The purpose of this document is to inform the natural person (hereinafter the "Data Subject") regarding the processing of their personal data (hereinafter "Personal Data") collected by the data controller, Toffac Ingranaggi SPA, with registered office at Via Vittorio Veneto 113/115, 35028 Piove di Sacco (PD), Italy, VAT/Tax ID IT00229470281, email address privacy@toffac.com, (hereinafter the "Controller"), through the website www.toffac.com (hereinafter the "Website").
Changes and updates will be binding as soon as they are published on the Website. In case of non-acceptance of the changes made to the Privacy Policy, the Data Subject is required to cease the use of this Website and may request the Controller to delete their Personal Data.
-
Categories of Personal Data Processed
The Controller processes the following types of Personal Data voluntarily provided by the Data Subject:
- Contact Data: name, surname, address, email, phone, images, authentication credentials, any additional information provided by the Data Subject, etc.
The Controller processes the following types of Personal Data collected in an automated manner:
- Technical Data: Personal Data generated by devices, applications, tools, and protocols used, such as information about the device used, IP addresses, browser type, Internet service provider (ISP) type. Such Personal Data can leave traces that, especially when combined with unique identifiers and other information received from servers, can be used to create profiles of natural persons.
- Website Browsing and Usage Data: such as visited pages, number of clicks, actions performed, session duration, etc.
The failure of the Data Subject to provide Personal Data for which there is a legal or contractual obligation, or if they constitute a necessary requirement for the conclusion of the contract with the Controller, will result in the impossibility of the Controller to establish or continue the relationship with the Data Subject.
The Data Subject who provides the Controller with Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication, or dissemination.
-
Cookies and Similar Technologies
The Website uses cookies, web beacons, unique identifiers, and other similar technologies to collect the Data Subject's Personal Data on the pages, links visited, and other actions performed when the Data Subject uses the Website. They are stored to be transmitted on the Data Subject's next visit.
-
Legal Basis and Purposes of Processing
The processing of Personal Data is necessary:
- for the execution of the contract with the Data Subject, specifically:
- fulfillment of any obligations arising from the pre-contractual or contractual relationship with the Data Subject
- registration and authentication of the Data Subject: to allow the Data Subject to register on the Website, access, and be identified, also through external platforms
- support and contact with the Data Subject: to respond to the Data Subject's requests
- for legal obligations, specifically:
- compliance with any obligations under current regulations, laws, and regulations, in particular, in tax and fiscal matters
- on the basis of the legitimate interest of the Controller, for:
- management, optimization, and monitoring of the technical infrastructure: to identify and resolve any technical issues, improve the performance of the Website, and manage and organize information in an information system (e.g., servers, databases, etc.)
- security and anti-fraud: to ensure the security of the Controller's assets, infrastructure, and networks
- statistics with anonymous data: to carry out statistical analysis on aggregated and anonymous data to analyze the behavior of the Data Subject, improve the products and/or services provided by the Controller, and better meet the expectations of the Data Subject
Based on the legitimate interest of the Controller, the Website allows interactions with external platforms or social networks whose processing of Personal Data is governed by their respective privacy policies, to which reference should be made. Interactions and information acquired from this Website are, in any case, subject to the privacy settings chosen by the Data Subject on such platforms or social networks. This information - in the absence of specific consent for further purposes - is used solely to enable the use of the Website and provide the requested information and services.
The Personal Data of the Data Subject may also be used by the Controller to protect itself in legal proceedings before the competent judicial authorities.
- for the execution of the contract with the Data Subject, specifically:
-
Processing Methods and Recipients of Personal Data
Personal Data is processed using paper and computerized tools with organizational methods and logic strictly related to the purposes indicated and with the adoption of adequate security measures.
Personal Data is processed exclusively by:
- persons authorized by the Data Controller who have committed to confidentiality or have an appropriate legal obligation of confidentiality;
- entities that operate independently as separate data controllers or are designated by the Controller to carry out all the processing activities necessary to pursue the purposes set out in this information (e.g., business partners, consultants, IT companies, service providers, hosting providers);
- subjects or authorities to whom it is mandatory to communicate Personal Data by law or by order of the authorities.
The above-mentioned subjects are required to use appropriate guarantees to protect Personal Data and can only access the data necessary to carry out the tasks assigned to them.
Personal Data will not be disseminated indiscriminately in any way.
-
Location
If necessary, Personal Data may be transferred to subjects located outside the territory of the European Economic Area (EEA). Whenever Personal Data are to be transferred outside the EEA, the Controller will adopt every contractual measure suitable and necessary to ensure an adequate level of protection of Personal Data, including - among others - agreements based on standard contractual clauses for the transfer of data outside the EEA, approved by the European Commission. To request information on the specific guarantees adopted, the Data Subject may contact the Controller at the following email address privacy@toffac.com.
-
Retention Period of Personal Data
Personal Data will be retained for the time necessary to fulfill the purposes for which they were collected, in particular:
- for purposes related to the execution of the contract between the Controller and the Data Subject, they will be retained for the entire duration of the contractual relationship and, after termination, for the ordinary prescription period of 10 years. In the case of legal disputes, they will be retained for the duration of the dispute, until the expiration of the time limits for bringing actions for annulment
- for purposes related to the legitimate interest of the Controller, they will be retained until that interest is achieved
- for compliance with a legal obligation, by order of an authority, and for legal protection, they will be retained in compliance with the timing provided by such obligations, regulations, and in any case until the expiration of the limitation period provided by the current regulations
- for purposes based on the Data Subject's consent, they will be retained until consent is revoked
At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Data Subject.
-
Data Subject's Rights
Data Subjects can exercise certain rights regarding the Personal Data processed by the Controller. In particular, the Data Subject has the right to:
- be informed about the processing of their Personal Data
- withdraw consent at any time
- limit the processing of their Personal Data
- object to the processing of their Personal Data
- access their Personal Data
- verify and request the rectification of their Personal Data
- obtain the limitation of the processing of their Personal Data
- obtain the erasure of their Personal Data
- transfer their Personal Data to another controller
- file a complaint with the data protection authority and/or take legal action.
To exercise their rights, Data Subjects can send a request to the following email address privacy@toffac.com. Requests will be handled by the Controller immediately and processed as soon as possible, in any case within 30 days.