PERSONAL DATA PROCESSING AND PROTECTION POLICY STATEMENT
- Introduction and scope of application
Thank you for visiting our website. The information provided below contains all indications useful to understanding the purposes and methods of processing of your personal data as a visitor to the website colsam.com/it (hereinafter, for brevity, also the “Colsam Website”).
In its business activity, Colorificio Sammarinese S.p.A. (hereinafter, for brevity, also “Colsam”) takes the utmost care to protecting and safeguarding the personal data of all those with whom it operates or interacts, by adopting all security procedures and systems appropriate, adequate and necessary to this purpose.
This policy statement is also provided in order to offer all data subjects a complete description of the management methods adopted by the Colsam Website in relation to the processing of users’ personal data by Colorificio Sammarinese S.p.A., in accordance with, to the extent applicable, the provisions of Regulation (EU) No 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, for brevity, “GDPR”).
This policy statement may always be accessed and consulted on the homepage: colsam.com/it
The policy statement is provided solely for colsam.com/it and does not apply to any other websites that may be accessed by the user via links contained in the website.
- Data controller
The personal data controller is Colorificio Sammarinese S.p.A., with its office in Falciano, Via del Camerario 7, 47891, Republic of San Marino. The data controller may be contacted, for the purposes of this policy statement, at the e-mail address email@example.com
- Representative of the Data controller
The Representative of the Data Controller is Colsam Italia Srl, representative in Italy and in the European Union of Colorificio Sammarinese S.p.A., with its office in Rimini (RN), via Di Duccio n.8/B 47922. P.IVA 04508580406. The Representative of Data controller may be contacted, for the purposes of this policy statement, at the e-mail address firstname.lastname@example.org
- Personal data
“Personal data” generally means all information concerning a natural person who has been identified or is identifiable by elements such as, for example, name, identity document details or the physical, physiological, genetic, economic, cultural or social identity of the person concerned, as well as through identifying details relating to the person’s location.
- Location of personal data processing
The processing relating to the Colsam Website is performed at Colsam’s registered office, as identified and detailed above.
- Data processed Methods and type
The personal data of users of and visitors to the Colsam Website may include the following and is collected by Colsam primarily using one of the methods indicated below.
- Browsing data
The IT systems and software procedures used in the operation of the Colsam Website acquire, under normal operating conditions, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified data subjects, but due to its nature it could allow users to be identified via processing and association with data held by third parties.
This category of data includes the following browsing data:
- IP addresses, domain names, browsing data and all other data relating to the interaction of users of the Colsam Website with Colsam, for example when content is viewed or searched for, or when applications or software are installed;
- the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response provided by the server (success, error, etc.) and other parameters relating to the user’s operating system or IT environment, data relating to the devices and/or computers used by the user to access the Colsam website, including browser type, unique device code, language, operating system, the reference Web page, pages visited, position and information regarding cookies, data relating to the computer and the connection (for example, statistics on page views, incoming and outgoing site traffic and URL of origin);
- geolocalisation data, in particular through the use of mobile devices;
- name of the Internet service provider (ISP);
- date and time of the visit;
- Web page of origin and departure of the visitor;
- number of clicks, where applicable.
- Data provided by the user
Where specific features and/or services offered by the Colsam Website are activated and where requested by the user (e.g., for marketing activity, newsletters, purchase of Colsam products, etc.), the personal data collected by Colsam may include, in addition to the above:
- identifying information such as given name, surname, date of birth, tax code, VAT number, ISS code, telephone number, e-mail address (including certified e-mail address), username, password, gender or other data that Colsam is required or authorised to collect and process, in accordance with applicable legislation, in order to authenticate or identify the user or verify the information provided and collected;
- data relating to offers, purchases or sales of products or services offered by Colsam, provided during a precontractual negotiation and its subsequent conclusion and all other data provided in relation to such operations;
- No processing of special categories of personal data Special categories of personal data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, are not requested in any way and therefore are not processed by Colsam.
The optional, explicit and voluntary sending of emails to the addresses indicated on the Colsam Website entails the subsequent acquisition of the sender’s email address, which is required in order to respond to the user’s request, as well as any other personal data included in the message.
Optional, explicit and voluntary registration through specific Web modules (forms) present on the Colsam Website entails the subsequent acquisition of all the data included in the fields compiled by the user, as necessary to fulfil the user’s requests.
A cookie consists of a short set of data transferred to the user’s browser by a Web server and can only be read by the server that has transferred it. It is not executable code and does not transmit viruses.
Cookies do not store any personal information and any identifiable data will not be saved. Where desired, it is possible to prevent some or all cookies from being saved. However, in this case the use of the website and services offered may be compromised. To proceed without modifying cookie options, the user may simply continue browsing.
- Purposes and methods of data processing
The personal data processing performed by Colsam will be undertaken solely for the purposes indicated below.
With regard to the browsing data indicated in paragraph E) I above, Colsam performs processing activity in order to monitor the technical functioning and performance of the Colsam Website, in order to understand how to improve and develop the services. Such data is required to ensure the availability and usability of the Colsam Website.
The data indicated in paragraph E) II above is used by Colsam, depending on the case:
- To implement the sale of the products and/or services offered by Colsam and offer the related assistance. In such cases, through the information and data provided, Colsam is able to implement the activities and services requested by the data subject (including in the name and/or on the account of third parties) or to implement precontractual measures and/or negotiations attributable to those activities.
The same personal data may also be processed to solve problems and protect against errors; to perform data analyses and tests; to conduct research and investigations; and to develop new features of the services offered by Colsam in order to provide the user with a constantly improved experience, to keep the services in question protected and operational and to personalise the content of the Colsam Website.
- To offer security and protection for both the personal data received and Colsam’s security systems. The data collected is also used by Colsam to authenticate and verify users’ identities, to respond to a request or complaint, to perform controls and apply Colsam’s policies, to prevent, detect, mitigate and/or establish security breaches and/or activities that are even merely potentially prohibited, illegal and/or unlawful. This data may also be used to establish responsibility in the event of potential cybercrimes affecting the Colsam Website.
- Communicating with the user and/or data subject The data may be used to contact the user for the purposes indicated in this policy statement and in the cases provided for by law. Contact and communication may take place by e-mail, telephone or text messages. Colsam may thus use the user’s information to send him or her service messages and/or to respond to his or her requests, to offer discounts and special promotions and to obtain his or her opinions through surveys or questionnaires.
- Performing marketing activity With the user’s consent – which must be expressly and separately granted by ticking the dedicated boxes in the banner of the homepage of the Colsam Website – Colsam may use the user’s information to promote new features or products which may be of interest the user, as well to perform marketing activity, including via newsletters, telephone calls or text messages. In any case, the user may monitor the promotional communications and most of the preferences expressed with regard to marketing activities by sending a specific request to the Data Protecting Officer;
- Social Media Plugins
The Colsam Website also incorporates social media plugins and/or buttons, in order to allow content to be shared easily on the user’s preferred social media. These plugins have been designed so as not to set up any cookies upon accessing the page, in order to protect the users’ privacy. Cookies may only be set up, as prescribed by social media, when the user makes effective and voluntary use of the plugin. It should be noted that if the user browses the web while logged in to a social media, then he or she has already consented to the use of the cookies routed through this website when registering with the social media.
- Legal basis of data processing
The legal bases of Colsam’s processing of the data subject’s personal data may vary in each case, and more specifically:
- the contracts stipulated or to be stipulated (with the data subjects) to benefit from the products or services offered by Colsam; and
- Colsam’s legitimate interests (which may be opposed pursuant to paragraph K a) below, including, for example (Colsam’s) interest in:
- performing direct marketing activity;
- ensuring the availability of the Colsam Website, improving, personalising and developing the Colsam Website and monitoring its technical functioning and performance;
- marketing new features or products that could be of interest to the user;
- promoting data security and protection;
- processing data within the Colsam group of companies or entities related to it for internal administrative purposes, without prejudice to the general principles and legal prescriptions for the transfer of personal data within a group of companies to a company based in a third country.
Colsam also has a legitimate interest in processing personal data relating to traffic, to the extent strictly necessary and proportionate to ensuring network and information security, i.e. the capacity of a network or information system to resist, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and the security of the related services that are offered or made accessible via such networks.
- Data collected from third parties or through other sources
Colsam may collect additional personal data or supplement the personal data already in its possession with other data and information collected by third parties (for example, its suppliers or resellers), in addition to using data and information in the public domain and information collected through specific databases (e.g., Cerved or others), in accordance with applicable legislation.
- Personal data processing as data processor
Colsam may process personal data not as the data controller but as data processor (and/or sub-processor) (pursuant to Article 28 GDPR).
Accordingly, in such cases data would be processed by Colsam on behalf of the data controller (a party other than Colsam), according to the terms, using the methods and under the conditions agreed with the said data controller.
Whenever Colsam is designated data processor, since Colsam has no relationship with the data subject, the data controller shall remain fully responsible, in accordance with applicable legislation, for providing all services and/or fulfilling all prescriptions generally provided for in the legislation concerned with respect to the data subject, while also (the data controller) taking care to inform the data subject adequately of all elements appropriate to ensuring that the data subject always is fully, clearly aware of the activity performed by Colsam as data processor.
In any event, Colsam shall perform the duties of data processor in accordance with the provisions of the GDPR (as amended and supplemented).
- Methods of disclosure of information to third parties
The personal data provided to Colsam may only be shared with third parties in the following cases:
- Data subject’s consent
The data subject may authorise Colsam to disclose (or divulge) his or her data to other third parties, for example where he or she has expressed his or her intention to be contacted and/or re-contacted by Colsam and/or by Colsam’s commercial partners or distributors for all needs or clarification relating to the services and/or solutions offered by Colsam.
- Processing by external entities
Personal data may also be disclosed:
- within a group of companies or entities related to Colsam for internal administrative purposes, without prejudice to the general principles and legal prescriptions for the transfer of personal data within a group of companies, including to a company based in a third country;
- to third providers of shipping services (e.g., DHL, UPS, GLS, etc.) to which Colsam discloses delivery addresses, contact information and shipping codes;
- to providers of websites, applications, services and tools with which Colsam collaborates to provide the services or products offered by Colsam.
- Judicial, legal and/or general protection needs
Colsam may keep or divulge personal data where necessary to meet judicial needs, for example because the data has been requested by an administrative authority, control authority and/or supervisory authority, within the framework of a legal proceeding, otherwise in accordance with provisions of law, otherwise for the exercise of legal rights or defence against complaints and/or legal actions, to prevent, identify or investigate illegal activity, fraud, abuse and infringement on Colsam’s subjective legal positions, or where there are threats, including merely potential threats, to the security of Colsam’s assets and/or interests.
- Extraordinary operations and/or changes
Where Colsam is involved in a merger, de-merger, transformation, acquisition or sale of assets, Colsam shall take all measures necessary to protect the confidentiality of the personal information and shall notify the affected users before transferring any personal information to a new entity.
- Data storage period
The personal data storage period is determined (or determinable) according to the purposes or legal basis of the processing.
The browsing data set out in paragraph E) I above will be deleted a few hours after it is processed.
The data set out in paragraph E) II above will be stored for as long as necessary for the proper, complete performance of the operations comprising the services and/or activities requested by the User (including those strictly connected to and associated with the discontinuation thereof), and in any event for a period of no longer than five years from the discontinuation of the service and/or activity undertaken by Colsam.
The foregoing is without prejudice to the case in which the data subject has expressly granted – including for different reasons – consent for a longer period (in which case the storage period will correspond to that granted) or Colsam must satisfy its legitimate interests, as identified above (in which case the storage period will correspond to that in which the interest concerned is satisfied).
The foregoing is also without prejudice to the case in which the data must be stored for a longer (or shorter) period to satisfy judicial needs, for example to comply with a request from an administrative authority, control authority or supervisory authority, or to exercise and/or protect (in and/or out of court) rights or conduct a defence against complaints and/or legal actions.
Once the storage period has ended, the personal data will be removed in a secure manner.
- Data subject’s rights
All data subjects to which personal data processed by Colsam may be attributed, in accordance with and pursuant to the terms and methods provided for in the GDPR, are provided with useful tools for accessing and controlling their data and exercising the rights described below.
- Right to access, rectification and erasure of data, right to restriction of and opposition to use of data and right to withdraw consent.
Without prejudice to the foregoing provisions regarding storage, the data subject may request that personal data collected regarding him or her be updated, modified, restricted or erased at any time.
If it is decided to erase the data, it should be noted that although most of the information stored will be erased within five days, up to 60 days could be required to eliminate all the data entered into Colsam’s systems owing to the size and complexity of the systems and procedures used.
Where data processing is based on consent granted by the data subject, such consent may be withdrawn by the data subject at any time. Accordingly, it always possible to oppose the sending of newsletters and the processing of data for all or only some marketing or commercial purposes.
The data subject may also oppose the processing of data even where carried out in pursuit of Colsam’s legitimate interests.
Where withdrawal of consent, restriction of the use of data or erasure of previously provided personal data is requested, Colsam might no longer be able to provide the requested service, including the use of the Colsam Website.
In any event, data erasure requests are subordinate to applicable legal and document storage obligations imposed by laws or regulations.
- Right to portability
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a data controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another data controller.
- Right to lodge a complaint
The data subject always has the right to lodge a complaint with the competent supervisory authority where he or she identifies problems relating to the use of his or her personal data.
- Automated decision-making process
Colsam may use automated technologies for profiling in accordance with applicable legislation.
If the data subject requires further assistance regarding his or her rights, he or she may contact the Data Protection Officer using the contact details provided above in paragraph B).
Colsam does not process the personal data of minors under age 16.
If the user is under 16 years of age, pursuant to Art. 8(1) GDPR, he or she shall legitimise his or her consent through authorisation from his or her parents or guardians.
- Security measures
The Colsam Website processes user data lawfully and correctly, while adopting appropriate security measures designed to prevent unauthorised access, dissemination, modification or destruction of data.
In particular, Colsam has adopted, and continues to adopt, measures of an organisational (distribution of roles and responsibilities in the performance of activities and controls), procedural and technical (firewalls, antivirus software and other advanced technologies) nature appropriate to protecting your data against loss, theft and authorised use, dissemination or modification.
The processing is performed using IT systems and/or computer telecommunications, adopting organisational procedures and logic strictly associated with the specified purposes.
In addition to the data controller, in some cases certain categories of personnel involved in site organisation (administrative, sales, marketing and legal personnel and system administrators) and external entities (such as third-party technical service providers, postal couriers, hosting providers, IT companies and communications agencies) may have access to data.
- Transfers of personal data to third countries
Through its international partners, Colsam may transfer the data subject’s personal data to Third Countries to the European Union, subject to the requirements and in accordance with the prescriptions laid down in the GDPR.
The Colsam Website may disclose some of the data collected to services based outside the European Union area. In particular, it may disclose data to Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics 4 service. The transfer is authorised and strictly governed by Article 45(1) of Regulation (EU) No 2016/679, and additional consent is therefore not required. The above-mentioned companies guarantee their participation in Privacy Shield.
The Third Countries to which the personal data are transferred may be subject to a legal system with privacy and personal data protection laws that differ from those of the data subject’s country of residence.
The data subject may always exercise the rights indicated above in paragraph L) I, even in the event of transfer of the data.
If Colsam should disclose your personal data to third parties (for example, with regard to services for which you have registered), such third parties shall act as independent data controllers or shall be designated as data processors by Colsam.
- Suppliers appointed as Data Processing Manager
The Data Controller has appointed the following suppliers as Data Processing Managers:
– for hosting operations: Performize Srl, Via Ca’ Bordoni 1384, 47842 San Giovanni in Marignano (RN) P.IVA 04414870404