Updated to EU General Data Protection Regulation (GDPR) 2016/679
When the user brows our Website, using its services and features, Ceramica Catalano S.p.A. may collect and process information about the user. Specific privacy information notices are normally published in the Website sections in which users’ personal data are collected, under the terms of art. 13/15 of the GDPR. Where that occurs, processing is performed on the basis of the user’s consent. If the user provides personal data of third parties, users are responsible for any third-party Personal Data provided and confirms to have the third party's consent to provide the Data to the Owner, in compliance with GDPR UE 2016/679.
2) The Data we process
Visiting our website does not generally involve the collection and/or processing of any personal information, except for browsing data and cookies as specified below. In addition to the browsing data (see below), personal data voluntarily provided by the user may be processed when using some features or asking for some services available in the Site. In compliance with the GDPR, Ceramica Catalano SpA when performing its activities, could also collect the user’s personal data from third parties.
3) Cookies and browsing data
Please read the dedicated section
4) Data storage
Personal data are stored and processed through informatics systems owned and managed by Ceramica Catalano S.p.A. or by external third party as technical service providers; for more details, please refer to the following section "Purposes and means of personal data processing”. Only authorized personnel has access to personal information, including the staff assigned to carry out extraordinary maintenance operations.
5) Purposes and means of personal data processing
The personal data collected will be processed by Ceramica Catalano S.p.A in accordance with the following purposes: use of the website, management of enquiries and claims, sending newsletters, management of applications sent through the Website, etc..
Furthermore, with your optional consent, your ordinary personal data may also be used for institutional communications (including newsletters) or promotional activities (marketing) i.e., sending advertising material and/or commercial communications pertaining to the Company’s services using traditional (i.e. paper mail, phone calls with operator, etc.) or electronic means (i.e. Internet communications, faxes, emails, SMS, mobile apps, social network accounts such as Facebook, Twitter, etc.).
All your data are processed using automatic and electronic instruments suitable to ensure full security and confidentiality, complying with the purpose of GDPR 2016/679, and the processing of your personal data will be based on principles of correctness, lawfulness, integrity and confidentiality. Your personal data, in accordance with GDPR 2016/679 will be stored until May 23, 2118.
6) Personal data’s security and quality
Ceramica Catalano S.p.A undertakes to ensure security of the user’s personal data and to comply with provisions on security provided by law to avoid data loss, illegitimate or unlawful uses of data or unauthorized access to data, with particular reference to the Technical Guideline for Minimal Data Protection Safeguards.
Informatics systems and programs used by Ceramica Catalano S.p.A are set up for reducing as much as possible the use of personal and identifying data. Such data are processed only to the extent required to achieve the purposes indicated in this Policy.
Ceramica Catalano S.p.A. uses many types of advanced security technologies and procedures intended to aid protection of the user’s personal data; for example, personal data are held on secure servers located on premises with protected and controlled access. The users can update and correct their personal data by communicating to Ceramica Catalano S.p.A any change of address, contact information, etc.
7) Data communication and access
The user’s data can be communicated and processed by:
- legitimate recipients identified from time to time by the applicable laws
- our staff members who require processing the data for performing their job duties
- natural and/or legal persons, public and/or private so far as the communication is necessary or functional for performing our business, for the purpose and in the manner described above;
8) Required data and optional data
Some user’s personal data are strictly necessary to Ceramica Catalano S.p.A. for handling users’ communications and requests. Such data, when filling the forms in our website, are marked with an asterisk [*] and are mandatory for Ceramica Catalano S.p.A.; failure in providing this data means failure for the Company to handle/fulfil the user’s communication/request.
Providing data not marked with an asterisk is optional: failure to provide this data has no consequence.
The consent to use personal data for marketing purposes, as specified in the section "Purposes and means of personal data processing” is optional and the failure to give this consent has no consequence. Giving the consent for marketing purposes means receiving communications through electronic and/or traditional means, as stated above.
9) Your rights
9.1 Art. 15 (Right of access by the data subject) , Art. 16 (Right to rectification) of REGULATION (EU) 2016/679
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
9.2 Art. 17 Right to erasure (‘right to be forgotten’) of REGULATION (EU) 2016/679
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
9.3 Art. 18 GDPR Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
9.4 Art. 20 GDPR Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided
10. Withdrawal of consent for personal data processing
Data Controller and DPO: