Privacy Policy under articles 13 and 14 of EU Regulation 2016/679 GDPR (General Data Protection Regulation) and related implementation provisions

1. Controller

The Controller for personal data obtained through this website is Lanificio Zignone Spa, Frazione Boero Monti 3, 13823 Strona (BI), Italy, Tel +39 0157 461111, Fax +39 0157 42345, Email ammfin@zignone.it, Certified email zignone@legalmail.it

2. Processing procedures

Please be informed that:
  • all data are processed lawfully, properly and transparently vis à vis the data subject, in accordance with the general principles set out in GDPR and in the Italian Privacy Code;
  • we collect and process your data exclusively for the purposes indicated in this Privacy Policy or for the specific purposes that we have previously shared with you and/or in relation to which you have already expressed your consent;
  • we aim to collect, process and use as little of your personal data as possible;
  • when it is a requirement for us to collect your personal data, we ensure that they are as accurate and as up to date as possible;
  • if the personal data we have collected are no longer necessary for any purposes and we are not required to store them under any legal requirement, we use our best endeavours to erase them, destroy them or render them anonymous;
  • we employ specific security measures to prevent loss of data, unlawful or improper use or unauthorised access;
  • your personal data will not be shared, sold, made available or disclosed to any parties who are not specifically indicated in this Privacy Policy.

3. Data collected and purposes of processing

Personal data are collected in the ways listed below and are processed through paper (registration forms, order forms, etc.), computer (management software, accounting software, etc.) and electronic media, using organisational and processing procedures that are strictly connected with the purposes for which the data are collected, in a manner that is able to ensure the security, integrity and confidentiality of the data, in accordance with the organisational, physical and logical measures set out in the applicable law.
Where the data subject is younger than 16, processing is lawful only to the extent that consent is given or authorised by the person having parental responsibility, whose identification details shall be obtained, together with a copy of his or her proof of ID.
Collected data only include so-called “ordinary” data, including forename, last name, tax code, etc. Where special data need to be collected under articles 9 and 10 GDPR, express consent shall be obtained and collected data will not be disclosed.
During their normal operation, the computer systems and software procedures that are involved in the functioning of the above websites acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. These data are known as “navigation data”.
This information is not collected for the purpose of being associated with any identified data subjects but, because of its nature, could, if processed and combined with other data held by third parties, lead to the identification of the concerned data subjects.
These data include the IP addresses and domain names of the computers that are used to connect to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file sent in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to make sure that the website is functioning properly. They could also be used to determine liability in the event of a computer crime perpetrated to the detriment of the website (legitimate interests of the Controller).
The data are processed exclusively by internal personnel that has been duly authorised and trained to do so and will not be disclosed to any external parties, nor will they be circulated or transferred to non-EU countries. Only in the event of an investigation, the data may be made available to the competent authorities.
Data are normally stored for a brief period of time, except as extended in connection with any ongoing investigation activities.
Data are not provided by the data subject but are obtained directly through the technological systems operating on the website.
3.1 Cookies
Cookies are small text files that are stored on your computer or mobile device and are used by the above websites to create a more efficient user experience.
The website uses technical cookies and so-called profiling cookies, including from third parties. The EU Regulation requires that the "website visitor/platform user" expresses his or her consent regarding processing of the personal data about him or her directly, explicitly, unmistakably and distinguishably, also for the so-called "technical cookies".
Cookies and procedures used for managing and withdrawing consent under the new Regulation are indicated in the specific “Cookie Policy" form. By reading the form, the data subject is independently able to view consent given and withdraw consent for one or more areas of cookie activities, as desired.
For more information on how cookies are managed, please view our cookie policy (click here).
3.2 Data collected with user consent and purposes of processing
The optional, express and voluntary submittal of personal data through the forms available on the above website, after expressly accepting this Privacy Policy, involves the subsequent storing of the sender’s name and email address (as required to respond to any requests submitted), as well as of any other additional personal data provided. Data may only be accessed, for maintenance purposes, by the company that manages the technological infrastructure, and by its appointed personnel. Collected data will be processed for the purpose of providing the services offered by the Association.
3.3. Contact us
This page allows users to register with the website through an exclusive username and password to freely access a range of services via dedicated credentials.
Users are requested to enter a series of personal details (type of customer, business name, forename, last name, address, post code, city/town, VAT number or tax code, email, telephone, fax).
Registration is conditional upon granting of specific, free and informed consent. Data are processed exclusively by personnel that has been duly authorised and trained to do so. Depending on the type of service requested, the data are stored for a period of time that is compatible with the specific purposes for which they have been collected. Provision of the data to be entered in the mandatory fields is a requirement to obtain a response. Failure to provide the data marked as mandatory or to grant consent makes it impossible to access the various services.
3.4. Newsletter subscription
This page contains a form to subscribe to a newsletter offering promotional deals to subscribers and/or website registered users. Users are requested to enter a series of personal details (business name, forename, last name, email), of which email is the only mandatory field, while information in optional fields is only requested for the purpose of finding out more about each subscriber. Subscription is conditional upon granting of specific, free and informed consent. Data are processed exclusively by personnel that has been duly authorised and trained to do so. Data are stored until cancellation of newsletter subscription, which can be done freely at any time via the link provided at the bottom of each message sent. Failure to provide the email address or grant consent makes it impossible to obtain the newsletter service.
3.5 Log-in
The log-in page allows access to the reserved website area for registered customers having the required access credentials (username and password) or new customers registering via the form available on the “Contact Us” page and obtaining their own access credentials (user and password).

4. Categories of recipients of personal data

Except for any disclosures made in accordance with legal and contractual requirements, data collected and processed may only be disclosed for the above purposes to the following categories of recipients: companies and/or firms providing professional consultancy and/or support on accounting, taxation, legal and/or business matters; public administration bodies performing their institutional functions, to the extent permitted by the applicable law; third-party service suppliers where disclosure is required to provide the service under contract.

5. Storage period

Data that are mandatory for contractual purposes, accounting purposes or purposes that are connected with the provision of the service are stored for the time required for the performance of the contract, including in observation of the applicable legal requirements. Unless storage is otherwise justified, any and all data belonging to data subjects who are not purchasing and/or using the products/services, albeit having had a previous contact with the company’s representatives, will be immediately erased or rendered anonymous, unless informed consent has been duly given by the data subject for subsequent sales promotion and/or market research activities.

6. Legal basis

Processing of the personal data is based on consent by the data subject or on the fact that processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract (see article 6, paragraph 1, letters a and b of GDPR). Where processing is based on consent, users have a right to withdraw it at any time, using the contact details provided under section 1.
In order to conclude a contract for the purchase of goods or services, the requested personal data must be provided. Failure to provide all of the data requested will make it impossible to supply the goods or services requested.

7. Rights of the data subject

Pursuant to EU Regulation 679/2016 (GDPR) and the related national legislation, the data subject may, in the manner and within the limits established by the applicable law, exercise the following rights:
  • to request confirmation as to whether personal data exist about him or her (right of access);
  • to obtain information about the source of the data;
  • to obtain communication of the data in an intelligible form;
  • to obtain information on the logic, methods and purposes of processing;
  • to request that the personal data are updated, rectified, erased, rendered anonymous or blocked if processed in breach of the applicable law, therein including those data that are no longer necessary for the purposes for which they were collected;
  • where processing is based on consent, to receive personal data concerning him or her which he or she has provided to the Controller in a structured, commonly-used and machine-readable format;
  • to lodge a complaint with the supervisory authority.
You may exercise your rights via a specific request to be sent by email to the Controller’s address.

8. Changes

This Privacy Policy is subject to regular revision, including with reference to the applicable legislation and case law. Any significative changes will be duly highlighted on the website homepage for an adequate period of time. In any case, data subjects are invited to read this Privacy Policy regularly.