PRIVACY POLICY
PRIVACY INFORMATION AND CONSENT TO PROCESSING OF PERSONAL DATA (pursuant to Articles 13 and 14 of EU Regulation 679 of 2016)
Pursuant to the provisions of EU Regulation 679 of 2016 on the protection of natural persons with regard to the processing of personal data, we inform you that SAVOIA S.R.L. will access, collect and process the personal data you provide. Specifically, in compliance with the legislative procedures laid down in the General Data Protection Regulation (GDPR) and respecting the fundamental rights and freedoms of natural persons, we inform you that in this document we set out the modalities of the management of our website as regards the processing of the personal data of the users that consult it. You are requested to read the following privacy information, given as prescribed in Articles 12, 13 and 14 (if the personal data have not been obtained from the data subject but from other sources) of the GDPR as subsequently amended and added to, so that you can fully understand on what basis the personal data are collected, how they are used and stored and to whom they are disclosed, with particular regard to:
- website browsing data;
- website cookies;
- contacts and data provided voluntarily by the data subject who uses the website (e.g. to ask to receive newsletters or request information).
Definitions
- “Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “controller” means the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for the nomination of the controller may be provided for by European Union or Member State law;
- “processor” means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;
- “data subject” means the natural person to whom the personal data processed refers. EU Regulation 679 of 2016 devotes particular attention to the rights that the data subject may exercise with respect to the data controller;
- “recipient” means a natural or legal person, public authority, agency or other body, to whom or to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients; the processing of these data by these public authorities complies with the applicable data protection rules according to the purposes of the processing;
- “third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons that, under the direct authority of the controller or processor, are authorised to process personal data;
- “consent of the data subject” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by an explicit affirmative action, signifies agreement to the processing of personal data relating to him or her;
- “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data transmitted, stored or otherwise processed;
- “supervisory authority” means an independent public authority which is established by a Member State pursuant to Article 51;
- “supervisory authority concerned” means a supervisory authority which is concerned with the processing of personal data because: (a) the controller or processor is established on the territory of the Member State of that supervisory authority; (b) data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or (c) a complaint has been lodged with that supervisory authority.
Data controller
This information is provided, in its capacity as controller of the processing of the personal data, by SAVOIA S.R.L. (hereinafter also referred to as the Company), with its registered office at Viale dell’industria 57, 3600 Vicenza, Italy, VAT No. and Tax Code 03901130249. In order to contact the controller, you may write to the address given above or to email address info@savoiaitaly.com.
Types of data processed, purpose of processing and legal basis
We inform you that SAVOIA S.R.L.. will process your personal data (hereinafter only the “Personal Data” – see Article 4.1 of the Regulation) after you have browsed the website.
What are the Personal Data?
Information that, directly or indirectly, enables the data subject to be identified as a natural person: “directly” means through his or her forename, surname and address; “indirectly” means when the Personal Data are processed together with other information.
Specifically, the Personal Data processed through the website are the following:
- Browsing data
The information systems and software procedures for the functioning of this website, during their normal operation, acquire some personal data whose transmission is implicit in the use of internet communication protocols. The information is not collected to be associated with identified interested parties, but could, by its nature, allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers employed by users connecting to the site, the addresses of the requested resources in Uniform Resource Identifier (URI) notation, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.), the times of the beginning and end of the session and other parameters related to the operating system and the user’s IT environment.
Purposes of and legal basis for the processing. The Personal Data are used for the sole purposes of gaining anonymous statistical information on the use of the site and checking that it functions correctly. The Personal Data could also be used in order to establish liability in the event of digital crimes against the site (controller’s legitimate interest).
Storage period. The Personal Data are normally erased immediately after having been processed and are therefore stored for short periods of time, except for any extensions of the storage period required for investigations. In this event the Personal Data could be used by the competent authorities to establish liability should digital crimes have been committed against the site.
Provision of Personal Data. The Personal Data are not provided by the data subject but acquired automatically by the site’s technological systems. - Cookies
Cookies are small text files that websites visited by users send to their devices, in which they are memorised in order to be re-transmitted to the same websites on the next visit. Third-party cookies, on the other hand, are set by a website other than the site the user is visiting. This is because elements can be present on any website (images, maps, sounds, links to web pages of other domains, etc.) that reside on servers other than those of the websites visited.
According to their duration, cookies may be either session cookies (i.e. temporary files that are automatically erased from a user’s device at the end of the browsing session) or persistent cookies (i.e. files that are stored on the device until they expire or are deleted by the user).
Cookies are used for various purposes. Primarily, they are used to transmit the communication or provide the service required by the user; more precisely, they enable the website and optimise its functions, carry out digital authentication and prevent abuse, monitor sessions and enhance browsing experience, for example by keeping the connection to restricted areas active while the user browses the pages of the site without it being necessary for the user ID and password to be re-entered; and by storing specific information regarding users (including preferences and the type of browser and computer employed).
Cookies may only be read or modified by the website that generated them; they cannot be used to retrieve any data from the user’s terminal and cannot transmit computer viruses. Some of the functions of a cookie can also be performed by other technologies; accordingly, in the context of our website privacy policy, in using the term “cookie” we intend to refer to cookies themselves and to all similar technologies.
Use of cookies on this website: please refer to the full information regarding cookies under the heading “COOKIE POLICY” published on this website. - Data voluntarily provided by the data subject
Except as stated for browsing data, the data subject is free to provide the Personal Data requested when carrying out the following operations:- compiling contact forms to request information or send messages of other kinds;
- registering to receive marketing newsletters;
- If the Personal Data referred to above are not provided, it may not be possible to render the service requested.
The Personal Data, in any case, will be stored for as long as is compatible with the purpose for which they have been collected.
In detail:
Contacts form for the processing of client and supplier data
The Personal Data are processed in order to:
- give information;
- enter into contractual and professional relationships;
- fulfil pre-contractual, contractual and tax obligations arising from existing relationships and handle the necessary communications related thereto;
- fulfil obligations laid down by law, by a regulation, by European Union law or in an order from a public authority;
- exercise a legitimate interest or a right of the controller (e.g. the right of defence in a law court, in order to safeguard claims or to satisfy routine internal operational, management and accounting requirements).
Purposes of and legal basis for the processing: the purposes are administrative and accounting and the legal basis is consent (as regards a request for information), the performance of a contract or the controller’s legitimate interest.
Storage period: a time compatible with the purposes of collection.
Provision of the Personal Data: mandatory for entering into contact with the Company.
Marketing, promotional and advertising activities (newsletter) registration form
Purposes of and legal basis for the processing: marketing, promotional and advertising activities related to the controller’s products and services through automated systems (fax, hard copy mail, email), supplying news and the latest information on the activities of the controller and the submission of sale offers for the products marketed by the controller. The legal basis is consent.
Storage period: the Personal Data will be stored until consent is withdrawn. Once consent has been withdrawn, the controller will cease to use the data for these purposes, but may store them in order to protect itself against possible liabilities based on the processing.
Provision of the Personal Data: explicit and mandatory for receiving the service.
If consent is not given, this impairs the processing of the data for the specific marketing, promotional and advertising purposes concerned, for sending newsletters and for contacting the user by telephone or by other means.
The data will be processed fully respecting the data subject’s fundamental rights, without harming his privacy or dignity, always fairly, lawfully and in a transparent manner and will not be further processed in a manner that is incompatible with these purposes. All the security measures necessary to ensure the confidentiality and integrity of the data will be taken.
Modalities for processing the Personal Data
The Personal Data are processed with automated tools. They will be processed fully respecting data subjects’ fundamental rights, without harming their privacy or dignity, always fairly, lawfully and in a transparent manner and will not be further processed in a manner that is incompatible with these purposes. All the security measures necessary to ensure the confidentiality and integrity of data subjects’ Personal Data will be taken.
Entities, or categories of entities, to whom the Personal Data could be disclosed
The data subject’s Personal Data could be disclosed to suppliers and third parties that perform certain services on the controller’s behalf, always respecting the arrangements for their processing and, should this be required, with the data subject’s consent. The Personal Data will be shared with and made available to such external services providers only to the extent necessary to satisfy the purposes specified in this informative document. The categories of outside entities of whose services the
Company could avail itself in order to carry out a part of its activities are:
- companies performing banking and financial services;
- companies and/or external advisors performing activities pertinent to the Company’s business activities (management software, gathering economic and financial information, IT systems management, insurance, credit management and protection);
- companies and/or external advisors appointed to fulfil legal obligations (accountancy firms, notaries, lawyers, labour consultants);
- marketing firms, agents and shippers;
- public bodies (tax offices, etc.) and authorised tax assistance centres;
- entities and persons working on contracts with the controller (e.g. technical assistance centres, internet and telecommunications operators, employees and freelancers working for outside firms).
In no circumstances will the Personal Data processed be disclosed to entities unauthorised by the controller except for the disclosure or dissemination of data requested by law by police forces, judicial authorities, information and security bodies or other public bodies for the purposes of the defence or security of the state or the prevention, investigation or repression of criminal offences.
Disclosure of the Personal Data
No Personal Data will be disclosed in any circumstances.
Place of processing
The Personal Data will be processed within the area of the European Union and in non-EU countries.
Amendments
The data controller reserves the right to amend or merely update the contents of this informative document, either in part or totally, also as a result of changes in applicable laws. The data controller suggests that data subjects visit this section regularly in order to acquaint themselves with the most recent and up-to-date version of this document so that they are always aware of the latest information regarding their Personal Data and of the use to which the data controller puts them.
Data subject’s legal rights
Data subjects are legally guaranteed a series of rights regarding their Personal Data. The data controller undertakes to protect Personal Data and comply with the laws on data protection that come into force at any given time. Fuller information and suggestions regarding data subjects’ rights may be obtained by consulting the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) website.
- Right to be informed: data subjects have the right to receive clear, transparent and easily intelligible information on the use of their Personal Data and on their rights. It is for this reason that the information contained in this document is provided.
- Right of access: data subjects have the right to obtain access to their Personal Data (if they are being processed) and other information (similar to that provided in this privacy information). The purpose of this is to enable data subjects to learn whether or verify that their Personal Data are used in compliance with data protection law.
- Right to rectification: data subjects have the right to obtain the rectification of their Personal Data in the event that they are inaccurate or incomplete.
- Right to erasure: also referred to as the “right to be forgotten”, this right enables data subjects to obtain the erasure or removal of their Personal Data if there is no valid reason for continuing to use them. This is not a general right to erasure; there are exceptions.
- Right to restriction of processing: Data subjects have the right to have their Personal Data blocked or to prohibit them from being used further. When processing has been restricted, however, the data controller stores a list of the persons who have requested a restriction on the further use of their Personal Data in order to ensure that the restriction is observed in future.
- Right to data portability: Data subjects have the right to obtain and reuse their Personal Data for their own purposes in various other services. For example, if a data subject decides to change to another supplier, this right consists in being able to move, copy or transfer the information in a secure and protected manner from the Company’s information systems to the data subjects’ own systems without their usability being impaired.
- Right to object to processing: data subjects have the right to object to the processing of their Personal Data for direct marketing purposes (which can only be carried out with their consent) and also to object to processing conducted for the purposes of the protection of the controller’s legitimate interests.
- Right to lodge complaints: data subjects have the right to lodge a complaint with the Italian Data Protection Authority against the modalities with which the controller processes their Personal Data.
- Right to withdraw consent: if they have given their consent to the performance of any activity with regard to their Personal Data, data subjects have the right to withdraw such consent at any time (although withdrawal of consent does not affect the lawfulness of the processing of the Personal Data that has been carried out on the basis of their consent until that time). This includes the right to withdraw consent to the use of their Personal Data for marketing purposes.
Data subjects may exercise the above rights by sending a written communication by email to info@savoiaitaly.com or by recorded delivery with acknowledgement of receipt to SAVOIA S.R.L., Viale dell’industria 57, 36100 Vicenza, Italy.
Pursuant to Article 8 of EU Regulation 679 of 2016, consent to the processing of Personal Data may only be given by a person who is at least 16 years old. The Personal Data of a minor who has not yet reached the age of 16 may only be processed on the basis of consent given by the holder of parental responsibility over the minor.
Last edition: August 2021
COOKIES POLICY
EXTENDED COOKIE POLICY
The Cookies consist of portions of code installed on the browser that assist the Data Controller in providing the service for the purposes described. For certain purposes, the installation of Cookies may require the User’s consent.
Technical and aggregate statistics Cookies
Activities strictly necessary for the functioning of the Application
This Application uses Cookies to save the User’s session and to perform other activities that are strictly necessary for it to function, for example in relation to traffic distribution.
Preferences saving, optimisation and statistics
This Application uses Cookies to save browsing preferences and to optimise the User’s browsing experience. These cookies include, for example, language and currency settings and cookies that enable the website’s Controller to better manage usage statistics.
Other types of Cookies or instruments provided and potentially used by third parties
Some of the services listed below might not require the User’s consent or may be managed directly by the Controller – based on their description – without involving third parties.
If the instruments specified below include services managed by third parties, these might carry out User tracking activities other than those specified herein and without the Controller’s knowledge. For detailed information, please consult the privacy policies for the services listed.
DoubleClick for Publishers (Google Inc.)
DoubleClick for Publishers is an advertising service provided by Google Inc. This service enables the Controller to conduct advertising campaigns with outside advertising networks which, unless otherwise specified, have no direct relationship with the Controller. Users who do not wish to be tracked by different advertising networks can use Youronlinechoices. For information on the use of data by Google, please refer to the standards for Google’s partners.
This service uses the “Doubleclick” Cookie, which tracks the use of @{replacementmissing: it.privacy_policy_page.interpolation.this_applicationp} and the User’s behaviour in relation to advertisements, products and services offered. The User may at any time decide not to use the Doubleclick Cookie and deactivate it: GOOGLE.COM/SETTINGS/ADS/ONWEB/OPTOUT?HL=IT.
Personal data gathered: Cookie and Data usage.
Place of processing: USA – PRIVACY POLICY
DoubleClick for Publishers Audience Extension (Google Inc.)
Doubleclick for Publishers Audience Extension is a Remarketing and Behavioural Targeting service provided by Google Inc. which tracks the users of this Application and permits selected advertising partners to show them personalised advertisements on the internet.
Personal data gathered: Cookie and Data usage.
Place of processing: USA – PRIVACY POLICY – OPT-OUT
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses the Personal Data collected to track and examine the use of this Application, fill out reports and share them with other services developed by Google. Google might use the Personal Data to contextualise and personalise its advertising network’s campaigns.
Personal data gathered: Cookie and Data usage.
Place of processing: USA – PRIVACY POLICY – OPT OUT
Display Advertisers Extension for Google Analytics (Google Inc.)
On this Application, Google Analytics might use advertising based on the interests of Google, third-party audience data and information from the DoubleClick Cookie to extend the statistics so as to include demographics, interests and data on interaction with advertisements.
Personal data gathered: Cookie and Data usage.
Place of processing: USA – PRIVACY POLICY – OPT OUT
User ID extension for Google Analytics (Google Inc.)
On this Application, Google Analytics uses a feature called User ID. This allows Google to track Users more accurately. The feature assigns a unique ID to each User for various sessions and devices, without Google being able to personally identify an individual or to permanently identify a specific device. The User ID extension also permits connecting Data from Google Analytics with other user-related Data collected by this Application. The Opt-out link provided below allows the User to disable tracking for the device he is using, but does not prevent the Controller from carrying out further tracking activities. If you wish to disable the latter as well, please contact the Data Controller via the contact email address.
Personal data gathered: Cookies.
Place of processing: USA – PRIVACY POLICY – OPT OUT
Google AdWords (Google Inc.) conversion tracking
Google AdWords conversion tracking is a statistics service provided by Google Inc., which links the data from the Google AdWords advertising network with the actions performed within this Application.
Personal data gathered: Cookie and Data usage.
Place of processing: USA – PRIVACY POLICY
Facebook Pixel (Facebook Inc.)
The Facebook Pixel is a web analysis and data collection service provided Facebook Inc. (“Facebook”). Facebook uses the collected Personal Data to track and analyze the use of this web sites and its components and to provide more relevant and consistent promotional messages through its advertising network, including the creation of remarketing lists (READ MORE).
Collected Personal Data: Cookies and usage data.
Treatment location: USA – PRIVACY POLICY – OPT OUT FOR FACEBOOK USERS – OPT OUT FOR INSTAGRAM USERS
How can I control the installation of Cookies?
In addition to what is specified in this document, the User may manage Cookies preferences directly with its browser and prevent – for example –third parties from installing them. The User can remove Cookies installed in the past through browser preferences. This includes, if present, the cookie in which the consent to the installation of Cookies is saved. Please note that, if you disable all the Cookies, this site may not work properly. Information on how to manage Cookies is available, in your browser, at the following addresses: GOOGLE CHROME, MOZILLA FIREFOX, APPLE SAFARI and MICROSOFT WINDOWS EXPLORER.
As regards third-party services, the User may also exercise its right to object to tracking in the manner prescribed in the third party’s privacy policy, through the opt out link if explicitly provided, or by contacting such third party directly.
Without prejudice to the above, the Data Controller hereby informs the User that it can use YOUR ONLINE CHOICES. Through this service he can manage most of the advertising instruments’ tracking preferences. Accordingly, the Data Controller hereby advises Users to use this resource in addition to the information provided in this document.
Data Controller: SAVOIA S.R.L. – info@savoiaitaly.com
Since the Controller cannot technically control the installation of Cookies and other tracking systems by third parties through the services used within this Application, each specific reference to third-party Cookies and tracking systems must be considered for reference only. For further information, please refer to the third parties’ privacy policy for any of their services listed in this document.
As identifying Cookies-based technologies is inherently difficult, and as these technologies are very close integrated with the functioning of the worldwide web, the User should contact the Data Controller for further information on the use of the Cookies and on any use thereof made through this website – for example by third parties.
Definitions and legal references
Personal Data (or Data)
Personal Data means any information relating to natural persons that are or can be identified, even indirectly, by reference to any other information, including a personal identification number.
Usage data
Means personal data that the Application (or the third-party applications it uses) collect automatically, which include: IP addresses or domain names of the computers used by the User who connected to the Application, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin, the features of the browser and the operating system being used by the user, time statistics (e.g. the time spent on each page) and the details relating to the path followed within the Application, with particular reference to the sequence of pages visited, the data concerning the User’s operating system and computer environment.
User
The individual who uses this Application, which must be the Data Subject or be authorised thereby and whose Personal Data is processed.
Data Subject
Any natural or legal person that is the subject of the Personal Data.
Data Processor (or Processor)
Any natural or legal person, public administration and any other body, association or entity that processes Personal Data on the Controller’s behalf, in accordance with the provisions of this privacy policy.
Data Controller (or Controller)
Any natural or legal person, public administration and any other body, association or entity that is competent, also jointly with another data controller, to determine purposes and methods for processing personal data and the relevant means, including security matters, in relation to this Application’s operation and use. Unless otherwise specified, the Data Controller is the owner of this Application.
This Application
The hardware or software through which the Users’ Personal Data is collected.
Cookies
A small portion of data stored within the User’s device.
Legal reference
Notice to European Users: this privacy notice has been prepared in accordance with the obligations set out under Article 10 of Directive No. 95/46/EC and with the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC concerning Cookies.
This privacy notice relates exclusively to this Application.