1. General provisions
1.2 Joint-Controller. Coesia S.p.a. and its worldwide affiliates (“Coesia Group”), act as joint-controllers under art. 26 of GDPR of the personal data that you decide to provide us through the website.
2. Data subjects and scope of application
3. Types and source of processed Personal Data
3.1 Source. Coesia Group processes the Data Subjects’ Personal Data – as hereinafter specified – provided directly by the Data Subjects through the “Contact us” form of the Websites.
3.2 Identification data. Coesia Group processes Data Subjects’ Personal Data, that consist of your identification data (such as, for example, name, surname, company, e-mail address, citizenship, city, phone number ecc.). Furthermore, Coesia Group will process all information – which however shall only include – if any - common personal data - that you will decide to provide us through the “Message” field in the “Contact us” form on the Websites.
4. Legal basis for and purposes of processing the Personal Data. Period of data retention
4.1 Legal basis. The legal basis for the processing of Personal Data is: (i) the execution of a contract or pre-contractual steps to be taken at the request of Data Subjects prior to entering into a contract about purpose under art. 4.2 A); (ii) the consent given by Data Subjects to the processing of their Personal Data; (iii) Legitimate Interest about purpose under art. 4.2 C).
4.2 Purposes. Coesia Group processes Personal Data for the following purposes, as specified in the table here in below, in which is furthermore highlighted (a) if an express consent to processing of Personal Data is needed (or not ) as well as (b) the period of data retention:
A) Processing of personal data in order to reply to queries concerning the company activities
Until the purpose is achieved
B) Processing of personal data in order to send newsletters, promotional and advertising and/or other materials for marketing communication purposes by Coesia Group’s companies
Until the withdrawal of consent or until a denial has been communicated
Processing of personal data in order to send to customers email marketing communications, concerning Coesia Group’s services or products similar to those already supplied, by virtue of previous business relationship (“soft spam”), unless a communication to refuse or unsubscribe from marketing (“opt out”) has been made by said customers, according to applicable laws.
Until the “opt out” has been communicated
4.3 Optional/Mandatory supply of Personal Data. Subject to what specified above, the provision of Personal Data is optional and free. However, failure to provide Personal Data may prevent Data Subjects from receiving communications and/or replies to their queries concerning the company activities.
5. Persons in charge of the processing and processors
5.2 Processors. The Coesia Group may designate as processors entities/individuals for the purposes described above. The complete list of all processors may be required by Data Subjects to the Coesia Group, by sending an email to the email address email@example.com.
6. Method of processing, storage of Personal Data and security measures
6.1 Methods of processing. The Personal Data of Data Subjects are processed almost exclusively through automated procedures, by using computerized systems and softwares or, in a limited number of cases, through manual means (e.g. on paper), provided however that in any event such Personal Data are processed adopting methods which are strictly related to the purposes for which such data have been collected and anyway to ensure their security, in accordance with the GDPR and the National Data Protection Laws.
6.2 Place of automated data processing. Processing of Personal Data is made by the Coesia Group as joint-controllers and/or – if appointed – by the processors. Personal Data are stored in the head offices of the Coesia Group’s companies where the physical servers are and in some cases on servers of third parties, which provide cloud services to allow storage of Personal Data.
6.3 Transfer of Personal Data. Personal Data may be transferred in order to achieve the purposes described above to Coesia Group acting as joint-controllers, whether they are located in EU or in third countries outside the EU, provided however that in the latter case, the transfer of Personal Data as above specified shall be made subject to the Coesia Group’s assessment of full compliance with the provisions of chapter V of the GDPR and in particular with article 49.1 B).
6.4 Dissemination of Personal Data. Personal Data will not be disseminated.
7. Data Subjects’ rights
7.1 Rights. Data Subjects, when they are individual/natural persons, may directly address to the Company or the processor/s designated by the same in order to enforce their rights according to provisions of National Data Protection Laws and to the GDPR (articles 15 and subsequent articles), and, in particular, to have access to their own Personal Data, obtain updating and rectification or erasure of the same, restriction of processing, as well as obtain data portability by sending an email to the email address firstname.lastname@example.org or, with specific regard to the newsletter, by clicking the “unsubscribe” button or following the instructions published on the Website.
7.2 Right to object. With the same procedures described above, Data Subjects may object, in whole or in part, to the processing of Personal Data concerning them, where the relevant legal basis is constituted by the legitimate interests of Coesia Group, pursuant to and with the effects provided for by Article 21 of the GDPR, having regard in particular to direct marketing.
7.3 Complaint. The above notwithstanding, according to article 77 of the GDPR, Data Subjects, when they are individual/natural persons, may lodge a complaint with the competent Supervisory Authority, in order to enforce their rights, as specified above.