the Data Subject” of this privacy statement.
2. Legal bases on which we process your personal data and purpose of Processing
Data provided or collected when browsing the website www.neogrits.com will be processed by the Data Controller in accordance with the regulations in force.
Our processing is based on the lawful bases that are necessary for us to process your personal data, namely: provision of services offered by the Company, management and facilitation of the website, management of protected areas on the site, Data subject explicit consent, where requested and given, to the processing of the Personal Data.
The processing of your data by Colorobbia Italia S.p.A. is aimed at pursuing the following purposes:
1) “Contact Us Area”: if you decide to contact us by filling-in the special form on the site www.neogrits.com, the Data you provide will be processed by the Data Controller to handle your request and provide you with the necessary information;
2) Social Networks: www.neogrits.com website allows access to Colorobbia Italia social pages, thus entailing installation of third-party cookies on Colorobbia website.
3. Nature of the processing
With the exception of those data that are necessary and essential to execute electronic and IT protocols, users may provide personal data for the purposes referred to in point 1) of the foregoing paragraph freely and optionally. However, if the Data Subject does not provide the information requested, the Company will not be able to handle any requests submitted or to be submitted by the user. In this context, please note that personal data may also be processed for the fulfilment of obligations established by law, legislation and, in general, by regulations in force and applicable from time to time.
4. What type of information is collected from you
The Controller will process those data provided by the user when browsing the website www.neogrits.com, for example: e-mail address.
5. How we process your Personal Data and how long we retain your information
Your personal information will be processed by the Controller in compliance with the provisions as set forth by applicable law on data protection. Data processing will take place through electronic and/or IT means and organizational and logical procedures strictly correlated with the purposes for which Information is collected. In addition, the Controller has implemented appropriate security measures intended to protect against unauthorised access, disclosure, alteration or destruction, loss or unlawful use and misuse of your personal information.
Despite this, the Company cannot guarantee that the measures implemented for the security of the site and the transmission of data and information are able to limit or exclude any risk of unauthorized access or disclosure of Data by users’ devices. Therefore, we recommend users of the site to install adequate software protecting data during transmission across the network (i.e. updated antivirus) and their Internet Provider to have appropriate data transmission security measures in place.
Furthermore, the Company undertakes to process the Personal data according to the principles of lawfulness, fairness and transparency, to collect it to the extent necessary and adequate for the processing and to limit access to authorised personnel only. Data that you provide to us will be managed and held in archives or on servers which are located within the European Union, owned by the Data Controller and/or by third party companies appointed as External Data Processors, and, in any case, currently seated in Italy.
Your Personal Information will be retained for as long as needed or permitted in light of the purposes for which it was obtained and, in any case, in accordance with the regulations in force.
In any case, the Company undertakes to avoid processing of personal data for an indefinite period and to verify, periodically, the actual interest of the Data Subject
6. Data recipients and Data Processors
Your Personal Data will not be in any way disclosed by transmission, dissemination or otherwise made available to third parties, except for those cases provided for by law and, in any event, in compliance with the procedures set forth in the applicable regulation. Your Personal Data will be processed by the Company’s employees to the extent and according to the purposes for which it is processed. Some Data may also be processed by third parties, acting as External Data Processor, that are appointed or may be appointed by the Controller for the management of contractual relationship, provision of the services and for organizational requirements as to corporate business. In particular, Personal Data may be shared, including but not limited to, with:
- a) private or public third parties, authorised to process Personal Data by virtue of laws, regulations or community legislation, to the extent provided for by said regulations;
- b) third parties that need to process Personal Information for purposes related to contractual relationship between the parties, to the extent strictly necessary for the performance of the tasks assigned (such as, for example, banks and credit institutions, technical service providers, hosting providers, IT companies, communication agencies, mail carriers and shipping companies);
- c) consultants, to the extent strictly necessary for the performance of professional task assigned. An updated list of the appointed External Data Processors is made available to the Data Subject at the headquarters of the Data Controller upon prior request to be emailed at: email@example.com.
7. Transfers of personal data to third countries.
Your Personal Data will not be transferred outside the European Union. It being understood, however, that the Controller, if necessary, shall be entitled to move server’s location in non-EU third countries. In this case, the Data Controller ensures from now on that the transfer of personal data outside the European Union will take place in accordance with provisions set forth in article 44 et seq. of the GDPR and other applicable regulations, by stipulating, if required, related agreements that ensure an adequate level of protection.
8. Rights of the Data Subject
The GDPR gives the Data Subject specific rights that help him/her be in control of his/her personal data, namely:
- a) pursuant to art. 15, the data subject shall have the right to obtain from the Controller confirmation as to whether
or not personal data concerning him or her are being processed, and, where that is the case, to obtain access
to the personal data and the following information:
- i) the purposes of the processing
- ii) the categories of personal data concerned;
- iii) the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations;
- iv) where possible, the envisage period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- v) the existence of the right of the Data Subject to request from the Data Controller rectification or erasure of Personal Data or restriction of processing of personal data concerning the data subject or to object to such processing;
- vi) the right to lodge a complaint with a supervisory authority, pursuant to articles 77 ff. of the GDPR;
- vii) if the Data is not collected from the Data Subject, all information available on their origin;
- viii) the existence of automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4 of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisage consequences of such processing for the data subject;
- ix) where personal data are transferred to a third country or to an international organisation the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer of Personal Data to a third country or an international organisation;
- b) the Data Subject shall also have (where applicable) the possibility of exercising the rights pursuant to articles 16-21 of the GDPR (right to rectification, right to erasure, right to restriction of processing, right to Data portability, right to object).
The Data Subject may at any time exercise the above-mentioned rights and request a copy of an updated list of the Data processors by emailing at: firstname.lastname@example.org.
The Company Colorobbia Italia S.p.A. undertakes to provide information on action taken on a request to the Data Subject within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. In any case the Data Controller shall inform the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Information on the action taken on a request shall be provided in writing or by electronic means. In the event of a request for rectification, erasure and restriction of processing, the Data Controller shall inform about said requests received by the Data Subject to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Company may charge a reasonable fee. Pursuant to Art. 37 of the GDPR, The Company has designated La Badessa Pietro as its DPO – Data Processor Officer. With regard to all issues related to processing of personal information, the Data subject may contact the data protection officer via email at: email@example.com.
Contacts of the Data Protection Officer
The Data Protection Officer (“DPO”), Dr. Pietro La Badessa of Marsh Risk Consulting Service Srl, can be contacted for:
e-mail to the address: firstname.lastname@example.org