As regards the processing of personal data, this will take place in accordance with the General Data Protection Regulation nr 2016/679 (GDPR). The Company may ask the user to send personal information in order to take advantage of certain functions (such as newsletter subscriptions) or to participate in particular activities (such as promotional events). The Company may associate the information sent by the user with other personal data collected from you. The Company may also associate this information with the information received about the user from the following other sources: Google Analytics.
The Company asks the user not to send, nor to disclose sensitive personal data (e.g. personal data relating to race or ethnic origin, political opinions, religious or philosophical beliefs, health, sex life or sexual orientation, criminal record, trade-union membership, biometric or genetic data aimed at identifying a person in a unique way) on or through the Service or in any other way to the Company itself.
Automatic collection and use of personal data
- From the user’s browser: the majority of browsers collect information, such as the MAC (Media Access Control) address, the type of computer (Windows or Mac), the screen resolution, the name and version of the operating system and the type and version of Internet browser. If the user is accessing the Service from a mobile device, the Company may collect similar information, including the type of device and its identifier. The Company uses this information to verify that the Service is working properly.
- IP Address: the IP address consists of a number that is automatically assigned to a computer by the user’s Internet service provider (Internet Service Provider, ISP). An IP address is identified and recorded automatically in the Company’s server log files whenever users access the Service, together with the date and time of the visit and the pages visited. Collecting IP addresses is normal practice and it is carried out automatically by many on-line services. The IP addresses are used by the Company for various purposes, for instance to calculate the levels of use of the Service, to diagnose server problems and manage the Service. From the IP address the Company may also determine the approximate location of the user.
- Information about the device: the Company may collect information about the user’s mobile device, such as the unique device identifier, in order to understand how the user uses the Service.
Mode of use and disclosure of personal data
The Company uses and discloses personal data in accordance with the General Data Protection Regulation nr 2016/679 (GDPR). The user may exercise his/her rights as specified in the section entitled User’s rights. If required by the applicable laws in force, the Company shall take steps to obtain the user’s consent to the use of his/her personal data at the time of collection.
The data may be used to manage the Company’s contractual relationship with the user and/or to fulfil a legal obligation. The data may be used, both with the consent of the user as well as in the Company’s legitimate interest, to fulfil a legal obligation and in relation to the following purposes and relations.
As regards relations with the user (for example):
- to accommodate the user’s requests in order to provide him/her with the customer service assistance;
- to answer questions and meet the requirements of the user, for example to send him/her documents requested or commercial or technical information via e-mail;
- to send him/her information regarding conditions and disclosures and/or other administrative information.
In order to achieve its business purposes(for example):
- To analyse the data, for example, in order to improve the efficiency of the Service.
- For checks, in order to verify that its internal processes work as they should and comply with legal, regulatory or contractual requirements. For the purposes of monitoring fraud and security, for example, to detect and prevent IT attacks or attempts to commit identity theft.
- Ai fini del monitoraggio di frode e sicurezza, per esempio, per individuare e prevenire attacchi informatici o tentativi di commettere furto di identità.
- For the development of new products and services.
- To enhance, improve or change its website or its products and services.
- To identify trends in the use of the Service, for example, thanks to an understanding of which parts of its Service are more attractive to users.
- Lastly, to determine the effectiveness of its promotional campaigns, in order to be able to adapt them to the needs and interests of its users.
For the analysis of personal information in order to provide customised services (for example):
- In order better to understand the user, in order to customise his/her interaction with the Service and provide him/her with information and/or offers tailored to his/her interests.
- Better to understand the preferences of the user, in order to offer, through the Service, contents deemed by the Company to be relevant and attractive to the user.
The Company discloses the information collected through the Service:
- to its third-party partners with whom it offers a co-branding or co-marketing promotion
- to its service providers, including hosting and moderation of the website, hosting of mobile applications, data analysis, payment processing, delivery of orders, supply of infrastructure, IT services, customer service, delivery services for e-mail and regular mail, audit services and other functions that allow them to provide such services;
- in accordance with the provisions of the applicable laws in force, to third parties in the event of reorganization, merger, sale, sharing in joint venture, assignment, transfer, or other provision of all or part of the business, the assets or shares of the Company (also in relation to bankruptcy or similar proceedings). The Company may also use and disclose the user’s information when it deems it necessary or appropriate to: (a) to comply with a legal process or with the applicable laws in force, including laws outside the country of residence of the user; (b) in accordance with the provisions of the applicable laws in force, to respond to requests from public and governmental authorities, including those located outside the country of residence of the user; (c) to comply with its terms and conditions; and (d) to protect its rights, privacy, security or property and/or those of its subsidiaries, of the user or of others. In addition, with the consent of the user, the Company may use and disclose the user’s personal data in other ways. The Company may use and disclose the personal data collected automatically, as previously described. In addition, where permitted by the applicable laws in force, the Company may use and disclose information that is not personally identifiable, for any purpose. If the Company associates non personally identifiable information with personal data (for example, by associating the name of the user with his/her geographical position), such associated information will be considered personal data for as long as the information remains associated.
The user may at any time exercise the rights envisaged by articles nr 15, 16, 17 ,18, 19, 20 and 21 of the General Data Protection Regulation nr 2016/679 (GDPR), in order to obtain confirmation as to the existence or otherwise of his/her personal data and to know their content and origin, to verify their accuracy or request their supplementation or updating, or amendment. Pursuant to the provisions of the same article, the User may also ask for the deletion, transformation into anonymous form or blockage of the data processed in violation of the law, as well as to object to their processing, for legitimate reasons. The user may refuse explicitly to receive marketing communications from the Company: to stop receiving further marketing communications from the Company, the user may revoke his/her consent by contacting the Company via e-mail at the address firstname.lastname@example.org. Alternatively, to revoke his/her consent to receiving marketing emails from the Company, the user may follow the relevant instructions contained in every email message. The Company will strive to meet the user’s request in the shortest possible time. If the user decides to revoke his/her consent to the services described above, the Company will be unable to delete his/her personal data from the databases of its subsidiaries with whom such personal information had previously been shared (i.e., starting from the date on which the Company renders the user’s request to revoke his/her consent effective). In addition, if the user decides to revoke his/her consent to receiving marketing messages from the Company, the latter may still send him/her important administrative messages and those regarding business operations, which the user cannot be exempted from receiving.
Consultation, modification or deletion of the user’s personal data
To consult, correct, update or delete personal data or to request an electronic copy of his/her personal data for the purpose of transmitting it to another company (to the extent that these rights are permitted by the applicable laws in force), the user may contact us via email at the address email@example.com. The Company will respond to the user’s request in the shortest possible time.
The user’s personal data may be stored and processed in any country in which the Company has facilities or service providers and, using the Service, this personal data may be transferred to countries outside his/her country of residence, including the United States, which may have different regulations for the protection of personal data compared to those in his/her own country. The Company implements contractual measures and other adequate guarantees for the protection of personal data when the same are transferred to subsidiaries or to third parties in other countries. For certain countries outside the European Economic Area (EEA), the European Commission acknowledges the achievement of an adequate level of personal data protection on the basis of the EEA standards. For transfers from the European Economic Area to countries not considered to be adequate by the European Commission, the Company ensures that adequate security measures are taken, including the measure whereby the recipient is bound by standard EU contractual clauses, EU-US Privacy Shield Certification or a code of conduct or certification approved by the EU for the protection of personal data. The user may obtain a copy of these measures contact us via email at the address firstname.lastname@example.org.
The Company attempts to implement reasonable organizational, technical and administrative measures designed to protect the personal data under its control. If the user has reason to believe that his/her interaction with the Company is no longer secure, (s)he is obliged to inform the Company itself immediately, contact us via email at the address email@example.com.
Data storage period
The Company will store the user’s personal data for the amount of time necessary or permitted, for the purposes for which the personal data were obtained. The criteria used to establish the data storage periods include: (a) the full duration of the relationship between the Company and the user and of the provision of the Service to the user; (b) the possible existence of a legal obligation to which the Company is subject; and (c) the opportunity of storage in light of the Company’s legal position (for instance, with regard to the applicable laws in force relating to limitations, litigation or regulatory investigations). For example, the Company will collect the user’s personal data for profiling and communication and will keep such data for a period of 6 months from registration. However, keep in mind that this list of data storage periods is not exhaustive. The user’s personal information may be stored for a longer period, in accordance with the criteria specified in the first paragraph of this section, in particular in points (b) and (c).
Websites and third-party services
On the basis of our legitimate interests, we use several social plugins on our site.
- The social network facebook.com is managed by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). The plugins can be recognized by one of the Facebook logos (a white “f” on a blue background, the terms “Like” or the symbol of a “thumbs up”) or they are marked by the “Facebook” suffix. The list and the graphic experience of Facebook social plugins can be found at the following address: https://developers.facebook.com/docs/plugins/. Other third-party suppliers present, together with the link to their privacy protection disclosures, which contain further details on data processing and the possibilities of objecting to such processing (what are referred to as opt-out functions),
Controller of processing
The Controller of personal data collection, use and disclosure is TOSO Radiatori snc di Toso Angelo e Jenny, with registered office in Riese Pio X (TV) Italy, via Monte Santo, 20 – z.i. – Tel. +39 0423 456405 – Fax +39 0423 759979 – Email: firstname.lastname@example.org