Privacy policy

PRIVACY POLICY
Users section

The undersigned Company ZEC S.p.A. (VAT Identification Number IT01720400348), with registered office at address Via Lungolorno, 11, 43052 Colorno (PR), Italy, owner of the website https://www.zecspa.com (hereinafter the “Site”), in its capacity as the Controller of the personal data of the Site users (hereinafter the “Users”) gives here below, through its legal representative currently in office, information to data subjects on its privacy policy pursuant to Article 13 of Regulation (EU) 2016/679 of 27 April 2016 (hereinafter the “Regulation” or “Applicable Legislation”).

This Site and any services provided through the Site are reserved to persons that are at least eighteen years old. Therefore, the Data Controller does not collect any personal data of people under 18 years of age. At the users’ request, the Data Controller will erase without delay any and all personal data collected concerning people under 18 years old.

The Data Controller attaches the utmost importance to the privacy and to the protection of the personal data of its Users. For any queries about this privacy policy, Users can contact the Data Controller at any time, with the following methods:

• Sending a registered letter with return receipt to the registered office of the Data Controller ZEC S.p.A., at address Via Lungolorno, 11, 43052 Colorno (PR), Italy;
• Sending an e-mail message to the following addresses: Certified e-mail address (Italian acronym PEC) info@pec.zecspa.com ; E-mail info@zecspa.com

1 Category of data processed:
The data that will undergo this processing operation are the following:
a) All personal data the transmission of which is implicit in the use of Internet communication protocols, which the information systems and the software procedures used for the Site operation acquire during their normal running: the IP addresses or domain names of the computers utilized by Users, the Uniform Resource Identifier (URI) addresses of the requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code of the status of the service response (successful, error, etc.) and other parameters regarding the operating system and the IT environment of the User;
b) Identifying personal data (e.g. first name, last name, e-mail address, phone, country, firm name, position, IP address, log file, etc.);

2. Purposes of the processing
The Users’ personal data will be processed lawfully by the Data Controller in accordance with Article 6 of the Regulation for the following purposes:

a)    To provide the service, i.e. to enable the User to browse the Site. The User’s data collected by the Data Controller for this purpose include all the data and are used only to obtain anonymous statistical information on the use of the Site and to ensure its proper operation. Notwithstanding any other provisions laid down in this privacy policy, in no case shall he Data Controller make the Users’ personal data accessible to other Users and/or third parties.
b)    To respond to the User's request: the Users’ personal data are collected and processed by the Data Controller with the sole purpose of responding to their request. The Users’ data collected by the Data Controller for this purpose include: first name, last name, e-mail address, firm the User belongs to and any other data of the User voluntarily published in the “restricted area”. No other processing of the Users’ personal data shall be carried out by the Data Controller. Notwithstanding any other provisions laid down in this privacy policy, in no case shall he Data Controller make the Users’ personal data accessible to other Users and/or third parties.
c)    Registration to the newsletter: After having freely given their consent, the Users will periodically receive a newsletter from the Data Controller containing relevant information and news regarding the industry, the Data Controller’s activities or offers, promotions and commercial opportunities submitted by the Data Controller.
a)    Administrative-accounting purposes, i.e. to carry out organizational, administrative, financial and accounting activities, such as internal organizational activities and activities instrumental to compliance with pre-precontractual and contractual obligations.
b)    Legal obligations, i.e. to comply with obligations laid down by the law, by a competent authority, by any applicable regulation or legislation and to assess responsibility and culpability for any cybercrime offences against the Site.
c)    Performance of a contract, if processing is necessary for the performance of a contract with the User and/or or in order to take precontractual steps;
However, it is always possible to ask the Data Controller to clarify the specific legal basis for each processing activity and in particular to specify whether the processing activity is based on the law, provided for in a contract or needed to close a contract.
The provision of the personal data for the above-stated purposes is optional but necessary as any failure to provide them will entail the impossibility for the User to make his or her request to the Data Controller.

The personal data that are necessary to pursue the purposes set out in point 2) are marked with an asterisk on the request form.

3. Data processing method and storage period
The Data Controller will process the Users’ personal data with manual and IT means, in accordance with logics strictly connected to the purposes, in order to ensure the data security and confidentiality.

The personal data of the Users of the Site will be stored for the time strictly necessary to pursue the primary purposes stated in point 2) above or, however, for the time necessary in order to protect the interests both of the Users and of the Data Controller under the Italian civil law.

4. Scope of disclosure and dissemination of the data
The persons in charge of managing the Site and the Users’ requests may come to know the Users’ personal data. Those persons, who have been instructed to that effect by the Data Controller in accordance with Article 29 of the Regulation, will process the Users’ personal data solely for the purposes set out in this privacy policy and in compliance with the Applicable Legislation.
Furthermore, third parties may come to know the Users’ personal data as said third parties may process personal data on behalf of the Data Controller in the capacity as “External Data Processors”, with said third parties being, by way of example, providers of IT and logistic services instrumental to the Site operation, providers of outsourced or cloud computing services, advisors and consultants.
The Users have the right to obtain a list of any data processors appointed by the Data Controller, making the relevant request to the Data Controller with the methods set out in point 6) below.

5. Transfer of the data
The data collected for the above-stated purposes will not be transferred to countries not belonging to the EU.  Nevertheless, the Data Controller reserves the right to use cloud services and, in this case, the providers of the services will be selected amongst those who ensure appropriate safeguards in accordance with Article 46 of Regulation (EU) 2016/679.

6. Rights of the data subjects
The Users will be able to exercise their rights under the Applicable Legislation by getting in touch with the Data Controller using the following methods:

• Sending a registered letter with return receipt to the registered office of the Data Controller ZEC S.p.A., at address Via Lungolorno, 11, 43052 Colorno (PR), Italy;
• Sending an e-mail message to the following addresses: Certified e-mail address (Italian acronym PEC) info@pec.zecspa.com ; E-mail info@zecspa.com

The Site Users have the following rights:

• The right to access his or her personal data in order to know (“responsive transparency”) the purposes of the processing, the categories of personal data collected, the data recipients, especially in case of recipients based in third countries or international organizations, the expected data storage period (Article 15);
• The right to obtain data rectification (Article 16);
• The right to obtain the erasure of his or her personal data if they are no longer necessary for the purposes for which they were collected and if there are no other legal requirements to keep them (Article 17 of the GDPR); 
• The right to obtain the restriction of processing (Article 18);
• The right to data portability (Article 20);
• The right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her (Article 21 of the GDPR). In this case, the Company shall refrain from further processing of your personal data, unless it can prove the existence of mandatory, legitimate grounds for performing the processing (for example, to defend its rights court).
• The right not to be subject to automated decision-making, including profiling (Article 22);
• The right to withdraw their consent at any time without prejudice to the lawfulness of processing based on the consent given prior to its withdrawal.

Lastly, the data subject has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) under Article 13(2) and Article 77 of the GDPR.
The Italian supervisory authority is the Italian Data Protection Authority Garante per la protezione dei dati personali, with headquarters at Piazza Venezia 11, 00186 – Rome, Italy (http://www.garanteprivacy.it/).

For anything not provided for in this privacy policy, please refer to Regulation (EU) 2016/679, to Italian Legislative Decree 196/03as amended by Italian Legislative Decree 101/2018 as amended and supplemented, as well as to any other measure issued by the Italian Data Protection Authority (Autorità Garante per la Protezione dei Dati Personali, hereinafter “Garante”).

The Data Controller shall not be held responsible and accountable for the updating of all the links in this Privacy Policy and, therefore, if a link does not work and/or is not updated, the Users acknowledge and accept that they shall always refer to the document and/or section of the websites the link refers to In case he or she does not accept the amendments made to this privacy policy, the User shall discontinue his or her use of https://www.zecspa.com and has the right to obtain, from the Data Controller, the erasure of his or her Personal Data. Unless specified otherwise, this privacy policy shall continue to apply to the Personal Data collected up to that time.