Privacy policy in accordance with Article 13 of Regulation (EU) 2016/679 ("GDPR") on personal data processing

1. Data Controller

We inform you that, pursuant to Art. 13 of the GDPR, Soffass S.p.a., which can be contacted at the address [email protected], shall process the personal data provided by you when you lodge a complaint or when you ask for information, in its capacity as data controller (hereinafter, "Data Controller" or "Company").

2. Types of data processed

The data processed by the Data Controller may include:

1) common data, such as, for example, personal details (name, surname, etc.) and contact details (mobile or landline telephone number, residential address, e-mail address, etc.) as well as any other information concerning you contained in the complaint or in the request for information.

The personal data indicated above will be jointly defined below, for brevity, as "personal data".

3. Purpose and legal basis of data processing

Your personal data will be processed:

a. For the purposes of handling your complaint and/or respond to the request for information;

b. To meet any defence requirements;

c. To fulfil any legal obligations to which the Data Controller is subject.

The legal basis of the processing for the purpose under a) lies in Article 6(1)(c) of the GDPR; for the purpose under b) in Article 6(1)(f) of the GDPR; finally, for the purpose under c) in Articles 6(1)(c) of the GDPR.

The provision of your personal data for the purposes indicated above is optional, but in its absence, it will not be possible to follow up your complaint or your request for information.

It is also possible that the personal data of any third parties to whom you may refer in your complaint or in your request for information may be processed. In such cases, we hereby inform you that you are the independent data controller and you accept all the obligations and responsibilities under the law. On this point you shall hold the Data Controller harmless in the broadest possible sense against any dispute, claim or compensation for damages resulting from such processing, etc. that may be received by the Data Controller from third parties whose personal data has been processed following your voluntary provision thereof in breach of the applicable rules on personal data protection. Should you provide or otherwise process the personal data of third parties, you warrant as of now - accepting all related liability - that this particular case of processing is based on an appropriate lawful basis legitimising the processing of the information in question.

4. Personal data processing methods

Your personal data will be processed by means of computer, manual and/or telematic tools and/or instruments, using a logic strictly related to the purpose of the processing and in any case guaranteeing the confidentiality and security of the data and compliance with the specific obligations laid down by law. 

5. Recipients of personal data 

Your data may be shared with: 

1. Subjects who typically act as data processors pursuant to Art. 28 of the GDPR; 

2. Data processors pursuant to Article 29 of the GDPR.

3. Subjects, entities or authorities, independent data controllers, to whom it is compulsory to communicate your personal data pursuant to the provisions of law or orders by the authorities. 

The above common data may be accessed by the other companies in the Sofidel Group for the same purposes as above and/or for administrative and accounting purposes pursuant to Article 6(1)(f) and recitals 47 and 48 of the GDPR. 

The updated and complete list of processors can be requested from the Data Controller at the above addresses. 

7. Transfer of data outside the EU 

Regarding the possible transfer of Data to Third Countries, the Data Controller discloses that the processing will take place according to one of the methods permitted by the law in force, such as the consent of the interested party, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for free circulation of data or operating in countries considered safe by the European Commission. It is possible to have more information, upon request, from the Data Controller to the above contacts.

8. Retention of personal data  

Your personal data will be kept only for the time necessary for the purposes for which it was collected, in accordance with the principles of data minimisation and storage limitation referred to in Article 5(1)(c) and (e) of the GDPR. Further information may be obtained, on request, from the Data Controller using the above contact details. 

9. Your privacy rights

You have the right to access your data at any time in accordance with Articles 15-22 of the GDPR. In particular, you may request the rectification, erasure or restriction of the processing of such data in the cases set out in Art. 18 of the GDPR, withdraw your consent, or obtain the portability of data relating to you in the cases laid down in Art. 20 of the GDPR.

You can object to the processing of your data under Art. 21 of the GDPR in which you give evidence of the reasons for your objection. The Data Controller reserves the right to evaluate your request, which will not be accepted if there are legitimate grounds for the processing which override your interests, rights and freedoms.

Requests must be addressed in writing to the Data Controller at the above addresses.

If you believe that the processing of your personal data performed by the Data Controller is in violation of the provisions of the GDPR, you have the right to lodge a complaint with the Data Protection Authority, as set out in Art. 77 of the Regulation itself, or to take appropriate legal action (Art. 79 of the GDPR).