Introduction
This document (hereinafter the “Privacy Policy“) provides information on the processing of personal data collected by the company Angelini Holding SpA (hereinafter“Company”or “Data Controller“) via this website (hereinafter the “Site“) and therefore constitutes information for data subjects pursuant to current legislation and the provisions of Article 13 of EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data (hereinafter“Regulation”). In the sections of the site where the user’s personal data is collected, a specific privacy statement is normally published which in any case supplements this Privacy Policy.
Name and contact details of the Data Controller
The Data Controller is Angelini Holding SpA, with registered office in Viale Amelia 70-00181 Rome.
Contact details of the Data Protection Officer (“DPO”)
The DPO appointed by the Company can be contacted at the following addresses:
– email: dataprotectionofficer@angelini.it;
– post: Angelini Holding SpA – Viale Amelia 70 – 00181 Rome.
Which data we process
Common personal data provided by the user may be processed when the latter interacts with the Site’s functionalities, including browsing data or requests to use the services offered on the Site (registration to any reserved areas/contests and other initiatives, use of any App, requests for information and reports, including through contact forms, etc.), as well as data collected through cookies as specified in the Cookie Policy.
Why and how do we process your personal information?
With the user’s consent, the Company may process the user’s common personal data to allow the use of services and features found on the Site and to optimise its functioning, to obtain statistics on visits, to manage requests and reports received through the Site, for registration to any reserved areas or initiatives such as competitions and the like, pursuant to Article 6.1. (a) of the Regulation. The Company may also process the user’s personal data to fulfil obligations deriving from laws, regulations, EU legislation: the legal basis for the processing for this purpose is Article 6.1 (c) of the Regulation.
With the user’s optional consent, the common data may also be used for the purpose of corporate communications (including newsletters) or promotional activities (marketing), i.e. sending promotional material and/or commercial communications relating to the Company’s services, at the indicated addresses, both through traditional methods and/or means of contact (such as paper-based post, telephone calls with an operator, etc.) and automated means (such as communication via internet, fax, email, SMS, applications for mobile devices such as smartphones and tablet – so-called apps – social network accounts – e.g. via Facebook – etc.). The legal basis of the processing for this purpose is Article 6.1. (a) of the Regulation.
Finally, the user’s common and/or sensitive personal data can be processed by the Company to protect its rights in court or to apply the Angelini Group Code of Conduct (Articles 6.1. (f) and 9.2. (f) of the Regulation).
The processing of personal data takes place through automated and non-automated tools, with rationale strictly related to the purposes of the processing and, in any case, with methods and procedures suitable to guarantee the data’s security and confidentiality.
Necessary processing and optional processing
The forms to fill out on this Site may include both data that is strictly necessary to manage communication and user requests, marked with the symbol [*], which if not indicated does not allow these requests to be followed up, and optionally provided data which is not strictly necessary to fulfil data subjects’ requests. Failure to provide the latter will not entail any consequence.
Browsing data
The processing of personal data of users who only visit the Site (i.e. without sending communications or using any of the available services/functions) is limited to browsing data, i.e. that which needs to be transmitted to the Site for the operation of computer systems responsible for managing the Site and internet communication protocols. This category includes the IP addresses or domain of the computer used to visit the Site and other parameters relative to the operating system used by the user to connect to the Site. The Company collects this and other data (such as, for example, the number of visits and time spent on the Site) only for statistical purposes and in anonymous form, in order to control the Site’s operation and improve its functionality. This information is not collected to be associated with other information on users and identify them; however, such information by its very nature may allow users to be identified through processing and association with data held by third parties. Browsing data is normally deleted after being processed anonymously, but may be stored and used by the Company to ascertain and identify the perpetrators of any computer-related crimes committed against the Site or through the Site. Except for this eventuality and as specified in the Cookie Policy section, the browsing data described above is only temporarily stored in compliance with the applicable legislation.
Links to other sites
The Site may contain links to other sites (so-called third-party sites). The Company does not enforce any access or control over cookies, web beacons and other user tracking technologies used by third-party sites which the user can access from the Site; the Company does not carry out any control over the content and materials published by or obtained through third-party sites, nor on the relative methods of processing the user’s personal data, and expressly disclaims any relative responsibility for such eventualities. The user is required to verify the privacy policy of third-party sites accessed through the Site and to inquire about the conditions applicable to processing their personal data. This Privacy Policy applies only to the Site as defined above.
How we store data and for how long
In accordance with the provisions of Article 5.1 (c) of the Regulation, the information systems and computer programs used by the Company are configured so as to minimise the use of personal and identifying data; this data is processed only to the extent necessary to achieve the purposes indicated in this Policy; the data will be kept for the period of time strictly necessary to achieve the objectives actually pursued and in any case, the criterion used to determine the retention period is based on compliance with the terms allowed by the applicable laws and the principles of minimisation of processing, limitation of storage and rational management of archives. In order to determine the appropriate period for retaining personal data stored by the site with the user’s consent, the data controller also takes the following criteria into consideration: the specific purposes specified in the statement for which the site stores personal information; the current type of relationship with the user (how often the user accesses their account; whether the user makes requests via contact forms; whether the user continues to receive newsletters or commercial communications; how regularly they browse the site, etc.); any specific user request for deletion of their data or withdrawal of consent; the data controller’s legitimate commercial interest.
How we ensure the security and quality of personal data
The Company undertakes to protect the security of the user’s personal data and complies with the security provisions required by the applicable legislation in order to avoid loss of data, illegitimate or illegal use of data and unauthorised access to it, with particular but non-exclusive reference to Articles 25-32 of the Regulation. The Company uses multiple advanced security technologies and procedures to promote the protection of users’ personal data; for example, personal data is stored on secure servers located in places with protected and controlled access. The user can help the Company update and maintain their personal data by communicating any change concerning their address, their qualification, contact information, etc.
Who can access the data
Personal data will be made accessible only to those within the Company, and to companies that are parent companies, affiliates or subsidiaries of the Angelini Group, and need it due to their corporate role or duties. These parties, which will be as limited as possible in number, will be appropriately trained to avoid loss, destruction, unauthorised access or unauthorised processing of the data.
Furthermore, the data can be communicated to: (i) institutions, authorities and public bodies for their institutional purposes; (ii) professionals and independent collaborators, including in associated form; third parties and suppliers which the Data Controller uses to provide commercial, professional and technical services functional to the Site’s management and related functions (e.g. IT service providers and Cloud Computing), to pursuing the purposes specified above and to the services requested by the user; (iii) third parties in the event of mergers, acquisitions, sale of a company or business branch, audit or other extraordinary operations; (iv) the company’s Supervisory Body, domiciled at the Data Controller, for the purpose of pursuing its supervisory activities and applying the Angelini Group Code of Conduct. These parties will only receive the data necessary for their relative functions and will undertake to use it only for the purposes indicated above and process it in compliance with the applicable privacy legislation. The data may also be communicated to legitimate recipients pursuant to the applicable legislation. Except for the foregoing, the data is not shared with third parties, natural or legal persons, who do not perform any commercial, professional or technical function for the Data Controller, and will not be disclosed. The parties that receive the data process it as Data Controllers, Data Processors or parties authorised to process it, according to the case, for the purposes indicated above and in compliance with the applicable privacy law.
Data transfer to non-EU countries
Regarding the possible transfer of data to third countries, including countries that may not guarantee the same level of protection required by applicable legislation, the Data Controller states that the processing will in all cases take place according to one of the methods allowed by the Regulation, such as the user’s consent, the adoption of Standard Clauses approved by the European Commission, the selection of parties adhering to international programmes for free circulation of data, (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission .
User rights
The users to whom the personal data refers have the right at any time to obtain confirmation of the existence of that data and to know its content and origin, verify its accuracy or request its supplementation or updating, or rectification, erasure or limitation, or to oppose its processing, or to lodge a complaint with the supervisory authority pursuant to Article 15 of the Regulation. Furthermore, pursuant to Articles 7,15,16, 17, 18, 19, 20, 21, 22 and 77 of the same Regulation, each user has the right to request information on the collection and use of their personal data, to access it, to obtain its correction, erasure (the right to be forgotten), limitation of processing, notification in the event of rectification or erasure of personal data or limitation of the processing, portability of data, transformation into anonymous form or blocking of data processed in violation of the law , as well as to object in any case, in the cases provided for by law, to its processing, to submit complaints relating to the collection and processing of personal information to the competent Data Protection Authority, to revoke consent to the processing of personal data at any time save the lawfulness of the processing carried out up to that time on the basis of the revoked consent.
For any request regarding the Company’s processing of personal data, to exercise the rights recognised by the applicable legislation, as well as to know the updated list of parties which can access the data, the user can contact the Data Controller and/or the DPO at the addresses indicated above.
Changes to this Privacy Policy
In the event that changes are made to this Privacy Policy, the modified version will appear on this Site. The Company will inform the user of such changes as soon as they are introduced and they will be binding as soon as they are published on the Site. The Company therefore asks the user to visit this section regularly to gain knowledge of the most recent and updated version of the Privacy Policy.
