Privacy Policy

PRIVACY POLICY — ARTICLES 13-14, GDPR UE/2016/679

The UE/2016/679 EU Regulation (hereinafter referred to as “Regulation”) lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

In compliance with the principle of transparency provided for in art. 5 of the Regulation, Cofle S.p.a., as Controller of data processing, shall provide the information as required by articles 13 and 14 of the Regulation. Specific information could be given on the website in relation to particular services or data processing, provided by the user or the person concerned.

Type of data collected and purposes of data processing

In pursuit of the following purposes, the categories of data shall be as follows:

  • Surfing Information: while the IT systems and software procedures adopted to run this website are performing their routine tasks and functions, they acquire certain personal information which is implicitly transmitted while using Internet communication protocols. The information is not collected to be associated to non-identified party, but because of its nature and through data held by third parties, the users’ identification is possible. The information that falls under this category is: IP addresses, the domain and website addresses used to access the website, the URI addresses (Uniform Resource Identifier) of the web search, the time of the search, an internal route analysis, the size of the file received, the numeral code of the server answer (success, error, etc) and other parameters about the user’s operating system and IT environment.
  • Identifying data: name, surname, address.
  • Contact details: phone number, mail.
  • Data regarding the interest for a Cofle S.p.A. product

Personal data that may be voluntary supplied by the user by completing registration forms and / or by sending e-mails, will be processed correctly, legally and with transparency to protect the user’s privacy and rights, in accordance with the company’s privacy policy, and to provide the users only with the required information.

As regards as the above purpose, data processing could be carried out without the user’s consent since it is mandatory for the implementation of precontractual measures taken in response to the user’s request. (art. 6.1 point b  of the Regulation)

The supply of personal data is optional but necessary. The refusal to supply said information will render Cofle S.p.A. unable to provide the service required (i.e. service quotations)

Data processing procedures

The user’s data processing shall be performed through paper form and IT tools in accordance with the provisions regarding personal data protection, particularly, technical and organisation measures referred to in article 32.1 of the Regulation, and in accordance with any protective measure which shall ensure integrity, privacy and availability.

Data Source

DATA SUPPLIED BY THE USER
All data are directly supplied by the user

Target groups

In relation to the above purposes, the user’s personal data can be processed by the following subjects or target groups:

  1. Companies which provide the IT system used by Cofle S.p.a.;
  2. Management consultants;
  3. Companies providing support and management;
  4. Competent authority to ensure compliance with legal obligation.

Regarding the target groups referred to in points b), c), d), the Controller of data processing shall commit to rely only on trusted entities and shall appoint them Processors, former art.28 of the Regulation. The list of Processors is available in Cofle S.p.A and the user can access it, following a request to the Controller.

Solely for the above purposes, data may be processed by employees and / or collaborators of Cofle S.p.A as “persons in charge of the processing” authorized by the Controller in accordance to art. 29 of the Regulation.

Data will not be provided except when required by a law or rule or EU Legislation.

Storage Period

TYPE OF DATA STORAGE PERIOD LEGAL REFERENCES
  • Identifying data
  • Contact details
  • Data concerning interest for a product or service
24 months from data acquisition
  • Art. 5.1 point e) EU Reg. 2016/679

Rights of the data subject

Pursuant to articles 15-22 of the Regulation, the Data Subject can exercise anytime his/her rights against the Controller.

Data Subject has always the right of asking:

  • To the Company, access to personal data;
  • Their rectification in case of inaccuracy;
  • Their erasure;
  • The limitation of their processing

He has also:

  • The right to object the processing if he thinks there is a violation of his rights or his freedom:
  • The right to withdraw his consent at any time according the purposes for which the consent is necessary;
  • The right to data portability, that is to say receive data in a common structured format which can be read by any automatic device.

Identity and contact details of the Controller

The Controller is Cofle S.p.a., address Via del Ghezzo, 54 – 20056 – Trezzo sull’Adda (MI), tel.: 029200201 e-mail: cofle@cofle.it

Contact details of the Processor

The appointment of a Processor is not mandatory as required by article 37 of the Regulation.