This information is provided to users who access and use this website of the company TUBETTIFICIO PERFEKTÜP S.r.l. pursuant to and in accordance with Legislative Decree 196/2003 “Code on the Protection of Personal Data” as amended and Articles 13 – 14 of EU Regulation 2016/679 “European Regulation on the Protection of Personal Data” in order to make them aware of the essential elements of the processing carried out.
This document contains additional information for individuals from certain EEA (GDPR) jurisdictions, UK , California and Brazil.
The Data Controller is the company TUBETTIFICIO PERFEKTÜP S.r.l. with registered office located in Milan Via P. Cossa 2 and operating office located in Cernusco sul Naviglio (MI), Via Verona n. 7, in the person of the Legal Representative pro tempore.
Data Processors and Persons in Charge of Processing
The updated list of data processors and data processors is kept at the Data Controller’s office.
Summary description of data processing
TYPE OF DATA COLLECTED
|– first name, last name, company name, telephone number, e -mail address, residence/domicile address, in contact requests from the interested party;- navigation data acquired by the computer systems and software procedures responsible for the operation of the Website (e.g. IP addresses, computer domain name…);|
SOURCE OF DATA.
The data processed by the data controller are acquired through the data subject’s completion of appropriate fields on the website, or automatically through the user’s access to and use of the website.
PURPOSE OF PROCESSING
1.Verify the identity of the person requesting information, quotes, delivery of products and provision of services, as well as to carry out necessary assistance;
2.transmit information explicitly requested by the data subject;
3.Fulfill orders or provide services requested by the data subject or a person appointed by the data subject (service provision);
4.to send any marketing communications, promotions, advertisements, market surveys regarding the marketed products or services provided (marketing) upon consent of the person concerned;* (see table below)
– Analysis of user browsing behavior
6.create a profile through the use of profiling cookies, where accepted (profiling);
7.fulfill legal obligations (compliance);
8.Protect the interests of the company, including legally in both extrajudicial and judicial forms;
9.prevent or detect any abuse in the use of the site or any fraudulent activity.
Personal data are collected and processed in accordance with the principles of fairness, lawfulness, transparency, data minimization and confidentiality protection.
Data processing therefore finds its legal bases respectively:
– in the case of data sent voluntarily to the mailing addresses indicated on the site, in providing feedback or delivering the service expressly requested (art. 6, paragraph 1, letter b) of the GDPR). The provision of personal data for these purposes is optional, but failure to do so would make it impossible to activate the services provided;
– in the case of navigation data and cookies, in fulfilling legal obligations and in the pursuit of the legitimate interest of the Data Controller (Art. 6(1)(c) and (f) of the GDPR).
PERIOD AND PLACE OF STORAGE
Personal data collected and processed by the Owner will be stored in full compliance with current regulations as defined below:
– provision of services: will be kept for the time strictly necessary for the pursuit of said purposes and also for a longer period in order to protect the interests of the company;
– marketing: will be retained until consent is revoked;
– soft spam: will be kept until the data subject objects to the processing through the procedure indicated in each individual soft spam email;
– compliance: will be kept for the period defined by the relevant regulations;
– abuse or fraud: they will be kept for as long as strictly necessary for said purpose and thus as long as the company is required to keep them for legal protection and to communicate them to the competent authorities.
The data are currently processed and stored at the writer’s operational headquarters.
They are also processed on behalf of the writer by professionals and/or companies appointed to carry out technical, management, development, administrative, accounting, tax, legal, etc. activities.
The company also reserves the right to make use of servers, clouds and other IT tools for the storage and management of personal data owned or managed by third parties, ensuring that the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of the EU Regulation 2016/679 “European Regulation on the Protection of Personal Data”.
4-5. Direct marketing
Sending, by automated means of contact (email and instant messaging) of advertising material, newsletters, promotional and commercial communications related to products and/or events, as well as carrying out market studies and statistical analysis and customer satisfaction survey.
Type of data processed
Master data and contact information.
Consent (required by contract or specific request); (optional and revocable at any time) Art. 6 co. 1(a) GDPR. If the data subject has not given consent for the sending of commercial communications by automated means, he or she may still receive them through traditional means, if he or she has not expressed dissent through ordinary means and/or the Opposition Register.
Until consent for that purpose is withdrawn and/or five years have elapsed since the ‘expression of consent.
4-5 Marketing on already customers
Sending communications related to contracted products/services and/or products/services similar to those already contracted (newsletters,events,etc…).
Type of data processed
Biographical and contact data; company affiliation data and role held.
Art. 6 co 1(f) GDPR.
Until consent is revoked.
Service purposes on purchased products and services.
Type of data processed
Biographical, contact, personal data according to the product/service contracted.
Execution of a contract to which you are a party (for anomaly resolution).
Legitimate interest (for analysis aimed at service improvement).
Five years since the last interaction
Mandatory or optional nature of processing
The data processed for the purposes referred to in points 1, 2, 3, 7, 8, 9 of the paragraph called “Purposes of processing” are indispensable for the establishment of the contractual relationship (including the pre-contractual phase) and/or its execution.
The data processed for the purposes in 4 and 6, do not derive from an obligation and their provision is optional and is based on the consent of the Data Subject.
The data in section 5 are not mandatory and do not require consent for their processing, however, the data subject may object at any time.
The extent and adequacy of the Data conferred will be evaluated on a case-by-case basis in order to determine the consequent decisions and avoid the processing of Data in excess of the purposes pursued.
Navigation data – Log files: the computer systems and applications dedicated to the operation of the website detect, in the course of their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) not associated with directly identifiable users. Among the data collected are IP addresses and domain names of the devices used by users who connect to the site.
Data provided voluntarily by the user – any voluntary and explicit sending of electronic mail to the addresses indicated in the different access channels of the site and the completion of the “forms” (masks) specifically prepared entail our subsequent acquisition of the user’s email address and other data, necessary to respond to requests and/or provide the requested service. Specific summary information may be reported or displayed on the pages of the site prepared for particular services on request.
The personal data processed by the Controller will not be disseminated, i.e. it will not be disclosed to unspecified parties, in any possible form, including making it available or mere consultation. Instead, they may be communicated to the Owner’s workers and to some external subjects who collaborate with them. They may also be communicated, to the extent strictly necessary, to subjects who for the purpose of issuing orders or requests for information or estimates must provide goods and/or perform services or services. Finally, they may be communicated to subjects entitled to access them by virtue of provisions of the law, regulations, EU regulations.
Specifically on the basis of their roles and job duties, some workers have been legitimized to process personal data, within the limits of their competencies and in accordance with the instructions given to them by the Controller.
Transfer of Data to Third Countries
For all the purposes indicated in this information notice, the personal data of a common nature of the Data Subject may be disclosed to all companies that are part of the TUBETTIFICIO PERFEKTÜP S.r.l. group, subsidiaries, connected etc. located also abroad, inside and outside the European Union, in compliance with the rights and guarantees provided for by the current regulations, subject to verification that the country in question guarantees an “adequate” level of protection. The writer also reserves the possibility of using cloud services, ensuring that the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of EU Regulation 2016/679 “European Regulation on Personal Data Protection”.
Rights of the Interested Party
At any time, the Interested Party may exercise its rights under Legislative Decree 196/2003 as amended and Articles 15 to 22 of EU Regulation 2016/679 by contacting the Data Controller by sending an email to email@example.com.
By way of example, you have the right, at any time, to request where applicable to:
1. Access your data to confirm whether or not your data is being processed ( Art. 15 of EU Regulation 2016/679)
2. Verify and rectify their data (Art. 16 of EU Regulation 2016/679)
3. Obtaining erasure (Right to be forgotten) (Art. 17 of EU Regulation 2016/679)
4. Obtaining restriction of processing (Art. 18 GDPR)
5. Achieving data portability.
6. Oppose data processing.
7. Propose complaint.
8. Oppose automated decision making where it exists.
9. Withdraw consent at any time. The Data Subject may withdraw consent to data processing at any time. Withdrawal of consent does NOT, however, affect the lawfulness of the processing based on the consent given before the withdrawal;
There is no existence of automated decision making.
Tools used for the Processing of Personal Data
The Data Subject, by filling out the Contact Form with his/her Data, consents to their use to respond to requests for information, or any other purpose indicated by the header of the form. Personal Data collected through Contact Form: Email, First Name and Last Name, Phone.
EMAIL ADDRESS MANAGEMENT
These services enable the management of a database of email contacts, telephone contacts, or contacts of any other kind used to communicate with the Data Subject. These services may also allow for the collection of Data related to the date and time of viewing of messages by the Data Subject, as well as the Data Subject’s interaction with them, such as information about clicks on links embedded in messages.
By registering for the newsletter, the Data Subject’s email address is automatically added to a list of contacts to whom email messages containing information, including information of a commercial and promotional nature, relating to this Web Site may be sent. The Data Subject’s email address may also be added to this list as a result of registering with this Website or after making a purchase. The Interested Party may choose at any time to unsubscribe from the newsletter by clicking on a specific button they will find within the emails. After clicking the unsubscribe button the Data Subject’s Data will be deleted immediately from the “email marketing” software. Personal Data collected: email and Name. This Website uses the newsletter service provided by:
Mailchimp (The Rocket Science Group)
These services analyze the traffic of this Website, potentially containing Users’ Personal Data, in order to filter it from parts of traffic, messages and content recognized as SPAM.
1. Akismet (Automattic Inc.).
2. WORDFENCE SECURITY (Defiant, Inc)
To prevent cyber attacks and block suspicious users and IP addresses, this Website uses the Wordfence Security plugin, which installs a technical cookie (wfwaf-authcookie*) that helps determine whether the Data Subject has suspicious characteristics. The Owner does not collect, store or share any personal data via this cookie. The data collected by this plugin is retained for 24 hours.
SECURITY MEASURES TAKEN
This Website, to make it secure when Personal Data is entered, has an SSL certificate and uses the HTTPS protocol. With the use of this protocol, the transactions and data that are transmitted in the Websites take place with maximum security and the content of the communication is not read or manipulated in any way by third parties.
Statistical services allow the Data Controller exclusively to monitor and analyze traffic data and are used to track the behavior of the Data Subject. This Website uses the following services:
1. Google Analytics 4 (Google Ireland Limited)
Google Analytics is an analytics service provided by Google Ireland Limited. Google uses the Personal Data collected for the purpose of tracking and examining the use of this Website, compiling reports and sharing them with other services developed by Google. Google may use Personal Data to contextualize and personalize ads in its advertising network. Google may also transfer this information to third parties where required to do so by law or where such third parties process this information on Google’s behalf. IP address anonymization is enabled on this site. The IP address transmitted by your browser for purposes related to Google Analytics will not be merged with other data already held by Google.
At the following link https://tools.google.com/dlpage/gaoptout?hl=it
2. Facebook pixel conversion tracking (Meta Platforms, Inc.).
3. AlbaCross: https://albacross.com/privacy-policy/
4. Clarity (Microsoft Ireland Operations Limited)
6. Siteground hosting: https://it.siteground.com/privacy
7. Iubenda: (https://www.iubenda.com/privacy-policy/20581392 and https://www.iubenda.com/privacy-policy/79174687
Google Tag manager (Google Ireland Limited)
INTERACTION WITH SOCIAL NETWORKS
These services allow for interactions with social networks directly from the pages of this Website. The interactions and information acquired by this Website are in each case subject to the privacy settings of the Data Subject related to each social network. In the event that a social network interaction service is installed, it is possible that, even if Users do not use the service, it will collect traffic data related to the pages where it is installed.
1. Facebook (Meta Platforms, Inc.)
Facebook buttons are interaction services with the social network Facebook, provided by Meta Platforms, Inc. Personal data collected: cookies and usage data. Place of processing: Ireland – https://www.facebook.com/privacy/policy/
2. Instagram (Meta Platforms, Inc.)
Instagram buttons are interaction services with the social network Instagram, provided by Meta Platforms, Inc. Personal data collected: cookies and usage data. Place of processing: Ireland – https://privacycenter.instagram.com/policy/
3. LinkedIn (LinkedIn Ireland Unlimited Company)
LinkedIn buttons are services for interaction with the social network LinkedIn, provided by LinkedIn Corporation. Personal data collected: cookies and usage data. Place of processing: Ireland -https://it.linkedin.com/legal/privacy-policy?
4. Youtube (Google Ireland Limited)
Youtube buttons are interaction services with the video content display service operated by Google. Personal Data Collected: Cookies and Usage Data. Place of Processing: Ireland -https://policies.google.com/privacy?hl=en-US
REMARKETING AND RETARGETING
1. Facebook Remarketing (Meta Platforms, Inc.).
Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook, which links this Website’s activity with the Facebook advertising network. This Website makes use of the Facebook Pixel tool in order to measure conversions. Thanks to the Facebook Pixel you can understand the actions that people perform on the Website. The Data that is collected can be used to:
– Make sure listings are shown to the right people;
– Create audience groups for which to target advertisements;
– Take advantage of the additional advertising tools of the platform you are advertising on
2. Insight Tag LinkedIn (LinkedIn Ireland Unlimited Company).
CONTENT ON EXTERNAL PLATFORMS
These services allow you to view content hosted on external platforms directly from the pages of this Website and interact with them.
In case such a service is installed, it is possible that, even in case Users do not use the service, it will collect Traffic Data related to the pages where it is installed.
This Web Site uses
1. Google Maps
2. Youtube (Google Ireland Limited)
3. Google Fonts
The Data Controller
TUBETTIFICIO PERFEKTÜP S.r.l.
Additional information for individuals from certain EEA (GDPR) jurisdictions, UK, California, and Brazil
Subject to the conditions established by applicable law, users in the European Union/European Economic Area, the United Kingdom, and Brazil (as well as in other jurisdictions where similar rights apply) have the following rights with respect to the processing of personal data:
● Right of access: Upon your request, we will confirm whether we are processing your personal data and, if necessary, provide a copy of that personal data (along with certain other details).
● Right to Correction (rectification): If the personal information we hold is inaccurate or incomplete, you have the right to request its correction. If you have the right to have the information corrected and if we have shared such personal data with others, we will inform them of the correction if possible.
● Right to Deletion: You can request that we delete your personal information under certain circumstances, such as when we no longer need it or if you withdraw your consent (where applicable). If we are requested to delete personal data, we may do so by deleting the relevant account. Brazilian users may also request anonymization, blocking, or deletion of unnecessary or excessive personal data.
● Right to restrict (block) processing: You can request to restrict the processing of your personal data under certain circumstances, such as when you dispute its accuracy or object to its use or stated legal basis.
● Right to data portability: You have the right, under certain circumstances, to receive a copy of personal data obtained from you in a structured, commonly used, machine-readable format, and to reuse it elsewhere or to request that it be transferred to a third party of your choice.
● Right to object: When processing is based on our legitimate interest (other than marketing purposes), we must stop such processing unless we have compelling legitimate reasons that override your interest or when we need it for the creation, exercise or defense of legal claims. Where we rely on our legitimate interest, we believe we have a valid interest in such processing, but we will examine each request and related circumstances individually.
● Right to object to marketing: You can request to stop the processing of your personal data to the extent that it is processed on the basis of our legitimate interest for marketing purposes. If we receive such a request, we will stop processing it for marketing purposes.
● Right not to be subject to automated decision-making: You have the right not to be subject to a decision when it is based on automated processing if it produces a legal effect or similarly affects you, unless it is necessary for entering into or performing a contract. Perceptyx does not undertake automated decision-making processes
● Right to revoke consent: Where personal data are processed on the basis of your consent, you have the right to revoke your consent at any time, without affecting the lawfulness of the processing based on your consent prior to its revocation. Brazilian Users also have the right to be informed about the consequences of refusing or revoking consent.
● Right to file a complaint: You also have the right to file a complaint with a supervisory authority if you believe that the processing of your personal data violates the law.
Please note that some of these rights may be limited, such as in the case of an overriding interest or legal obligation to continue to process data. Please contact us using the information provided in the Contact Us section above if you wish to exercise any of your rights or if you have any questions or complaints regarding the processing of personal data.
Additional information for California residents
In this section, we provide additional information to California residents about how we handle personal information as required by California privacy laws, including the California Consumer Privacy Act (“CCPA”).
This section does not address or apply to the management of publicly available information legally made available by state or federal government records or other personal information that is exempt under the CCPA.
Although our collection, use, and disclosure of personal information varies by relationship and interaction with you, in this section we describe, in general, how we have collected and disclosed personal information about consumers in the previous 12 months (since the date of the last update above).
Categories of personal information collected and disclosed. The table below identifies the categories of personal information (as defined by the CCPA) that we have collected about consumers, as well as how we have disclosed that information for business purposes. For more information about the business and commercial purposes for which we collect, use, and disclose personal information, please see the Purposes and Legal Basis for Use and Disclosure of Personal Information sections above.
|Personal information collected||Categories of third parties to whom we may disclose such information|
|Identifiers||Includes direct identifiers, such as name, alias user ID, user name;e-mail address, phone number, address and other contact information; IP address and other online identifiers;||● service providers● consultants and agents● Government entities and law enforcement agencies● affiliates and subsidiaries● advertising networks● data analysis providers● social media● Internet service providers● operating systems and platforms● corporate client/customer|
|Client records||Includes personal information, such as name, account name, user ID, contact information, employment information, account number, and financial or payment information that individuals provide to us in order to purchase or obtain our products and services. For example, it may include information related to account registration, or information collected when an individual purchases or orders products and services, or enters into an agreement with us related to products and services.||● service providers● consultants and agents● Government entities and law enforcement agencies● affiliates and subsidiaries● Business partners providing services requested by the user|
|Business information||Includes records of personal property, products or services purchased, obtained or considered, or other history or trend of purchase or use.||● service providers● consultants and agents● Government entities and law enforcement agencies● affiliates and subsidiaries● advertising networks● data analysis providers● social media● Internet service providers● operating systems and platforms● data broker● corporate client/customer|
|Usage data||It includes browsing history, clickstream data, search history, access logs, and other usage data and information regarding an individual’s interaction with our websites, mobile apps, and other services, as well as our marketing emails and online ads.||● service providers● consultants and agents● Government entities and law enforcement agencies● affiliates and subsidiaries● advertising networks● data analysis providers● social media● Internet service providers● operating systems and platforms|
|Professional information||Includes professional and employment-related information, such as company contact information and professional associations.||● service providers● consultants and agents● Government entities and law enforcement agencies● affiliates and subsidiaries|
Sources of Personal Information. As further described in the Collection of Personal Information section above, we may collect personal information from the following sources
– directly from the individual
– advertising networks
– data analysis providers
– social media
– corporate clients
Rights of California residents. In general, California residents have the following rights with respect to their personal information:
● Do not sell (opt-out): to opt out of selling your personal information. We do not sell personal information about California consumers, including those we actually know are under the age of 16.
● Right of deletion: to request deletion of personal information collected and to have such personal information deleted (without charge), subject to certain exceptions.
● Right to know: with respect to personal information we have collected in the previous 12 months, to request that the following be collected (up to twice a year and subject to certain exemptions):
● Categories of personal information collected;
● Categories of sources of personal information;
● Categories of personal information disclosed for commercial purposes or that have been sold;
● Categories of third parties to whom personal information was sold or disclosed for commercial purposes;
● The business or commercial purposes for collecting or selling personal information; and
● A copy of specific parts of personal information that have been collected.
● Right to non-discrimination: the right not to be subjected to discriminatory treatment for exercising one’s rights under the CCPA.
● Sending CCPA requests.
California residents can submit CCPA requests to know (access) and to delete their personal information via e-mail to firstname.lastname@example.org.
When you send a request for knowledge or a request for deletion, we will take steps to verify the request by checking the information you provide against the information in our records. You must email us with the requested information (or otherwise provide us with that information to verify the request). In some cases, we may require additional information to verify the request or if necessary to process the request. If we are unable to adequately verify a request, we will send a notice to the requester.
For more information about our privacy practices, you can contact us as indicated in the Contact Us section above.
The Data Controller
TUBETTIFICIO PERFEKTÜP S.r.l.