Data Protection Policy

Data Protection Policy

  1. Introduction

This communication is made available to you – also pursuant to article 13 of the 2016/679 European Regulation on the protection of personal data (“Regulation” or “GDPR”) and Legislative Decree 196/2003 (“Privacy Code”), as amended and supplemented by Legislative Decree 101/2018, and subsequent amendments and addition – by Grifal S.p.A. with legal address in Cologno al Serio (BG), via XXIV Maggio n. 1, as Data Controller of the processing of personal data.

The purpose of this Policy is to inform the user about the methods of the processing of personal data concerning him.

  1. Type of data processed

The website offers informative and sometimes interactive content. While browsing the site Grifal S.p.A. can therefore acquire information about the visitor, in the following ways:

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This category of data includes: the IP addresses, the type of browser and the parameters of the device used to connect to the site, the operating system, the domain name and the addresses of website from which access was made, the information on the pages visited by users within the site, date and time of access, the stay on the single page and possibly number of clicks, the internal path analysis and other parameters related to the operating system, the user’s computer environment and web page from which the visitor comes (referral) and exit. The above information is processed automatically and collected exclusively aggregated form in order to verify the correct operation of the site and for security reasons. This information will be processed according to the legitimate interests of the Data Controller.

Additional categories of data

This is all the personal data provided by the visitor through the site or by third parties via email, for example:

  • filling out a form through which to request a quote and/or information on the services offered and/or a request for contact and/or in order to download exclusive content;
  • writing to the e-mail addresses indicated on our site to request information;
  • accessing a reserved area and/or a service;
  • filling out a form through which to submit your curriculum vitae;
  • filling out a form to receive our newsletter and marketing communications.
  1. Purpose of the treatment

The data provided are processed for the following purposes:

  • Provide the good and/or service requested by the user, manage the contracts perfected by the user, complete the related administrative, accounting, tax and legal requirements, as well as fulfill the requests submitted by the user.
  • Understand the experience of use of our platforms, the products and services we offer and ensure the correct functioning of web pages and their contents. The treatments put in place for these purposes are based on a legitimate interest of the Data Controller.
  • Send commercial communications relating to promotions and/or offers, in the interest of the Data Controller; the treatments put in place for these purposes are carried out with the specific consent provided by the user.
  1. Sharing and transfer of personal data

The data collected by Grifal S.p.A. will be shared only for the purposes mentioned above; we will not share or transfer your personal data to third parties other than those indicated in this Privacy Policy.

In the course of our activities and exclusively for the same purposes as those listed in this Privacy Policy, your personal data may be transferred to the following categories of recipients:

  • the company staff;
  • services providers (ex. IT system providers, cloud service providers, database vendors and other consultants);
  • any public and/or private subject requiring communication of your personal data in relation to the aforementioned purposes.

The updated list of Data Processors is available at the legal address of the Data Controller and will be provided upon written request.

Grifal S.p.A. may need to transfer your personal data to countries outside the European Union / European Common Area (EEA), to so-called “third countries”. Such transfers to third countries may include all the processing activities referred to above.

This Privacy Policy is also applicable in the case of transfer of data to third countries where the level of data protection is different from that of the European Union: any transfer of personal data to third parties will be made only after you have informed and, if requested, after receiving your consent.

Any transfer of data to countries other than those for which the European Commission has taken an adequacy decision is based on agreements that use standard contractual clauses adopted by the European Commission or other appropriate guarantees in compliance with applicable laws.

  1. Protection of personal data

Grifal S.p.A. has implemented appropriate technical and organizational measures to provide an adequate level of security and confidentiality to personal data.

These measures take into consideration:

  • the state of the art of technology;
  • the costs of its implementation;
  • the nature of the data;
  • the risk of treatment.

The aim is to protect them from accidental or unlawful destruction or alteration, accidental loss, disclosure or unauthorized access and other forms of illicit processing.

Furthermore, when managing your personal data, Grifal S.p.A.:

  • collects and processes personal data that are adequate, relevant and not excessive, as required to meet the aforementioned purposes and
  • ensures that this personal data remains up to date and accurate.
  1. Data retention times

Without prejudice to your right to object to the processing of personal data and/or request their deletion, Grifal S.p.A. will keep your personal data only for the time necessary to achieve the purpose for which it was collected and received, or to meet legal or regulatory requirements.

When this period expires, your personal data will be removed from the active systems of Grifal S.p.A.

  1. Your rights

The rights related to the personal data that Grifal S.p.A. treats are:

  • Right to rectification. You can obtain the rectification of personal data concerning you or communicated to us by you. Grifal S.p.A. makes reasonable efforts to ensure that your personal information is accurate, complete, up-to-date and relevant, based on the latest information available;
  • Right to limitation. You can obtain a limitation on the processing of your personal data if:

– contest the accuracy of your personal data during the period in which Grifal S.p.A. must verify its accuracy;

– the processing if unlawful and requires a limitation of the processing or cancellation of your personal data;

– there is no longer any need for Grifal S.p.A. to maintain your personal data but you need it to ascertain, exercise or defend your rights in court or

– you oppose the treatment while Grifal S.p.A. check if your legitimate motivations prevail over your own;

  • Right to access. You can ask Grifal S.p.A., information on personal data stored about you, including information on which categories of personal data Grifal S.p.A. owns or controls, for what purpose they are used, where they were collected (if not directly from you), and to whom they were eventually communicated;
  • Right to portability. Following your requests, Grifal S.p.A. will transfer your personal data to another Data Controller, if technically possible, provided that the processing is based on your consent or is necessary for the execution of a contract;
  • Right to cancellation. You can get from Grifal S.p.A. the cancellation of your personal data if:

– personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

– you have the right to object to the further processing of your personal data and exercise this right to object;

– Personal data have been processed unlawfully.

Unless the processing is necessary by virtue of legal obligations, by law or in order to constitute, exercise or defend a right in court.

Unless the processing is necessary by virtue of legal obligations, by law or in order to constitute, exercise or defend a right in court.

  • Right to opposition. You may object to the processing of your personal data at any time, provided that the processing is not based on your consent but on the legitimate interests of Grifal S.p.A. or third parties. in these hypotheses Grifal S.p.A. will no longer retain your personal data unless it is possible to demonstrate compelling and legitimate reasons, an overriding interest in the processing or investigation, or the exercise or defense of a right in court. If you object to the processing, please specify whether you intend to delete your personal data or limit the processing;
  • Right to present a complaint. In case of suspected violation of the current privacy law, you may lodge a complaint with the competent authorities of your country or of the place where the alleged violation would have occurred.
  1. Changes to this privacy statement

Any future changes or additions to the processing of personal data as described in this Privacy Policy will be notified through the usual communication channels used by Grifal S.p.A. (for example through the site).

  1. Data Controller

To exercise the rights referred to in articles 15 and following of the GDPR, you can contact the Data Controller, Grifal S.p.A. with legal address in Cologno al Serio (BG), via XXIV Maggio n. 1.

Telephone +39 035. 4871487, e-mail privacy@grifal.it