Bootstrap

PRIVACY DISCLAIMER

1. INTRODUCTION
Regulation (EU) 2016/679 (also “GDPR” or “Regulation”) relates to for the protection of individual persons(persone fisiche ) with reference to the processing of personal data. According to this legislation, the processing of personal data referring to a subject, specifically the interested party (hereinafter also the "Interested Party"), is based on the principles of correctness, lawfulness and transparency, as well as the protection of confidentiality and rights of the interested party himself. With this information, Marzotto SIM S.p.A. as data controller (also "SIM" or the "Data Controller"), pursuant to art. 13 and following of GDPR informs you that the processing of the personal data provided will take place in compliance with the aforementioned legislation, with the utmost care, implementing effective management procedures and policies to guarantee the protection of the processing. In compliance with this premise, the following information is provided:

2. THE DATA CONTROLLER
The Data Controller is Marzotto SIM S.p.A., with headquarters in Milan (MI), Piazza Repubblica, 32

3. TYPES OF PERSONAL DATA PROCESSED BY THE SIM
The Data Controller will process the following types of personal data (also "Personal Data"): a) identification data such as, for example, name, surname, tax code, address, telephone, email, etc.; b) data related to the economic and fiscal position, as well as bank data instrumental to the execution of the contract, data relating to the bank guarantees delivered in execution of the contract; c) judicial data such as data relating to criminal convictions and offences.

4. PURPOSES FOR WHICH PERSONAL DATA ARE PROCESSED
SIM processes the Personal Data of interested parties using both manual, automated or electronic tools, for: a) contractual purposes. The legal basis of the Processing for contractual purposes is the need to process Personal Data for the execution of the contract as foreseen in Article 6, letter b) GDPR. b) purposes related to the fulfilment of legal obligations. The legal basis is the fulfilment of legal obligations pursuant to Article 6, letter c) GDPR. c)purposes of legitimate interest of the data controller or third parties to ascertain, exercise, defend a legitimate right or interest in any disputes, or, defend oneself in proceedings before the criminal and administrative authorities pursuant to article 6, letter f) GDPR. d) promotional activities, to be classified under the scope of this definition as the carrying out, through the use of the email addresses provided by the interested party in the context of previous purchases or contractual relationships, of promotional activities by the Data Controller. This category includes activities carried out to promote products, services, sold and/or provided by the Data Controller that are in line with those already purchased by the Interested Party. This processing will be carried out without the explicit consent of the interested party pursuant to Article 6 letter e) the management of direct marketing commercial activities, to be classified , under the scope of this definition as the carrying out of marketing activities aimed at promoting products, services, sold and/or provided by the Data Controller. For these activities the interested party has to consent legally in accordance with article 6, letter a) GDPR. f) activities to determine the habits and preferences of interested parties through profiling treatments, aimed at providing users with a personalized service. The legal basis is the consent of the interested party, has to be expressed in accordance with article 6, letter a) GDPR.

5. MANDATORY OR OPTIONAL PROVISION OF PERSONAL DATA AND CONSEQUENCES OF ANY REFUSAL TO AUTHORISE DATA HANDLING
The provision of Personal Data for the purposes referred to in points a), b), c) of the previous clause are mandatory, as they are necessary for carrying out the activities indicated therein. Any refusal by the interested party will therefore make it impossible for the Data Controller to fulfil its obligations or to provide the requested services. Consent to the processing of Personal Data for the purposes referred to in the following points e) and f) is, however, optional and cannot be completed without obtaining the consent of the interested party who must necessarily comply with the conditions referred to in article 7 of the GDPR , the consent representing a pre-condition to the lawfulness of the processing of Personal Data. In relation to the purpose referred to in point d) of clause 4 above, it is appropriate to specify that, by virtue of article 6, paragraph 1, point f) of the Regulation, the Data Controller may carry out this activity based on his legitimate interest, regardless from the consent of the interested party and, in any case, until the interested party objects to such processing as better explained in Recital 47 GDPR in which it is "considered legitimate to process personal data for direct marketing purposes". This will be possible following the assessments carried out by the Data Controller regarding the possible prevalence of the interests, rights and fundamental freedoms of the interested parties over its own legitimate interest

6. PERSONAL DATA STORAGE TIMES
Personal Data are retained for the time necessary to carry out administrative activities relating to the purposes referred to in clause 4 and until their use could be needed in order to correctly fulfil legal obligations and/or to be able to respond to requests from public authorities. Once the maximum retention period is exceeded they are destroyed. For the purposes referred to in clause 4 letters d) e) and f), the maximum retention period is, however, 5 (five) years from their collection.

7. PROCESSING METHODS IMPLEMENTED BY THE DATA CONTROLLER
The Personal Data communicated will be recorded, processed and archived in physical/digital format, in compliance with the appropriate technical and organizational measures described in art. 32 GDPR and, for the purposes defined in clause 4 letter d) e) and f), manual or automated processing tools may be used. The utilisation of Personal Data will take place, in any case, using of tools and procedures suitable to guarantee their security and confidentiality and may be carried out, directly and/or through delegated third parties, either manually, keeping them in paper format or with the aid of digital or electronic tools.

8. COMMUNICATION AND DISCLOSURE OF PERSONAL DATA
The SIM may communicate the Personal Data of the Interested Parties to subjects specifically responsible and appointed by the Data Controller and, specifically: • collaborators, employees and suppliers of the SIM, within the scope of their duties and/or any contractual obligations with them, inherent to the relationships commercial with the customer or suppliers; • legal, administrative and tax consultants who assist the SIM in carrying out its activities; • Credit institutions and other financial or similar institutions to which the SIM transfers personal data with the aim of allowing the fulfilment of contractual obligations (for example: trading service counterparties, custodian bank, custody and settlement bank); • sub-suppliers and/or subcontractors engaged in activities related to the execution of the Contract with the SIM, as external data controllers; • Public law bodies, public authorities and/or judicial and/or supervisory authorities, in the event of their request, as independent data controllers; and • cloud or IT service providers; • other data recipients may be entities for which the interested party has explicitly expressed his/her consent to the transfer of data.

9. TRANSFER OF PERSONAL DATA ABROAD
The Personal Data of the Interested Parties may be transferred to countries outside the European Economic Area only if they were strictly necessary to achieve the purposes for which they were collected and only with the prior consent of the interested parties and in compliance with the security measures provided for by the GDPR. In particular, the transfer will take place to a third country deemed appropriate pursuant to art. 45 GDPR or, to a third country that guarantees an adequate level of protection of the Personal Data, subject to verification by the Data Controller and in application of the guarantees provided for by art. 46 GDPR

10. RIGHTS REFERRED TO IN ARTICLES. 15 AND SS. GDPR
Each interested party is recognised a series of important rights, which are regulated by law, in order to know - the purposes and methods of the processing (i.e. the purpose indicated in clause 4); - the categories of Personal Data (i.e. what type of data is processed); - the recipients or categories of recipients to whom the Personal Data have been or will be communicated, in particular if recipients located in Third Countries or international organizations (i.e. who will process the data and if these will be communicated to third parties and if this communication goes to countries outside -EU); - the expected retention period of the Personal Data or, if this is not possible, the criteria used to determine this period (i.e. how long the data will be subject to processing); - if the Personal Data is not collected directed from the interested party, all available information on their origin; - the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as on the importance and expected consequences of such processing for the interested party. The interested party also has the right to ask the Data Controller to rectify or delete Personal Data or to limit the processing of Personal Data concerning him or to oppose their processing. In the event that he is not satisfied with the responses received, each individual interested party can lodge a complaint (subject to the conditions) to the Supervisory Authority.

11. EXERCISE OF RIGHTS
If the interested party has any doubts or concerns related to this privacy policy or wishes to exercise the rights provided for by this policy, he can contact the SIM: - by email to the appropriate address: info@marzottosim.com; - by PEC to the address: marzottosim@legalmail.it; - by registered letter to the following address: Marzotto SIM S.p.A., with headquarters in Milan (Milan), Piazza Repubblica, 32.

12. WITHDRAWAL OF CONSENT GIVEN
As required by the GDPR, if you have given your consent to the processing of your Personal Data for one or more purposes, you may at any time fully withdraw it and/or partially without prejudice to the lawfulness of the processing based on the consent given before the revocation. The methodology used to withdraw the consent are very simple and intuitive, just contact the Data Controller using the contact channels listed in this Policy in clause no. 11 above. In addition to the above and for simplicity, if you find yourself in the position of receiving e-mail messages that are no longer of interest to you, simply click on the unsubscribe button at the bottom of them to no longer receive any communications even through other communication channels. contact for which your consent had been obtained (SMS, MMS, paper mail, telephone calls).

13. CHANGES AND UPDATES
These information are valid from the effective date indicated below. However, the SIM may make changes and/or additions to this information, also as a consequence of any subsequent regulatory changes and/or additions.


INFORMATION COOKIES

1. What are cookies?
Cookies are small text files that the sites visited by users send to the users' terminals, where they are stored before being re-transmitted to the same sites on the next visit. The cookies of the so-called “third parties” are, however, set by a different website from the one the user is visiting. This is because on each website there may be elements (images, maps, sounds, specific links to web pages of other domains, etc.) that reside on servers different from the one visited.

2. What are cookies used for?
Cookies are used for different purposes: performing computer authentication, monitoring sessions, storing information on specific settings regarding users who access the server, storing preferences, etc.

3. What are “technical” cookies?
These are cookies that are used to navigate or to provide a service requested by the user. They are not used for other purposes and are normally installed directly by the website owner. Without the use of these cookies, some operations could not be carried out or would be more complex and/or less secure, such as home banking activities (viewing the account statement, bank transfers, payment of bills, etc.), as these cookies, allow the user to be identified at the beginning and throughout the session and are therefore essential.

4. Are analytics cookies "technical" cookies?
No. The Guarantor has specified that they can be assimilated to technical cookies only if used for the purpose of optimizing the site directly by the owner of the site itself, who will be able to collect information in aggregated form on the number of users and how they visit the site. Subject to these conditions, the same rules apply to analytics cookies, in terms of information and consent, as provided for technical cookies.

5. What are “profiling” cookies?
These are cookies used to track the user's browsing on the internet and create profiles on their tastes, habits, choices, etc. With these cookies, advertising messages can be transmitted to the user's terminal in line with the preferences already expressed by the user while browsing online.

6. Is the user's consent necessary for the installation of cookies on his terminal?
It depends on the purposes the cookies are used for and, therefore, whether they are "technical" or "profiling" cookies. User consent is not required for the installation of technical cookies, however supplying proper information is always required. Profiling cookies, on the other hand, can be installed on the user's terminal only if the user has expressed their consent after having been specifically informed .

7. How should the site owner provide simplified information and request consent to the use of "profiling" cookies?
As established by the Guarantor, the disclosure must be organised on two levels. When the user accesses a website (on the home page or on any other page), a banner must immediately appear containing an initial "brief" information, the request for consent to the use of cookies and a link to access to more "extensive" information. On this page the user can find more detailed information on cookies and choose which specific cookies to authorize.

8. How should the banner be created?
The banner must be large enough to partially cover the content of the web page the user is visiting. It must be able to be eliminated only through active user intervention, i.e. through the selection of an element contained in the underlying page.

9. What information must the banner contain?
The banner must specify whether the site uses "profiling" cookies, possibly also from "third parties", which allow advertising messages to be sent in line with the user's preferences. It must contain the link to the extended information and the indication that, via that link, it is possible to deny consent to the installation of any cookie. It must specify that if the user chooses to continue by "skipping" the banner, they consent to the use of cookies.

10. How can the acquisition of consent carried out through the use of the banner be documented?
To keep track of the consent received, the site owner can use a specific "technical" cookie, a system that is not particularly invasive and which does not in turn require further consent. In the presence of such documentation, it is not necessary for the "short" information to be presented again on the user's second visit to the site, without prejudice to the possibility for the latter to easily deny consent and/or modify, at any time, for example through access to the extended information, which must therefore be linkable from every page of the site.

11. Can online consent to the use of cookies be requested only through the use of the banner?
No. The owners of the sites always have the possibility to use different methods than the ones identified by the Guarantor in the provision indicated above, provided that the chosen methods present are compliant with the law provisions.

12. Does the obligation to use the banner also apply to owners of sites that only use technical cookies?
No. In this case, the owner of the site can provide the disclosure to the users in the manner he deems most suitable, for example, also by inserting the relevant information in the privacy policy indicated on the site.

The Marzotto SIM S.p.A website uses only "technical" cookies created by Google.
Google data treatment: on the use of data at the link www.google.com and complete information at the link complete Google information
Google (configuration): the guide on general out-out for Google services (Maps, YouTube...) is available at the web address guide on general out-out google.com