Information on the processing of personal data
Information on the processing of personal data of users browsing on the website www.conforti.it
Conforti S.p.A., as Data Controller, hereby informs you that access to the website and/or registration to the various sections of it and/or any requests for information and/or services requires the communication/transmission of personal data that will be processed by the Company in full compliance with the legislation on the protection of personal data (European Regulation 2016/679 hereinafter “GDPR” and as amended) and the provisions of the Guarantor for the Protection of Personal Data.
Pursuant to the regulations, all data processing will be based on the principles of correctness, lawfulness and transparency, protecting the confidentiality and rights of the users of the site (hereinafter also “interested parties”).
The information is effective only for this site and does not extend to other websites that may be consulted by the user through external links.
Data Controller
The Data Controller is Conforti S.p.A. based in Viale del Lavoro 13, 37036 - San Martino Buon Albergo (VR), contactable at the e-mail address: conforti@conforti.it.
Channels of data acquisition
The Data Controller may collect personal data in connection with:
- of users' navigation of this website;
- of requests for information submitted by data subjects via the data collection forms therein (e.g., “Contact Us”, “Work with Us”, “Request Quote”, “Request Assistance”, “Duplicate Request”) and via the chat box;
- from the collection of data through the e-commerce portal;
- from the collection of data through the cookies installed on this website.
Types of data processed
The Data Controller may collect and process, in compliance with European legislation, the following data:
Browsing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
Data communicated by data subjects through the forms on the website, chat box and e-commerce
For the submission of requests through the forms on the website, the user communicates his/her personal data, including personal data, contact addresses (e.g., telephone, e-mail), billing and shipping information for the product(s) and, in case, for the submission of his/her application also information present in his/her resumes. Specific disclosures can be found in each contact form on this website.
Data communicated during the purchase of products through the e-commerce platform is managed through the Shopify platform.
Information about the processing of personal data carried out through the company's social pages
About the processing of personal data carried out by the operators of the Social Media platforms (Facebook, Instagram, Linkedln etc..) used by the Owner, please refer to the information rendered by them through their respective privacy policies. The Owner processes the personal data provided by the interested parties through its social pages exclusively to manage interactions with users (comments, posts etc ...) and in compliance with the regulations on the processing of personal data.
Cookies and other tracking systems
For information on the use of cookies on this site please consult the Cookie Policy.
Purposes, legal basis of processing
Personal data conferred directly by users through the completion of online forms and/or direct access, via links, to the Company's e-mail address related to the requested service, or those acquired automatically through navigation may be processed for the following purposes: (i) to respond to questions about products or services formulated by users through the forms on the site; (ii) to register and manage the order received through e-commerce; (iii) to comply with any contractual obligations related to goods or services requested by users; (iv) to comply with any legal obligations of an accounting, administrative or fiscal nature related to products or services purchased by the interested party; v) with the user's consent, activate information services such as sending newsletters, commercial communications via e-mail; vi) carry out analysis on consumption habits or choices and define the user's profile using the information provided by the user when registering and/or making purchases on the e-commerce site and/or when filling in questionnaires or on the basis of actions taken or information provided during online browsing activities.
Legal basis for processing for the purpose under (i) is the execution of pre-contractual measures (Art. 6(b) GDPR); for the purpose under (ii) and (iii) is the execution of contractual obligations (Art. 6(b) GDPR); for the purpose under (iv) is the fulfillment of legal obligations (Art. 6(c) GDPR); for the purpose under (v), (vi) is the consent of the data subject.
Nature of conferment
The provision of the data communicated by the user is generally optional; for some personal data, however, the provision is mandatory, because it is necessary for the Company to fulfill the user's requests, such as those required for e-commerce purchases, or all the data indicated in the forms with the asterisk symbol*. In such cases, failure to provide the data makes it impossible for the request to be taken care of.
Method of processing and recipients of data
Personal data of website users will be processed mainly by electronic tools in accordance with the principles of lawfulness, fairness and transparency and the relevant legislation. The Data Controller guarantees the adoption of the security measures required by the GDPR.
The data may be processed by internal personnel of the Data Controller who operate, based on written instructions on the correct methods of data processing, as authorized to process the data, as well as by any third parties involved in the performance of the same activities as Data Processors or as Data Controllers (by way of example but not limited to those individuals entrusted with activities̀ of assistance, communication, promotions and sales of products and/or services, IT service providers, managers and/or developers of websites or applications contained therein, managers of electronic platforms).
Data retention
The personal data communicated by the data subjects will be kept for as long as necessary to allow the execution of the purposes for which they were transmitted and, in any case until the data subject's request for deletion, subject to different contractual, regulatory obligations of the Data Controller. Data provided for marketing purposes will be kept for 24 months from the last interaction and, in any case, until the data subject's request for deletion. Data collected for profiling purposes will be retained for 12 months from the last interaction and in any case until the data subject's request for deletion. Browsing data will not persist for longer than the time necessary to ensure the operation of the site itself.
Transfer of data to Third Countries
Data will not be transferred to third countries and, if transferred, the conditions and guarantees provided for in Articles 44 et seq. of the GDPR will be respected.
Minor
The site does not contain information and/or products/services aimed directly at minors. Minors should not give information or personal data.
Rights of data subjects
Users of this website have the rights set forth in Articles 15-21 GDPR.
Specifically, each user has the right to: i) access to data: to obtain confirmation or otherwise of personal data concerning him or her and to obtain access to such data and specific information (e.g. purposes of processing, categories of the data in question, recipients to whom the data will be communicated); ii) rectification of data: to obtain rectification of inaccurate data concerning him or her without undue delay. In this case, an obligation arises on the part of the data controller to communicate the rectification to all recipients to whom the data have been transmitted, unless this involves a disproportionate effort; iii) deletion of data: to obtain the deletion of data concerning him without undue delay, and the data controller has an obligation to delete them without undue delay if there are certain grounds (e.g., the personal data are no longer necessary in relation to the purposes for which they were collected; if the data subject withdraws consent; if they must be deleted for a legal obligation).
In this case, an obligation arises on the part of the controller to communicate the deletion to all recipients to whom the data have been transmitted, unless this involves a disproportionate effort; iv) restriction of processing: a restriction on the processing of the data, e.g. to storage only with the exclusion of any other use, may be ordered to the controller in certain cases (e.g. if the processing is unlawful and the data subject objects to the deletion of the data; if the data subject disputes the accuracy, within the limits of the period of verification of accuracy ....). In this case, an obligation arises on the part of the data controller to communicate the restriction of processing to all recipients to whom the data have been transmitted, unless this involves a disproportionate effort; v) portability of data: to obtain the return of the personal data provided and transmit them to others or to request transmission from one controller to another, if technically feasible; vi) objection to processing: to object at any time to processing for purposes of public interest or legitimate interest; for marketing purposes; for scientific, historical or statistical research. The data subject may exercise these rights using the contact details above.
Right to complain
If the data subject considers that the processing of personal data is taking place in violation of the provisions of the Regulations, he or she has the right to lodge a complaint with the Data Protection Authority, as provided for in Article 77 of the GDPR itself, or to take appropriate legal action pursuant to Article 79 of the GDPR.
Changes to this Policy
The Company reserves the right to make changes to this Policy at any time by notifying users on this page. Therefore, please consult this page often, taking as reference the date of the last modification indicated at the bottom.
The Data Controller
Conforti S.p.A.