Privacy

Dear User,

Sofidel respects your privacy and protects your personal data.
Below you will find an information notice, drawn up pursuant to Articles 13 and 14 of European Regulation No. 679/2016 on the protection of personal data (hereinafter referred to for brevity simply as the “Regulation”), relating to the processing of your personal data that you provide when browsing websites owned by us and/or using the services contained therein.
Below are described the general rules of data processing, the rules on cookies, and the methods by which it is always possible to withdraw consent to certain processing of personal data.
Your personal data will be processed by Sofidel in compliance with the principles of law and of the Regulation. Please remember that by processing of personal data we mean any operation or set of operations, carried out with or without the aid of automated processes, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction.

1. DATA CONTROLLER AND DATA PROTECTION OFFICER

The Data Controller is Sofidel S.p.A., with registered office at Via G. Lazzareschi no. 23 – 55016 Porcari (LU) (hereinafter, the “Controller” or “Sofidel”), reachable at the e-mail address [email protected].
The Controller has appointed a Data Protection Officer (“Data Protection Officer” or “DPO”), reachable at the address [email protected].

2. CATEGORIES AND TYPES OF PERSONAL DATA PROCESSED

By using the websites www.papernet.com, www.sofidel.com, www.micurodite.it (hereinafter collectively referred to as the “Websites”), the Controller may collect and process the following personal data:

Browsing data
This refers to all parameters relating to the operating system and IT environment you are using, including the IP address, location (country), domain names of the computers, URI (Uniform Resource Identifier) addresses of the resources requested on the Websites, the time of the request, the method used to submit the request to the server, the size of the file obtained in response to a request, the numerical code indicating the status of the response given by the server (successful, error, etc.), and so on. This information is collected by the Websites and enables their operation.
Please note that these personal data are used by the Controller solely to obtain anonymous statistical information on the use of the Websites, as well as to check their correct functioning and to identify any malfunctions and/or abuses.
These personal data are deleted immediately after processing, unless it is necessary to identify those responsible in the event of hypothetical computer crimes against the Websites or third parties.

Data voluntarily provided by the user
This refers to the personal data that you voluntarily enter in the information collection forms that may be present on the Websites, such as, for example, the information request form available in the “Contact Us” section, through which you will be asked to enter your contact details, such as your first name, last name, city and/or province of residence, your email address and/or your telephone number, as well as the personal data that you may provide to us as part of information requests sent to the customer service email addresses of the Controller published on the Websites.

Data processed in connection with online services
Unless otherwise specified in specific notices that may be available in the various sections of the Websites, this document also applies to the processing of data that you voluntarily provide for the purpose of using online services. This refers, for example, to the registration and access service to your personal area, within which your personal data, such as identification data and contact details, will be processed.

Cookies
Click here for the cookie policy.

3. PURPOSES OF PROCESSING

Your personal data will be processed, with your consent where required, for the following purposes, where applicable:

• to allow browsing of the Websites and the provision of services such as, among others, participation in prize competitions and prize draws in accordance with the competition rules duly published by the Controller on the relevant website, including the management of security profiles;
• to respond to requests submitted by you through the appropriate forms available on the Websites or through the customer service email addresses published on the Websites;
• with your consent, to send you promotional and marketing communications, including newsletters, promotional offers, commercial initiatives, advertising material, direct sales, and market research activities, on products and services of the Controller and/or Commercial Partners, as well as invitations to events and initiatives organized by the Controller or Group companies, through automated tools (SMS, MMS, email, automated calling systems without an operator, use of social networks, push notifications, WhatsApp, fax) and non-automated tools (postal mail, telephone with operator);
• with your consent, to analyze your purchasing choices and behavioral preferences, in order to better structure personalized commercial communications and proposals, to carry out general analyses for strategic orientation and business intelligence purposes, and, in general, for profiling activities;
• for evaluation and statistical monitoring purposes; this purpose involves the analysis of aggregated information that cannot be attributed to identified or identifiable natural persons and therefore does not constitute personal data and does not allow the Controller to identify you in any way;
• to comply with any obligations provided for by applicable laws, regulations, or EU legislation, or to satisfy requests from authorities;
• where necessary, to ascertain, exercise, or defend a right in judicial proceedings.

4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF PROCESSING

The legal basis for the processing of personal data for the purposes referred to in points a) and b) is Article 6(1)(b) of the Regulation, as the processing is necessary for the provision of the services requested by you. The provision of personal data for these purposes is optional; however, failure to provide such data would make it impossible to access the requested services.
The processing carried out for the marketing and profiling purposes described in points c) and d) is based on your consent pursuant to Article 6(1)(a) of the Regulation. Your consent may be withdrawn at any time. The provision of your personal data for these purposes is therefore entirely optional and does not affect the use of other services offered by the Websites. With regard to marketing purposes, it is specified that the Controller collects a single consent for the marketing purposes described herein, pursuant to the General Provision of the Italian Data Protection Authority “Guidelines on promotional activities and the fight against spam” of 4 July 2013. In any case, should you wish to object to the processing of your data for marketing or profiling purposes, you may do so at any time by contacting the Controller at the contact details indicated in the “Contacts” section of this notice.
Finally, it should be noted that the processing referred to in point e), not involving personal data, does not fall within the scope of application of personal data protection legislation and may therefore be freely carried out by the Controller.
The purpose referred to in point f) constitutes lawful processing of personal data pursuant to Article 6(1)(c) of the Regulation.
The processing carried out for the purposes referred to in point g) is based on the legitimate interest of the Controller pursuant to Article 6(1)(e) of the Regulation.

5. RECIPIENTS OF PERSONAL DATA

Your personal data may be shared, for the purposes indicated, with the following recipients:

• entities that typically act as Data Processors pursuant to Article 28 of the Regulation on behalf of the Controller, in particular: entities entrusted with the provision of services (e.g. hosting providers or email platform providers); entities authorized to carry out technical maintenance (including maintenance of network equipment and electronic communications networks), etc. The complete list of data processors is available upon written request to the Controller at the contact details indicated in the “Contacts” section of this notice;
• persons authorized by the Controller to process personal data necessary to carry out activities;
• subjects, entities, or authorities to whom it is mandatory to disclose your personal data by virtue of legal provisions or orders of the authorities;
• your data may be accessible to other companies of the Sofidel Group for the same purposes indicated above and/or for administrative and accounting purposes pursuant to Article 6(1)(f) and Recitals 47 and 48 of the Regulation.

6. TRANSFERS OF PERSONAL DATA

Some of your personal data are shared with entities that may be located outside the European Economic Area. The Controller ensures that the processing of your personal data by these entities takes place in compliance with Articles 44–49 of the Regulation. Such transfers may be based on an adequacy decision, on Standard Contractual Clauses approved by the European Commission, or on another appropriate legal basis. Further information is available upon written request to the Controller at the contact details indicated in the “Contacts” section of this notice.

7. RETENTION OF PERSONAL DATA

Personal data processed for the purposes referred to in sections a) and b) will be retained for the time strictly necessary to achieve those purposes.
For the purposes referred to in sections c) and d), your personal data will be processed for the period strictly necessary to achieve the purposes for which they were collected, in compliance with the data minimization principle pursuant to Article 5(1)(c) of the GDPR and, in any case, until your consent is withdrawn. Upon withdrawal of consent, the data processed for the purposes referred to in sections c) and d) above will be erased or permanently anonymized.
In general, the Controller reserves the right to retain your data for the time necessary to comply with any applicable legal obligation or to meet any defensive needs. The Controller may also retain your personal data for the period provided for and permitted by law to protect its own interests (Article 2947 of the Italian Civil Code).
Further information regarding data retention periods and the criteria used to determine such periods may be requested by sending a written request to the Controller at the contact details indicated in the “Contacts” section of this notice.

8. DATA SUBJECT’S RIGHTS

Pursuant to Articles 15–22 of the Regulation, you have the right at any time to access your personal data. In particular, you may request rectification (Article 16), erasure (Article 17), restriction of processing (Article 18), and data portability (Article 20), not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Article 22), as well as the withdrawal of any consent given (Article 7(3)).
You may also submit a request to object to the processing of personal data, providing the reasons justifying the objection: the Controller reserves the right to assess your request, which would not be accepted in the presence of compelling legitimate grounds for processing that override your interests, rights, and freedoms. You are also informed that you have the right to object at any time and without justification to profiling and to the sending of direct marketing through automated tools (e.g. SMS, MMS, email, automated calling systems without an operator, use of social networks, push notifications, WhatsApp, fax) and non-automated tools (postal mail, telephone with operator). With regard to direct marketing, you may also exercise this right partially, for example by objecting only to the sending of promotional communications via automated tools.
Requests must be addressed in writing to the Controller at the contact details indicated in the “Contacts” section of this notice.
In any case, you always have the right to lodge a complaint with the competent supervisory authority (Italian Data Protection Authority) pursuant to Article 77 of the Regulation, should you consider that the processing of your data is contrary to applicable law, or to bring proceedings before the competent judicial authorities pursuant to Article 79 of the Regulation.

9. CHANGES

The Controller reserves the right to amend or simply update the content of this notice, in whole or in part, also as a result of changes in applicable legislation. The Controller therefore invites you to regularly visit this section in order to review the most recent and updated version of the Privacy Policy and to remain informed about the data collected and how the Controller uses them.

10. CONTACTS

To exercise the rights set out above or for any other request, you may write to the Data Controller at the address [email protected].
You may also contact the Data Protection Officer at the registered office of the Data Controller at the address indicated above and/or by email at: [email protected]..