Privacy Policy on the Processing of Personal Data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR)
Effective as of 01/03/2022
INTRODUCTION
This privacy policy takes into account the provisions of the GDPR and the Italian Privacy Code (Legislative Decree no. 196 of 30 June 2003). The document has also been drafted in accordance with the Guidelines of the Italian Data Protection Authority (in particular, the Anti-Spam Guidelines issued by the Authority on July 4, 2013).
Data Controller: Giuseppe Calamita
Website covered by this privacy policy: www.cimaspirali.it (the “Website”).
The Data Controller has not appointed a Data Protection Officer (DPO). Therefore, you may submit any request for information directly to the Data Controller.
GENERAL INFORMATION
This document describes how the Data Controller processes your personal data provided through the Website.
Below you will find details of the main ways your personal data may be processed. In particular, the legal basis of each processing activity, whether the provision of data is mandatory, and the consequences of failure to provide data are explained. To best describe your rights, where necessary, we have specified if and when a certain processing activity does not occur.
Website Registration
The Website does not offer registration features. Therefore, the Data Controller does not process your personal data for this purpose.
Purchases on the Website
No purchases can be made through the Website. Therefore, your personal data will not be processed for this purpose. The Data Controller does not process user data for the purpose of sending “reminder” emails related to products and/or services.
Responding to Your Requests
Your data will be processed in order to respond to your requests for information. Providing data is optional, but refusal will make it impossible for the Data Controller to respond. The legal basis is the legitimate interest of the Data Controller to reply to user requests, which corresponds to your own interest in receiving a response.
General Marketing
The Data Controller will not send you advertising materials and/or newsletters regarding its own products or those of third parties.
Profiling
The Data Controller does not carry out profiling activities with your personal data. Therefore, you will not receive targeted advertising materials and/or newsletters.
Data Transfer
The Data Controller does not sell or transfer your personal data to third parties.
Geolocation
The Website does not use geolocation tools based on users’ IP addresses.
Disclosure of Personal Data
In the course of its normal activities, the Data Controller may disclose your personal data to specific categories of recipients. See Article 2 below for details. To protect your rights, Article 2 also specifies, in some cases, when your data will not be disclosed to third parties.
Please note that “disclosure” of personal data to third parties is different from “transfer.” In disclosure, the third party may use the data only for the specific purposes described in the relationship with the Data Controller. In a transfer, however, the third party becomes an independent Data Controller. Any transfer of your personal data to third parties always requires your prior consent.
Without prejudice to the above, the Data Controller may process your personal data to comply with legal obligations.
SPECIFIC PRIVACY INFORMATION
Article 1 – Data Processing Methods
1.1 Your personal data will primarily be processed using electronic or automated tools, in ways that ensure security and confidentiality in compliance with the GDPR.
1.2 The information collected and the processing methods will be relevant and not excessive in relation to the type of services provided. Your data will also be managed and protected in secure IT environments appropriate to the circumstances.
1.3 The Website does not process “special categories of personal data” (such as those revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, union membership, health data, or sexual orientation).
1.4 The Website does not process judicial data.
Article 2 – Disclosure of Personal Data
The Data Controller may disclose your personal data to the following categories of recipients:
- All subjects (including Public Authorities) who have access to personal data by virtue of regulatory or administrative measures.
- Public and/or private entities, natural and/or legal persons (e.g., legal, administrative, or tax consultants, Judicial Authorities, Chambers of Commerce, Labor Offices, etc.), whenever disclosure is necessary or functional to comply with legal obligations.
- Employees and/or collaborators of the Data Controller, as needed for the proper functioning of the Website.
The Data Controller does not use:
- External companies, consultants, or professionals for hardware/software installation, maintenance, or management.
- CRM platforms (used to send automated communications).
- External companies to provide customer care services.
The Data Controller reserves the right to update the above list based on operational needs. You are therefore invited to review this privacy policy regularly.
Article 3 – Data Retention
3.1 Your personal data will be retained only for the time necessary to provide the services offered through the Website.
3.2 Notwithstanding the above, the Data Controller may retain your personal data for the period required by specific laws and regulations.
Article 4 – Transfer of Personal Data
4.1 The Data Controller is based within the European Union. Therefore, the processing of your data is regulated by the GDPR. If your data is transferred outside the EU to a country recognized by the European Commission as adequate, the transfer will be considered safe.
4.2 If your data is transferred to non-EU countries not recognized as adequate, this section will be updated accordingly. Please check this section regularly for updates.
4.3 The Data Controller may specifically direct its activities to certain countries, which may imply the joint application of local law alongside GDPR. Upon request, the Data Controller will apply the more favorable data protection law applicable to the user.
Article 5 – Data Subject Rights
Pursuant to Article 13 of the GDPR, you have the right to:
- Request access to, rectification, or deletion of your personal data, restriction of processing, or object to processing.
- Exercise your right to data portability.
- Withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
- Lodge a complaint with a supervisory authority (e.g., the Italian Data Protection Authority).
These rights may be exercised by contacting the Data Controller at the contact details provided above.
Article 6 – Changes and Miscellaneous
The Data Controller reserves the right to amend this privacy policy at any time, notifying users accordingly and ensuring adequate and equivalent protection of personal data. Please review this policy regularly to stay updated. In the event of substantial changes, the Data Controller may also notify you via email.