Privacy Policy
1. WHO THE DATA CONTROLLER IS AND HOW IT WILL USE THE PERSONAL DATA RECEIVED
The data privacy policy (the "Policy") applies to the website (the "Site") and is intended for all users (the "User(s)") accessing the Site, in accordance with the provisions of Regulation (EU) 2016/679 (the "GDPR") and applicable national data processing rules
The Data Controller is Cramaro Tarpaulin Systems S.r.l., tax code and VAT number 04079350239, with registered office in Cologna Veneta (VR), via Quari Destra, n. 71/G, 37044 (the "Data Controller"). Details on how to contact the Controller are indicated at the end of the Policy (see par. 9).
The Data Controller has formally appointed the parent company Cramaro Holding S.p.A. as the person responsible for the processing of Users' personal data.
The Controller is obliged to inform the User, as a data subject, about the processing of personal data and the Controller fulfils this obligation through this Policy as a privacy policy pursuant to Articles 13 and 14 of the GDPR.
The Policy describes the types of personal data that the Site collects and the purposes for which it collects and uses them when the User accesses the Site.
The Data Controller collects data and information in a manner that is accurate, relevant and appropriate to the purpose for which such collection is necessary, without requiring unnecessary information.
2. WHY AND HOW PERSONAL DATA ARE COLLECTED BY THE CONTROLLER
2.1 To enable Users to use the Site
Like all websites, the Site also makes use of log files in which information collected automatically during visits by Users is stored. The computer systems and software procedures used to operate the Site acquire, in the course of normal use, certain data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow Users to be identified.
Some of the information collected may include, but is not limited to, the following: (i) internet protocol (IP) address; (ii) browser type and parameters of the device used to connect to the Site; (iii) name of the internet service provider (ISP); (iv) date and time of visit; (v) visitor's origin web page (referral) and exit web page; (vi) number of clicks, if any.
This data is processed automatically and collected in aggregate form only, in order to verify and monitor the proper functioning of the Site, based on a legitimate interest of the Data Controller (Art. 6 (1) (f) GDPR).
The personal data collected are stored for as long as necessary for the purposes indicated.
The same data may also be processed as part of the use of cookies or other tracking tools used by the site, for which please refer to the specific Cookie Policy indicated in Section 5.
2.2 For the Find Agent/Service Point service
The User can get in touch with the sales agents belonging to the Controller's network by accessing the "Sales Network" area of the Site. Through this area of the site, the User can request support in choosing and designing the solution best suited to his needs and his business, through a competent and personalised consultancy service for the phases of purchase and use of the product.
The User, moreover, through the "Service point" area can search for workshops authorised by the Controller to request technical assistance and installation, maintenance or repair work, which, in constant and direct contact with the Controller's central offices and sales network, share know-how, operate according to best practices and use the Controller's original spare parts.
The Users' personal data are then sent to the selected agent/workshop, which is configured as the recipient of the data and autonomous controller of the processing of the User's personal data, with the obligation of an autonomous privacy policy.
More specifically, the Controller collects and uses the following personal data of Users: (i) first and last name; (ii) company; (iii) sector of activity; (iv) e-mail address; (v) telephone number; (vi) city of residence and country.
The legal basis for data processing is the taking of pre-contractual measures at the User's request prior to the conclusion of a contract and/or the performance of a contract to which the User is a party (Art. 6 (1) (b) GDPR).
The personal data collected are stored for the time necessary to provide assistance or follow up on the requested intervention and for the resulting statistical purposes useful for improving the service. In the event of the conclusion of a contract, for the time necessary to protect subjective legal positions.
2.3 For registration to mailing lists or sending newsletters
By registering for the mailing list or newsletter, the User's e-mail address is automatically added to a list of contacts to whom e-mail messages may be sent containing information, including of a commercial and promotional nature, relating to the companies of the Cramaro group. The User's e-mail address may also be added to the list as a result of registering on the Site, after making a purchase, or after leaving a contact at a trade fair.
More specifically, the Controller collects and uses the following personal data of Users: (i) first and last name; (ii) e-mail address; (iii) company; (iv) city; (v) country; (vi) language.
The legal basis for the use and collection of such data is the consent of the User (Art. 6 (1) (a) of the GDPR).
The personal data collected are retained until the User requests deletion of their account.
2.4 To enable Users to contact the companies of the Cramaro Group
The User can access various areas of the Site to get in touch with the companies of the Cramaro Group, to ask questions, provide feedback, make suggestions, send collaboration proposals, request quotations for products of interest selected through the appropriate forms and, in general, to ask for pre- and post-sales assistance. The User may also use the same area of the Site to exercise his or her rights described in section 6 of this policy.
The Data Controller collects and uses the User's personal data in order to respond to his or her requests and may forward them to another company in the Cramaro Group competent to respond.
More specifically, the Controller collects and uses the following personal data of Users: (i) first and last name; (ii) company; (iii) e-mail address; (iv) telephone number; (v) city of residence and country.
The legal basis for the collection and use of the data is the performance of a contract or the taking of pre-contractual measures at the request of the User (Art. 6 (1) (b) of the GDPR) or the fulfilment of a legal obligation of the Data Controller (Art. 6 (1) (c) of the GDPR) in the case of the exercise of the data subject's rights.
The personal data collected are kept for the time necessary to answer the request or provide the requested assistance and for the resulting statistical purposes useful for improving the service. In the event of the conclusion of a contract, for the time necessary to protect subjective legal positions.
2.5 To carry out marketing activities after downloading documentation for commercial purposes
The User can use the Cramaro Group's digital business cards, which allow him, by simply bringing them close to his smartphone or scanning the QR code printed on them, to download documents with a commercial purpose from the Controller (e.g. the product catalogue), so that the latter can carry out subsequent marketing campaigns.
More specifically, the Controller collects and uses the following personal data of Users: (i) first and last name; (ii) e-mail address; (iii) telephone number.
The legal basis for the collection and use of data is the consent of the User (Art. 6 (1) (a) of the GDPR).
The personal data collected are stored until the User revokes consent.
2.6 For access to the restricted area
Users can access the reserved area of the Site to access multimedia content on the Cramaro Group's products by registering with their credentials and password.
The Controller collects and uses the User's personal data to manage access to the reserved area and its operation and to propose personalised products or services to the User.
Users who purchase cover can register their product for service purposes, warranty extension and access to technical information material.
More specifically, the Controller collects and uses the following personal data of Users: (i) first and last name; (ii) user profile; (iii) VAT number; (iv) telephone number; (v) e-mail address; (vi) language; (vii) password.
The legal basis for the collection and use of data is the taking of pre-contractual and contractual measures prior to entering into a contract and/or the performance of a contract to which the User is a party (Art. 6 (1) (b) GDPR).
The personal data collected are kept for the time necessary to provide the requested service and for the resulting statistical purposes useful for improving the service. In the event of the conclusion of a contract, for the time necessary to protect subjective legal positions.
2.7 Site and account security
The Data Controller processes the data for security purposes (e.g. password recovery) for the time necessary to fulfil the purposes.
The legal basis for the use and collection of such data is the Owner's legitimate interest in the safe operation of the Site (Art. 6 (1) (f) of the GDPR).
The personal data collected are kept for as long as necessary to achieve the purpose for which they were acquired.
2.8 For using the Live Chat function
With the Live Chat function, the user initiates a chat, also from mobile devices, to send a request for assistance or information.
More specifically, the Controller collects and uses the following personal data of Users: (i) first and last name; (ii) e-mail address; (iii) telephone number; (iv) company; (v) internet protocol (IP) address; (vi) chat access page; (vii) browser.
The legal basis for the collection and use of data is the taking of pre-contractual and contractual measures prior to entering into a contract and/or the performance of a contract to which the User is a party (Art. 6 (1) (b) GDPR).
The personal data collected is stored for the time necessary to provide the requested assistance and for the resulting statistical purposes useful for improving the service. In the event of the conclusion of a contract, for the time necessary to protect subjective legal positions.
2.9 Using the Customer Thermometer Function
The User, when receiving an order confirmation, may express a judgement of satisfaction with the service received. In this case, he/she agrees to provide certain personal data in addition to those already in the possession of the Controller, which are used for service quality control purposes.
More specifically, the Controller collects and uses the following personal data of Users: (i) evaluation of the service received; (ii) any comments; (iii) date and time of feedback.
The legal basis for the collection and use of data is the performance of a contract to which the User is a party (Art. 6 (1) (b) GDPR).
The personal data collected are kept for the time necessary to carry out quality checks and for the resulting statistical purposes useful for improving the service.
2.10 Using WhatsApp
By initiating a chat from mobile devices, the user consents to the use of his or her personal data for the handling of his or her requests for assistance or information.
More specifically, the Controller collects and uses the following personal data of Users: (i) user name; (ii) telephone number.
The legal basis for the collection and use of data is the adoption of pre-contractual and contractual measures and the exercise of rights, at the User's request, prior to entering into a contract and/or the performance of a contract to which the User is a party (Art. 6 (1) (b) GDPR).
The personal data collected are kept for the time necessary to provide the assistance or information requested and for the consequent statistical purposes useful for improving the service. In the event of the conclusion of a contract, for the time necessary to protect subjective legal positions.
2.11 For targeting activities
The Data Controller may carry out targeting activities towards users of the Site or other pages of the Cramaro Group, social media users or visitors to the Google search network, by sending cookies via their respective platforms, which are managed according to the cookie policy.
The legal basis for the collection and use of data is the User's consent (Art. 6 (1) (a) of the GDPR), which is expressed through the acceptance of cookies, as the case may be on the individual site or app.
The personal data collected is stored until the User revokes consent, which can be done at any time by changing individual browser or app settings.
3. WITH WHOM PERSONAL DATA ARE SHARED
The Data Controller obtains and shares personal data from and with various parties, including but not limited to: companies in the Cramaro Group, staff working for the Cramaro Group specifically authorised to do so, agents and workshops authorised to provide services related to the Cramaro Group's products, service providers to the Data Controller on a contractual basis.
All of these entities act as autonomous data controllers or have been authorised by the Controller, or have been appointed as data processors under the GDPR. The list of data controllers can be requested from the Controller at the address given in paragraph 9.
4. TRANSFER OF DATA TO COUNTRIES OUTSIDE THE EU
Personal data are processed at the operational headquarters of the Data Controller. Where this is instrumental to the pursuit of the purposes set out above, personal data may also be transferred abroad to companies based both within and outside the European Union. Some of these jurisdictions may not provide the same level of data protection as the country in which the data subject resides. In this case, the Data Controller undertakes to ensure that the data is treated with the utmost confidentiality by taking appropriate measures for the protection of personal data, including, in the absence of adequacy decisions, the conclusion of agreements guaranteeing an adequate level of protection and/or containing standard contractual clauses provided for by the European Commission.
5. COOKIES
The Site uses cookies to make the User's browsing experience easier and more intuitive. To find out more see our cookie policy.
6. RIGHTS OF THE DATA SUBJECT
The User, as a data subject, may exercise all the rights set out in Articles 15-22 of the GDPR by contacting the Controller at the addresses given in paragraph 9.
In particular, the data subject has the right to:
- obtain confirmation of the existence or otherwise of personal data concerning him/her, even if not yet recorded, and their communication in intelligible form;
- obtain, inter alia, information on (i) the source of the personal data; (ii) the purposes and methods of the processing; (iii) the identification data concerning the Controller; (iv) the recipients or categories of recipients to whom the personal data may be communicated or who may become aware of them, including in their capacity as data processors; (v) the categories of personal data concerned (vi) where possible, the proposed retention period or the criteria used to determine it; (vii) the existence of the right to request rectification, erasure or restriction of processing of personal data; (viii) the existence of the right to object to processing; (ix) the right to lodge a complaint with the supervisory authority; (x) the existence of an automated decision-making process, including profiling;
- obtain: (i) the rectification or integration of personal data; (ii) the restriction of processing, where possible; (iii) the portability of personal data, where applicable; (iv) certification to the effect that the operations as per (i) and (ii) above, as well as the cancellation as per the following point, have been notified, as also related to their contents, to the entities to whom or which the personal data were communicated or transmitted, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- obtain the deletion of personal data in cases provided for by law;
- withdraw consent to the processing of personal data (opt-out), in each case without prejudice to the lawfulness of the processing based on the consent given before the withdrawal and without prejudice to further processing of the same data based on other legal grounds (e.g. contractual obligations or legal obligations to which the Controller is subject);
- object, in whole or in part: (i) on legitimate grounds to the processing of personal data, even if pertinent to the purpose of collection; and (ii) to the processing of personal data for the purpose of sending communications;
- file a complaint with the Garante per la protezione dei dati personali.
7. RETENTION PERIOD
Data are processed and stored for the time required by the purposes for which they were collected (see Section 2).
At the end of the storage period, personal data are deleted and consequently the possibility of exercising the rights associated with the processing also ceases to exist.
8. POLICY CHANGES
The Owner is constantly developing the services offered and reserves the right to change the Privacy Policy at any time, in accordance with current legislation. Any changes are published promptly on this page, so you should check this page regularly for updates.
9. CONTACT DETAILS
For any information concerning the collection and use of Users' data during the use of the Site, or for the exercise of their rights, Users may contact the Controller by writing to privacy@cramaro.com or via the "Contact Us" area of the Site as indicated in paragraph 2.4. Requests are filed free of charge and taken care of by the Owner as soon as possible, in any case within one month.