Cieffe S.r.l. collects certain personal data of its Users.
Data Controller and Data Protection Officer
Cieffe S.r.l., with registered office in Via Zona Industriale – 97100 Ragusa (RG), Fiscal Code/Tax Reg. 00969670884
Controller’s email address: firstname.lastname@example.org.
Type of data collected
The Personal Data collected by Cieffe S.r.l. includes the following: first name, surname, email address, cookies and usage data.
The Personal Data, either identified and/or identifiable as that of the User, can either be freely provided by the User in question or, in the case of Usage Data, collected automatically during use of the Cieffe S.r.l. website.
The Controller uses appropriate security measures to prevent the unauthorised access, disclosure, modification or destruction of Personal Data. The processing is carried out using automated and electronic tools, and with organisational procedures and principles strictly related to the purposes indicated.
In some cases, other parties in addition to the Controller, may have access to the data. These may include persons involved in the organisation of Cieffe S.r.l. (administrative, commercial or marketing personnel and the system administrator); external parties (such as third-party technical service providers, hosting providers, and IT companies) and, where necessary, External Data Managers appointed by the Controller. An updated list of Data Managers can be requested from the Data Controller.
Purposes of Data Processing
The personal data provided by users who request contact are used for the sole purpose of performing the service or provision requested.
Legal basis for data processing
The Data Controller processes the Personal Data of the User if one of the following conditions is satisfied:
- The User has given consent for one or more specific purposes. N.B.: In some jurisdictions, the Controller may be authorised to process Personal Data without the User’s consent, or on any other of the legal bases specified below, until the User objects to (opts out of) such processing. However, this does not apply if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
- The processing is necessary for the execution of a contract with the User and/or for the execution of pre-contractual measures;
- The processing is necessary to fulfil a legal obligation to which the Controller is subject;
- The processing is necessary for the performance of a task carried out in the public interest or for the exercise of official authority vested in the Controller;
- The processing is necessary for the pursuit of the legitimate interest of the Controller or of third parties.
However, it is always possible to ask the Data Controller to clarify the specific legal basis of all processing and, in particular, to specify whether the processing is based on the law, provided for by a contract or necessary for the conclusion of a contract.
The data is processed at the headquarters of the Data Controller. For further information, please contact the Data Controller. The User’s Personal Data will not be transferred to any country other than that in which the Controller is based.
Duration of Data retention
The personal data processed for the abovementioned purposes will only be retained for the time strictly necessary to achieve those same purposes, in compliance with the principles of minimising and limiting the retention of data outlined in Article 5.1.e) of the Regulation. More information about the retention period of personal data and the criteria used to determine this period can be requested by writing to the Data Controller at: email@example.com.
Rights of data subjects
Pursuant to articles 15 et seq. of the Regulation, Users have the right: to request, at any time, access to their Personal Data, the correction or cancellation of said data, and limits to its processing in the cases covered by Article 18 of the Regulation; to obtain a copy of these data in a commonly used and structured format, readable by an automatic device, under the terms of Article 20 of the Regulation. Users can revoke their consent for use of their data at any time, under the terms of Art. 7 of the Regulation. Also, if they consider that the processing of their data is in breach of current law, they can make a complaint to the GDPR (Personal Data Protection Authority) pursuant to Art. 77 of the Regulation. The User can submit a request opposing the processing of his personal data under the terms of Article 21 of the GDPR, citing the reasons for his opposition. The Data Controller reserves the right to assess the application, which will not be accepted if there are compelling legitimate reasons to proceed with the processing, which override the interests, rights and freedom of the User. Requests should be sent in writing to the Data Controller, or emailed to: firstname.lastname@example.org..
Optional provision of data other than browsing data
Apart from the data required for browsing, the User is free to provide the type of personal data contained in the contact forms to request the mailing of information material or other communications (e.g. the management of personal contact requests for estimates or information on products sold by Cieffe S.r.l.). The optional, explicit and voluntary sending of e-mails to the addresses listed on this website, or contact by means of online forms, automatically entails acquisition of the sender’s address (which is necessary to reply to any requests), as well as any other personal data included in the messages. More specifically, the User’s personal data, as provided in the form on the site, will be processed to respond to requests sent by this User, and/or for the purposes of providing information material. The provision of personal data is optional. However, failure to provide the necessary data makes it impossible to execute the request. The data transmitted in this way will be processed using electronic means, solely for the time required to carry out the purposes indicated, by employees in the company’s commercial and administration departments.