Privacy Policy

WEBSITE PRIVACY POLICY

This information is provided to users who access and use this website of the company TUBETTIFICIO PERFEKTÜP S.r.l. pursuant to and in accordance with Legislative Decree 196/2003 “Code on the Protection of Personal Data” as amended and Articles 13 – 14 of EU Regulation 2016/679 “European Regulation on the Protection of Personal Data” in order to make them aware of the essential elements of the processing carried out.

This document contains additional information for individuals from certain EEA (GDPR) jurisdictions, UK , California and Brazil.

Data controller

The Data Controller is the company TUBETTIFICIO PERFEKTÜP S.r.l. with registered office located in Milan Via P. Cossa 2 and operating office located in Cernusco sul Naviglio (MI), Via Verona n. 7, in the person of the Legal Representative pro tempore.

Data Processors and Persons in Charge of Processing

The updated list of data processors and data processors is kept at the Data Controller’s office.

Summary description of data processing

TYPE OF DATA COLLECTED

– Cookies This Website uses cookies. Cookies are small text files that can be used by Websites to make the experience more efficient for the Data Subject and to personalize content and ads, provide social network features, and analyze traffic.  (See appropriate Cookie Policy)

SOURCE OF DATA.

The data processed by the data controller are acquired through the data subject’s completion of appropriate fields on the website, or automatically through the user’s access to and use of the website.

 PURPOSE OF PROCESSING

1.Verify the identity of the person requesting information, quotes, delivery of products and provision of services, as well as to carry out necessary assistance;

2.transmit information explicitly requested by the data subject;

3.Fulfill orders or provide services requested by the data subject or a person appointed by the data subject (service provision);

4.to send any marketing communications, promotions, advertisements, market surveys regarding the marketed products or services provided (marketing) upon consent of the person concerned;* (see table below)

– Analysis of user browsing behavior

6.create a profile through the use of profiling cookies, where accepted (profiling);

7.fulfill legal obligations (compliance);

8.Protect the interests of the company, including legally in both extrajudicial and judicial forms;

9.prevent or detect any abuse in the use of the site or any fraudulent activity.

LEGAL BASIS.

 Personal data are collected and processed in accordance with the principles of fairness, lawfulness, transparency, data minimization and confidentiality protection.

Data processing therefore finds its legal bases respectively:

– in the case of data sent voluntarily to the mailing addresses indicated on the site, in providing feedback or delivering the service expressly requested (art. 6, paragraph 1, letter b) of the GDPR). The provision of personal data for these purposes is optional, but failure to do so would make it impossible to activate the services provided;

– in the case of navigation data and cookies, in fulfilling legal obligations and in the pursuit of the legitimate interest of the Data Controller (Art. 6(1)(c) and (f) of the GDPR).

PERIOD AND PLACE OF STORAGE

Personal data collected and processed by the Owner will be stored in full compliance with current regulations as defined below:

– provision of services: will be kept for the time strictly necessary for the pursuit of said purposes and also for a longer period in order to protect the interests of the company;

– marketing: will be retained until consent is revoked;

– soft spam: will be kept until the data subject objects to the processing through the procedure indicated in each individual soft spam email;

– compliance: will be kept for the period defined by the relevant regulations;

– abuse or fraud: they will be kept for as long as strictly necessary for said purpose and thus as long as the company is required to keep them for legal protection and to communicate them to the competent authorities.

The data are currently processed and stored at the writer’s operational headquarters.

They are also processed on behalf of the writer by professionals and/or companies appointed to carry out technical, management, development, administrative, accounting, tax, legal, etc. activities.

The company also reserves the right to make use of servers, clouds and other IT tools for the storage and management of personal data owned or managed by third parties, ensuring that the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of the EU Regulation 2016/679 “European Regulation on the Protection of Personal Data”.

Purpose

4-5. Direct marketing

Sending, by automated means of contact (email and instant messaging) of advertising material, newsletters, promotional and commercial communications related to products and/or events, as well as carrying out market studies and statistical analysis and customer satisfaction survey.

Type of data processed

Master data and contact information.

Legal Basis

Consent (required by contract or specific request); (optional and revocable at any time) Art. 6 co. 1(a) GDPR. If the data subject has not given consent for the sending of commercial communications by automated means, he or she may still receive them through traditional means, if he or she has not expressed dissent through ordinary means and/or the Opposition Register.

Retention period

Until consent for that purpose is withdrawn and/or five years have elapsed since the ‘expression of consent.

Purpose

4-5 Marketing on already customers

Sending communications related to contracted products/services and/or products/services similar to those already contracted (newsletters,events,etc…).

Type of data processed

Biographical and contact data; company affiliation data and role held.

Legal Basis

Legitimate interest

Art. 6 co 1(f) GDPR.

Retention period

Until consent is revoked.

Service purposes on purchased products and services.

Type of data processed

Biographical, contact, personal data according to the product/service contracted.

Legal Basis

Execution of a contract to which you are a party (for anomaly resolution).

Legitimate interest (for analysis aimed at service improvement).

Retention period

Five years since the last interaction

Mandatory or optional nature of processing

The data processed for the purposes referred to in points 1, 2, 3, 7, 8, 9 of the paragraph called “Purposes of processing” are indispensable for the establishment of the contractual relationship (including the pre-contractual phase) and/or its execution.

The data processed for the purposes in 4 and 6, do not derive from an obligation and their provision is optional and is based on the consent of the Data Subject.

The data in section 5 are not mandatory and do not require consent for their processing, however, the data subject may object at any time.

The extent and adequacy of the Data conferred will be evaluated on a case-by-case basis in order to determine the consequent decisions and avoid the processing of Data in excess of the purposes pursued.

Navigation data – Log files: the computer systems and applications dedicated to the operation of the website detect, in the course of their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) not associated with directly identifiable users. Among the data collected are IP addresses and domain names of the devices used by users who connect to the site.

Data provided voluntarily by the user – any voluntary and explicit sending of electronic mail to the addresses indicated in the different access channels of the site and the completion of the “forms” (masks) specifically prepared entail our subsequent acquisition of the user’s email address and other data, necessary to respond to requests and/or provide the requested service. Specific summary information may be reported or displayed on the pages of the site prepared for particular services on request.

Data recipients

The personal data processed by the Controller will not be disseminated, i.e. it will not be disclosed to unspecified parties, in any possible form, including making it available or mere consultation. Instead, they may be communicated to the Owner’s workers and to some external subjects who collaborate with them. They may also be communicated, to the extent strictly necessary, to subjects who for the purpose of issuing orders or requests for information or estimates must provide goods and/or perform services or services. Finally, they may be communicated to subjects entitled to access them by virtue of provisions of the law, regulations, EU regulations.

Specifically on the basis of their roles and job duties, some workers have been legitimized to process personal data, within the limits of their competencies and in accordance with the instructions given to them by the Controller.

Transfer of Data to Third Countries

For all the purposes indicated in this information notice, the personal data of a common nature of the Data Subject may be disclosed to all companies that are part of the TUBETTIFICIO PERFEKTÜP S.r.l. group, subsidiaries, connected etc. located also abroad, inside and outside the European Union, in compliance with the rights and guarantees provided for by the current regulations, subject to verification that the country in question guarantees an “adequate” level of protection. The writer also reserves the possibility of using cloud services, ensuring that the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of EU Regulation 2016/679 “European Regulation on Personal Data Protection”.

Rights of the Interested Party

At any time, the Interested Party may exercise its rights under Legislative Decree 196/2003 as amended and Articles 15 to 22 of EU Regulation 2016/679 by contacting the Data Controller by sending an email to privacy@perfektup.it.

By way of example, you have the right, at any time, to request where applicable to:

1.  Access your data to confirm whether or not your data is being processed ( Art. 15 of EU Regulation 2016/679)

2.  Verify and rectify their data (Art. 16 of EU Regulation 2016/679)

3.  Obtaining erasure (Right to be forgotten) (Art. 17 of EU Regulation 2016/679) 

4.  Obtaining restriction of processing (Art. 18 GDPR)

5.  Achieving data portability.

6.  Oppose data processing.

7.  Propose complaint.

8.  Oppose automated decision making where it exists.

9.  Withdraw consent at any time. The Data Subject may withdraw consent to data processing at any time. Withdrawal of consent does NOT, however, affect the lawfulness of the processing based on the consent given before the withdrawal;

There is no existence of automated decision making.

Tools used for the Processing of Personal Data

CONTACT FORM

The Data Subject, by filling out the Contact Form with his/her Data, consents to their use to respond to requests for information, or any other purpose indicated by the header of the form. Personal Data collected through Contact Form: Email, First Name and Last Name, Phone.

EMAIL ADDRESS MANAGEMENT

These services enable the management of a database of email contacts, telephone contacts, or contacts of any other kind used to communicate with the Data Subject. These services may also allow for the collection of Data related to the date and time of viewing of messages by the Data Subject, as well as the Data Subject’s interaction with them, such as information about clicks on links embedded in messages.

Newsletter

By registering for the newsletter, the Data Subject’s email address is automatically added to a list of contacts to whom email messages containing information, including information of a commercial and promotional nature, relating to this Web Site may be sent. The Data Subject’s email address may also be added to this list as a result of registering with this Website or after making a purchase. The Interested Party may choose at any time to unsubscribe from the newsletter by clicking on a specific button they will find within the emails. After clicking the unsubscribe button the Data Subject’s Data will be deleted immediately from the “email marketing” software. Personal Data collected: email and Name. This Website uses the newsletter service provided by:

Mailchimp (The Rocket Science Group)

Mailchimp is a service that organizes and analyzes newsletter distribution. In case a Data Subject does not want their Data to be handled by Mailchimp, it will be necessary for them to unsubscribe from the newsletter. For this purpose, a link is provided in each newsletter sent. Personal Data collected: email and name. Place of Processing: USA – Privacy Policy

SPAM PROTECTION

These services analyze the traffic of this Website, potentially containing Users’ Personal Data, in order to filter it from parts of traffic, messages and content recognized as SPAM.

1. Akismet (Automattic Inc.).

Akismet is a SPAM protection service provided by Automattic Inc. Personal Data Collected: Various types of Data as specified by the privacy policy of the service. Place of processing: USA – Privacy Policy

2. WORDFENCE SECURITY (Defiant, Inc)

To prevent cyber attacks and block suspicious users and IP addresses, this Website uses the Wordfence Security plugin, which installs a technical cookie (wfwaf-authcookie*) that helps determine whether the Data Subject has suspicious characteristics. The Owner does not collect, store or share any personal data via this cookie. The data collected by this plugin is retained for 24 hours.

SECURITY MEASURES TAKEN 

This Website, to make it secure when Personal Data is entered, has an SSL certificate and uses the HTTPS protocol. With the use of this protocol, the transactions and data that are transmitted in the Websites take place with maximum security and the content of the communication is not read or manipulated in any way by third parties.

reCAPTCHA

This Website uses reCAPTCHA which is a service subject to Google’s privacy policy and terms and conditions of use.

STATISTICS

Statistical services allow the Data Controller exclusively to monitor and analyze traffic data and are used to track the behavior of the Data Subject. This Website uses the following services:

1. Google Analytics 4 (Google Ireland Limited)

Google Analytics is an analytics service provided by Google Ireland Limited. Google uses the Personal Data collected for the purpose of tracking and examining the use of this Website, compiling reports and sharing them with other services developed by Google. Google may use Personal Data to contextualize and personalize ads in its advertising network. Google may also transfer this information to third parties where required to do so by law or where such third parties process this information on Google’s behalf. IP address anonymization is enabled on this site. The IP address transmitted by your browser for purposes related to Google Analytics will not be merged with other data already held by Google.

At the following link https://tools.google.com/dlpage/gaoptout?hl=it

the browser add-on for deactivating Google Analytics is made available by Google. Personal Data Collected: Cookies and Usage Data. Place of processing: Ireland – Privacy Policy https://policies.google.com/privacy

2. Facebook pixel conversion tracking (Meta Platforms, Inc.).

Facebook conversion tracking (Facebook pixel) is a statistics service provided by Facebook. The Facebook pixel monitors conversions that can be attributed to Facebook ads. Personal data collected: Cookies; Usage data. Place of processing: Ireland – Privacy Policy.

3. AlbaCross: https://albacross.com/privacy-policy/

4. Clarity (Microsoft Ireland Operations Limited)

Clarity is a service that allows the Data Controller to monitor its customers’ conversions. Personal Data Collected: Cookies; Usage Data. Place of Processing: Ireland – Privacy Policy https://privacy.microsoft.com/it-it/privacystatement

5. HubSpot

HubSpot is a service offered by HubSpot Ireland Limited that enables statistics and uses the Personal Data collected for the purpose of tracking and examining the use of this Website. Place of Processing: Ireland – Privacy Policy https://legal.hubspot.com/privacy-policy

6. Siteground hosting: https://it.siteground.com/privacy

7. Iubenda: (https://www.iubenda.com/privacy-policy/20581392 and https://www.iubenda.com/privacy-policy/79174687

TAG MANAGEMENT

Google Tag manager (Google Ireland Limited)

Google Tag manager is a service that allows you to manage and monitor all third-party Tags on the Website to get information about the interest shown by Users towards the Website itself and consequently the quality of the content. Personal Data Collected: Cookies and Usage Data. Place of processing: Ireland – Privacy Policy https://policies.google.com/privacy

INTERACTION WITH SOCIAL NETWORKS

These services allow for interactions with social networks directly from the pages of this Website. The interactions and information acquired by this Website are in each case subject to the privacy settings of the Data Subject related to each social network. In the event that a social network interaction service is installed, it is possible that, even if Users do not use the service, it will collect traffic data related to the pages where it is installed.

1. Facebook (Meta Platforms, Inc.)

Facebook buttons are interaction services with the social network Facebook, provided by Meta Platforms, Inc. Personal data collected: cookies and usage data. Place of processing: Ireland – https://www.facebook.com/privacy/policy/

2. Instagram (Meta Platforms, Inc.)

Instagram buttons are interaction services with the social network Instagram, provided by Meta Platforms, Inc. Personal data collected: cookies and usage data. Place of processing: Ireland – https://privacycenter.instagram.com/policy/

3. LinkedIn (LinkedIn Ireland Unlimited Company)

LinkedIn buttons are services for interaction with the social network LinkedIn, provided by LinkedIn Corporation. Personal data collected: cookies and usage data. Place of processing: Ireland -https://it.linkedin.com/legal/privacy-policy?

4. Youtube (Google Ireland Limited)

Youtube buttons are interaction services with the video content display service operated by Google. Personal Data Collected: Cookies and Usage Data. Place of Processing: Ireland -https://policies.google.com/privacy?hl=en-US

REMARKETING AND RETARGETING

These services allow this Website to communicate, optimize, and serve advertisements based on a Data Subject’s past use of this Website. This activity is done by tracking Usage Data and the use of Cookies. This Web Site uses the following services:

1. Facebook Remarketing (Meta Platforms, Inc.).

Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook, which links this Website’s activity with the Facebook advertising network. This Website makes use of the Facebook Pixel tool in order to measure conversions. Thanks to the Facebook Pixel you can understand the actions that people perform on the Website. The Data that is collected can be used to:

– Make sure listings are shown to the right people;

– Create audience groups for which to target advertisements;

– Take advantage of the additional advertising tools of the platform you are advertising on

The information collected is anonymous to the operators of this Site and cannot be used to identify an individual Data Subject. However, the information is saved and analyzed by Facebook, which could link the action back to an individual profile and use this information for internal Facebook advertising purposes, as outlined by Facebook’s privacy policy. This will allow Facebook to show advertisements on both Facebook and third-party sites. The Site Owner has no control over how this data is used. For more information on how users can protect their privacy, please refer to Facebook’s Privacy Policy.

2. Insight Tag LinkedIn (LinkedIn Ireland Unlimited Company).

This Website uses a script named “LinkedIn Insight Tag”. The LinkedIn Insight Tag adds a cookie to Users’ browsers each time they visit this Website. Using this tool, the Owner can record when a LinkedIn member performs a certain action on the Website (such as booking a service or leaving email). This tool is used for collecting statistical data to measure the effectiveness of paid advertising. Using the LinkedIn Insight Tag, one can understand the actions that people perform on the Website. The Data collected is used to: make sure ads are shown to the right people; create audience groups to target ads to; take advantage of the platform’s additional advertising tools on you advertise. This Website uses the LinkedIn Insight Tag to perform “remarketing” and “Retargeting” activities; thanks to these activities, cookies that the Data Subject leaves on the Website are used, but without identifying him or her. Personal Data Collected: Cookies and Usage Data. Place of Processing: Ireland- Privacy Policy

CONTENT ON EXTERNAL PLATFORMS

These services allow you to view content hosted on external platforms directly from the pages of this Website and interact with them.

In case such a service is installed, it is possible that, even in case Users do not use the service, it will collect Traffic Data related to the pages where it is installed.

This Web Site uses

1. Google Maps

Google Maps is a map display service operated by Google that allows this Website to integrate such content within its pages. Personal Data Collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy

2. Youtube (Google Ireland Limited)

Youtube is a video content display service operated by Google that allows this Website to integrate such content within its pages. Personal Data Collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy

3. Google Fonts

Google Fonts is a font style display service provided by Google Ireland Limited that enables this Web Site to integrate such content within its pages. Personal Data collected: Usage Data; various types of Data as specified by the privacy policy of the service. Place of processing: Ireland – Privacy Policy

Privacy Policy Amendment

The owner reserves the right to change, update, add or remove portions of this privacy policy at its discretion and at any time by giving notice.

The Data Controller

TUBETTIFICIO PERFEKTÜP S.r.l.

Additional information for individuals from certain EEA (GDPR) jurisdictions, UK, California, and Brazil

Subject to the conditions established by applicable law, users in the European Union/European Economic Area, the United Kingdom, and Brazil (as well as in other jurisdictions where similar rights apply) have the following rights with respect to the processing of personal data:

●  Right of access: Upon your request, we will confirm whether we are processing your personal data and, if necessary, provide a copy of that personal data (along with certain other details).

●  Right to Correction (rectification): If the personal information we hold is inaccurate or incomplete, you have the right to request its correction. If you have the right to have the information corrected and if we have shared such personal data with others, we will inform them of the correction if possible.

●  Right to Deletion: You can request that we delete your personal information under certain circumstances, such as when we no longer need it or if you withdraw your consent (where applicable). If we are requested to delete personal data, we may do so by deleting the relevant account. Brazilian users may also request anonymization, blocking, or deletion of unnecessary or excessive personal data.

●  Right to restrict (block) processing: You can request to restrict the processing of your personal data under certain circumstances, such as when you dispute its accuracy or object to its use or stated legal basis.

●  Right to data portability: You have the right, under certain circumstances, to receive a copy of personal data obtained from you in a structured, commonly used, machine-readable format, and to reuse it elsewhere or to request that it be transferred to a third party of your choice.

●  Right to object: When processing is based on our legitimate interest (other than marketing purposes), we must stop such processing unless we have compelling legitimate reasons that override your interest or when we need it for the creation, exercise or defense of legal claims. Where we rely on our legitimate interest, we believe we have a valid interest in such processing, but we will examine each request and related circumstances individually.

●  Right to object to marketing: You can request to stop the processing of your personal data to the extent that it is processed on the basis of our legitimate interest for marketing purposes. If we receive such a request, we will stop processing it for marketing purposes.

●  Right not to be subject to automated decision-making: You have the right not to be subject to a decision when it is based on automated processing if it produces a legal effect or similarly affects you, unless it is necessary for entering into or performing a contract. Perceptyx does not undertake automated decision-making processes

●  Right to revoke consent: Where personal data are processed on the basis of your consent, you have the right to revoke your consent at any time, without affecting the lawfulness of the processing based on your consent prior to its revocation. Brazilian Users also have the right to be informed about the consequences of refusing or revoking consent.

●  Right to file a complaint: You also have the right to file a complaint with a supervisory authority if you believe that the processing of your personal data violates the law.

Please note that some of these rights may be limited, such as in the case of an overriding interest or legal obligation to continue to process data. Please contact us using the information provided in the Contact Us section above if you wish to exercise any of your rights or if you have any questions or complaints regarding the processing of personal data.

Additional information for California residents

In this section, we provide additional information to California residents about how we handle personal information as required by California privacy laws, including the California Consumer Privacy Act (“CCPA”).

This section does not address or apply to the management of publicly available information legally made available by state or federal government records or other personal information that is exempt under the CCPA.

Although our collection, use, and disclosure of personal information varies by relationship and interaction with you, in this section we describe, in general, how we have collected and disclosed personal information about consumers in the previous 12 months (since the date of the last update above).

Categories of personal information collected and disclosed. The table below identifies the categories of personal information (as defined by the CCPA) that we have collected about consumers, as well as how we have disclosed that information for business purposes. For more information about the business and commercial purposes for which we collect, use, and disclose personal information, please see the Purposes and Legal Basis for Use and Disclosure of Personal Information sections above.

Sources of Personal Information. As further described in the Collection of Personal Information section above, we may collect personal information from the following sources

–    directly from the individual

–    advertising networks

–    data analysis providers

–    social media

–    corporate clients

Rights of California residents. In general, California residents have the following rights with respect to their personal information:

●   Do not sell (opt-out): to opt out of selling your personal information. We do not sell personal information about California consumers, including those we actually know are under the age of 16.

●   Right of deletion: to request deletion of personal information collected and to have such personal information deleted (without charge), subject to certain exceptions.

●   Right to know: with respect to personal information we have collected in the previous 12 months, to request that the following be collected (up to twice a year and subject to certain exemptions):

●   Categories of personal information collected;

●   Categories of sources of personal information;

●   Categories of personal information disclosed for commercial purposes or that have been sold;

●   Categories of third parties to whom personal information was sold or disclosed for commercial purposes;

●   The business or commercial purposes for collecting or selling personal information; and

●   A copy of specific parts of personal information that have been collected.

●   Right to non-discrimination: the right not to be subjected to discriminatory treatment for exercising one’s rights under the CCPA.

●   Sending CCPA requests.

California residents can submit CCPA requests to know (access) and to delete their personal information via e-mail to privacy@perfektup.it.

When you send a request for knowledge or a request for deletion, we will take steps to verify the request by checking the information you provide against the information in our records. You must email us with the requested information (or otherwise provide us with that information to verify the request). In some cases, we may require additional information to verify the request or if necessary to process the request. If we are unable to adequately verify a request, we will send a notice to the requester.

For more information about our privacy practices, you can contact us as indicated in the Contact Us section above.

The Data Controller

TUBETTIFICIO PERFEKTÜP S.r.l.