This privacy policy describes the management of this website, with reference to processing of the personal data of its users/visitors. This privacy policy is also given as information pursuant to articles 13 and 14 of Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter referred to as the "Regulation").
This information is provided exclusively for the website of Cercol S.p.A. but not for other websites that users may access via links.
Pursuant to articles 4, 7 and 24 of the Regulations, Cercol S.p.A., with registered office at Viale E. Jenner 4, 20159 Milan (MI) (hereinafter referred to as the "Company"), hereby states that it is the Data Controller for the personal data collected when using this website.
The processing of personal data means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, even if not recorded in a data bank, such as collection, registration, organisation, structuring, storage, processing, selection, blocking, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, cancellation or destruction.
The Company therefore informs you, as a data subject, that pursuant to articles 13 and 14 of the Regulation, it will proceed to the relative processing for the purposes indicated below manually and/or with the support of computer or telematic means.
1. Purposes of the processing
The data are acquired and processed in compliance with the rules established by the Regulation for the following purposes:
BROWSING DATA: the computer systems and software procedures used to operate this website acquire, during normal procedures, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes: IP addresses, type of browser used, operating system, domain name and addresses of websites from which access or exit was made, information on the pages visited by users within the site, access time, permanence on a single page, analysis of the internal path and other parameters relating to the operating system and the user's IT environment. Such technical/IT data are collected and used exclusively in an aggregate and anonymous manner. These data are processed for the purpose of allowing and monitoring the proper use of this site and to obtain anonymous statistics on the use thereof. These data are deleted immediately after processing.
DATA PROVIDED VOLUNTARILY BY USERS. Data that the users of this website may provide will be processed, after consent to do so, where pertinent, for the following purposes:
PROVISION OF SERVICES. For access to certain services offered on this website such as signing up for courses, conferences or seminars, downloading software, or saving projects and product calculations, visitors are asked to register on the website and, therefore, create personal account. Upon registration, certain personal data such as name, surname, domicile/residence address, e-mail address, fixed and/or mobile telephone numbers, employment sector, job will be requested voluntarily by filling in the appropriate forms. Finally, the optional, express and voluntary sending of electronic mail to the addresses indicated on this website entails the subsequent acquisition of the sender's personal data (e.g. name, surname, address). The personal data provided voluntarily are processed for the creation of the user account and for strictly necessary purposes and/or connected to the provision and the correct administrative management of the requested services, as well as for the satisfaction of the requests formulated, from time to time, by the user through the website, by e-mail or other communication tool available therein.
MARKETING. To e-mail newsletters, other informative material and commercial and marketing communications.
PROFILING. For purposes related to profiling and related to market research and statistical analysis. This category includes all activities related to or connected with user profiling and aimed at detecting the tastes, preferences, habits, needs and consumption choices to improve the quality of the services provided by Mapei Group companies.
2. Communication and dissemination of personal data to fulfil the primary purposes of processing
The data may be processed by employees and collaborators of Cercol S.p.A. or of the Companies of the Mapei Group as "Mandated" (i.e. persons authorised to process personal data under the direct authority of the Data Controller or Processor, as contemplated in articles 4, 10 and 29 of the Regulation) and Data Processors.
The data may also be processed by trusted companies that perform technical and organisational tasks on behalf of Cercol S.p.A. or Mapei Group companies. These companies are direct collaborators of Cercol S.p.A. or Mapei Group companies, and are appointed as Data Processors. Their list is constantly updated and is available upon request sent to the address indicated above or an e-mail to privacy@cercol.it.
3. Mandatory or optional consent for the pursuit of the purposes of processing personal data
DATA PROCESSED TO SUPPLY THE SERVICES OFFERED ON THE SITE
It is necessary to provide to access certain services offered by the site (including, for instance, enrolment in courses, conferences or seminars, software downloads, or saving projects and product calculations). Consequently, a refusal to supply them will render Cercol S.p.A. unable to proceed with the provision of the requested service.
DATA PROCESSED FOR MARKETING PURPOSES
To proceed with processing for marketing purposes Cercol S.p.A. acquires a specific, separate, express, documented, preventive and entirely optional consent.
By granting consent to processing for marketing purposes, the data subject specifically acknowledges the promotional, commercial and marketing purposes in a broad sense of the processing (including consequent administrative and management activities) and expressly authorises such processing, whether the means employed for processing for marketing purposes are the telephone with an operator or other non-electronic means, not telematic or not supported by automated, electronic or telematic mechanisms and/or procedures, and where the means used for processing for marketing purposes are electronic mail, fax, SMS, MMS, automatic systems without operator intervention and the like, including electronic platforms and other electronic means) also pursuant to art. 6, paragraph 1, letter (a) of the Regulation.
Failure to provide consent for processing for marketing purposes will not result in any interference and/or have any consequences on any other business, contractual or other relationship with the user.
The data subject is free to give consent to further communication to third parties who wish to process the data for marketing purposes. Where the data subject does not intend to consent to the communication of his/her data to third parties, the consequence will be that there will be no communication on the part of the Company and the data will be processed solely and exclusively by the Company, if the data subject has given consent to this to processing for marketing purposes.
DATA PROVIDED FOR PROFILING
It is possible that, for marketing and service improvement purposes, the Company will process "profiling" data. For such processing, and for the purposes of complete information, reference is made to the definition given in art. 4, paragraph 1(4) of the Regulation: “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.”
Cercol S.p.A. obtains a specific and separate consent for profiling.
If the data subject does not intend to consent to the processing for profiling purposes, the consequence will be the impossibility for the Company to proceed with the relative processing actions. The data subject is free to give consent to the processing for marketing purposes but no further consent to processing for profiling purposes and/or the communication to third parties who wish to proceed with the processing for profiling purposes. Where the data subject does not intend to consent to processing for profiling purposes and/or to disclosure to third parties who wish to process the data for profiling purposes, the consequence will be that there will be no profiling or communication by the Company to third parties and the data collected will be processed only and exclusively by the Company if the data subject has given this consent to the processing for marketing purposes. Data subject to profiling and the related authorised profiles will not be subject to any dissemination.
PROVISIONS APPLICABLE TO ALL PROCESSING
In any case, even if the data subject has given consent to authorise the Company to pursue all the purposes mentioned in the points above, it may nevertheless revoke this consent at any time. We specifically and separately inform, as required by article 21 of the Regulation, that the data subject has the right to object at any time to the processing of personal data concerning him/her for the aforementioned purposes and that, if the data subject opposes processing, personal data can no longer be processed for such purposes.
4. Transfer of personal data to countries outside the European Economic Area
The data collected and processed may be transferred for the aforementioned purposes outside the European Economic Area or "EEA" (i.e. Member States of the European Union in addition to Norway, Iceland and Liechtenstein) to: •External providers of IT services and/or documentation archiving in outsourcing, including cloud-based services. •Mapei Group Companies
Data transfer takes place only in compliance with data protection legislation and where the transfer media provide adequate data protection safeguards, for example:
•through a transfer agreement that contains the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data processors and data controllers in jurisdictions without adequate data protection laws, or •by adhering to the EU-US Privacy Shield for the transfer of personal data from EU companies to US resident companies or any equivalent agreement in relation to other jurisdictions, or •transferring the data to a country where the European Commission has found signs of adequacy in relation to the levels of data protection through its legislation, or •where it is necessary for the conclusion or performance of a contract between our company and a third party and the transfer is in the interest of the data subject for the purposes of such contract, or •where the data subject has consented to the transfer of data.
5. Data storage periods, other information
All data are collected and recorded lawfully and correctly for the purposes indicated above, and are also processed with the aid of computer systems and specific databases in terms compatible with these purposes to guarantee security and data confidentiality.
It should also be noted that the data is stored in compliance with the principle of proportionality in a form that allows the identification of the data subject for a period of time not exceeding the duration necessary for the purposes for which they were collected or subsequently processed.
6. Data Controller and Processors
The identification data of the Data Controller of the data processing are the following:
CERCOL S.p.A.,
Viale Jenner 4,
20159 Milan (MI)
As stated above, the data may also be processed by entrusted companies that perform technical and organisational tasks on behalf of Cercol S.p.A. or Mapei Group companies. These companies are direct collaborators of Cercol S.p.A. or Mapei Group companies, and are appointed as Data Processors. Their list is constantly updated and is available upon request sent to the address indicated above or an e-mail to privacy@cercol.it.
7. Exercise of rights by the data subject
Pursuant to articles 13, paragraph 2, letters (b) and d); 14, paragraph 2, letter c) and e); 15; 16; 17; 18; 19; 20 and 21 of the Regulation, we hereby inform you that the data subject has the right to:
a) ask the Company as the data controller for access to personal data, the rectification or erasure thereof, the restriction of processing concerning them, or to object to processing thereof in the cases provided;
b) data portability;
c) lodge a complaint with the competent supervisory authority following the procedure and indications posted on the official website of said authority at www.garanteprivacy.it.
Any rectification, erasure or restriction of the processing carried out at the request of the data subject unless –this proves impossible or involves a disproportionate effort will be– communicated by the Company to each of the recipients to whom the personal data were transmitted. The Company may communicate such recipients to the data subject upon request.
The exercise of rights is not subject to any form restrictions and is free. To exercise the rights, the data subject may contact the Data Controller by sending a written communication to the address indicated above or an e-mail to privacy@cercol.it.
For a concrete and prompt implementation of the data subject rights under Articles 15 to 31 of the GDPR, and in accordance with Article 12 of the GDPR; the Company has adopted appropriate measures to provide all required information and communications in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The Company also undertakes to provide the information in writing or by other means and, when requested by the data subject, also orally, provided that the identity of the data subject is proven by other means.
The Company shall also provide the data subject with information on the action taken on a request under Articles 15 to 21 of the GDPR. The Company shall provide the response without undue delay and, in any event, within a reasonable time, taking into account the complexity and number of the requests.
If the Company does not take action on the request of the data subject, the Company shall inform the data subject without delay of the reasons for not taking action and on the possibility of lodging a complaint with the Authority for the protection of personal data and seeking a judicial remedy.
8. Social media plug-ins
This website contains plug-ins of some social media (e.g. Facebook). Social plug-ins are special tools for incorporating social networking features directly into the website (e.g. the Facebook "like" function) and are marked by the logo of the respective social platform. When interacting with a plug-in while visiting a page on this website (e.g. by clicking the "like" button) or leaving a comment, the corresponding information is transmitted from the browser directly to the social network platform (in this case, Facebook) and thus memorised by it. For information on the purposes, type and methods of collection, processing, use and storage of personal data by the social network platform, and the ways in which to exercise your rights, please consult the privacy policy of the corresponding social network.
9. Links third-party sites
From this website users can connect via specific links to other third-party websites. The site owner accepts no responsibility for the possible management of personal data by third-party sites and for the management of authentication credentials provided by third parties.
10. Cookies
Cookies are packets of information sent by a web server (e.g. the website) to the user's Internet browser that are automatically stored on the computer and automatically sent back to the server each time the site is accessed. By default, almost all web browsers are set to automatically accept cookies. This website does not use cookies to transmit personal data. The use of session cookies (which are not stored permanently on the user's computer and are deleted when the browser is closed) is strictly limited to transmitting session identifiers necessary to allow a safe and efficient browsing of the website. The session cookies used on this website avoid the use of other computer techniques that are potentially harmful to the privacy of user browsing and do not allow the acquisition of the user's personal identification data. This website also uses persistent cookies, i.e. cookies that are stored on the computer's hard drive until they expire or are cancelled by users/visitors. Through persistent cookies, visitors who access the site (or any other users using the same computer) are automatically recognised at each visit. Visitors can set the computer's browser to accept/reject all cookies or display a warning whenever a cookie is proposed to evaluate whether to accept it or not. The user can, however, modify the default browser settings and disable cookies (i.e. block them definitively) by setting the highest level of protection. For further information on the features, types, methods of use and possibilities for removing, deleting or disabling cookies on the website, please refer to the information in the specific Cookie Policy.
