Informativa Privacy 

Privacy Notice on Personal Data Processing Pursuant to Article 13 of EU Regulation 2016/679 (GDPR)

SACE SRL, represented by its legal representative pro tempore, with registered office in Sasso Marconi (BO), Via Cartiera 154, 40037, Borgonuovo district (Tax Code and VAT No.: 01698441209), as Data Controller or Joint Data Controller pursuant to Article 26 of EU Regulation 2016/679 (hereinafter GDPR) of the following companies within the FLODRAULIC group:

FLODRAULIC EUROPE SRL, represented by its legal representative pro tempore, with registered office in Granarolo dell’Emilia (BO), Via Don Minzoni 28-30-32, 40057, Cadriano district;

OLEOBI SRL, represented by its legal representative pro tempore, with registered office in Granarolo dell’Emilia (BO), Via Don Minzoni 28, 40057, Cadriano district;

PK SRL, represented by its legal representative pro tempore, with registered office in 40013 Castel Maggiore (BO), Via Lirone 60/C;

EBI MOTION CONTROLS SRL, represented by its legal representative pro tempore, with registered office in Granarolo dell’Emilia (BO), Via Andrea Costa 11/2, 40057, Cadriano district;

CEIMU SRL, represented by its legal representative pro tempore, with registered office in 37053 Cerea (VR), Via del Commercio 9.

Hereby informs you that it will process your personal data in compliance with the GDPR and national data protection regulations (hereinafter: privacy regulations).

The Joint Data Controllers have entered into a joint controllership agreement pursuant to Article 26 of the GDPR. The essential content of the agreement is made available to data subjects upon request by contacting the designated contact point: comitatoprivacy@flodrauliceurope.com.

1. Purpose and Legal Basis of Data Processing

Your personal data will be processed for the following purposes:

1.1 To enter into contracts with the Data Controller and/or Joint Data Controllers and manage related relationships during pre-contractual, contractual, tax, administrative, and accounting phases (the legal basis for processing is the performance of a contract or pre-contractual measures and compliance with legal obligations pursuant to Article 6, paragraph 1, letters b) and c) of the GDPR);

1.2 To send commercial or advertising communications concerning products or services similar to those already provided (soft spam) to the email address supplied by the data subject in the context of a previous contractual relationship with the Data Controller and/or Joint Data Controllers, subject to the right to object under Article 21 of the GDPR at the first or subsequent communications (the legal basis for processing is legitimate interest pursuant to Article 6, paragraph 1, letter f) of the GDPR);

1.3 To send commercial communications, advertising material, direct sales offers, or conduct market research (i.e., Direct Marketing) related to products or services of the Data Controller and/or Joint Data Controllers, using automated systems (e.g., email, SMS, fax, MMS, etc.) and traditional methods (postal mail and telephone contact) (the legal basis for processing is the consent of the data subject pursuant to Article 6, paragraph 1, letter a) of the GDPR);

1.4 To respond to information requests submitted via the contact form on the Data Controller's website https://www.sace-srl.com/it/ (the legal basis for processing is the performance of a contract or pre-contractual measures pursuant to Article 6, paragraph 1, letter b) of the GDPR);

1.5 To register on the Data Controller's website https://shop.sace-srl.com/it/ (the legal basis for processing is the consent of the data subject pursuant to Article 6, paragraph 1, letter a) of the GDPR);

1.6 To subscribe to the group newsletter to stay updated on initiatives, products, and services of the Joint Data Controllers (the legal basis for processing is consent pursuant to Article 6, paragraph 1, letter a) of the GDPR);

1.7 To establish, defend, or exercise the rights of the Data Controller and/or Joint Data Controllers in legal proceedings (the legal basis for processing is legitimate interest pursuant to Article 6, paragraph 1, letter f) of the GDPR);

1.8 For accounting, tax, and administrative purposes, customer data may be shared within the group (the legal basis for processing is legitimate interest pursuant to Article 6, paragraph 1, letter f) of the GDPR);

1.9 To facilitate and streamline navigation on the Data Controller's websites through technical and analytical cookies (the legal basis for processing in such cases is the performance of services requested directly by the data subject pursuant to Article 6, paragraph 1, letter b) of the GDPR) and for marketing purposes (the legal basis for processing in this case is user consent pursuant to Article 6, paragraph 1, letter a) of the GDPR).

Your personal data will be processed using technical and organizational security measures designed to ensure an adequate level of security relative to the risk, taking into account the state of the art and implementation costs, in compliance with privacy regulations and the provisions issued by the Data Protection Authority, as established by Article 5 of the GDPR.

Data retention is limited to the time necessary to achieve the purposes for which the data is collected, subject to mandatory retention periods established by law or by the Data Protection Authority's provisions.

Specifically:

·        For the purposes referred to in Articles 1.1 and 1.8, personal data will be retained for 10 years from the termination of the contract, unless interrupted by events affecting the statute of limitations (Article 2946 of the Civil Code).

·        For direct marketing purposes referred to in Articles 1.2 and 1.3, personal data will be retained for no longer than 24 months from the date of collection, without prejudice to the right to object in cases of soft spam (Article 1.2) and the withdrawal of consent by the data subject (Article 1.3).

·        For the purpose referred to in Article 1.4, personal data will be retained for the time necessary to process your request.

·        For the purposes referred to in Articles 1.5 and 1.6, data will be retained until the data subject exercises their right to withdraw consent.

·        For the purpose referred to in Article 1.7, personal data will be retained for the time necessary to exercise the Data Controller's and/or Joint Data Controllers' rights of defense.

·        For the purpose referred to in Article 1.9, data retention periods will be in accordance with the terms specified in the Cookie Policy published on the Data Controller's website.

3. Data Recipients

For the purposes outlined above, your personal data may be processed by authorized/designated staff of the Data Controller and/or Joint Data Controllers who are appropriately informed and trained.

Data may be disclosed, in compliance with legal obligations or for the correct execution of the contractual relationship, to external entities that will process your data either as Independent Data Controllers or as Data Processors appointed in accordance with applicable regulations, depending on their role in relation to the processing.

These entities may include, for example: social security, welfare, and insurance institutions, industry associations, tax and labor offices, other group companies, legal, commercial, and tax advisory firms, auditing firms, banks, and financial institutions.

4. Nature of Data Provision

The communication of your data is mandatory to fulfill contractual and legal obligations. Therefore, any refusal to provide your data, in whole or in part, will result in the inability to execute the contractual relationship with you in all its phases.

The provision of data for other purposes is optional. Consequently, refusing to provide your data will only prevent you from benefiting from the services offered on the Data Controller’s websites, such as subscribing to the group newsletter, submitting information requests through the contact form, and receiving commercial and/or advertising communications for direct marketing purposes as described above.

Regarding direct marketing activities, you may exercise your right to object to data processing for such purposes (in the case of soft spam), after which your data will no longer be processed for these purposes. Alternatively, you may withdraw your consent as specified in Paragraph 7 below.

Please note that when data processing is based on consent, providing your data is optional, and you can withdraw your consent at any time.

Your data will not be transferred to countries outside the European Union or to international organizations. However, if for technical and/or operational reasons or for contract execution it becomes necessary to involve entities located outside the European Union, we inform you that any transfer of data outside the EU will comply with applicable legal provisions.

Specifically, the transfer will be based on the existence of an adequacy decision by the European Commission or, in its absence, on appropriate safeguards as provided under Articles 46 or 47 of the GDPR (e.g., the adoption of standard contractual clauses approved by the European Commission), or on one of the specific derogations under Article 49 of the GDPR.

For information regarding the transfer of personal data collected through third-party cookies to countries outside the EU, please refer to the privacy policies of each third party, available on their respective websites (links are provided in the Cookie Policy published on the Data Controller's website).

As a data subject, you may exercise your rights at any time under Articles 15 to 22 of the GDPR. In particular, you have the right to:

·        Access your personal data, obtaining information about the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the data may be disclosed, the applicable retention period, the existence of automated decision-making processes, including profiling, and, at least in such cases, meaningful information about the logic used, as well as the significance and possible consequences for the data subject, where not already specified in this notice;

·        Obtain without undue delay the rectification of inaccurate personal data concerning you;

·        Request the erasure of your data, in cases provided by law;

·        Obtain restriction of processing or object to processing when permitted under applicable legal provisions;

·        Request data portability, in cases provided by law, meaning that you can receive the personal data you provided to the Data Controller in a structured, commonly used, and machine-readable format, and also request that such data be transmitted to another Data Controller, where technically feasible;

·        File a complaint with the Data Protection Authority (Article 77 GDPR), if you consider it appropriate.

Finally, for personal data processing based on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing based on consent given before withdrawal.

7. Methods for Exercising Rights

Pursuant to Article 26(3) of the GDPR, the data subject may exercise their rights against each Joint Data Controller. In any case, the data subject may contact SACE SRL by sending a written communication to the company’s registered office or by emailing comitatoprivacy@flodrauliceurope.com.

Update December 2024