NOTICE PURSUANT TO ARTICLE 13 EU REGULATION 2016/679

 

Pursuant to Reg. UE 2016/679 (“GDPR”), we provide you the deserved information concerning processing of collected personal data.

 

The Data Controller

The data controller, pursuant to Articles 4 ad 24 GDPR, is Crippa S.r.l. con socio unico (“CRIPPA”), with registered office in Arosio (CO), Via M. Buonarroti no. 3, Tax code and VAT no. 02989810136, in the person of its Chief Executive Officer. The data controller can be contacted at the following e-mail address: privacy@crippa.it.

 

The Data Protection Officer

The Company has appointed a Data Protection Officer (DPO) pursuant to Articles 37, 38 and 39 GDPR, who can be contacted at the e-mail address dpo@crippa.it or by writing to the DPO at the Company's headquarters in Arosio (CO), Via M. Buonarroti no. 3.

 

Type of data processed

Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can directly or indirectly be identified, in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier or to one or more specific factors to the physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30).

Browsing data: computer systems and procedures software preceded to the operation of this site, acquire, during their normal exercise, some personal data whose transmission is implicit using Internet communication protocols. This category includes: IP addresses, URI/URL (Uniform Resource Identifier/Locator), time of request, type of request, outgoing packet size, server status of response (received, error, etc…) and other parameters related to the operating system.

Data provided by data subject: the optional, explicit and voluntary sending of messages to contact-addresses, as well as compilation and forwarding of forms, involves the acquisition of sender’s personal data necessary to reply, as well as all the personal data included in messages themselves.

Cookies: for cookies and other comparable technologies, see the cookie policy in the footer of the site.

 

Purpose of processing, legal basis and data retention period

Purpose A): website navigation

LEGAL BASIS: legitimate interest, pursuant to Article 6, par. 1 (f) and recital 47 GDPR. the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Activities strictly necessary for the operation of the site and the provision of the platform navigation service. For non-technical cookies and assimilated technologies, the legal basis is consent, ex art. 6 par. 1 (a) GDPR (see cookie policy in the site footer).

DATA RETENTION: up to the duration of the browsing session (except for any need to ascertain criminal offences by the judicial authorities). For cookies and similar technologies, see the cookie policy in the site footer.

NATURE OF CONFERRAL: navigation data are necessary in order to allow navigation of the website. For cookies and similar technologies see the cookie policy in the footer of the site.

 

Purpose B): use of cookies other than technical cookies and similar technologies

LEGAL BASIS: consent of the data subject, pursuant to Article 6, par. 1 (a) GDPR and recitals 42 and 43 GDPR.

DATA RETENTION: see the cookie policy in the footer of the site.

NATURE OF CONFERRAL: see the cookie policy in the footer of the site.

 

Purpose C): direct marketing

CRIPPA uses personal data, with the consent of the data subject, to send newsletters, promotional and advertising material, commercial offers and invitations, through automated means of e.mail, as well as by paper mail and operator phone calls.

LEGAL BASIS: consent of the data subject, pursuant to Article 6, par. 1 (a) and recitals 42 and 43 GDPR.

DATA RETENTION: until consent is revoked (opt-out).

NATURE OF CONFERRAL: the conferment is optional and, where lacking, personal data won’t be processed for such purpose.

 

Purpose D): handling customer service requests

CRIPPA's Customer Service uses the personal data provided by the data subject, either by e-mail to info@crippa.it or by filling in the "Contact Us" form, to satisfy his/her requests for information or assistance

LEGAL BASIS: the processing is necessary for the purposes of the legitimate interests pursued by the controller, pursuant to Article 6, par. 1 (f) and recital 47 GDPR, as well as for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, pursuant to Article 6, par. 1 (b) and recital 44 GDPR.

DATA RETENTION: for the time necessary to fulfil the request and for a maximum of 12 months, without prejudice to any further storage that may be necessary to protect the rights of the data controller.

NATURE OF CONFERRAL: the provision of data is mandatory or optional depending on the purpose for which the data is processed. Whether data marked with an * ar not provided, the Data processor won’t be able to supply his service.

 

Purpose E): handling requests received through the 'Contact the Service' form.

CRIPPA's Customer Service uses the personal data of the data subject to fulfil requests for assistance.

LEGAL BASIS: the processing is necessary for the purposes of the legitimate interests pursued by the controller, pursuant to Article 6, par. 1 (f) and recital 47 GDPR, as well as for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, pursuant to Article 6, par. 1 (b) and recital 44 GDPR.

DATA RETENTION: for the time necessary to fulfil the request and for a maximum of 12 months, without prejudice to any further storage that may be necessary to protect the rights of the data controller.

NATURE OF CONFERRAL: the provision of data is mandatory or optional depending on the purpose for which the data is processed. Whether data marked with an * ar not provided, the data processor won’t be able to supply his service.

 

Purpose F): recruitment through the 'Work with us' area.

CRIPPA processes the data of the data subject for recruitment purposes, for the management of applications in response to job offers published on the website as well as for any positions other than those for which the person concerned spontaneously applied.

LEGAL BASIS: processing is necessary for the execution of pre-contractual measures also adopted on data subject’s request, pursuant to Article 6, par. 1 (b) and recital 44 GDPR.

DATA RETENTION: maximum 12 months. In principle, data collected during the process will be deleted as soon as it becomes clear that no job offer will be made or that the offer will not be accepted by the candidate.

NATURE OF CONFERRAL: the conferment is optional and, where lacking, personal data won’t be processed for such purpose.

 

Purpose G): handling requests to exercise the rights of data subjects, pursuant to Articles 15 et seq. GDPR

LEGAL BASIS: the processing is necessary for compliance with a legal obligation to which the controller is subject, pursuant to Article 6, par. 1 (c) GDPR.

DATA RETENTION: 5 years from the closing of the request, except in the case of litigation.

NATURE OF CONFERRAL: the provision of personal data is necessary in order to fulfil legal obligations.

 

Treatment modes

Your data will not be disseminated and will be subject to traditional manual and electronic processing. The data subject won’t be subject to a decision based solely on automated processing

 

Data transfer

Personal data will be transferred to countries within or outside the UE (in particular, US), in order to fulfill contractual obligations and purposes within limits and under the conditions provided by Article 44 GDPR (General principle for transfers) and specifically according to art. 45 (Transfers on the basis of an adequacy decision).

 

Persons who have access to the data.

Provided data will be shared with recipients who will treat them as data processors (art. 28 Reg. UE 2016/679) and/or as natural person acting under the controller’s or processor’s authority (art. 29 Reg. UE 2016/679) for former purposes. Data will be shared with: group companies; subjects providing services for information system management and communication networks (including e-mail boxes, newsletter and website); freelancers, offices or companies in the context of assistance and consultancy; competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.

The list of data processors is constantly updated and can be obtained by writing to privacy@crippa.it or to CRIPPA's headquarters.

 

Rights of the data subject

The data subject may exercise, at any time, the following rights, provided for in Articles 15 et seq. GDPR, by contacting the data controller at the e-mail address privacy@crippa.it or the DPO at the e-mail address dpo@crippa.it: right of access (Art. 15), right to rectification (Art. 16), if the data are incorrect or incomplete, right to erasure (Art. 17), right to restriction of processing (Art. 18). The data controller shall inform each of the recipients to whom the personal data have been transmitted of any rectification, erasure or restriction of processing carried out (Art. 19). The data controller shall inform the data subject of these recipients if the data subject so requests.  In the cases provided for, the data subject has the right to data portability (Art. 20), which in this case will be provided in a structured, commonly used and machine-readable format. He/she has the right to object (Art. 21), at any time, to the processing of data based on legitimate interest, and in cases where the legal basis is consent, he/she has the right to revoke the consent given without prejudice to the lawfulness of the processing based on the consent before revocation.

To stop receiving automated direct marketing communications (e.g. e-mails), simply write an e-mail at any time to privacy@crippa.it or dpo@crippa.it with the subject line 'unsubscribe from automated' or use the automatic unsubscribe systems provided for e-mails.

To stop receiving traditional direct marketing communications (telephone calls, paper mail), simply write an e-mail at any time to privacy@crippa.it or dpo@crippa.it with the subject line 'unsubscribe from traditional'.

If the data subject considers the processing conflicting with GDPR, he/she may contact the data controller at privacy@crippa.it. In addition, the data subject has the right to lodge a complaint with a supervisory authority (www.garanteprivacy.it).

 

Privacy Policy updates

Data controller retains the right to modify and update this statement at his own discretion, in any moment, including as a result of any subsequent regulatory changes and/or additions. The most recent version of the policy is always available on the CRIPPA website.

 

Last review: October 2023