Drafted pursuant to EU Regulation 2016/679 of 27 April 2016 (General Data Protection Regulation – GDPR) and Italian Legislative Decree of 30 June 2003, no. 196, as amended by the Italian Leg. Decree of 10 August 2018, No. 101.
Dear User, this page describes certain rules for the management of the https://en.contigo.it website with regard to the personal data of users consulting it. These rules apply in all cases where you access (i) our Site (ii) within the pages even without registering and without filling in or entering data in web forms. This website makes every effort to protect the privacy of users and minimise the collection of personal data.
PLACE OF DATA PROCESSING
The Site is hosted on devices operated by a company under Italian law, located on Italian territory and therefore subject to the aforementioned legislation. The Company guarantees the Data Controller the highest technological requirements in terms of security of processing, also ensuring confidentiality and full compliance with the regulations on the processing of personal data. The Data Controller periodically carries out checks and verifications and receives accurate reports on the hardware configuration on which the website software has been installed. During their normal operation, the computer systems and software procedures used to operate the Site acquire certain data whose transmission is automatic in the use of Internet communication protocols, which are not associated with identified interested parties. However, by their very nature, they could allow Users to be identified, through processing and association with data held by third parties. The Personal Data consist of the IP addresses or domain names of the computers used by the Users who connect to the Site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other technical information sent automatically by the connection management programs. The Personal Data are used for the sole purpose of obtaining the connection and to obtain anonymous statistical information on the use of the website and to check its correct functioning.
DATA CONTROLLER, PURPOSES AND LEGAL BASIS
The Data Controller is Mariotti srl subject to m&c Contigo spa Via Torino, 118 10036 Settimo T.se (TO), which acquires/keeps and processes your personal data (name, surname, e-mail, date of birth, shipping address, telephone number, Fiscal Code/VAT no.) – by virtue of the following legal bases:
- voluntary navigation;
- filling in forms;
for the following purposes:
- registration and access to the reserved area for https://en.contigo.it;
- sale via e-commerce;
- fulfilment of tax, administrative and accounting requirements strictly related to sales, technical support and technical information, after-sales service with regard to purchased products and services; statistical analyses also for marketing purposes;
- sending newsletters, announcements of new products, market research, services and offers, commercial communication, invitations to events promoted by the Data Controller.
The recipients of the processing are all adult customers of Mariotti srl who voluntarily browse, register and purchase products on the e-commerce website https://en.contigo.it. Should a minor user register, his or her e-mail will only be used to inform him or her that registration is not possible due to the minor’s age, and the data will then be deleted.
DATA PROVIDED SPONTANEOUSLY BY THE DATA SUBJECT FOR THE SUBMISSION OF THE CURRICULUM VITAE
The spontaneous and optional inclusion of personal data in the “Work with us” section of the website is carried out by the data subject for the purpose of submitting his/her application, aimed at verifying the existence of the prerequisites for the establishment of a working relationship with the Data Controller. Personal data are transmitted by the data subject by means of the online form, which can be found in the “Work with us” section mentioned above. Notwithstanding the fact that the curriculum vitae transmitted by the data subject as an attachment to the form refers to the latter’s membership of a protected category, the candidate is not required to disclose – by means of the curriculum vitae – any personal data belonging to special categories revealing, for example, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or data concerning the person’s health, sex life or sexual orientation. Personal data collected by the Controller through the Site will not be disclosed and will be kept for a period not exceeding 60 days. Pursuant to the provisions of Article 111-bis of Italian Legislative Decree No. 196 of 30 June 2003, the information referred to in Article 13 of the GDPR will be provided to the candidate at the first useful contact.
METHODS OF PROCESSING
Processing is carried out in both paper and electronic form; by telematic and/or IT means, including by means of automated tools for storing, managing and transmitting the data, with the observance of all precautionary measures guaranteeing their security and confidentiality. Specific security measures are observed to prevent loss of data, unlawful or incorrect use and unauthorised access.
- Data collected in paper form are processed and stored at the company’s headquarters and offices.
- Data collected in electronic form are processed and stored in the Company’s computers/devices and the Servers managed by it.
Any refusal to provide such data may result in the non-execution / continuation of the relationship. Data will not be disseminated randomly, meaning giving knowledge of them to unspecified persons in any way, including by making them available for use or consultation. Your data may be communicated (meaning giving knowledge thereof – also for possible processing) to one or more specific persons within the limits strictly pertinent to the fulfilment of the obligations, tasks and purposes referred to above:
- employees and collaborators of the Data Controller, in their capacity as authorised processors and/or sub-processors and/or system administrators, within the scope of their respective duties and in accordance with the instructions received;
- to third-party companies or other entities performing outsourced services on behalf of the Data Controller, to which the Controller entrusts certain tasks necessary for the performance of the activities of this policy (such as, for example: system engineers and database administrators; third parties performing tasks of a technical and/or organisational nature such as marketing agencies; entities in charge of printing, packaging, transmission, transport and disposal of communications;
- to all persons to whom the data must be disclosed on the basis of an express legal provision;
- to third-party service providers and, more generally, to companies and/or freelance professionals who collaborate with the Controller in various capacities (e.g. professional firms, legal consultants; agents; etc.).
You may obtain an up-to-date list of our Data Processors by making a request via registered mail to Mariotti S.r.l. with registered office in via Torino, 118 – 10036 Settimo Torinese (TO) VAT no. 05763200010 or by certified email (PEC) to firstname.lastname@example.org.
Your Data will be transferred outside the European single area. This website may share some of the data collected with services located outside the European Union. In particular with Google, Facebook and Microsoft via social plugins and the Google Analytics service. The transfer is authorised on the basis of specific decisions of the European Union and the Italian Data Protection Authority, in particular Decision 1250/2016 (Privacy Shield – information page of the Italian Data Protection Authority), so no further consent is required. The above-mentioned companies guarantee their adherence to the Privacy Shield.
RIGHTS OF DATA SUBJECTS
You may exercise the rights to:
- access, in order to obtain confirmation as to whether or not personal data are being processed and to know their content and origin;
- rectification, erasure, restriction and object to the processing itself. Pursuant to the same article, the user has the right to request the erasure, transformation into anonymous form or blocking of data processed in breach of the law, as well as to oppose in any case, for legitimate reasons, their processing.
Specifically: Right of access – The data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, access to the data and to the following information (a) the purposes of the processing; (b) the categories of personal data undergoing processing; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients are in third countries or international organisations; (d) the storage period of the personal data; (e) the existence of the data subject’s right to request the Data Controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to the processing of personal data concerning him or her; (f) the right to lodge a complaint with a supervisory authority; (g) where the data are not collected from the data subject, all available information as to their source; (h) the existence of an automated decision-making process, including profiling, and, at least in such cases, detailed information on the logic used, as well as the importance and the envisaged consequences of such processing for the data subject. Right to rectification – The data subject has the right to obtain the immediate rectification of inaccurate data together with the right to complete or supplement personal data already provided. Right to erasure – The data subject has the right to obtain the erasure of personal data, for one of the following reasons: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based; c) the data subject objects to the processing; d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject. Right to restriction of processing – The data subject has the right to obtain the restriction of processing in the following cases: (a) the accuracy of the personal data is contested by the data subject; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; d) the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject. Right to notification – The Controller shall notify any rectification, erasure or restriction of the processing of personal data to each recipient to whom the data have been disclosed. If the data subject so requests, the Data Controller shall inform him/her as to which recipients his/her personal data have been sent. Right to data portability – You have the right to receive your personal data in a structured, commonly used and electronically readable format. He/she also has the right to obtain the transmission of personal data directly from one Controller to another. Right to object – The data subject has the right to object to the processing of personal data at any time. In this case, the data will no longer be processed, unless the Data Controller demonstrates legitimate grounds to continue processing, i.e. to comply with legal obligations. Requests to exercise your rights, as set out above, may be submitted by mail to the Data Controller Mariotti srl subject to m&c Contigo spa Via Torino, 118 10036 Settimo T.se (TO) or via e-mail to email@example.com. We remind you that you always have the possibility to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
The Data Controller shall erase the data concerning you without undue delay if:
- your personal data are no longer necessary for the purposes for which they were collected or processed;
- as data subject you have withdrawn the consent on which that processing is based and there is no other legal basis for it;
- as data subject, you have objected to the processing and there is no overriding legitimate grounds to proceed with the processing;
- your personal data have been unlawfully processed;
- your personal data have to be erased for compliance with a legal obligation.