According to the Regulation, the processing carried out by Soffass will be based on the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimisation, accuracy, integrity and confidentiality.
TABLE OF CONTENTS
- Data controller
- Personal data subject to processing
- Browsing data
- Data provided voluntarily by the data subject
- Purpose of processing
- Legal basis and mandatory or optional nature of the processing
- Recipients of personal data
- Transfers of personal data
- Storage of personal data
- Rights of the data subject
1. Data Controller and Data Protection Officer “DPO”
The controller of processing carried out through the Website is Soffass SpA, as defined above, which can be contacted at Via Fossanuova 59, 55016 Porcari (Lucca), Italy. For communications on this matter the Controller has set up the email address firstname.lastname@example.org. The Data Protection Officer (hereinafter the “DPO”) pursuant to Art. 37 et seq. of the Regulation can be contacted via the email address:email@example.com.
The Data Processor is the company Progresso S.r.l. with registered office in Via della Chiesa XXXII Trav.1 – 231, 55100 Lucca (LU), Italy.
2. Personal data subject to processing
Following your browsing of the Website, we inform you that Soffass will process your personal data, which may consist of an identifier such as your name, an identification number, an online identifier or one or more elements characteristic of your physical, economic, cultural or social identity that identify or can identify you (hereinafter just“Personal Data”).
The Personal Data processed through the Website are the following:
a. Browsing data
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some Personal Data whose transmission is implicit in the Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the Website, URIs (Uniform Resource Identifiers) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the user’s operating system and IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning, to identify anomalies and/or abuses and are deleted immediately after processing. Data could be used to ascertain responsibility in the event of hypothetical computer crimes against the website or third parties: except for this possibility, at present the data on web contacts do not persist for more than seven days.
b. Data voluntarily provided by the data subject
When you use certain Services on the Website, it may happen that you send Soffass the Personal Data of third parties which is processed. In such cases, you are the independent data controller and you accept all the obligations and responsibilities under the law. On this point you will hold Soffass harmless in the broadest possible sense against any dispute, claim or compensation for damages resulting from such processing, etc. that may be received by Soffass from third parties whose Personal Data has been processed through your use of the Website’s features in breach of the applicable rules on personal data protection. In any case, if you provide or otherwise process the Personal Data of third parties when using the Website, you warrant as of now – accepting all related liability – that this particular case of processing is based on an appropriate legal basis pursuant to Art. 6 of the Regulation legitimising the processing of the information in question.
Definitions, characteristics and application of the regulation
There are various types of cookies, depending on their characteristics and functions, and they can remain on the user’s computer for different periods of time. Session cookies are automatically deleted when the browser is closed, while persistent cookies remain on the user’s device until a set deadline.
According to the Italian Data Protection Authority (see the Decision on Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies dated 8 May 2014 and subsequent clarifications, hereinafter “Decision”), technical cookies, which do not require express consent for their use, also include:
- “analytics cookies” when used directly by the website operator to collect information, in aggregate form, on the number of users and how they visit the website,
- browsing or session cookies (to authenticate),
- function cookies, which allow the user to browse according to a series of selected criteria (for example, language, products selected for purchase) in order to improve the service provided to the user.
On the other hand, “profiling cookies”, i.e. those designed to create user profiles and used to send advertising messages in line with the preferences expressed by the user while browsing the web, require the prior consent of the user.
Types of cookies used by the Website and the possibility of enabling or disabling them
The Website uses the following cookies that can be disabled, except for third party cookies for which you must refer directly to the enabling/disabling methods for the respective cookies, given in the links:
- Browsing or session technical cookies that are strictly necessary for the functioning of the Website or that allow you to make use of the contents and services requested.
- Function cookies, which are used to activate specific features of the Website and a series of selected criteria (for example, language) in order to improve the service provided.
WARNING: By disabling technical and/or function cookies, the Website may not be available for consultation or some of the Website’s services or functions may not be available or may not function properly and you may be required to manually change or enter certain information or preferences each time you visit the Website.
- Third party cookies, i.e. cookies from websites or web servers other than those of Regina, used for the purposes of those third parties. It should be noted that these third parties, listed below with links to their privacy policies, are typically autonomous controllers of the data collected through the cookies they use, so you should refer to their policies on personal data processing, information and consent forms (enabling and disabling of their respective cookies), as specified in the above Decision. For completeness, it should be noted that Soffass does its utmost to track cookies on its Website. These are regularly updated in the table below, where we provide transparency about the cookies Soffass sends directly to you and their purposes. With regard to third parties who send cookies through our Website, links to their privacy policies are provided below: as already mentioned, we delegate to these third parties responsibility for providing the policy and collecting your consent, as required by the Decision. This responsibility applies not just to the cookies that third parties send directly, but also to any additional cookies that are sent through our Website as a result of use of services by the third parties themselves. Soffass has no control over cookies sent by the service providers of these third parties and does not know their characteristics or purposes.
The handling of information collected by “third parties” is governed by the relevant policies, to which you should refer. To ensure greater transparency and convenience, the web addresses of the various policies and methods for managing cookies are given below, while we specify that the Data Controller has no responsibility for the operation of third party cookies on this Website.
Here are some links to information about third party cookies:
- Google Analitycs: https://www.google.com/policies/privacy/partners/
- Google policy: on the use of the data at the link: http://www.google.com/policies/technologies/cookies/ and full policy at the link: http://support.google.com/analytics/answer/6004245
- Google (set up): the general opt-out guide for Google services (Maps, YouTube, etc.) is available at the web address: http://support.google.com/accounts/answer/61416?hl=it
- Facebook policy: https://www.facebook.com/help/cookies/ and https://it-it.facebook.com/about/privacy/cookies
- Facebook (set up): log in to your account. Privacy section
- Sizmek : https://www.sizmek.com/privacy-policy/
The cookies sent by Soffass through the Website are indicated below:
Cookies on the Website
|Cookie type and owner||Technical name of the cookies||Function and purpose||Persistence time|
|Technical||XSRF-TOKEN||This cookie is essential for the website’s operation, for the security of the website and of visitors.||2 hours|
|Technical||cookieconsent_status||This cookie is essential for the website’s operation, it remembers the user’s choice on the cookie bar.||1 year|
|Technical||regina_session||This cookie is essential for the website’s operation.||2 hours|
|Technical||__cfduid||This cookie is essential for the website’s operation, use of the Cloudflare CDN to speed up downloading.||1 year|
You may block or delete (in whole or in part) technical and function cookies through the specific features of your browser. However, please note that not authorising technical cookies may make it impossible for you to use the Website, view its contents and use its services. Blocking function cookies may result in certain services or functions on the Website not being available or not functioning properly and you may be forced to change or manually enter certain information or preferences each time you visit the Website.
The choices made with regard to cookies on the Website will also be recorded in a cookie. However, this cookie may not work properly in some circumstances: in such cases, we recommend that you delete cookies that you do not like and also block their use through your browser’s features.
Your cookie preferences should be reset if you use multiple devices or browsers to access the Website.
How to view and change cookies through your Browser
You may authorise, block or delete (in whole or in part) cookies through the specific features of your browser. For more information on how to set cookie preferences through your Browser, please refer to the instructions:
3. Purpose of processing
The processing that we intend to carry out, with your specific consent where necessary, has the following purposes:
a. allow the provision of the Services you request;
b. respond to enquiries;
c. respond to requests for information;
d. comply with any legal, accounting or tax obligations;
e. send you promotional and marketing communications, including the sending of newsletters and market research, via automated means (emails, texts, multimedia messages, push notifications, faxes) and non-automated means (via paper mail or telephone contact with operator);
f. for the analysis of your purchasing choices and behavioural preferences, in order to better structure personalised commercial communications and offers, to carry out general analyses for strategic orientation and commercial intelligence purposes and, in general, for profiling activities;
g. Your personal data may also be communicated, with your consent, to other companies for the sending of their promotional and marketing communications, including the sending of newsletters and market research, via automated means (texts, multimedia messages, emails, push notifications, faxes) and non-automated means (via paper mail or telephone contact with operator);
h. to enable you to take part in prize competitions.
4. Legal basis and mandatory or optional nature of the processing
The legal basis for the processing of Personal Data for the purposes referred to in section 3 (a-b-c-h) is Art. 6(1)(b) of the Regulation in that the processing is necessary for the provision of the Services or to respond to requests from the data subject. The provision of Personal Data for these purposes is optional, but failure to do so would make it impossible to activate the Services provided by the Website or respond to requests.
The purpose referred to in section 3.d represents a legitimate processing of Personal Data pursuant to Art. 6(1)(c) of the Regulation. Once your Personal Data has been provided, it must to be processed in order to comply with a legal obligation to which Soffass is subject.
The legal basis of the processing for purposes e), f) and g) is Art. 6.1.a) of the Regulation.
Provision of your Personal Data for the purposes referred to in letters e), f) and g) above is optional; no consequences are expected if you refuse.
For the processing carried out for the purpose of sending direct advertising material or direct selling or for carrying out market research or commercial communications in relation to Soffass products or services similar to those you have purchased, Soffass may use, without your consent, e-mail and paper mail in accordance with and within the limits allowed by the Data Protection Authority’s decision dated 19 June 2008, the legal basis for the processing of your data for this purpose is Art. 6, paragraph 1, letter f) of the Regulation.
In any case, pursuant to Art. 21 of the Regulation, you have the possibility to object to such processing at any time, initially or on the occasion of subsequent communications, easily and free of charge by writing to the Controller or to the DPO at the above addresses, and to obtain immediate feedback confirming the interruption of such processing (Art. 15 of the Regulation).
5. Recipients of personal data
Your Personal Data may be shared, for the purposes referred to in section 3 above, with:
a. subjects who typically act as data controllers pursuant to Art. 28 of the Regulation, namely: i) individuals, companies or professional firms that provide assistance and advice to Soffass on accounting, administrative, legal, tax, financial and credit collection matters relating to the provision of the Services; ii) persons with whom it is necessary to interact in order to provide the Services (e.g. hosting providers); iii) or entities delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communications networks); (collectively, the “Recipients”); the list of data processors that process data can be requested from the Data Controller or the DPO by writing to the following addresses: firstname.lastname@example.org; email@example.com.
b. subjects, entities or authorities, autonomous data controllers, to whom it is compulsory to communicate your Personal Data pursuant to the provisions of law or orders by the authorities;
c. persons authorised by Soffass to process Personal Data pursuant to Art. 29 of the Regulation needed to carry out activities closely related to the provision of the Services, who have committed themselves to confidentiality or are under an appropriate legal obligation of confidentiality (e.g. Soffass employees).
d. The data may be accessible to the other companies of the Sofidel Group for the same purposes as above and/or for administrative-accounting purposes pursuant to Art. 6.1.f) and Recitals 47 and 48 of the Regulation.
Finally, some of your Personal Data may be disclosed through publication on the Website for the purposes referred to in section 3.h) if you are a prize winner in the prize competitions you have entered.
6. Transfers of personal data
Some of your Personal Data is shared with Recipients who may be located outside the European Economic Area. The data controller ensures that the processing of your Personal Data by these Recipients is carried out in compliance with the Regulation. Transfers may be based on an adequacy decision, on Contractual Clauses approved by the European Commission or on another appropriate legal basis. More information is available from the Controller or the DPO at the following email addresses: firstname.lastname@example.org; email@example.com.
7. Retention of data
Personal Data processed for the purposes referred to in section 3(a-b) will be kept for the time strictly necessary to achieve those same purposes in accordance with the principles of storage minimisation and limitation pursuant to Art. 5.1.e) of the Regulation. In any case, the Data Controller will process the Personal Data for the time necessary to fulfil the contractual and legal obligations.
Further information on the data retention period and the criteria used to determine this period can be obtained by writing to the Holder or to the DPO at the following address: firstname.lastname@example.org
8. Rights of data subjects
Pursuant to Art. 15 et seq. of the Regulation, you have the right at any time to request access to your Personal Data, its rectification or erasure, and to restrict its processing in the cases provided for under Art. 18 of the Regulation, to receive the personal data concerning you in a structured, commonly used and machine-readable format in the cases provided for by Art. 20 of the Regulation. At any time, you may revoke your consent pursuant to Art. 7 of the Regulation; lodge a complaint with the competent supervisory authority pursuant to Art. 77 of the GDPR (Data Protection Authority) pursuant to Art. 77 of the Regulation, if you believe that the processing of your data infringes the legislation in force.
You can object to the processing of your data under Art. 21 of the GDPR in which you give evidence of the reasons for your objection: the Controller reserves the right to evaluate the request, which will not be accepted if there are legitimate grounds for the processing which override your interests, rights and freedoms.
Requests should be sent in writing to the Controller or to the DPO at the following email addresses: email@example.com, firstname.lastname@example.org.