Data Protection Policy

  1. Who we are

This communication is made available to you-also in accordance with Art. 13 of the European Data Protection Regulation 2016/679 (“Regulation” or “GDPR”) and Legislative Decree. 30/06/2003 n. 196 (“Privacy Code”), as amended and supplemented by Leg. 101/2018, as amended and supplemented – by Grifal S.p.A. with registered office in Cologno al Serio (BG), via XXIV Maggio no. 1, as the Controller of the processing of your personal data. The purpose of this Notice is to inform you about how we process personal data about you.

  1. Type of data processed

The website offers informational content. While browsing the site, Grifal S.p.A. may acquire information about the visitor through exclusively technical and statistical cookies anonymized at the source. This implies for Grifal S.p.A. the impossibility of tracing the identity of the user. In more detail, the two categories of data that can be collected:

Navigation data

The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes: IP addresses, browser type and parameters of the device used to connect to the site, operating system, domain name and addresses of websites from which access was made, information about the pages visited by users within the site, date and time of access, stay on the individual page and possibly number of clicks, internal path analysis and other parameters related to the operating system, user’s computer environment and web page of origin of the visitor (referral) and exit. The above information is processed automatically and collected in aggregate form only for the purpose of verifying the proper functioning of the site and for security reasons. This information will be processed according to the legitimate interests of the owner.

Data provided by the user

These are those personal data explicitly and voluntarily provided by the user, for example:

  • filling out a form through which to request a quote and/or information about the services offered and/or a contact request and/or in order to download exclusive content;
  • writing to the e-mail addresses listed on our website to request information;
  • filling out a form through which to submit your curriculum vitae;
  • filling out a form to receive our newsletter and marketing communications.

  1. Purpose of processing

The data provided are processed for the following purposes:

  • To provide the good and/or service requested by the user, to manage the contracts finalized by the user, to carry out the related administrative, accounting, tax and legal requirements, and to process requests forwarded by the user. The processing operations put in place for these purposes are necessary for the fulfillment of contractual obligations and do not require specific consent from the data subject.
  • To survey the user experience of our platforms, the products and services we offer, and to ensure the proper functioning of web pages and their content. The processing operations put in place for these purposes are based on a legitimate interest of the Owner.
  • To send commercial communications regarding promotions and/or offers, in the interest of the Owner; the processing put in place for these purposes is carried out with the specific consent provided by the user.

  1. Sharing and transfer of personal data

The data collected by Grifal S.p.A. will only be shared for the purposes stated above; we will not share or transfer your personal data to third parties other than those specified in this Privacy Policy. In the course of our activities and exclusively for the same purposes as those listed in this Privacy Policy, your personal data may be transferred to the following categories of recipients:

  • Company personnel;
  • service providers, (e.g., IT system providers, cloud service providers, database providers, and other consultants);
  • Any public and/or private entity to which communications of your personal data are necessary in connection with the above purposes.

The updated list of Data Processors is available at the Controller’s registered office and will be provided upon written request. Grifal S.p.A. may have to transfer your personal data to countries located outside the European Union/European Common Area (EEA), to so-called “third countries”. Such transfers to third countries may include all of the above processing activities. This Privacy Policy is also applicable in the case of data transfer to third countries where the level of data protection differs from that of the European Union: any transfer of personal data to third parties will be made only after informing you and, where required, after receiving your consent. Any transfer of data to countries other than those for which the European Commission has made an adequacy decision is done on the basis of agreements using standard contractual clauses adopted by the European Commission or other appropriate safeguards in compliance with applicable laws.

  1. Protection of personal data

Grifal S.p.A. has implemented appropriate technical and organizational measures to provide an adequate level of security and confidentiality for personal data. These measures take into consideration:

  • State-of-the-art technology;
  • The costs of its implementation;
  • The nature of the data;
  • The risk of treatment.

The purpose is to protect data from accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access, and other forms of unlawful processing. In addition, when handling your personal data, Grifal S.p.A.:

  • Collects and processes personal data that are adequate, relevant, and not excessive as required to fulfill the above purposes; and
  • ensures that such personal data remain current and accurate.

  1. Data retention times

Without prejudice to your right to object to the processing of your personal data and/or to request its deletion, Grifal S.p.A. will retain your personal data only for as long as necessary to fulfill the purpose for which it was collected and received, or to meet legal or regulatory requirements. When this period expires, your personal data will be removed from Grifal S.p.A.’s active systems.

  1. Your legal rights

The rights related to the personal data that Grifal S.p.A. processes are:

  • Right to rectification. You may obtain rectification of personal data concerning you or communicated to us by you. Grifal S.p.A. makes reasonable efforts to ensure that the personal data in its possession is accurate, complete, current and relevant, based on the most recent information available;
  • Right to limitation. You may obtain a restriction on the processing of your personal data if:
    • Challenge the accuracy of your personal information during the period when Grifal S.p.A. needs to verify its accuracy;
    • Processing is unlawful and request a restriction of processing or deletion of your personal data;
    • There is no longer a need for Grifal S.p.A. to maintain your personal data but you need it to ascertain, exercise or defend your rights in court or
    • You object to the processing while Grifal S.p.A. verifies whether its legitimate reasons outweigh yours.
  • Right to access. You may request from Grifal S.p.A., information about the personal data stored about you, including information about what categories of personal data Grifal S.p.A. owns or controls, for what purpose they are used, where they were collected (if not directly from you), and to whom they may have been disclosed;
  • Right to portability. Following your request, Grifal S.p.A. will transfer your personal data to another Data Controller, if technically possible, provided that the processing is based on your consent or is necessary for the performance of a contract.
  • Right to cancellation. You may obtain from Grifal S.p.A. the deletion of your personal data if:
    • Personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • You have the right to object to further processing of your personal data and exercise this right to object;
    • Personal data have been processed unlawfully.

Unless the processing is necessary because of legal or statutory obligations or for the purpose of establishing, exercising or defending a right in court.

  • Right to Opposition. You may object at any time to the processing of your personal data, provided that the processing is not based on your consent but on the legitimate interests of Grifal S.p.A. or third parties. In such cases, Grifal S.p.A. will no longer process your personal data unless you can demonstrate compelling legitimate reasons, an overriding interest in the processing or investigation, or the exercise or defense of a right in a court of law. Should you object to the processing, kindly specify whether you wish to delete your personal data or limit its processing.
  • Right to file a complaint. In the event of an alleged violation of applicable privacy law, You may file a complaint with the appropriate authorities in Your country or the place where the alleged violation allegedly occurred.

  1. Changes to this privacy policy

Any future changes or additions to the processing of personal data as described in this Privacy Policy will be notified through the usual communication channels used by Grifal S.p.A. (e.g., through the site).

  1. Data controller

To exercise your rights under Articles 15 et seq. of the GDPR, you may contact the Data Controller, Grifal S.p.A. with registered office in Cologno al Serio (BG), via XXIV Maggio no. 1. Phone +39 0354871487, e-mail