(i) by Cleaf S.p.a., as controller, in compliance with the contractual relationship with Cleaf itself and/or via the website at www.cleaf.it (hereafter the “Website”) when registering on the Website and/or when using services supplied by Cleaf S.p.a., including those in the restricted area of the Website (hereafter “Services”);
(ii) by Cleaf S.p.a. and Fritz Egger Gmbh & Co OG, as joint controllers, to promote some of Cleaf’s products, as detailed in the following section 9.
1. Data Controller
1.1 The Data Controller of your personal data is Cleaf S.p.a. (hereafter “Cleaf” or “Data Controller”), with its registered office in Macherio (MB), via S. Ambrogio 18, 20846, Italy.
2. Nature of the data processed and purposes of the processing
2.1 The personal data processed – where personal data is defined as any information on a natural person who is identified or may be identified, either directly or indirectly through reference to any other information – are:
a) the data provided by the user to the Data Controller in compliance with the contractual relationship with Cleaf;
b) the data provided by the user to the Data Controller when requesting for supply of a Service provided by Cleaf, such as name, surname, e-mail address, residence or domicile address, fiscal code, telephone number, fax number, bank details, IP address;
c) the data provided by the user to the Data Controller when submitting his/her application for employment opportunities offered by Cleaf itself on the relevant section of the Website, such as biographical data (name, surname, sex, date of birth, nationality, postal address, telephone number, e-mail address), data regarding user’s education, professional experience, IT skills and knowledge of languages;
d) the data provided by the user to the Data Controller in the course of further contacts with the Data Controller (name, surname, e-mail address, professional position);
e) the data collected by Cleaf when browsing the Website, such as IP address, information obtained through cookies.
2.2 The data will be used for the following purposes:
a) for the performance and the continuation of the employment relationship with Cleaf, including the management of the contractual service requested, the invoicing of the service rendered, as well as for the fulfilment of obligations under the law and EU regulations or legislation and for exercising rights before the Courts;
b) for the transmission, via e-mail and paper-based mail of commercial proposals related and/or connected to Cleaf’s Services, for sending advertising material exclusively regarding the above-mentioned products or services, Cleaf’s bulletin-newsletter, invitation to conferences, information relating to the area of intellectual property, communications regarding market opportunities concerning the administration of intangible goods (such as trademarks, patents, design) and/or for conduction of market surveys.
3. Obligatory/optional nature of providing data
3.1 Providing the data requested at the time of the establishment of the contractual relationship with Cleaf and/or when registering on the Website or when activating the Services for the purposes identified in the section 2.2.A above is mandatory, as it is strictly functional for the performance of the contractual commitments, for providing the Services themselves and meeting legal obligations. Refusal to supply data will make it impossible for Cleaf to fulfil its contractual commitments, to complete the process of registering on the Website and/or therefore provide the Services.
3.2 The user/client may object to processing of the data for the purposes identified in section 2.2.B above either by using the opt-out system included in all the communications, either by sending an e-mail to email@example.com.
Providing the data requested at the time of activation of the Services for the purposes identified in section 2.2.B above is optional. Refusal to consent to the purposes of section 2.2.B will have no effect on the performance of the contractual commitments and/or for the providing of Services. Users/clients will be able to benefit from Cleaf’s performances and Services anyway.
4. Processing methods
4.1 Users/clients’ data will be collected on line or through the use of physical storage when establishing the contractual relationship with Cleaf, when registering on the Website, when activating the Services, as well as by comparing items of parts of items of information and through the use of the e-mail service.
4.2 Users/client’ data will be processed through registration, consultation, communication, storage and deletion operations conducted primarily using electronic tools and manually, ensuring that appropriate measures are taken to protect the security and guarantee the confidentiality of the data processed.
4.3 Users/client’ data, stored in electronic/magnetic/digital form, are stored and filed on a server located in the EU; personal data stored in paper form shall be filed in specific registers and/or records whose conservation shall be guaranteed by placing the latter in specific containers, stored in suitable premises. Cleaf declares that data registered on its server and/or in suitable premises are protected against the risk of intrusion and unauthorized access, and that it has taken appropriate security measures to ensure the integrity and availability of data and protect areas and places for data storage and accessibility.
4.4 Personal data will be processed by Cleaf employees and/or collaborators as persons authorized to processing in the context of their respective functions and in accordance with the instructions given by Cleaf.
5. Data disclosure
5.1 Users’ personal data may be disclosed to certain parties appointed by Cleaf to perform the contractual commitments, to provide the Services requested and to meet legal obligations, which will act as data processors, in accordance with the instructions given by Cleaf. The list of the data processors may be available on request of the data subject.
Personal data will not be disseminated.
6. Users’ rights
6.1 Data subject are entitled to obtain confirmation of the presence of their personal data and the purposes for which the data are processed at any time. Users are also entitled to request updating, correction, deletion or blocking of data and to refuse its use, entirely or in part.
6.2 Users’ rights are listed below. Specifically:
6.2.1 A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information.
6.2.2 A data subject shall have the right to be informed of:
a) the source of the personal data;
b) the purposes and the modalities of the processing;
c) the logic involved in any personal data processing by electronic means;
d) the contact details of the controller and, where applicable, of the processor and of the controller’s representative;
e) the subject or categories of subjects to whom the personal data may be disclosed or that may access to the data as controller or processor’s representative within the territory of the State.
6.2.3 In addition to the previous information, the data subject is entitled to receive from the Controller the following further information upon request:
a) obtain from the controller without undue delay the update, integration or rectification of inaccurate personal data concerning him or her;
b) the rectification or deletion of personal data or restriction of processing concerning the data subject or to refuse the processing as well as the right to data portability, and the anonymization of the data;
c) the attestation that the operations mentioned in sections a) and b) above have been notified to the subject to whom the data were disclosed, unless the fulfilment of this requirement is impossible or involves disproportionate effort.
6.2.4 The data subject shall have the right to object, at any time, to processing of personal data concerning him or her:
a) for legitimate grounds relating to his or her particular situation, including profiling;
b) where personal data are processed for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
6.2.5 The data subject shall have the right to:
a) lodge a complaint with a supervisory authority (data protection Authority);
b) receive the personal data concerning him or her, which he or she has provided to Cleaf, in a commonly used electronic form and in an easily legible manner, and have the right to transmit those data to another controller without interferences;
c) obtain from the controller restriction of processing.
6.3 To exercise the above mentioned rights and receive information on parties to whom the data are disclosed, or parties who may become aware of data while acting as data processors or persons in charge of the processing, the users may contact Cleaf, by sending a request using the contact details provided above.
7. Duration of processing
7.1 Personal data will be processed with regard to the purposes mentioned in section 2.2.A, for no longer than the duration of the contract with Cleaf, plus a period of 10 years for the fulfilment of current civil, fiscal and tax obligations.
7.2 Personal data will be processed with regard to the purposes mentioned in section 2.2.B for no longer than 24 months starting from the date in which the consent to the processing of personal data was given.
7.3 At the end of the data processing period, the data will be deleted or permanently rendered anonymous.
8. Legal basis for the processing
8.1 The legal basis for the processing shall be constituted in accordance with the contractual relationship, the Data Controller’s legitimate interest and the legal provisions.
9. Joint Controllership and Promotion Activities
In addition to the processing activities described in previous section 2 and regulated above, this section describes the processing of your personal data carried out by Cleaf and Egger as joint controllers.
In particular, Cleaf and Fritz Egger Gmbh & Co OG, with registered office in Weiberndorf 20, 6395, St. Johann in Tirol, Austria will process your personal data as joint controllers (respectively, “Egger” and “Joint Controllers”) for the promotion of Cleaf’s products.
In accordance with article 26, Regulation (EU) 2016/679, the Joint Controllers have drafted a joint controllership agreement to regulate the respective roles and responsibilities regarding the processing of your personal data for the promotion activities.
For any additional information regarding the processing activities carried out by the Joint Controllers or to receive the essential elements of the joint controllership agreement you may contact either of them at the following addresses:
– Cleaf: firstname.lastname@example.org;
– Egger: email@example.com.
9.1 The personal data processed by the Joint Controllers
The personal data processed by the Joint Controllers are those collected from fabricators, architects and distributors in the course of a business relationship or professional event, such as name, surname, email address and professional qualification.
9.2 Purpose of the processing and legal basis
The Joint Controllers will process your personal data for the promotion of Cleaf’s products.
The legal basis for such processing is the legitimate interest of the Joint Controllers to send you business communications for products in which you may have an interest based on your previous contacts with them.
The provision of personal data is optional, and its denial would not impair the management of any other relationship you have with either of the Joint Controllers.
Moreover, you have at any time the right to object to such processing either by using the opt-out link included in all the communications received by the Joint Controllers or contacting Cleaf and/or Egger.
9.3 Who will process your personal data
Your personal data will be processed by the employees and/or collaborators of the Joint Controllers, who have been duly appointed persons authorized to the processing.
Moreover, your personal data may be communicated to third parties, which support the Joint Controllers to carry out the promotion activities, duly appointed as processor. You may ask the list of all processors to any of the Joint Controllers.
9.4 Duration of processing
Your personal data will be processed by the Joint Controllers until you object to the processing.
9.5 Methods of the processing
Your personal data will be processed through computerised tools and on paper. In any case, the Joint Controllers will adopt adequate instruments to guarantee the security and confidentiality of your personal data.
9.6 Your rights
In your quality as data subject, you have all the rights listed in previous paragraph 6, and namely the right to:
• access your data and obtain a copy of the same;
• ask for the rectification and the update of your data, where inaccurate or incomplete;
• ask for the erasure of your data;
• restrict the processing of your data;
• ask for data portability;
• object to the processing of your data;
• file a complaint to the competent Data Protection Authority.
You may exercise your rights contacting any of the Joint Controllers.
11. Transfer to non-EU countries
11.1 Personal data shall not be transferred to non-EU countries.