The www.sonusfaber.com website is managed by Sonus faber SPA, in its capacity as Data Controller, and the security and privacy measures applicable to this website have been drawn up and developed to ensure that the personal data supplied directly by the user in the pages of the website at the time of registration and subsequently for the use of the services provided by Sonus faber SPA are processed in compliance with the provisions of Legislative Decree 196/2003 supplemented by the amendments introduced by Legislative Decree 101 dated 10 August 2018 regarding the protection of personal data (“Privacy Code”) and, following the entry into force of EU Regulation no. 679/2016 (“GDPR”), in accordance with the provisions of art. 13 of the aforementioned Regulation.
Sonus faber SPA informs you that:
Processing of personal data means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as collection, recording, organisation, structuring, storage, processing, selection, blocking, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, deletion or destruction.
The data will be processed by Sonus faber SPA in compliance with the necessary security and confidentiality, using the following methods: collection of data from the interested party, collected and recorded for specific, explicit and legitimate purposes and used in further processing operations in terms compatible with these purposes, processing carried out with the aid of electronic and automated tools (collection of data via computer, directly from the interested party).
1. SOURCE AND TYPE PERSONAL INFORMATION THAT SONUS FABER SPA COLLECTS FROM USERS:
• Information provided by the user during the site registration process, such as:
◦ General information
◦ email address
• browsing information. When the user browses the Site, Sonus faber SPA uses certain technologies, logs and cookies (see below for more information) that automatically collect certain information, such as the IP address used by the user to navigate the Site, the pages viewed, technical information that may include the user’s source URL, browser information, language. This information enables Sonus faber SPA to constantly improve the browsing experience and the purchasing mechanism of its products and services, and to monitor the correct functioning of the Site. The information only includes statistical data on the activities performed by the user, and is not intended to be associated with the user’s personal identification data (anonymisation).
2. DATA CONTROLLERS
In accordance with art. 26 of the GDPR, the data controller is: Sonus faber SPA, with registered offices in Via Meucci 10, 36057 Arcugnano (VI);
3. DATA HANDLING PURPOSES
The user’s personal data, freely communicated and acquired as a result of the activity carried out by Sonus faber SPA, will be processed lawfully and correctly for the following purposes:
A. Contractual purposes
The information collected by Sonus faber SPA is used for the following contractual purposes without the prior consent of the users, pursuant to art. 6 and 7 of the GDPR:
• in order to allow users to register on the Site;
• in order to provide the services available through the Site (e.g. management of the registration and account access procedure, account management)
• for the technical management of the Site and its operational functions, including the resolution of any technical problems, statistical analysis, testing and research;in order to prevent or impede fraudulent activity or misuse that may damage the site or
• compromise the security of operations;
• in order to comply with the obligations provided for by law, regulation or Community legislation and for the exercise of their rights in court;
• in order to satisfy the user’s requests (e.g. Management of information requests);
• in order to send users operational communications related to the provision of the service.
B. Commercial purposes
Only after specific and express consent of the user and until revocation of the same (art. 130 of the Privacy Code and articles 6 and 7 GDPR):
• use of personal data, in particular email address and paper mail, by the data controller, to send commercial proposals relating to and/or connected with the services and to send advertising material relating to the aforementioned products or services or commercial communication, including the newsletter relating to offers on the Site.
Failure to consent to the purpose referred to in point 3B will in no way affect the user’s ability to register on the site and use its services.
The user may object to the processing referred to in point 3B at any time after having given consent:
• through the link at the bottom of any email with promotional content sent;
• by sending an email to email@example.com;
• by accessing the “contacts” section within the site and sending a specific request to delete\change the preferences granted.
4. REGISTERED USER ACCOUNT
• General information
• email address
5. LEGAL BASIS OF THE PROCESSING
The legal basis for the processing is the user’s consent, the fulfilment of a contractual obligation and legal provisions.
6. LEGITIMATE INTERESTS PURSUED BY THE DATA CONTROLLERS
The legitimate interests pursued by the data controller when processing data is to respect and fulfill the contractual obligations entered into between the parties. Pursuant to art. 6 of the GDPR, the lawfulness of the processing is based on the manifestly expressed consent of the data subject, documented in writing.
7. NATURE OF THE PROVISION OF PERSONAL DATA AND CONSEQUENCES OF REFUSAL
The provision of data for contractual purposes is voluntary and optional.
The provision of the data requested when activating the services, for the purposes referred to in section 3A above, is mandatory, as it is strictly functional to their performance. Any refusal to provide data makes it impossible to complete the user’s registration process and therefore to provide the desired services.
The provision of data for the purposes referred to in section 3B above is optional.
8. DATA HANDLING METHODS
The processing of user information is carried out only if necessary and takes place out through the operations indicated in art. 4 of the GDPR, and precisely the data is collected electronically and processed through registration, consultation, communication, storage, deletion, carried out mainly with the help of electronic instruments, ensuring the use of appropriate measures for the security of data and ensuring the confidentiality of the same.
The user’s data, stored on electronic media, will be stored and archived on a server or cloud space owned by the data controller. In particular, the owners declare that the data recorded on the server are protected against the risk of intrusion and unauthorised access and that they have also put in place suitable security measures to guarantee the integrity and availability of the data as well as the protection of areas and premises relevant to their storage and accessibility.
Personal data will be processed by collaborators and/or employees in their capacity as data processors or persons in charge of processing, within the scope of their respective functions and in accordance with the instructions given by the data controllers.
The data controller guarantees the highest level of security in the management of user data. Any credit card information provided will not be not stored. The data controller does not have access to confidential information relating to credit cards, which will be processed by intermediaries and card issuers in compliance with the Privacy Code and European Regulation 679/2016.
9. CATEGORIES OF SUBJECTS WHO CAN ACCESS THE DATA
Any personal information provided will be processed by Sonus faber SPA as Data Controller. Personal information will be processed by the personnel responsible:
• employees and consultants authorised to manage the Site and provide the related services (e.g. customer service, computer systems management) as data processors and/or system administrators and/or internal data processors;
• employees and consultants of the marketing, finance, administration, accounting and other offices of Sonus faber SPA, in their capacity as data processors and/or internal data processors.
Finally, access to information may be provided by the external data controller for the management of services (e.g. commercial communications) and the fulfilment of the above mentioned contractual purposes, including the analysis of data and the provision of assistance for marketing.
Sonus faber SPA is committed to protecting users’ information and informs that the password is one of the account protection mechanisms, therefore users are invited to use a sufficiently secure password in a safe place, limiting access to the account to their computers and browsers, logging out after visiting the site.
Appropriate security measures are used to protect information from unauthorised access or modification, and from transmission or distribution of data. In order to prevent unauthorised access, maintain data accuracy and ensure the correct use of information, appropriate physical, electronic and managerial procedures are used to safeguard and secure the information and data stored in the system.
Sonus faber SPA believes that the measures adopted reduce the possibility of security problems to a level adequate for the type of data in question.
11. DURATION OF DATA PROCESSING AND RETENTION PERIOD
The processing of personal data for the purposes referred to in section 3A, will be for the period of time necessary to perform the services requested, combined with the additional period provided for by law in compliance with civil, fiscal and tax obligations in force.
The processing of personal data for the purposes set out in section 3B will be for as long as is necessary for the performance of the services requested unless explicitly requested to be deleted.
At the end of the data processing period, the data must be deleted, i.e. made permanently anonymous.
12. RIGHTS OF THE DATA SUBJECT
The user, in accordance with the provisions of art. 15 GDPR, is entitled to:
• request confirmation of the existence of any personal data regarding you, even if you are not registered, and to request a copy of them in an intelligible format.
• be informed of:
◦ the origin of the personal data;
◦ the purposes and methods of handling;
◦ the logic by which the handling takes place if using electronic tools;
◦ the identification details of the Data Controller, Data Handlers and designated representative as per articles 2 and 3, paragraph 1, GDPR;
◦ the persons or categories to whom the personal data may be communicated or who may access the data in their role as designated representative within the Stateterritory, managers or employees;
• ask for:
◦ the data to be updated, corrected or, if desired, integrated;
◦ the data to be eliminated, transformed into anonymous form or blocked if handled in violation of the law, including data which does not need to be stored for the purposes for which it was collected or subsequently handled;
◦ confirmation that all persons to whom the data was communicated or disclosed were made aware of the operations and their contents set out in letters a) and b), unless this is impossible or results in a use of means that is clearly disproportionate to the rights in question;
• oppose all or part of:
◦ the processing of their personal data, even if relevant to the purpose for which they were collected, in the case of legitimate reasons;
◦ the processing of personal data concerning them for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by email and/or through traditional marketing methods by telephone and/or paper mail.
Note that the data subject’s right to object to the processing of their data for direct marketing purposes by means of automated methods extends to the traditional methods and that, in any case, the data subject’s right to exercise the right to object even only partially remains unaffected. Therefore, the interested party may decide to receive only communications through traditional methods, or only automated communications, or neither;
• ask the Data Controller for access to personal data (art. 15 GDPR), their correction (art. 16 GDPR) or cancellation (art. 17 GDPR), the limitation of processing or to oppose their processing (art. 18 GDPR);
• the external portability of data processed in automated form where applicable;
• to revoke the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;
• lodge a complaint with the personal data protection Authority.
In order to exercise these rights, and to receive information regarding the parties with whom the data is stored or to whom the data is communicated, or to parties who, as data processors or persons in charge, may become aware of your data, you may contact the data controller by sending a request to the following email address firstname.lastname@example.org.
13. TRANSFER OF PERSONAL DATA
The management and storage of personal data will take place on servers located within the European Union. The data will not be transferred outside the European Union.
14. DATA OF MINORS
The Site is not intended for persons under 18 years of age and Sonus faber SPA does not intentionally collect personal information from the same.
If any information on minors is accidentally registered, Sonus faber SPA will promptly delete it at the request of the users.
16. LINKS TO THIRD PARTY SITES