The Data Controller is Emilceramica S.r.l. a Socio Unico, with registered office at Via Ghiarola Nuova 29, 41042 Fiorano Modenese (Modena) Italy, in the person of its current legal representative (“Data Controller"or “Emilceramica”).
The Data Controller has appointed a Data Protection Officer ("DPO"), whom you can contact to exercise your rights, as listed in point 7 below, as well as to receive any information concerning them and/or this Policy Statement, by writing to: firstname.lastname@example.org
Emilceramica will process personal data concerning you, contributed by you directly or collected during browsing of the www.emilamerica.com website (the “Site”), for the following purposes.
As users browse this Site, the IT systems and software procedures which operate it acquire some personal data the transmission of which is implicit in the use of Internet communications protocols, such as the IP addresses or domain names of the PCs and terminals used by users, as well as the URI/URL (Uniform Resource Identifiers/Locators) of the requested resources, the time of the request, the size of the file obtained in response, the numerical code specifying the state of the response provided by the server (positive outcome, error, etc..) and other parameters concerning the operating system and the IT environment of the user, in order to:
1. enable you to access and use the Site
2. obtain statistical information concerning the use of the services
3. check that the services offered are operating correctly
The legal basis for the processing of your data for the purposes referred to in points 1, 2 and 3 is the fulfilment of your request, pursuant to Article 6, first comma, subsection b) of the GDPR; if you were to refuse to contribute these data, you would be unable to use the Site.
The “Contact us” section of the Website contains a specific form via which you may voluntarily contribute some of your ordinary personal data in order to request the information you require. If you decide to make use of this service, the Data Controller will process your personal data only in order to respond to your request for information.
The legal basis for the processing of your data for this purpose is the fulfilment of your request, pursuant to article 6, first comma, subsection b) of the GDPR.
The contribution of your personal data for the above purpose is optional. However, if you decide not to contribute your personal data, you will be unable to obtain the information you need.
For this purpose, the personal data contributed through the website will be stored for the time necessary for the fulfilment of the request.
By compiling the form in the specific "newsletter" section on the Website, or sections, you may contribute your ordinary personal data (name, surname, email address, country and profession) in order to subscribe to the newsletter and be regularly updated with news of initiatives, activities and projects organised by Emilceramica.
The newsletter will be sent to the email address which you provided, in order to fulfil your request.
The contribution of your personal data for the above purposes is optional. However, in the event of refusal to contribute the data, the Data Controller will be unable to fulfil your request to subscribe to the newsletter or to keep you up to date with the latest news from Emilceramica.
The legal basis for the processing of your data for this purpose is the fulfilment of your request, pursuant to Article 6, first comma, point b) of the GDPR; therefore, your consent is not necessary to authorise the processing. However, on receipt of any email, you may easily object to the sending of further communications from Emilceramica by using the "Unsubscribe" link provided in all e-marketing communications, or by contacting the Data Controller at the addresses provided in point 1 above.
Your personal data will be processed until you decide to cancel your subscription to the Newsletter service.
Further to submission of requests for information in the Contacts sector for information purposes (point 2.2), your subscription to the newsletter (point 2.4), or on the site pages containing a form for requesting specific information, the Data Controller assumes that you are potentially interested in being informed about Emilceramica’s activities, initiatives and products.
Therefore, given these circumstances, the Data Controller intends to use your personal data (name, surname, telephone number and email address) to send you marketing communications referring to Emilceramica’s initiatives and products, and invitations to events it has organised. These communications may be sent by traditional means (such as telephone calls) and/or by automated means (such as email, telefax, prerecorded telephone calls, SMS, MMS, instant messaging, etc.).
The processing of your personal data for marketing purposes will require the issue of your specific consent (on the legal basis provided by article 6, first comma, subsection a) of the GDPR), to be given by ticking the box offered to you when the data are contributed. On the other hand, the sending of marketing communications does not require your consent when it takes place using the personal data (e.g. email address) which you contributed during activities relating to the sale of similar products offered by the Data Controller, or if you are acting, as the contact for a legal person, in the context of business relations with the Data Controller; in these circumstances, the processing of your personal data is considered to be based on the prevalent legitimate interest of the Data Controller.
However, on receipt of any email, you may easily object to the sending of further communications by Emilceramica, using the "Unsubscribe" link in all e-marketing communications, or by contacting the Data Controller at the addresses provided in point 1 above.
Emilceramica also intends to analyse your consumption habits and choices in order to send you personalised marketing communications. To engage in profiling, Emilceramica requires your specific consent, to be given by ticking the box offered to you when your data are contributed.
Consent to profiling is optional and your refusal will have no consequence with regard to the performances of the other activities you have requested, but it will prevent the Data Controller from identifying the products, services and programmes which might interest you.
Your personal data will be processed, in compliance with the provisions of the GDPR, by paper, IT and telematic means, for the stated purposes, and in all cases by procedures which guarantee an appropriate level of security and confidentiality, in accordance with the provisions of Article 32 of the GDPR.
The processing of personal data signifies their collection, recording, organisation, storage, treatment, adaptation, alteration, sorting, retrieval, alignment, use, combination, freezing, disclosure, dissemination, erasure or destruction, or the combination of two or more of the aforesaid operations, also via automated tools for the storage, management and transmission of the data, with the aid of measures which guarantee their security and confidentiality.
For the pursuance of the purposes described in point 2 above, the personal data processed will be known to Emilceramica’s employees, contract staff and associates working in the capacity of authorised data users.
Moreover, for the pursuance of the purposes described in point 2 above, your personal data may be processed by third parties belonging, for example, to the following categories:
In some cases, the entities in the aforesaid categories operate in complete independence as separate data controllers, while in other cases they operate as Data Processors specifically appointed by the Data Controller in accordance with article 28 of the GDPR.
Your consent is not required for the disclosure of your data to entities in the above categories operating in the capacity of independent data controllers, since it is based on the prevalent legitimate interest of the Data Controller, as the said disclosure is necessary for the pursuance of the purposes set out in point 2 above.
For technical and organisational purposes, your data may be transferred to non-European Union member states: this transfer is, in any case, lawful since it is covered by adequacy decisions issued by the European Commission and/or standard data protection clauses based on the models adopted by the European Commission pursuant to art. 46 of the GDPR.
You may request a copy of the safeguards adopted for data transfer outside the EU, and information concerning the places where the data have been made available, by sending a specific request to the Data Controller at the email address email@example.com
- right of access - article 15 GDPR: right to obtain confirmation of whether or not personal data concerning you are being processed and, if this is the case, to obtain access to your personal data - including a copy of them - and communication, amongst other things, of the following information:
1. purposes of the processing
2. categories of personal data processed
3. recipients or categories of recipients to whom they have been or will be disclosed
4. data storage period or the criteria used
5. rights of the data subject (rectification, erasure of personal data, restriction of processing and right to object to processing)
6. right to lodge a complaint with the supervisory authority
7. right to receive information on the origin of personal data if they have not been collected from the data subject
8. the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the envisaged consequences of such processing for the data subject
- right to rectification - article 16 GDPR: right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data;
- right to erasure (right to be forgotten ) - article 17 GDPR: right to obtain, without undue delay, the erasure of personal data concerning you, when:
1. the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2. you have withdrawn consent and where there is no other legal ground for the processing;
3. you have successfully objected to the processing of the personal data;
4. the data have been unlawfully processed,
5. the data have to be erased for compliance with a legal obligation;
6. the personal data have been collected in relation to the offer of information society services referred to in article 8, comma 1 of the GDPR.
The right to erasure does not apply to the extent to which the processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or for the establishment, exercise or defence of legal claims.
- right to restriction of processing - article 18 GDPR: right to obtain restriction of the processing, when:
1. the accuracy of the personal data is contested by the data subject;
2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
3. the data subject needs the personal data for the verification, exercise or defence of a right during judicial proceedings;
4. the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
- right to data portability - article 20 GDPR: right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance, if the processing is based on consent and is carried out by automated means. In addition, the right to have your personal data transmitted directly by the Data Controller to the other controller, where technically feasible.
- right to object - article 21 GDPR: right to object to the processing of personal data concerning you, unless there are legitimate grounds for the Data Controller to continue the processing;
- right to lodge a complaint with the Italian Data Protection Authority - Garante per la protezione dei dati personali, Piazza Venezia no. 11, 00187, Rome (Italy).
The above rights may be exercised in relation to the Data Controller using the contacts provided in point 1 above. The Data Controller shall examine your request and shall inform you, without undue delay and in all cases within no more than one month of its receipt, concerning the action taken with regard to your request.
The exercise of your rights as data subject is free of charge in accordance with article 12 of the GDPR. However, in the event of requests which are manifestly unfounded or excessive, in particular because of their repetitive character, the Data Controller may charge you a reasonable fee taking into account the administrative costs of dealing with your request, or refuse to act on the request.
Please also note that the Data Controller may request further information necessary to confirm the identity of the data subject.
If you are a California resident, the following provisions apply to our processing of any information that identifies, relates to, describes, is capable of being associated with you, your device, or your household ("California personal information").
A. CALIFORNIA PERSONAL INFORMATION WE COLLECT
(A) Identifiers such as a name, postal address, online identifier, unique personal or device identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers.
(B) Personal information described in Cal. Civ. Code Section 1798.80(e) (California Customer Records statute). This means any information that identifies, relates to, describes, or is capable of beingassociated with a particular individual, including, the "identifiers" listed in the preceding bullet point A.
(C) Commercial information, including (1) records of products or services purchased from us, (2) information on actions taken on our sites, including information about our products or services you considered via our sites or otherwise, (3) username, password, or other account information used to gain access to our online services; or (4) information about preferences and behavior that we collect on our sites or purchase from third parties in order to target consumers for digital advertisements or to personalize content we deliver on our sites; or (5) or other purchasing or consuming histories or tendencies.
(D) Internet or other electronic network activity information, including, but not limited to, browsing history,search history, and information regarding a consumer’s interaction with our sites, applications, or advertisements. This includes (1) logs of your visits to and use of our sites; (2) data collected by automated means like cookies, web beacons, and similar technologies; (3) data about online activity we may receive from third parties; and (4) connection information associated with calls, text messages, and other communications with you.
(E) Geolocation data– If you use our mobile app, the app may ask for permission to use your location. If you consent, we may collect geolocation data. You can turn off our ability to collect location information in your mobile device settings at any time.
(F) Audio information from calls you place to customer service which may be recorded, and electronic information in the form of Internet or other electronic network activity information as described above may also be collected.
(G) Inferences drawn from the information listed in points (A) through (F) above, as well as any otherinformation described in the above section titled "Information Collection," in order to create a profile about a co nsumer reflecting the consumer’s preferences or characteristics.
B. HOW WE USE CALIFORNIA PERSONAL INFORMATION
We use the personal information we collect for our operational purposes, which may include the following business purposes:
(1) Audits and reporting relating to particular transactions and interactions, including online interactions, you may have with us or others on our behalf;
(2) Detecting and protecting against security incidents, and malicious, deceptive, fraudulent or illegal activity, and prosecuting the same;
(3) Debugging to identify and repair errors in our systems;
(4) Short-term, transient use including contextual customization of ads;
(5) Providing services on our behalf or on behalf of others, including maintaining or servicing accounts, providing customer service, fulfilling transactions, verifying identity information, processing payments, and other services;
(6) Conducting internal research to develop and demonstrate technology; and
(7) Conducting activity to verify, enhance, and maintain the quality or safety of services or devices which we may own, control, or provide, or to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for us, or controlled by us.
We may also use the information we collect for our own or our service providers’ other operational purposes, purposes for which we provide you additional notice, or for purposes compatible with the context in which personal information was collected.
C. DISCLOSURE OF CALIFORNIA PERSONAL INFORMATION
Within the last 12 months, we have disclosed the categories of personal information identified in the above categories (A)-(G) for our business purposes.
D. CALIFORNIA PRIVACY RIGHTS
If you are a California resident, you may have certain rights related to your personal information. You may exercise these rights free of charge except as otherwise provided under applicable law.
• Right to Know and Access Rights. You may request that we disclose to you:
- the categories of personal information we have collected about you;
- the categories of sources from which the personal information is collected;
- our business or commercial purpose for collecting or selling personal information;
- the categories of third parties with whom we share personal information; and
- the specific pieces of information we have collected about you.
• Deletion Rights. You have the right to request that we delete personal information about you which we have collected from you.
Subject to applicable law, we may not discriminate against you because of your exercise of any of the above rights, or any other rights under the California Consumer Privacy Act, including by (a) denying you goods or services; (b) charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; or (c) providing you a different level or quality of goods or services.
As required or permitted under applicable law, please note that we may take steps to verify your identity before granting you access to information or acting on your request to exercise your rights. We may limit our response to your exercise of the above rights as permitted under applicable law.