Policy on the processing of personal data

(art 13-14 GDPR 679/2016)
 

PScotton S.p.A., Via Vallina Orticella, 1 - 31030 Borso del Grappa / Treviso / Italy, Tel. +39 0423 913300 / Fax +39 0423 913399 - email scotton@scotton.it , Tax ID no. 00605260264 / VAT no. 01981300245, acting as data controller (hereinafter, the “Data Controller”), informs you that, pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter, the “GDPR”), your data will be processed in the following manner and for the following purposes:
 

1. Data processing scope

The Data Controller processes the personal data of website users both through installed cookies (on this point, please see the full and abridged cookie policy published on the website) and through the website’s data collection forms.

The Data Controller processes common, non-sensitive personal data (e.g. first and last name, contact details, etc.).
 

2. Purposes of processing and legal basis

Processing shall be lawful only if and to the extent that at least one of the following legal bases applies:
  1. Processing is necessary for the performance of a contract:
    1. Responding to users’ questions or requests for information;
    2. Responding to users’ communications made via our contact form.
  2. Only with the users’ specific and express consent (Articles 23 and 130 of the Italian Data Protection Act and Article 7 of the GDPR), for the following Marketing Purposes:
    1. Emailing users newsletters, commercial communications and/or information on products or services offered by the Data Controller.
If you are already our customer, we may email you commercial communications regarding the Data Controller’s services and products similar to those you have already used, unless you exercise your right to opt out (Article 130(4) of the Italian Data Protection Act).
 

3. Processing methods and storage time

Your personal data is processed, by means of the operations specified in Article 4 of the Italian Data Protection Act and Article 4(2) of the GDPR, by personnel specifically appointed and trained in data processing under Article 29 of the GDPR, and by any suppliers appointed as Data Processors under Article 28 of the GDPR, in compliance with the principles of the said GDPR. Your personal data will undergo both paper and electronic and/or automated processing.

The Data Controller processes your personal data for the time necessary to fulfil the aforementioned aims and, in any case, for no more than ten years after termination of the relationship for the Service Purposes, and for no more than two years after collection of the data for Marketing Purposes .
 

4. Access to data

Your data may be made accessible for the purposes set out in Articles 2.A) and 2.B):
  • to employees and collaborators of the Data Controller, in their capacity as internal data-processing operators and/or data processors and/or system administrators;
  • to partners with which the Data Controller collaborates (e.g. for support activities in examining the feasibility of the customer's project, for technical management of the project, for the storage of personal data, etc.) or to third parties (e.g. website management and maintenance providers, suppliers, credit institutions, professionals, etc.) performing outsourcing activities on the Data Controller’s behalf, in their capacity as external data processors.
 

5. Communication of personal data

The Data Controller may communicate your data without your express consent (under Article 24 a), b), d) of the Italian Data Protection Act and Article 6 b), c) of the GDPR), for the purposes set out in Article 2.A), to supervisory bodies, judicial authorities and to all other persons to whom communication is required by law for the specified purposes. Your data will not be disseminated.
 

6. Transfer of personal data

Personal data will be managed and stored on the servers – located within the European Union – of the Data Controller and/or third-party companies entrusted with this service and duly appointed as data processors. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller may change the location of the servers in Italy and/or the European Union and/or non-EU countries, if necessary. In this case, the Data Controller hereby guarantees that non-EU data will be transferred in accordance with applicable legal provisions, by entering into agreements guaranteeing adequate protection and/or by adopting the standard contractual clauses provided for by the European Commission, if necessary.
 

7. Nature of the provision of personal data and consequences of refusal to provide same

The provision of personal data for the purposes set out in Article 2(1) is mandatory.
The provision of personal data for the purposes set out in Article 2(2) is optional. Therefore, you may decide not to provide any data or to subsequently withdraw consent to processing previously provided data: in this case, you will not receive newsletters, commercial communications or advertising material related to the Services offered by the Data Controller.
 

8. Rights of the data subject

As a data subject, you have the rights established in Article 7 of the Italian Data Protection Act and Article 15 of the GDPR, and in particular:
  • to receive confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and its communication in an intelligible form;
  • to obtain indications on: a) the source of personal data; b) the processing purposes and methods; c) the method applied in the event of processing data with the aid of electronic means; d) the identification details of the Data Controller, the data processors and the designated representatives, pursuant to Article 5(2) of the Italian Data Protection Act and Article 3(1) of the GDPR; e) the parties or categories of parties to whom the personal data may be communicated, or who may become acquainted with same in their capacity as designated representatives in a State's territory, as data processors or as data processing operators;
  • to obtain: a) updating, rectification or, when necessary, integration of the data; b) deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data not required to be stored for the purposes for which it was collected or subsequently processed; c) proof that the operations referred to in points (a) and (b) and their content have been brought to the attention of those to whom the data has been communicated or disseminated, except where this would be impossible or involves the use of means that are patently disproportionate to the right protected;
  • to object, in whole or in part to: a) the processing of personal data concerning you for legitimate reasons, even if processing is relevant to the purpose of data collection; b) processing of personal data concerning you for the purpose of sending advertising materials, for direct sales or for market research or commercial communication, using automated calling systems without human intervention, email, and/or traditional marketing methods by telephone and/or post. Please note that the data subject’s right to object, as set out in point b) above, for direct marketing purposes using automated methods extends to traditional methods as well, and that the data subject is entitled to exercise the right to object even in part. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication.
Where applicable, you also have the rights provided for in Articles 16-21 of the GDPR (right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority.
 

9. Means of exercising these rights

You may exercise your rights at any time by sending an e-mail to: scotton@scotton.it.
 

10. Minors

This website and the Data Controller’s services are not intended for children under the age of 18 and the Data Controller does not knowingly collect the personal data of minors. In the event of information on minors being inadvertently recorded, the Data Controller will delete it in a timely manner at the users' request.
 

11. Data controller, data processors and data-processing operators

The Data Controller is Scotton S.p.A..
An up-to-date list of data processors and data-processing operators is kept at the Data Controller’s premises.
 

12. Changes to this Policy

This Policy may change. Therefore, we recommend that you regularly review it and refer to its latest version.