Dall’Agnese S.p.A. is implementing privacy protection policies contained in the General Data Protection Regulation 2016/679 relating to the protection of natural persons with regard to the processing of personal data.
The use of these files is necessary for browser recognition operations, allowing Dall’Agnese to recognise the User on the Website without the need to enter an email address and password.
During browsing, information is recorded concerning the browser used by the User, the click-throughs made in the different areas of interest, the products most frequently visited, and a number of aspects related to the customisation and survey of enjoyment of the services offered by www.dallagnese.it.
Communications between the User and the Internet Service takes place via email. We are always available to provide information to accommodate any suggestions.
The information is processed in accordance with the above-mentioned Privacy policies on the processing and protection of personal data.
The policy statement of the website www.dallagnese.it is provided in accordance with article 13 of Regulation (EU) no. 2016/679 (hereinafter referred to as the Regulation or GDPR) on the protection of natural persons with regard to the processing of personal data and legislative decree 196/2003 – legislative decree 101/2018.
As described in this policy statement, we will collect and process your Personal Data through an innovative customer relationship management system ‘CRM’.
The data may be collected directly or at one of our agents located in various countries around the world, at our events or when browsing our website.
The collected data will be stored in our central database and we will process them, as an independent controller, for marketing and profiling purposes, both for activities carried out in Italy and for activities carried out abroad.
Source of the Data Collection
Personal data (the “Personal Data” or the “Data”) are collected automatically or provided through the browsing or the use of this website (the “Website”) or provided when acquiring one of our products (the “Products”).
DALL’AGNESE S.P.A. notes that use of this website therefore implies the processing of personal data of the data subject only for the purposes and through the mechanisms indicated below.
a) Data Controller
- The data controller is Dall’Agnese S.p.A. with registered office in Brugnera, Via Mazzini no. 3 (tax code and VAT no: 00066840935)
- The data controller can be contacted at the following email address: email@example.com
b) Purpose and legal basis for data processing:
- The personal data (hereinafter also referred to as ‘Data’) that you provide when browsing the website are collected and processed in order to provide services based on web interfaces for the publication and consultation of web pages of an informative nature and in an anonymous and aggregate form and for the purpose of monitoring the proper operation of the website.
- Furthermore, your personal data may also be used in different processing operations (storage, archiving, processing) in any case in terms compatible with this purpose. More specifically, your personal data may be processed for the following purposes:
- responding to requests for information;
- making estimates;
- permitting the provision of the requested services;
- fulfilling legal obligations;
- CRM: allowing registration as a user/customer and use of the services by registering on our Website or at one of our events;
- responding to the unsolicited sending of your curriculum vitae;
- marketing: for sending, also on a periodic basis, for example by means of newsletters, advertising material, direct sales, to carry out market research and/or commercial and promotional communication including invitations to trade fairs, meetings, and/or other private/public events organised for the promotion of the company’s business, carried out directly by the Company or by specialised outside companies. This may be done by email, MMS or SMS messages or other means, if you have given your express and explicit consent by means of a specific form. The legal basis for marketing purposes is consent;
- profiling: your data may be processed for profiling purposes entailing the identification of preferences, tastes or habits by processing personal data including but not limited to: personal data or residence/geographic area, business activity/profession, provided through registration on the Company’s website, data relating to the use of the Company’s website. This enables the creation and definition of your profile which is useful for market analyses and for improving the products and/or services offered and making them more responsive to your needs. Subject to the specific consent referred to in paragraph b) 2, vii (marketing), profiling allows for the targeted sending of communications of a promotional and commercial nature, customised by the means indicated therein. Personal data will be used in both individual and aggregate form and may be added to, compared and cross-referenced with other data in the legitimate possession of the Company. Profiling will also take place after explicit and appropriate consent has been given. The legal basis for profiling purposes is consent.
The lawfulness of processing the personal data under letter b) paragraph 2 (i, ii, iii, iv, v) is article 6 paragraph 1, letters b) and c) of the Regulation, since the processing is necessary to provide the services, the performance of the contract to which the data subject is party or the performance of pre-contractual measures or for the response to requests made by the data subject, and is also necessary to comply with a legal obligation incumbent on the Controller. The provision of personal data for these purposes is optional, but failure to provide them would make it impossible to activate services provided by the Website and to respond to requests.
The lawfulness of processing the personal data on curriculum vitaes pursuant to letter b) paragraph 2 vi, sent on an unsolicited basis, is article 6 paragraph 1, letter b) of the Regulation, since the processing is necessary to provide the precontractual measures requested by the data subject. The provision of personal data for these purposes is optional, but failure to provide them would make it impossible to respond to the request of the data subject.
The lawfulness of processing the personal data pursuant to letter b) paragraph 2 vii, viii is article 6 paragraph 2, letter a) of the Regulation. Data for these purposes may be processed subject to explicit and specific consent. Providing consent for these purposes is therefore free and optional and, failing this, the Data Controller shall merely process the data for the purposes set out in the other paragraphs without affecting in any way the option to use the services. Even if processing for such purposes is provided, it may be revoked at any time by making a simple request to the Data Controller.
c) Data Processed
- Data provided voluntarily by the user
The website only processes common data (Personal Data such as: name, surname, email, telephone number, etc….. – Other Data such as category: Private party, Architect, etc.)
- Browsing data
This category of data includes IP addresses or the domain names of computers used by the data subjects who connect to the website, addresses of the requested resources, the time the request is made, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the response status from the server (successful, error, etc.) and other parameters related to the data subject’s operating system and computer environment.
d) Processing methods
The Data will be collected and processed in accordance with the principles of fairness, legality and transparency, by manual or automated means, always within the limits of the processing purposes described in this policy statement and in any case, in a way that guarantees the security and confidentiality of the Data.
e) Possible recipients of the personal data
Your personal data will be processed exclusively by the Data Controller, the Data Processors appointed by the Controller and the strictly authorised persons engaged to process data. An up-to-date list of the Data Processors and the persons engaged to process data may always be requested from the Controller for consultation.
Your personal data may be communicated, following inspections or audits, to all inspection bodies in charge of audits and controls relating to ensuring that legal requirements have been met.
Your personal data may be communicated to the following, provided as examples and not intended to be an exhaustive list: companies/professional firms that provide assistance, or consultancy or collaboration to the data controller in accounting, administrative, tax, legal, fiscal, financial or social security matters, in relation to the establishment and management of the contractual and/or pre-contractual relationship with you, public authorities for the performance of institutional functions within the limits established by the law or regulations or to third party service providers to whom communication is necessary for the performance of services inherent to and connected with the contractual and/or pre-contractual relationship with you, other employees and/or business associates of the data controller for the time strictly necessary to perform their duties instrumental and/or ancillary to the performance of the relationship with you and always under the control and supervision of the data controller, data processors and persons engaged to process data who are strictly authorised. Your personal data may be disclosed to public or private entities that may have access to your personal data by virtue of provisions of law or regulations or by virtue of court orders.
Your personal data will not be disclosed unless you have given your express and explicit consent. In the latter case, disclosure will however be limited and governed by what you have expressly consented to in a legal document signed by you.
Please note that if you consent to the processing of your personal data for marketing and/or profiling purposes, your Data will be entered into this CRM database, whose servers are located in the territory of the European Union. In particular, your Data will be automatically accessible to the staff of the Data Controller and the Data Processors for marketing and profiling purposes.
f) Data retention period
Your personal data shall be kept for the time necessary to fulfil your requests and, in any case, for no longer than 10 (ten) years, limited and in accordance with the need to guarantee the Company the possible exercise and protection, in and/or out of court, of its rights and interests deriving from, connected or related to the relationship with you and/or its purpose.
Candidate data collected in paper and non-paper format are catalogued and stored for 12 months. After this storage period has elapsed without recruitment, the data are destroyed.
Personal data processed for other optional marketing purposes shall be deleted after a period of 2 years, which is deemed reasonable since the data are related to sale of the goods governed by contract, and in any case not after the withdrawal of consent, without prejudice to the lawfulness of the processing based on consent prior to its withdrawal.
Personal data processed for profiling purposes shall be deleted after a period of 1 year, which is deemed reasonable since the data are related to the sale of the goods governed by contract, and in any case not after the withdrawal of consent, without prejudice to the lawfulness of the processing based on consent prior to its withdrawal.
g) Existence of an automated decision-making process
As noted above, the Controller carries out, on the basis of its legitimate interests, a categorisation of its clientele in order to send information of a commercial nature on collections, exhibitions and events targeted to the needs of a certain category or bracket to which you belong. This is done by subdividing the data subjects according to categories that are not too invasive and non-discriminatory such as country of residence and/or type of customer (private/professional). Following this analysis, which may also take place in automated form, the user may be classified into one or more groups with different characteristics and receive communications from the Controller dedicated to that category that the Controller considers to be in line with your needs. In relation to this processing, the Controller has successfully conducted a balancing test in order to determine that the processing linked to the categorisation in question is carried out on the legal basis of the Controller’s legitimate interests in achieving maximum efficiency in its marketing activities.
The Data Controller may also, with your consent, analyse your consumption habits over time in order to make a more in-depth assessment than could have been done by a simple categorisation, of which products or initiatives correspond to your tastes and preferences (for example, if, over a period of two years, you show interest in a particular product of ours or in a line created by one of our designers, we will send you offers dedicated to that type of product and not others that do not interest you or that do not match your tastes and preferences). We can therefore offer you a unique and personalised experience. Please note that the Data Controller has carried out a specific processing impact assessment on the personal data required for profiling to ensure compliance with the principles of the GDPR, including non-discrimination, effectiveness and the absence of harmful consequences for the data subject.
h) Intention of the data controller for the personal data
If the data controller transfers your personal data to countries outside the EU or in any case outside the European Economic Area (comprising Switzerland, Iceland, Liechtenstein and Norway), it will proceed as follows.
In case of transfer of data to the aforesaid third countries, the data controller shall guarantee an adequate level of protection pursuant to article 45 Regulation (EU) no. 679/2016 and article 29 Working Party (the Commission has the power to establish this type of adequacy by means of a specific decision and on this point please refer to the list of decisions on the website of the Data Protection Supervisory Authority www.guarantorprivacy.it).
In the absence of an adequacy decision pursuant to article 45 of the EU Regulation, the data controller shall provide adequate safeguards pursuant to articles 46 – 47 of Regulation (EU) no. 679/2016.
Finally, in the event that there is no adequacy decision pursuant to article 45 of Regulation (EU) 679/2016 or adequate safeguards pursuant to article 46 of said Regulation, including binding corporate rules, the transfer of personal data to a country will only be permissible if there are exceptions in specific situations pursuant to article 49 of Regulation (EU) 679/2016.
Any information relating to the appropriate safeguards referred to in the preceding paragraph will in any case always be available at the Data Controller’s registered office and may be requested from the following email address firstname.lastname@example.org
i) Redirecting to external sites
The website uses social plug-ins, i.e., special tools that allow social network functionalities to be incorporated directly into a website (for example the Facebook like button). Each of the social plug-ins on the Website is identified by the logo owned by the social platform, in this case the Facebook logo. If the user interacts with the social plug-in, the information relating to the data subject is directly communicated to the social platform which processes the Data in its capacity as an independent data controller, therefore in order to obtain more details on the purposes and mechanisms of processing, the rights that can be exercised and the storage of personal data, please consult the privacy policies of the relevant social networks.
l) Rights of the Data Subject
In relation to the personal data processed under this policy statement, you have the right at any time to:
– Access (article 15 Regulation (EU) no. 2016/679): the Controller guarantees the right of access to personal data concerning the data subject;
– Rectification (article 16 Regulation (EU) no. 2016/679): the Controller shall, at the request of the data subject, rectify inaccurate personal data without undue delay.
– Erasure (article 17 Regulation (EU) no. 2016/679): the Data Controller shall erase the personal data of the data subject without undue delay if: the personal data are no longer necessary in relation to the purposes for which they were collected or processed; the data subject withdraws consent; the data subject objects to the processing and there are no overriding legitimate grounds for processing; the personal data have been processed unlawfully.
– Restriction (article 18 Regulation (EU) no. 2016/679): the Data Controller shall restrict the processing at the request of the data subject when: the data subject contests the accuracy of the data; the processing is unlawful and the data subject opposes the erasure of the data but requests restriction of the processing; the data are no longer necessary for the purposes of the processing, but are necessary for the establishment, exercise or defence of legal claims; the data subject has objected to the processing pending the verification whether the legitimate grounds of the Controller override those of the data subject.
– Portability (article 20 Regulation (EU) no. 2016/679): intended as the right to receive, from the Controller, the data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance.
– Right to object (article 21, Regulation (EU) no. 2016/679): the data subject shall have the right to object at any time to processing of personal data concerning him or her.
– Exercise the right to withdraw consent, if given for one or more specific purposes, at any time without prejudice to the lawfulness of the processing until such consent is withdrawn.
– Lodge a complaint with the Data Protection Supervisory Authority (article 51 Regulation (EU) no. 2016/679).
The aforementioned rights may be exercised by sending written communication by email to email@example.com
Or by registered letter with notice of receipt to the following address: Dall’Agnese S.p.A. with registered office in Brugnera in Via Mazzini n. 3 – certified email (PEC) firstname.lastname@example.org
The Data Controller will be in charge of keeping this policy statement up to date.