.jpg)
.png)
Privacy Policy
Here’s a clear, precise English version of your text — written in formal, compliant legal style suitable for a privacy notice:
DESALTO S.p.A., with its registered office at Via per Montesolaro – 22063 Cantù, Italy, Tax Code and VAT No. 00226050136 (hereinafter, the “Data Controller”), in its capacity as data controller, hereby informs you, in accordance with Italian law (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, hereinafter the “Privacy Code”) and European law (pursuant to Articles 13–14 of Regulation (EU) 2016/679, hereinafter “GDPR”), that your personal data will be processed in the following manner and for the purposes described below:
1. Subject of the Processing
The Data Controller processes personal data, including identifying information (such as name, surname, company name, address, telephone number, e-mail address, and other data) — hereinafter referred to as “personal data” or simply “data” — relating to the customer.
2. Source and Collection of Personal Data
Personal data are collected directly from the data subject, possibly also off-site, or through remote communication tools used by the Company (e.g. e-mail, telephone, or other digital channels).
Where personal data have not been obtained directly from the data subject, the source from which they originate will be indicated, including the possibility that they come from publicly accessible sources (public lists open to anyone).
4. Purpose and Legal Basis of Processing
Your personal data are processed:
A) Without your express consent (Art. 6(1)(b) and (f) GDPR), for the following Service Purposes:
• To execute and manage the service contract;
• To handle and fulfil requests for contact made by the data subject;
• To pursue legitimate interests (e.g. exercising a right in legal proceedings).
B) Only with your specific and separate consent (Art. 6(1)(a) GDPR), for the following Direct Marketing Purposes:
• To send, by e-mail, post, SMS, and/or telephone, newsletters, commercial communications, and/or advertising material regarding products or services offered by the Data Controller, including satisfaction surveys on service quality;
• To send, by e-mail, post, SMS, and/or telephone, commercial and/or promotional communications from third parties;
• To inform the data subject about events, webinars, or special initiatives promoted and/or organized by the Company.
Please note that if you are already our customer, we may send you commercial communications relating to products or services of the Data Controller similar to those you have already used, unless you object (Art. 130(4) of the Privacy Code).
5. Methods of Processing
Your personal data are processed through the operations listed in Art. 4(2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, retrieval, comparison, use, interconnection, blocking, communication, erasure, and destruction of data.
Data processing is carried out using both paper-based and electronic means, with methods strictly related to the purposes stated above, and in any case in such a way as to ensure data security and prevent loss, unlawful or improper use, and unauthorized access.
6. Retention Period and Criteria
In compliance with Art. 5(1)(e) GDPR, personal data are retained in a form permitting identification of the data subjects for no longer than necessary for the purposes for which the data are processed.
The Data Controller will retain personal data for the time necessary to fulfil the purposes stated above and, in any case, for no longer than 10 years from the termination of the relationship for the Service Purposes under paragraph 4(A), and for no longer than 24 months from data collection or until consent is withdrawn for the Direct Marketing Purposes under paragraph 4(B).
7. Recipients of Personal Data
For the purposes described in paragraph 4(A) and 4(B), your data may be shared with employees and collaborators of the Data Controller, acting as authorized persons and/or internal data processors and/or system administrators, where necessary.
Employees have been expressly authorized and trained pursuant to Art. 29 GDPR. Data processors have been duly appointed under Art. 28 GDPR. The updated list of data processors is available upon request by writing to info@desalto.it.
Your personal data may also be disclosed to supervisory bodies, judicial authorities, and other entities where disclosure is mandatory by law. These entities act as independent data controllers.
8. Data Transfer Abroad
The personal data you provide for the purposes outlined in paragraph 4(A) and (B) are not transferred outside the European Economic Area (EEA).
9. Automated Decision-Making
The Data Controller does not use automated decision-making processes, including profiling.
10. Nature of Data Provision and Consequences of Refusal
Providing your data for the purposes under paragraph 4(A) is mandatory. Failure to provide such data will make it impossible for us to provide the related services.
Providing your data for the purposes under paragraph 4(B) is optional. You may choose not to provide data or withdraw consent at any time, in which case you will no longer receive newsletters, commercial communications, or promotional material. However, you will still be entitled to the services referred to in paragraph 4(A).
11. Rights of the Data Subject
As the data subject, you have the rights set forth in Art. 15 GDPR, including the right to:
i. Obtain confirmation as to whether or not personal data concerning you exist, and receive such data in intelligible form;
ii. Obtain information on:
a) The source of the personal data;
b) The purposes and methods of processing;
c) The logic applied to processing by electronic means;
d) The identity of the data controller, processors, and representatives;
e) The entities or categories of entities to whom the personal data may be disclosed;
iii. Obtain:
a) The updating, rectification, or, where interested, integration of data;
b) The erasure, anonymization, or blocking of unlawfully processed data;
c) Certification that the operations under points (a) and (b) have been notified to those to whom the data were communicated, except where this proves impossible or involves disproportionate effort;
iv. Object, in whole or in part:
a) On legitimate grounds, to the processing of personal data concerning you, even if relevant to the purpose of collection;
b) To the processing of personal data for direct marketing, advertising, or market research purposes, whether by automated means (e-mail, calls without operator) or traditional means (telephone calls, post).
You may choose to object only to certain types of communication (automated or traditional) or to all marketing communications altogether.
You also have the rights set forth in Articles 16–22 GDPR (right to rectification, erasure, restriction of processing, data portability, and objection).
12. Exercising Your Rights
You may exercise your rights at any time by sending:
• A registered letter (with return receipt) to DESALTO S.p.A., Data Controller, Via per Montesolaro snc – 22063 Cantù (CO), Italy
• An e-mail to info@desalto.it
To stop receiving automated marketing communications (e.g. e-mails), simply send an e-mail to info@desalto.it with the subject “Unsubscribe from automated”, or click “Unsubscribe” in any newsletter received.
To stop receiving traditional marketing communications (e.g. phone calls or postal mail), send an e-mail to info@desalto.it with the subject “Unsubscribe from traditional”.
13. Right to Lodge a Complaint
As a data subject, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), Piazza Venezia 11, 00187 Rome – protocollo@pec.gpdp.it.
14. Data Controller
Pursuant to Articles 4 and 24 GDPR, the Data Controller is DESALTO S.p.A., Via per Montesolaro snc – 22063 Cantù (CO), Italy – Tax Code and VAT No. 00226050136 – PEC/e-mail: desalto.spa@legalmail.it – Tel. +39 031 7832211, represented by its pro tempore legal representative.
15. Data Protection Officer (DPO)*
The Data Controller has appointed a Data Protection Officer (DPO) pursuant to Art. 37 GDPR. The DPO is the contact point for any information regarding the processing of your data and can be reached at the registered office (Via per Montesolaro snc – 22063 Cantù, CO) or by e-mail at info@desalto.it.
16. Updates
The Data Controller may occasionally update this Privacy Notice and any related specific privacy statements. When updates occur, the Company will indicate a new revision date at the top of this notice.
Consent to the Processing of Personal Data for Marketing Purposes
Pursuant to Art. 7 GDPR and Art. 130 of Legislative Decree 196/2003 as amended, the undersigned, having read and understood the Privacy Notice, hereby gives free and informed consent to the processing of their personal data by DESALTO S.p.A. for the following marketing purposes (paragraph 4(B)):
1 To send, by e-mail, post, SMS, and/or telephone, newsletters, commercial communications, and/or advertising material on products or services offered by the Data Controller, including satisfaction surveys;
2 To send, by e-mail, post, SMS, and/or telephone, commercial and/or promotional communications from third parties;
3 To inform the data subject about events or special initiatives promoted and/or organized by the Company.
