INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO THE REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
(GENERAL DATA PROTECTION REGULATION – GDPR)
Data Controller: The Data Controller in respect of this website is Colorobbia Holding S.p.A., the registered office of which is at Via Pietramarina n. 53, 50059 Sovigliana, Vinci (Florence) Italy, VAT-Id: 01847510482.
- Type of cookies and purposes: a number of different cookies can be served through the website www.colorobbia.com. The main types of cookies used by the owner and what each is used for are hereinafter detailed.
- Technical, navigation and functional cookies: these cookies are used for the purpose of “carrying out the transmission of a communication over an electronic communications network as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service”; in this context, navigation cookies are used to ensure the correct functioning of the website and are necessary for improving quality and browsing experience. In some cases, disabling these cookies may not be technically possible, as they are essential to ensure the functionality of the site.
- Statistical/analytical cookies: analytics cookies are used to collect information to generate statistics on how users navigate around the Site. The data collected are used anonymously and exclusively for statistical purposes.
- Advertising/Targerting cookies: these cookies are used to create user profiles with the purpose of sending advertising messages based on the preferences expressed by the user during the site visit or to improve shopping and browsing experience.
- Third-party cookies: in some cases, the above-mentioned types of cookies can be installed by third-party companies based on agreements with the Owner. In other cases, the website may use some third-party services that, independently, may set their own cookies. In this context the website Owner doesn’t control these third-party cookies and so the user must review the cookie policies of these other websites for further information.
For detailed information on cookies set by Colorobbia Holding, please refer to the table below.
Please note that the Owner, through its website, can allow users to interact with third-party social networks. In this context, additional third-party cookies may be in operation on the Owner website; therefore, the data subject shall refer to the website of said third parties in order to give or withdraw its consent to the installation of third-party cookies.
3. Browsers settings. Procedure for managing cookies and browser direct links
Depending on your browser, further information on how to manage cookies may be obtained via the following links:
4. Data Controller and Data Protection Officer
The Data Controller in respect of this website is Colorobbia Holding S.p.A., the registered office of which is at Via Pietramarina n. 53, 50059 Sovigliana, Vinci (Florence) Italy, VAT-Id: 01847510482.
5. Legal basis for Processing and purpose of processing
Data collected when visiting www.colorobbia.com will be processed by the Data Controller in accordance with the applicable law.
The legal bases on which data processing is performed are: provision of services by the Company, management and facilitation of the website, management of protected areas on the site, Data Subject explicit consent, where requested and given, to the processing of his/her Personal Data.
6. Nature of the processing
7. Data processing methods
8. Framework for the free movement of Personal Data
Personal Data may be processed by third-party companies that perform activities on behalf of the Data Controller, acting as external data processors (including, but not limited to: suppliers/consultants managing and/or involved in the management and/or maintenance of electronic and/or IT tools, appointed by the Data Controller only for as long as is necessary for the optimal performance of the service). Access to Personal Data is limited to those, within the company, needing said information in relation to their job or hierarchical position. We have put in place appropriate security measures to protect your personal data against their unauthorised or unlawful use and accidental loss or destruction. However, pursuant to art. 6 letters b) and c) of the GDPR, the Data Controller may be legally obliged to disclose your Personal Data, if required to do so by law, to supervisory bodies, judicial authorities and any other third party, without the Data Subject explicit consent.
9. Disclosure of Personal Data
Your Personal Data will not be disclosed to any unspecified third party.
10. Recipients and Data processors
Personal Data shall not be in any way disclosed by transmission, dissemination or otherwise made available to third parties, except for those cases provided by law and, in any event, in compliance with the procedures set forth in the applicable regulation. Your Personal Data will be processed by the Company’s employees within the restrictions and according to the purposes of the processing. Some Data may also be processed by third parties, acting as External Data Processors, that are appointed or may be appointed by the Data Controller for the management of contractual relationship, provision of the services offered and for organizational requirements as to its business. In particular, Personal Data may be disclosed, merely by way of example, to:
- private or public subjects, authorised to process Personal Data by virtue of laws, regulations or community legislation, within the limits provided for by said regulations
- subjects who need to process the Personal Data for purposes related to the contractual relationship between the parties, within the limits strictly necessary for the performance of tasks assigned (such as, for example, banks and credit institutions, technical service providers, hosting providers, IT companies, communication agencies, mail carriers and shipping companies));
- consultants, within the limits necessary for the performance of professional duty assigned.
An updated list of the External Data Processor is made available to the Data Subject at the headquarters of the Data Controller upon request emailed to: firstname.lastname@example.org.
11. Rights of the Data Subject
The GDPR provides Data Subject with the following rights:
- pursuant to art. 15, the data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, to obtain access to the personal data and the following information: i) the purposes of the processing ii) the categories of personal data concerned; iii) the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations; iv) where possible, the envisage period for which the personald data will be stored, or, if not possibile, the criteria used to determine that period; v) the existence of the right of the Data Subject to request from the Data Controller rectification or erasure of Personal Data or restriction of processing of personal data concerning the data subject or to object to such processing; vi) the right to lodge a complaint with a supervisory authority, pursuant to articles 77 ff. of the GDPR; vii) if the Data is not collected from the Data Subject, all information available on their origin; viii) the existence of automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4 of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisage consequences of such processing for the data subject; ix) where personal data are transferred to a third country or to an internation organisation the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer;
- the Data Subject shall also have (where applicable) the possibility of exercising the rights pursuant to articles 16-21 of the GDPR (namely: right to rectification, right to erasurem right to restriction of processing, right to data portability, right to object)
The Data Subject may at any time exercise the above-mentioned rights and require a copy of an updated list of Data processor by emailing the request to: email@example.com.
The Company Colorobbia Holding S.p.A. undertakes to provide information on action taken on a request to the data Subject within one month of receipt of the request, That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. In any case the Data Controller shall inform the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Information on the action taken on a request shall be provided in writing or by electronic means. In the event of a request for rectification, erasure and restriction of processing, the Data Controller shall inform about said requests received by the Data Subject to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort.
Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Company may charge a reasonable fee.