PERSONAL DATA PROTECTION POLICY (GDPR POLICY)
The Gruppo Cimbali company (hereinafter the “Company”) takes great care to ensure the security and confidentiality of its clients’ personal data during all business operations.
The Company is the data controller for personal data gathered on this website.
WHAT KIND OF PERSONAL DATA MAY BE COLLECTED
The following categories of personal data may be collected:
- Contact details – information relating to your name, date and place of birth, tax code, address, telephone number, mobile number, email address, VAT number and registered office address.
- Interests – information you provide in relation to your interests, including products in which you are interested.
- Other personal data – information you provide relating to your date of birth, education or professional situation.
HOW WE COLLECT YOUR PERSONAL DATA
The Company collects and processes your personal data in the following circumstances:
- if you contact us in order to request a course;
- if you respond to one of our marketing campaigns, for example by filling out a response form or entering your details on one of our websites.
Please help us keep your personal data up to date by informing us of any changes to it.
THE WAYS IN WHICH YOUR PERSONAL DATA MAY BE USED
Personal data must only be processed on legitimate grounds in accordance with current personal data regulations, as described below.
- Fulfilment of contractual obligations and related training course and event management activities.
The Company collects and processes your data to fulfil its obligations under the contract and to allow you to participate in training courses and/or training events.
Reason for data processing: fulfilment of contractual obligation.
Provision of data is compulsory so that we are able to respond to your requests; if you do not provide your data, we are unable to allow you to proceed.
- Marketing activities designed to respond to your needs and provide you with promotional offers in line with your preferences.
The Company may process your contact details for marketing and advertising purposes with the aim of informing you about promotional initiatives related to training courses carried out using automated contact methods (e.g. email) and traditional contact methods (e.g. telephone calls).
The Company may also process your contact details, interests and other personal data in order to send you commercial communications in line with your preferences, based on a specific customer profile, in the event that you grant your further consent for this and always within the limits described in the relevant consent form.
Reason for data processing: consent.
Failure to provide consent will have no effect on contractual relationships. You can withdraw your consent by sending an email to the following address: firstname.lastname@example.org
- Compliance with binding legal requests and obligations, regulations and measures taken by the judicial authorities, and to defend a right in a legal setting
The Company collects your contact details in order to fulfil a legal obligation and/or defend one of its rights in a legal setting.
Reason for treatment: legal obligations to which the Company is bound to adhere.
HOW WE KEEP YOUR PERSONAL DATA SAFE
The Company employs a vast range of security measures in order to optimise the protection, security, integrity and accessibility of your personal data.
All of your personal data is stored on our secure servers (or as secure hard copies) or on secure servers belonging to our suppliers or commercial partners. The data is accessible and usable in accordance with our security standards and policies (or the equivalent standards of our suppliers or commercial partners).
HOW LONG WE STORE YOUR DATA FOR
We only store your personal data for the time necessary to pursue the purposes for which it was collected and for any other legitimate related purpose. Therefore, if your personal data has been processed for two different purposes, we will store your data until both purposes have been fulfilled. However, once one of those purposes has been achieved, we will no longer process your personal data for that purpose.
Only those people who need to use your personal data for relevant purposes shall have access to it.
Where personal data is no longer necessary, or there are no longer legal grounds for storing it, it shall be made anonymous in an irreversible manner (and stored in this manner) or securely destroyed.
Below are the storage periods relating to the above purposes:
- Fulfilment of contractual obligations: data processed in order to comply with any type of contractual obligation may be stored for the full duration of the contract and for no longer than ten years after the duration of the contract, in order to allow us to deal with any outstanding matters, such as accounting documentation (e.g. invoices).
- Marketing activities, including profiled marketing, designed to respond to your needs and provide you with promotional offers in line with your preferences: data processed for this reason may be stored for 24 months from the date we receive your most recent consent for this purpose; for the purpose of profiled marketing, it will be stored for 12 months.
- In the event of a dispute: in the event that we are forced to defend ourselves, take action or bring a claim against you or a third party, we may store personal data we consider to be reasonably necessary for such data processing purposes for the period in which such a claim may be pursued.
WHO WE CAN SHARE YOUR PERSONAL DATA WITH
Persons who may have access to your personal data include authorised employees and external suppliers who have – if necessary – been named parties responsible for data processing where these provide service support.
Please contact us by writing to email@example.com if you would like to see a list of parties responsible for data processing and other individuals or companies to whom we pass your data.
The following email address can be used to contact the Company for questions regarding personal data processing: firstname.lastname@example.org
For requests relating to training courses that we provide and/or other information relating to our services, please contact us on the following email address email@example.com
YOUR RIGHTS ON PERSONAL DATA PROTECTION AND YOUR RIGHT TO MAKE A COMPLAINT TO THE AUTHORITIES
Under certain circumstances, you have the right to ask us:
- for access to your personal data;
- for a copy of the personal data you have supplied us with (data portability);
- to amend data in our possession;
- to delete any data where we no longer have any legal grounds to process this;
- to oppose data processing where application regulations allow for this;
- to revoke your consent, where data processing depends on consent;
- to limit the way we process your personal data, to the extent set out by personal data privacy regulations.
These rights are subject to a number of exceptions designed to protect the public interest (e.g. preventing or identifying crime) and our own interests (e.g. maintaining professional secrecy). In the event that you exercise one of the aforementioned rights, it shall be our responsibility to verify whether you are legitimately entitled to exercise that right. We will inform you of the outcome of this within one month.
We will make every effort to deal with your concerns should you make any complaints or remarks regarding the way we process your data. However, if you wish, you may take complaints or remarks to the authority responsible for data protection at the following address: Garante per la protezione dei dati personali – Piazza di Monte Citorio n. 121 – 00186 ROME – Fax: (+39) 06.69677.3785 – Telephone: (+39) 06.696771 – E-mail: firstname.lastname@example.org – Certified e-mail: email@example.com.