Privacy Policy

1. WHO THE DATA CONTROLLER IS AND HOW IT WILL USE THE PERSONAL DATA RECEIVED

The data privacy policy (the "Policy") applies to the website (the "Site") and is intended for all users (the "User(s)") accessing the Site, in accordance with the provisions of Regulation (EU) 2016/679 (the "GDPR") and applicable national data processing regulations.

The Data Controller is Cramaro Holding S.p.A., tax code and VAT no. 04452060231, with registered office in Cologna Veneta (VR), via Quari Destra, no. 71/G, 37044 or one of its subsidiaries (the "Data Controller"). Details on how to contact the Controller are indicated at the end of the Policy (see par. 9).

The Data Controller is obliged to inform the User, as the data subject, about the processing of personal data and the Data Controller fulfils this obligation through this Policy as privacy policy pursuant to Articles 13 and 14 of the GDPR.

The Policy describes the types of personal data that the Site collects and the purposes for which it collects and uses them when the User accesses the Site.

The Data Controller collects data and information in a manner that is accurate, relevant and appropriate to the purpose for which such collection is necessary, without requiring unnecessary information.

2. WHY AND HOW PERSONAL DATA ARE COLLECTED BY THE DATA CONTROLLER

2.1 To enable Users to use the Site

Like all websites, the Site also makes use of log files in which information collected automatically during visits by Users is stored. The computer systems and software procedures used to operate the Site acquire, in the course of normal use, certain data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow Users to be identified.

Some of the information collected may include, but is not limited to, the following: (i) internet protocol (IP) address; (ii) browser type and parameters of the device used to connect to the Site; (iii) name of the internet service provider (ISP); (iv) date and time of visit; (v) visitor's web page from (referral) source and web page of exit; (vi) number of clicks, if any.

This data is processed automatically and collected in aggregate form only, in order to verify and monitor the proper functioning of the Site, based on a legitimate interest of the Data Controller (Art. 6 (1) (f) GDPR).

The personal data collected are kept for as long as necessary in relation to the stated purposes.

The same data may also be processed as part of the use of cookies or other tracking tools used by the site, for which please refer to the specific Cookie Policy indicated in Section 5.

2.2 For the Find Agent/Service Point service

The User can get in touch with the sales agents belonging to the Controller's network by accessing the "Sales Network" area of the Site. Through this area of the Site, the User can ask for support in choosing and designing the solution best suited to his needs and his business, through a competent and customised consultancy service for the phases of purchase and use of the product.

The User, moreover, through the "Service point" area can search for workshops authorised by the Controller to request technical assistance and installation, maintenance or repair work, which, in constant and direct contact with the Controller's central offices and sales network, share know-how, operate according to best practices and use the Controller's original spare parts.

The Users' personal data are then sent to the selected agent/workshop, which is configured as the recipient of the data and autonomous controller of the processing of the User's personal data, with the obligation of an autonomous privacy policy.

More specifically, the Controller collects and uses the following personal data of Users: (i) first and last name; (ii) company; (iii) sector of activity; (iv) e-mail address; (v) telephone number; (vi) city of residence and country.

The legal basis for data processing is the taking of pre-contractual measures at the User's request prior to the conclusion of a contract and/or the performance of a contract to which the User is a party (Art. 6 (1) (b) GDPR).

The personal data collected is stored for the time necessary to provide assistance or follow up on the requested intervention and for the resulting statistical purposes useful for improving the service. In the event of the conclusion of a contract, for the time necessary to protect subjective legal positions.

2.3 To enable Users to contact the companies of the Cramaro Group

The User can access the "Contact Us" area of the Site to get in touch with the companies of the Cramaro Group, to ask questions, provide feedback, make suggestions, send collaboration proposals and, in general, to request pre- and post-sales assistance. The User may also use the same area of the Site to exercise his or her rights described in paragraph 6 of this policy.

The Controller collects and uses the User's personal data to respond to his requests and may forward them to the subsidiary company competent to respond.

More specifically, the Controller collects and uses the following personal data of Users: (i) first and last name; (ii) company; (iii) e-mail address; (iv) telephone number; (v) city of residence and country.

The legal basis for the collection and use of the data is the performance of a contract or the taking of pre-contractual measures at the request of the User (Art. 6 (1) (b) of the GDPR) or the fulfilment of a legal obligation of the Data Controller (Art. 6 (1) (c) of the GDPR) in the case of the exercise of the data subject's rights.

The personal data collected is stored for the time necessary to answer the request or provide the requested assistance and for the resulting statistical purposes useful for improving the service. In the event of the conclusion of a contract, for the time necessary to protect subjective legal positions.

2.4 To carry out marketing activities after downloading documentation for commercial purposes

The User can use the Cramaro Group's digital business cards, which allow him, by simply bringing them close to his smartphone or scanning the QR code printed on them, to download documents with a commercial purpose from the Controller (e.g. the product catalogue), so that the latter can carry out subsequent marketing campaigns.

More specifically, the Controller collects and uses the following personal data of Users: (i) first and last name; (ii) e-mail address; (iii) telephone number.

The legal basis for the collection and use of data is the User's consent (Art. 6 (1) (a) of the GDPR).

The personal data collected are stored until the User revokes consent.

2.5 For legal purposes

The Controller processes Users' personal data in order to: (i) handle Users' requests relating to their personal data; (ii) respond to requests from judicial authorities; (iii) protect the Controller's rights.

The legal basis for the collection and use of such data is the fulfilment of legal obligations (Art. 6 (1) (c) of the GDPR) and the legitimate interest of the Data Controller in the protection of its own subjective positions (Art. 6 (1) (f) of the GDPR).

The personal data collected are kept for as long as necessary in relation to the above-mentioned purposes and in any case no longer than 10 years after the last contact with the User.

2.6 For the Work with Us section

Users may send in their spontaneous applications by accessing the appropriate area of the Site.

More precisely, the Controller collects and uses the following personal data of Users: (i) first and last name; (ii) e-mail address; (iii) telephone number; (iv) curriculum vitae.

The legal basis for the collection and use of such data is the adoption of pre-contractual measures taken at the request of the data subject (Art. 6 (1) (b) GDPR).

The personal data collected are kept for a period of twelve months after the spontaneous application is sent.

2.7 For Targeting Activities

The Data Controller may carry out targeting activities towards users of the Site or other pages of the Cramaro Group, social media users or visitors to the Google search network, by sending cookies via their respective platforms, which are managed according to the cookie policy.

The legal basis for the collection and use of data is the User's consent (Art. 6 (1) (a) of the GDPR), which is expressed through the acceptance of cookies, as the case may be on the individual site or app.

The personal data collected is stored until the User revokes consent, which can be done at any time by changing individual browser or app settings.

3. WITH WHOM PERSONAL DATA ARE SHARED

The Data Controller obtains and shares personal data from and with various parties, including but not limited to: companies in the Cramaro Group; staff working for the Cramaro Group specifically authorised to do so; agents and workshops authorised to provide services related to the Cramaro Group's products; suppliers of services to the Data Controller on a contractual basis.

All of these entities act as autonomous data controllers or have been authorised by the Controller, or have been appointed as data processors under the GDPR. The list of data controllers can be requested from the Controller at the address given in paragraph 9.

4. TRANSFER OF DATA TO COUNTRIES OUTSIDE THE EU

Personal data are processed at the operational headquarters of the Data Controller. Where this is instrumental to the pursuit of the purposes set out above, personal data may also be transferred abroad to companies based both within and outside the European Union. Some of these jurisdictions may not provide the same level of data protection as the country in which the data subject resides. In this case, the Data Controller undertakes to ensure that the data is treated with the utmost confidentiality by taking appropriate measures for the protection of personal data, including, in the absence of adequacy decisions, the conclusion of agreements guaranteeing an adequate level of protection and/or containing standard contractual clauses provided for by the European Commission.

5. COOKIES

The Site uses cookies to make the User's browsing experience easier and more intuitive. To find out more see our cookie policy.

6. RIGHTS OF THE DATA SUBJECT

The User, as a data subject, may exercise all the rights set out in Articles 15-22 of the GDPR by contacting the Controller at the addresses given in paragraph 9.

In particular, the data subject has the right to:

  • obtain confirmation of the existence or otherwise of personal data concerning him/her, even if not yet recorded, and their communication in intelligible form;
  • obtain, inter alia, information on (i) the source of the personal data; (ii) the purposes and methods of the processing; (iii) the identification data concerning the Controller; (iv) the recipients or categories of recipients to whom the personal data may be communicated or who may become aware of them, including in their capacity as data processors; (v) the categories of personal data concerned (vi) where possible, the proposed retention period or the criteria used to determine it; (vii) the existence of the right to request rectification, erasure or restriction of processing of personal data; (viii) the existence of the right to object to processing; (ix) the right to lodge a complaint with the supervisory authority; (x) the existence of an automated decision-making process, including profiling;
  • obtain: (i) the rectification or integration of personal data; (ii) the restriction of processing, where possible; (iii) the portability of personal data, where applicable; (iv) certification to the effect that the operations as per (i) and (ii) above, as well as the cancellation as per the following point, have been notified, as also related to their contents, to the entities to whom or which the personal data were communicated or transmitted, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
  • obtain the deletion of personal data in cases provided for by law;
  • withdraw consent to the processing of personal data (opt-out), in each case without prejudice to the lawfulness of the processing based on the consent given before the withdrawal and without prejudice to further processing of the same data based on other legal grounds (e.g. contractual obligations or legal obligations to which the Controller is subject);
  • object, in whole or in part: (i) on legitimate grounds to the processing of personal data, even if pertinent to the purpose of collection; and (ii) to the processing of personal data for the purpose of sending communications;
  • file a complaint with the Garante per la protezione dei dati personali.

7. RETENTION PERIOD

Data are processed and stored for the time required by the purposes for which they were collected (see Section 2).

At the end of the storage period, personal data are deleted and consequently the possibility of exercising the rights associated with the processing also ceases to exist.

8. CHANGES TO THE POLICY

The Owner is constantly developing the services offered and reserves the right to change the Privacy Policy at any time, in accordance with current legislation. Any changes are published promptly on this page, so you should check this page regularly for updates.

9. CONTACT DETAILS

For any information concerning the collection and use of Users' data during the use of the Site, or for the exercise of their rights, Users may contact the Controller by writing to privacy@cramaro.com or via the "Contact Us" area of the Site as indicated in paragraph 2.3. Requests are filed free of charge and taken care of by the Owner as soon as possible, in any case within one month.