Cramaro Holding S.p.A. (the “Company”) is committed to the protection of the Personal Data entrusted to it. Therefore, its management and security are guaranteed with the utmost care, in accordance with the requirements of the legislation on the protection of Personal Data (EU Regulation 679/2016).

The Company provides some information in this document (the "Policy") some relating to the functionality of the website with reference to the processing of your Personal Data as Data Subjects and as users for the use of cookies (see specific information at the link Cookie Policy).

The Policy applies to Cramaro Holding S.p.A. and all its subsidiaries (the "Cramaro Group").

The Policy is therefore valid as information pursuant to Article 13 of EU Regulation 2016/679 ("GDPR"), for Data Subjects accessing the cramarogroup.com website, valid exclusively for this site and with the exclusion of other websites that may be consulted by the Data Subjects through links contained therein.

The Policy may be modified due to the introduction of new provisions. Therefore, all Data Subjects are invited to periodically check this page.

1. CONTACT DETAILS OF THE DATA CONTROLLER

The Data Controller of Personal Data is Cramaro Holding S.p.A. - Via Quadri Destra, 71 / G, 37044 Cologna Veneta (VR), Italy; VAT number IT04452060231 or another company in the Cramaro Group (the “Data Controller”).

For any clarification or to exercise of the rights of the Data Subject (the “Data Subject”), the Data Controller may be contacted at the following e-mail address privacy@cramaro.com

2. TYPES OF DATA COLLECTED AND PURPOSES OF PROCESSING

Different types of Personal Data are collected using different services:

Contact form
By filling in the contact form with their Personal Data, the Data Subject consents to the use of such data in order to respond to requests for information, quotes, or any other request indicated in the header of the form.
Personal Data processed: name, surname, company, e-mail, telephone, city, country.

3. LEGAL BASIS FOR PROCESSING

The Data Controller carries out the processing with the consent of the Data Subject, as required by art. 6 paragraph 1 letter a) of the GDPR, or because it is necessary due to a contract of which the Data Subject is a party or for the execution of pre-contractual measures at the request of the same.

When the provision of data is optional, refusal to provide the data renders it impossible to obtain the requested service.

We will not use your Personal Data for any other purpose than those described in this Policy, unless we inform you in advance and, where necessary, obtain your consent.

4. DATA RETENTION

Personal Data are processed and retained for the time strictly necessary to fulfil the purposes for which they were collected, and in any case no longer than the periods indicated below:

• Personal Data collected for purposes related to the execution of a contract between the Data Controller and the Data Subject will be retained until the execution of such contract is completed, and as for an administrative request 10 years from the conclusion of the contract and the payment of the invoice;
• Personal Data collected through the reserved area will be stored there until the user requests the cancellation of his/her account;
• The Personal Data contained and interaction statistics collected through the chat assistance service will be retained for 5 years, after which the chat will be deleted from the database;
• Personal Data collected for purposes related to the collection, by consent, for newsletters will be retained until such interest is satisfied. Further information regarding the legitimate interest pursued by the Data Controller can be obtained from the relevant sections of this document or by contacting the Data Controller.

The Data Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of the authorities.
At the end of the retention period the Personal Data will be deleted. Therefore, upon the expiry of this term, the rights of access, deletion, rectification and the right to Personal Data Portability may no longer be exercised.

5. DATA TRANSFER

The Personal Data is processed at the Data Controller's site and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controller.

For reasons of internal organisation and interconnection of activities, personal data collected exclusively through the contact forms may be shared with other companies in the Cramaro group.
Personal Data may be transferred to a country other than the one in which the Data Subject is located, exclusively in compliance with the law. For further information on the place of processing, the Data Subject may refer to the section on details of Personal Data processing.

6. RIGHTS OF THE USER

Data subjects may exercise certain rights with reference to the Personal Data processed by the Data Controller.
In particular, the Data Subject has the right to:

• withdraw consent at any time. The Data Subject may withdraw their consent to the processing of their Personal Data previously given.
• oppose the processing of their Personal Data. The Data Subject may object to the processing of their Personal Data when it is processed on a legal basis other than consent. Further details on the right of opposition are indicated in the section below.
• accessing your Personal Data. The Data Subject is entitled to obtain information on the Personal Data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the Personal Data processed.
• verify and request correction. The Data Subject can verify the accuracy of their Data and request it be updated or corrected.
• obtain limitations on the processing. When certain conditions occur, the Data Subject may request the limitation of the processing of their Personal Data. In this case, the Data Controller will not process the Personal Data for any other purpose than its retention.
• obtain the deletion or removal of their Personal Data. When certain conditions occur, the Data Subject may request the data to be deleted by the Data Controller.
• receive their Data or have it transferred to another Data Controller. The Data Subject has the right to receive their Personal Data in a format that is structured, in common use and readable by an automatic device and, where technically feasible, to have it transferred without hindrance to another Data Controller. This provision is applicable when the Personal Data is processed with automated means and the processing is based on the consent of the Data Subject, relating to a contract to which the Data Subject is a party or any contractual provisions connected to them.
• make a complaint. The Data Subject may lodge a complaint with the competent Personal Data Protection Authority or undertake proceedings in court.

In order to exercise the Data Subject’s rights, the Data Subject may address a request to the Data Controller using the contact details indicated in this document. The requests are filed free of charge and processed by the Data Controller as swiftly as possible, and in any case within one month by writing to privacy@cramaro.com

The Data Controller will take charge of the Data Subject's requests with the utmost commitment to ensure the effective exercise of their rights. The Data Subject will also have the right to lodge a complaint with the national Personal Data Protection Authority (“Garante Privacy”).

7. WITHDRAWAL OF CONSENT

The Data Subject will be entitled to withdraw their consent at any time without, however, this:

• prejudicing the lawfulness of the processing based on the consent provided before such withdrawal;
• prejudicing further processing of the same data on other legal bases (for example, contractual or legal obligations to which the Data Controller is subject).