INFORMATION NOTE pursuant to article 13 of Regulation (EU) 2016/679
With this document (“Information Note”), the Data Controller, as defined below, wishes to inform you of the purposes and methods of processing of your personal data and of the rights which Regulation (EU) 2016/679, relating to the protection of individuals with regard to the processing of personal data, and the free movement of such data (“GDPR”), grants you.
This Information Note applies solely to the processing of personal data relating to the website www.poliform.it (the “Site”).
1 Who is the Data Controller
The data controller is Poliform S.p.A. (“Poliform” or the “Data Controller”), with head office at via Montesanto 28, 22044, Inverigo (C), Italy.
2 Which personal data do we process
2.1 Common personal data
As a result of a specific request made by you, and for the purposes indicated in article 3 of this Information Note, the Data Controller uses the following personal data:
- common data and contact details, such as name, surname, address, telephone number, email address and other data which you will supply from time to time through forms present on the Site.
2.2 Navigation data
Computer systems and programs used in order to operate the Site collect some personal data whose transmission is implicit in the communication protocols of the Internet (for example, IP addresses or domain names of computers used by users who connect to the Site, URI addresses – Uniform Resource Identifier – of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code stating the status of the response from the server – successful, error, etc. – and other parameters relating to the operating system and the User’s IT environment). Although it concerns information that is not collected to be associated with specific individuals, due to their nature they could, through the processing and association with data held by third parties, allow users to be identified.
This data shall be used exclusively to obtain anonymous statistical information regarding the use of the Site and to ensure proper functioning and will be deleted immediately after processing. The data could be used to establish responsibility in case of hypothetical computer crimes against the Site: except for this possibility, the data on web contacts are not stored for more than seven days.
In some cases, personal data is collected by Poliform by using different technologies, including the use of “cookies”. Cookies are small text files created by some websites and sent to the user’s browser when the website is accessed. This information can therefore be stored on your computer by means of a tag which identifies the device but not the user.
3 What are the purposes and the legal grounds for processing
3.1 Execution of the contract and fulfilment of legal obligations
Your personal data will be processed by the Data Controller for purposes strictly connected to and instrumental to the execution of the contract which you signed with Poliform, as well as for the fulfilment of obligations foreseen by law, regulations and/or Community regulations, or by supervisory and control bodies or other authorities empowered to do so by law.
For the processing of your personal data for the purposes set forth in this paragraph, your consent is not required, as the legal basis for the processing, pursuant to applicable regulations, consists in the execution of a contract and the fulfilment of a legal obligation.
Your personal data will be processed for the time necessary to the achievement of the purposes indicated and will, subsequently, be stored exclusively for the time necessary to fulfil the requirements provided for by law.
3.2 Management of your request
Your personal data will be processed to follow up on requests made by you from time to time through the Site such as, by way of example and not of limitation, request for information through the “contact” form , registration on the Site.
The legal basis for the processing of your personal data, in accordance with current regulations, is to deal with a request made by you. Therefore, the Data Controller does not require your consent for the data processing.
To manage your request, your personal data will be processed for the time that is strictly required and, in any case, will not be stored for more than  months. However, in the event that you request registration on the Site, your personal data will be stored for as long as you wish to remain registered. In order to fulfil legal obligations, your personal data will be processed for the time strictly necessary for this and will subsequently be stored exclusively for the time required each time by applicable regulations (including provisions of limitation of rights).
Following your request, Poliform may also process your personal data to send you communications of commercial or editorial nature through newsletters.
For the processing of your personal data for this purpose, your consent is required which forms the legal basis for the processing in accordance with current regulations.
The data collected will be processed by the Data Controller until you decide to revoke your consent and/or obtain the termination of the processing.
Even in the event you gave your consent, you may revoke your consent at any time and/or object to the activities of direct marketing by contacting the Data Controller at the following address: firstname.lastname@example.org.
4 Nature of the processing of the personal data and consequences of refusal
For the purposes laid down in the preceding article 3.1, it is compulsory to provide your personal data. As a result, your refusal to do so will make it impossible for the Data Controller to continue.
However, for the purposes laid down in the preceding article 3.2, the conferment of your personal data is optional. Therefore, your refusal to do so will not make it impossible for Poliform to deal with your requests, but only to inform you of any offers and/or new products and/or initiatives.
5 Methods for the processing of your personal data
The processing of your personal data may be done, subject to the provisions of the GDPR, with the aid of paper, computerised and telematic means, for the purposes indicated and, in any case, by means of appropriate methods to ensure security and confidentiality in compliance with the provisions laid down in Article 32 of the GDPR.
6 To which parties may your personal data be disclosed and who may come to acquire knowledge of them
In order to pursue the purposes described in the preceding article 3, your personal data shall be disclosed to employees, external consultants and, in general, to Poliform’s staff, acting as persons authorised to process the personal data.
Furthermore, Poliform may need to disclose your personal data to third parties belonging to the following categories:
- parties that provide services for the management of the Data Controller’s computer systems;
- parties that provide technical support services;
- parties that provide logistic or transport services;
- parties that provide professional consultancy services and fiscal, legal and judicial assistance;
- authorities and bodies of supervision and control and, in general, public or private parties with service-type functions.
The parties belonging to the above-mentioned categories shall act, in some cases, as distinct data controllers, in other cases as data processing managers specifically appointed by the Data Controller under article 28 GDPR. You may request a list of the data processing managers at all times by contacting the Data Controller at the addresses listed in the preceding article 1.
Your personal data shall not be disclosed to the public.
7 Your rights as concerned party
In relation to the processing as described in this Information Note, you may exercise the rights listed in the previous section, as laid down in Articles 15 to 21 of the GDPR. In particular:
- right of access: right to obtain confirmation regarding the processing of personal data relating to you and, should this be the case, obtain access to your personal data – including a copy of it – and the communication, amongst others, of the following information:
- purposes of the processing;
- categories of the personal data processed;
- past or future recipients of the data;
- retention period of the data or criteria used;
- rights of the concerned party (rectification, cancellation of the personal data, limitation of data processing and right to object to data processing;
- right to submit a complaint;
- right to receive information relating to the source of the personal data in case it was not gathered from the concerned party;
- the existence of an automated decision-making process, including profiling;
- right of rectification: right to obtain rectification of inaccurate personal data relating to you and/or the integration of incomplete personal data;
- right to cancellation (right to be forgotten): right to obtain cancellation of the personal data relating to you, if:
- the data is no longer required for the purposes for which it was obtained or otherwise processed;
- you have revoked your consent and there is no other legal basis for data processing;
- you have successfully objected to the processing of your personal data;
- the data was unlawfully processed,
- the data must be deleted to comply with legal obligations;
- the personal data was obtained relating to the offering of information society services referred to in article 8 paragraph 1 GDPR.
The right of cancellation shall not apply to the extent in which the processing is required for the fulfilment of a legal obligation or for the execution of a task performed in the public interest or for the establishment, exercise or defence of a right before a court;
- right to limitation of processing: right to obtain limitation of the processing in case:
- the concerned party disputes the exactness of the personal data;
- the processing is unlawful and the concerned party objects to the cancellation of the personal data but requests that the use thereof is restricted;
- the personal data is necessary for the concerned party for the establishment, exercise or defence of a right before a court;
- right of objection: right to object to the processing of personal data relating to you, except if there are legal grounds for the Data Controller to continue processing the data;
- right to data portability: right to receive, in a structured format, commonly used and legible on an automatic device, the personal data relating to you supplied to the Data Controller and the right to transmit them to another data controller without hindrance, where the processing is based on consent and is performed with the aid of automated means. Furthermore, the right to obtain that your personal data is transmitted directly by Poliform to another data controller where it is technically possible;
- submit a complaint to the Italian Data Protection Authority, Piazza di Montecitorio n. 121, 00186 Rome (RM).
The above-mentioned rights may be exercised, against the Data Controller, by using the contact details specified under point 1.