Privacy Policy

1 INTRODUCTION

This section contains the information about the methods for managing the website https://itap.giflor.com/ in relation to the processing of the users’ personal data.

This information document applies only to the website itap.giflor.com, not to other websites that the users may visit through any link present in the website.

This information document may be changed due to the introduction of new related standards. The user should therefore periodically check this page.

2 DATA CONTROLLER

The Data Controller is the subject who determines the purposes and the methods of personal data processing.

With regard to this website, the Data Controller is “Giflor S.r.l.”, with headquarters in Via Palù, no. 9, 36040, Grumolo delle Abbadesse (Vicenza, Italy), Tax code, VAT number IT02296170240, and Registration number in the Vicenza Businesses Register VI 220891.

3 CATEGORIES OF DATA PROCESSED AND METHODS OF DATA COLLECTION

Browsing the website and/or entering data in any of its sections may lead to the collection and subsequent processing of your Personal Data. Indeed, the computer systems and software procedures used for its operation automatically and indirectly send and/or receive information (including but not limited to cookies – as indicated further on – or data expressly specified in the data collection forms, such as name, surname, e-mail address, nationality, address, telephone number).

The information collected may be the following and may vary according to the website browsing methods:

Internet Protocol address (IP address);
Type of browser and settings of the device used to connect to the website;
Name of the Internet Service Provider (ISP);
Visit date and time;
User’s referral source webpage and exit page;
Number of clicks, if any;
Comments left in a website field;
E-mail address;
Data requested in the section “Work with us” in the website: name and surname, e-mail address, telephone number; current work position; curriculum vitae; other data provided voluntarily.

4 PURPOSE OF DATA PROCESSING, LEGAL BASIS FOR DATA PROCESSING AND DATA RETENTION PERIOD

We process your data for different purposes, and we respect the retention period and the conditions established for each purpose. The Data Controller will not retain your Personal Data for a time period longer than that necessary to fulfil the purpose for which they were processed or longer than the period prescribed by the law.

In order to guarantee compliance with the principles of processing necessity and proportionality, the Data Controller has identified different retention periods for Personal Data according to each purpose pursued.

Processing purpose	Legal basis	Retention period
Managing and replying to the specific requests that you sent us directly	consent	24 months
Marketing activities, commercial communications, market research, sending newsletters	consent	Until the consent has been withdrawn; this can be done at any moment by using the link at the end of each promotional e-mail (concerning marketing activities and newsletters) or by sending us an e-mail to the address indicated in the contact details above
Collected cookies	consent, as indicated in the banner shown when accessing the website	The retention period of these cookies starts from the date they are enabled in the site until they are disabled
Staff recruitment	consent, by clicking on the appropriate flag	6 months and, in any case, until the data subject requests the erasure of the data
Management of objections and any disputes; to avoid or control unlawful behaviour or to protect and exercise rights	legitimate interest	For the established prescription period or for the period established by law.

5 HOW WE PROCESS YOUR DATA

The processing of your Personal Data may include any type of operation, including: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

The operations may be carried out with or without the use of electronic or, in any case automatic, systems.

The processing is carried out by the Data Controller and/or by appointed data processors that operate under the direct authority of the Data Controller strictly following his/her instructions, or by third parties appointed as external data processors.

6 WHERE WE PROCESS YOUR DATA

Your Personal Data are mainly processed at the headquarters of the Data Controller. Therefore, the physical location can vary according to the processing purposes indicated in paragraph 4. Moreover, your data may be processed in the locations where the external data processors operate.

This website may share some of the collected data with services that are localised outside the European Union, such as Google, Facebook and Microsoft (LinkedIn) by means of the social plugins and the Google Analytics service.

If you give consent to the processing for marketing and promotional activities, some of your Data (name, surname, e-mail address) will be transferred to our partners for the newsletter software, that are located all over the world, even outside the European Union.

We inform you that your Personal Data will only be transferred to subjects located in those Countries for which the EU Commission has guaranteed appropriateness and processing in compliance with the Regulation 679/2016 (GDPR), or, only after having verified that the external data processor is registered in the “Privacy Shield” system.

7 WHO ARE THE RECIPIENTS OF YOUR PERSONAL DATA

Your Personal Data may be disclosed to and processed by:

Natural or legal persons that operate as external data processors ,and that carry out outsourced activities, appointed by the Data Controller or by the external data processors of the Data Controller (including subjects entrusted with assistance, communication, marketing, advertising, promotional and product/service sales activities, as well as advertisers, advertising agencies, IT service suppliers, Website/APP managers, electronic platform managers, partners, credit institutions, professional firms);
employees and/or collaborators of the Data Controller (including the system administrators) that are directly authorised by the Data Controller to process your Personal Data; and
employees and/or collaborators of the external data processors (including the system administrators) that are directly authorised by the external data processors to process your Personal Data.

Your Personal Data will not be communicated or disclosed to third parties except when the Data Controller needs to communicate them to the relevant consultants for the protection of Data Controller’s rights.

8 OBLIGATORY PROVISION OF PERSONAL DATA

The provision of personal data is compulsory in relation to the processing operations that the company has to carry out to fulfil its obligations towards the data subject on the basis of the existing relationship (or contract), as well as to fulfil legal obligations, rules and regulations.

The consent is not compulsory for all other purposes and the data subject can withdraw it at any time, if previously given.

9 REFUSAL TO PROVIDE PERSONAL DATA

The refusal to provide your Personal Data may result in the inability to meet your requests or to proceed with the business relationship and the contracts that you may wish to start with us. In case of lack of provision of data that are not mandatory, the consequences will be assessed case by case. The lack of data provision will presumably result in the inability to provide the service that is tied to that specific data.

10 RIGHTS OF THE DATA SUBJECT (YOUR RIGHTS)

The Privacy Policy gives the data subject the following rights; in particular:

Right	Description
Right to withdraw consent (art. 13 paragraph II letter A and art. 9 paragraph II letter A of GDPR)	You have the right to withdraw consent at any time for all those processing operations for which your explicit consent is required, as indicated in the table of the purposes described above. The consent withdrawal does not affect the lawfulness of previous processing.
Right to access the data (art. 15)	You have the right to access the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular when the recipients are in third countries or international organisations; d) when possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, referred to in article 22, paragraphs 1 and 4, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you. You have the right to ask for a copy of the personal data undergoing processing.
Right to rectification (art. 16)	You have the right to ask for the rectification of inaccurate personal data concerning you and to obtain the completion of incomplete personal data.
Right to erasure (art. 17)	You have the right to obtain from the Data Controller the erasure of your personal data if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if you withdraw consent, if there are no overriding legitimate grounds for the profiling processing, if the personal data have been unlawfully processed, if the personal data have to be erased for compliance with a legal obligation, if the personal data concern webservices to minors without prior consent. The right to erasure shall not apply in the following cases: when processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, for reasons of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or for the establishment, exercise or defence of legal claims.
Right to restriction of processing (art. 18)	You have the right to obtain from the Data Controller restriction of processing when you contested the accuracy of the personal data (for a period enabling the Controller to verify the accuracy of the personal data), or if the processing is unlawful and you opposes the erasure of the personal data and request the restriction of their use instead, or if you require them for the establishment, exercise or defence of legal claims, while the Data Controller no longer needs them.
Right to data portability (art. 20)	You have the right to receive the personal data concerning you that you provided us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller if processing is based on consent, on a contract and if the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller and that the transmission does not adversely affect the rights of others.
Right to lodge a complaint with a supervisory authority (Data Protection Authority) (art. 77)	Without prejudice to any other administrative or judicial remedy, if you consider that the processing of personal data relating to you infringes the Personal Data Protection Regulation, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

11 METHODS OF EXERCISING YOUR RIGHTS

You can exercise your rights at any time by contacting the Data Controller at the addresses given above.

You can lodge a complaint with the Data Protection Authority by following the instructions given in its website, in the section “Forms” under the item “Complaint” (or by clicking on this link).

12.1 What are cookies?

Cookies are short text files that the websites visited by users send to their terminals, where they are stored to then be retransmitted to the websites at the next visit. Third-party cookies are instead set by a different website from the one visited by the user. This is because on each website there may be elements (images, maps, sounds, specific links to webpages of other domains, etc.) that are located on different servers from the one of the website visited.

12.2 What are cookies required for?

Cookies are used for different purposes: execution of computer authentications, monitoring of sessions, storage of information about specific settings concerning the users who access the server, storing user’s preferences, etc. Therefore, to easily and completely visit a website, it would be advisable for the users to set their browser so that the reception of such cookies is accepted.

12.3 Features and purposes of cookies in our webpages

Our website uses the following categories of cookies that may belong to the Data Controller or to third parties.

Session cookies that contribute to the Site operation, for example, to allow navigation between the pages and access the Site restricted area.
Third-party analytic cookies (Google Analytics), that allow statistical information to be acquired in aggregated and anonymous form, in relation to the navigation mode (visit this page to find out how Google processes the data collected).

12.4 How to enable and disable cookies on your browser

You can block the acceptance of cookies by your browser by selecting to block all cookies or only third-party cookies. However, this operation may reduce the efficiency or prevent access to some functions or pages of the Website.

Here below, you can find the instructions given by the main browsers to block the acceptance of cookies:

Internet Explorer: http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-11

Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie

Chrome: https://support.google.com/chrome/answer/95647?hl=it

Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT

13 MODIFICATIONS TO THIS DOCUMENT

This document may be changed or updated. If changes or updates are important, they will be expressly notified to the users.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.