Pursuant to article 13 of the European General Data Protection Regulation 2016/679 (“GDPR”), Giesse S.p.A. (the “Company”), provides the following inforPursuant to article 13 of the European General Data Protection Regulation 2016/679 (“GDPR”), Giesse S.p.A. (the “Company”), provides the following information with reference to personal data provided by the user (“Data subject”) during the navigation of the website giesse.it (the “Website”) and the relevant sub-domains.
1. Data Controller
Giesse SpA, VAT number 00581811205 with registered office at Via Tubertini 1 – 40054 Budrio (BO).
2. Categories of data processed
The personal data (“Personal Data” or “Data”) provided by the Data subject or that the Company collects during his or her browsing on the Website, are processed by the Company.
- Data provided by the Data subject: this mainly relates to the Data collected during the interactions with the Company through the forms in the Website or when subscribing to the Newsletter. Or when accessing the Reserved Area dedicated to clients, providers, and Tyman International personnel. This Data includes name, surname, e-mail address and telephone number, company, job position, city, username and password.
- Other Data processed: this mainly relates to the Data collected when browsing on the Website, such as IP address, the operating system of the browser used, the contents clicked and the webpages visited.
3. Purpose of the Processing, legal base and consequences for failing to provide the Data
The Data are processed by the Company for the following purposes:
- a) to provide the services offered through the Website and, in particular, in the Reserved Area (e.g. to place orders, access SharePoint, access the area reserved to personnel, upload of information relating to applications). A possible failure to provide the Personal Data for the fulfilment of the specified purposes will make impossible to send requests or information through the forms or to access to the sections of the Reserved Area for clients, providers and Tyman International personnel;
- b) to comply with legal obligations;
Personal Data will also be processed to contact the Data subjects for purposes relating to the services and to assess further possibilities of commercial collaboration (also in relation to specific characteristics of the Data subject or the company he/she belongs to), as well as to aggregate the Data for statistical purposes. Such processing will be carried out on the basis of the legitimate interest of the Company to enhance the Website and the offering of its products and services and better understand how they are used and by whom.
The processing of the Personal Data may also take place to manage possible disputes or in the context of possible corporate events (sale of company or going concern) and in the execution of the due diligence exercise. Such possible processing could be carried out on the basis of a legitimate interest of the Company, which intends to safeguard its interest and rights as acknowledged by the applicable laws as well as carry out the most suitable business operations in order to improve the offered products and services.
The Data are processed by the Company also for the following purposes;
- c) (i) to allow Data subjects to receive the newsletter with the news on products and the updates on the events of the Tyman International division, information material, commercial communications and questionnaires relating to the degree of customer satisfaction; (ii) to allow Data subjects to receive customized communications, and therefore tailored for their profile and interests; (iii) to allow Data subjects to receive commercial communications referred to in points (i), (ii) also from other companies of the Tyman PLC group. The processing of Data for the purposes set out under point (i), (ii), (iii) is optional, and is subject to consent by the Data subject. The possible failure to provide such Data will result in the impossibility to communicate any commercial initiative and offer from the Company and/or from the companies of Tyman PLC group to the Data subject, as well as to receive commercial information deemed relevant for his or her profile.
In any case, the Company may from time to time send certain marketing communications via email to its business contacts. The content of such communications via email includes relevant corporate news (e.g. the acquisition of a certain company), information on new products, services and offers. The Company will proceed with this processing in order to keep informed its business contacts of the main and relevant news/offers regarding the Tyman International division products/services/events. Such communications will be sent on the basis of the legitimate interest of the Company and after an assessment of the reasonable expectation of receiving such kind of communications by the relevant addressee (which is a business contact of the Company). In any case, the relevant addressee will be able to opt-out at any time through the unsubscribe mechanism provided within the emails.
4. Processing modalities and Data retention period
The data are processed mainly at the Company by electronic and manual means suitable to guarantee the security and confidentiality. In particular, they may be processed with the following modalities:
- collection of data from the Data subject;
- collection of data from registers, list of documents or public documents;
- record and processing through traditional means (paper);
- record and processing through IT means;
- automated and non-automated organisation of the archives.
The Personal Data will be retained in accordance with applicable legal provisions, for as long as necessary to fulfil the purposes for which they are processed. The criteria to determine the retention period of the Data take into account the allowed processing period and the applicable tax laws, statute of limitations period and the nature of the legitimate interests where they constitute the legal basis of the process.
Pursuant to the applicable legislation, the Personal Data could be retained for a longer period than that originally provided, in case of eventual disputes or requests of the relevant Authorities.
As for Personal Data processed in the framework of marketing activities, the communications for the purposes set out under paragraph 3, lett. e), may be carried out by means of e-mail, sms, mms, mail as well as any other current and future communication mean, provided that the Data subject may object to the processing through one or all such means of communication or in any case revoke the consent.
As for Personal Data processed in the framework of marketing activities, they will be retained in accordance with currently applicable legal provisions, for as long as necessary to fulfil the purposes for which they are processed. Lacking specific rules which regulate the retention period for the purposes listed in this Policy, the Company will use Personal Data for the abovementioned marketing purposes for an appropriate period of time in accordance with the interests that the Data subject has shown in the promotional initiatives, such period being 5 years. In any case the Company will adopt any arrangement in order to avoid a use of the Data for an indefinite period of time, and from time to time will verify, in an appropriate manner, the existence of the Data subject interest in relation to the processing for marketing purposes, as specified above.
5. Data communication and transfer
The Personal Data will be made available to those authorized to process them within the Company only where necessary and for the purposes for which the processing is allowed.
Solely for the purposes indicated, the Personal Data may be communicated by the Company to the competent Judicial Authorities, where necessary, and to the following categories of subjects:
- bank and credit institutions;
- insurance companies;
- legal advisors;
- tax advisors, auditors and accountants;
- shipping companies;
- credit recovery companies;
- companies that detect financial risks and that perform fraud prevention activities;
- public administrations and supervisory and control Authorities;
- companies that provide IT services;
- companies that provide security and surveillance services;
- controlling companies and/or connected to the Company.
With reference to the Personal Data communicated to them, entities belonging to the categories listed above may operate, depending on the cases, as data processors (and in this case they will receive appropriate instructions from the Company) or as separate data controller. In the latter case, the Personal Data will be communicated only with the express consent of the Data subjects, except where the communication is mandatory or necessary pursuant to law or for the pursue of purposes for which the consent from the Data subject is not required.
Where this is instrumental for the pursue of the purposes set out above, the Data may be transferred abroad to companies having their headquarters both inside and outside the European Union. Some of these jurisdictions may not provide the same level of Data protection as provided by the laws of the country where the Data subject is resident. In this case, the Company undertakes to process the Date with the highest confidentiality entering into agreements, where necessary, that guarantee an appropriate level of protection and/or using standard contractual clauses approved by the European Commission.
6. Existence of an Automated Decision Process
There is no automated decision process in place relating with the Data.
7. Data subject’s rights
In any moment, the Data subject will be entitled to:
- obtain from the Company the confirmation that a processing of his/her Personal Data is or is not in place and, in such case, obtain the access to the information referred to in article 15 of the GDPR;
- obtain the rectification of the inaccurate Data about you, or, taking into account the purposes of the processing, the integration of the incomplete Data;
- obtain the erasure of his/her Data, in presence of one of the grounds referred to in article 17 of the GDPR, where applicable.
- withdraw in any moment the consent in the event such consent has been previously granted. The withdrawal of the consent does not affect the lawfulness of the processing based on the consent previously given;
- obtain a limitation on the processing of his/her Data in the event one of the cases referred to in article 18 of the GDPR occurs;
- object the processing of his/her Data, on grounds relating to his/her particular position, where applicable;
- receive in a structured format, of common use and legible from an automatic device the Data previously provided that relate to him/her, as well as transmit such Data to another data controller, in the cases and limits referred to in article 20 of the GDPR.
The Company may request additional information before processing requests if it needs to verify the identity of the individual submitting them.
Pursuant to the GDPR, the Company is not authorized to charge costs for fulfilling one of the requests listed in this paragraph, unless they are manifestly unfounded or excessive, and in particular they are repetitive. In cases where an Interested Party requires more than one copy of their personal data or in cases of excessive or unreasonable requests, the Company may (i) charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested; or (ii) refuse to act on the request. In these cases the Company will inform the Data subject of costs before processing the request.
Such rights may be exercised sending:
a communication via e-mail to firstname.lastname@example.org.
Without prejudice to any other administrative or jurisdictional action, the Data subject has also the right to lodge a complaint with a Data Protection Authority, where he/she deems that the processing of his/her data is carried out in violation of the GDPR. Further information are available on the website http://www.garanteprivacy.it.