Disclosure provided pursuant to Article 13 of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
1. GENERAL INFORMATION
In compliance with the provisions of Articles 12 and 13 of Regulation (EU) 2016/679 (General Data Protection Regulation – "GDPR"), this page describes the processing of personal data carried out by the Data Controller, as defined in point 2 below, relating to the data subjects involved in the processing listed below ("data subjects").The disclosure on this website does not refer to other processing carried out after you browse on websites reached through links that may be present within this website.
2. DATA CONTROLLER
The Data Controller is Florim Ceramiche S.p.A. SB a socio unico, with registered office in Via Canaletto 24, 41042 Fiorano Modenese (Modena, Italy), Italy, telephone: +39 0536-840111, email: florim@legalmail.it.
3. DATA PROTECTION OFFICER
The Data Controller has appointed a Data Protection Officer (DPO), who you may contact to exercise all the rights provided for in Articles 15 to 21 of the GDPR (see point 5 of this disclosure).The DPO can be contacted at the following email address: privacydpo@florim.com.
4. TYPES OF PROCESSING
4.1. VIDEO SURVEILLANCEThere are video surveillance systems present at the Data Controller's offices.
Purposes of processing (Article 13 (1) (c) of the GDPR)The video surveillance systems are installed in accordance with current legislation, by virtue of a specific assessment of the lawfulness and proportionality of such processing, in order to protect the company's assets and the safety of the people who are there. The presence of these systems is reported in accordance with the relevant guidelines, also using specific signs that disclose this.
Lawfulness of processing (Article 13 (1) (c) of the GDPR)The processing is necessary to pursue the legitimate interests of the Data Controller to protect and safeguard company assets and the persons located therein (Article 6 (1) (f) of the GDPR).
Scope of communication (Article 13 (1) (e) and (f) of the GDPR)The data are processed exclusively by personnel authorised and trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (e.g.: support for the maintenance of video surveillance systems; concierge services/security guards): these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. In specific cases (e.g. investigations and verifications), the recordings may be made available to the competent authorities. In any case, personal data collected through video surveillance systems will not be disclosed to third parties, or disseminated or transferred outside the European Union/European Economic Area.
Data processing methods (Recital 39, GDPR)Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. Images will be processed using IT and automated tools. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access.
Data storage period (Article 13 (2) (a) of the GDPR)Footage is stored for up to a maximum period of 72 hours.
4.2. DATA FOR CONTACT REQUESTSThe management of contact requests, made where you fill out forms on this website, involves acquiring your personal data.
Purposes of processing (Article 13 (1) (c) of the GDPR)The personal data collected are used for the sole purpose of responding to the requests sent, and communicating with the data subject in any subsequent stages. Some information (field of employment of the applicant and headquarters of the company) is collected to streamline the process of routing them to the company structures in charge of that geographical area and by product area. The disclosure of certain data is mandatory and marked by specific asterisks.
Categories of personal datapersonal details (name, surname);contact details (email address, phone number);data relating to the professional sphere (field of employment, company, company headquarters);any other data/information included in the request.
Lawfulness of processing (Article 13 (1) (c) of the GDPR)Processing is carried out to perform an activity requested by the data subject (Article 6 (1) (b) GDPR).
Scope of communication (Article 13 (1) (e) and (f) of the GDPR)The data are processed exclusively by authorised personnel, trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (support for the website, consulting firms): these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. In any case, personal data collected will not be disclosed to third parties, or disseminated or transferred outside the European Union/European Economic Area.
Data processing methods (Recital 39, GDPR)Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. The personal data will be processed using computerised and automated tools. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access.
Data storage period (Article 13 (2) (a) of the GDPR)Personal data are stored for the time necessary for the management of the relationship with the requesting party.
Nature of the provision (Article 13 (2) (e) of the GDPR)The data are provided optionally by the data subjects. However, failure to provide them may affect the handling of the request and the sending of feedback.
4.3. DATA FOR CREATING "FLORIM CLUB" ACCOUNTSThe management of contact requests, made where you fill out forms on this website, involves acquiring your personal data.
Purposes of processing (Article 13 (1) (c) of the GDPR)The personal data collected are used for the exclusive purpose of creating an account on the "Florim Club" portal and allowing you to request services related to registration (product images, images of interiors and catalogues). Some information (field of employment of the applicant and company) is collected to streamline the process of routing them to the company structures in charge of that geographical area and by product area. The disclosure of certain data is mandatory and marked by specific asterisks.
Categories of personal datapersonal details (e.g.: name, surname);contact details (email address, phone number);data relating to the professional sphere (field of employment, company);any other data/information included in the request.
Lawfulness of processing (Article 13 (1) (c) of the GDPR)Processing is carried out to perform an activity requested by the data subject (Article 6 (1) (b) GDPR).
Scope of communication (Article 13 (1) (e) and (f) of the GDPR)The data are processed exclusively by authorised personnel, trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (support for the website, consulting firms): these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. In any case, personal data collected will not be disclosed to third parties, or disseminated or transferred outside the European Union/European Economic Area.
Data processing methods (Recital 39, GDPR)Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. The personal data will be processed using computerised and automated tools. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access.
Data storage period (Article 13 (2) (a) of the GDPR)Personal data are stored for the time necessary for the management of the relationship with the requesting party.
Nature of the provision (Article 13 (2) (e) of the GDPR)The data are provided optionally by the data subjects. However, failure to provide them may affect the handling of the request and the sending of feedback.
4.4. DATA RELATING TO JOB APPLICATIONSThe personal data contained within the CVs sent to specific addresses indicated on this site are processed for purposes related to the search, selection and management of any future employment.
Purposes of processing (Article 13 (1) (c) of the GDPR)The personal data contained within the CVs are processed for purposes related to the search and selection of personnel by the Data Controller.
Categories of personal datapersonal details (e.g.: name, surname);contact details (email address, phone number, domicile/residence);information relating to the professional sphere (previous jobs);data relating to the personal sphere (training; certifications).
Lawfulness of processing (Article 13 (1) (c) of the GDPR)Personal data are processed for the execution of pre-contractual measures adopted at the request of the data subject (Article 6 (1) (b) GDPR).
Scope of communication (Article 13 (1) (e) and (f) of the GDPR)The data are processed exclusively by authorised personnel, trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (consulting firms, employment agencies). In some cases, these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. In any case, personal data collected will not be disclosed to third parties, or disseminated or transferred outside the European Union/European Economic Area.
Data processing methods (Recital 39, GDPR)Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. The relative processing takes place through IT and hard copy tools. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access.
Data storage period (Article 13 (2) (a) of the GDPR)The data is stored for a maximum of 24 months.
Nature of the provision (Article 13 (2) (e) of the GDPR)The provision of your personal data is optional. However, failure to provide them may make it impossible to correctly assess the candidate for selection purposes, and, consequently, to manage the job application.
4.5. CUSTOMERS AND SUPPLIERS AND THEIR CONTACT PERSONSPersonal data of customers and suppliers may be processed in the context of carrying out activities related to contractual relationships with those parties.
Purposes of processing (Article 13 (1) (c) of the GDPR)The data are processed in order to:enter into contractual/professional relationships;fulfil pre-contractual, contractual and regulatory obligations related to existing relationships or those to be established, as well as manage the necessary communications related to this;exchange communications in relation to the contractual relationship established between the parties;fulfil the obligations provided for by laws, regulations, European regulations or orders of the authorities;exercise legitimate interests or rights of the Data Controller (for example: right of defence in court; protection of credit positions; and ordinary internal operational, management and accounting needs).
Categories of personal datapersonal details (name, surname, tax code/VAT no.);contact details (telephone number, email address/certified email, home/registered office addresses);data relating to the professional sphere (data relating to the company for which the data subject works);bank and payment details.
Lawfulness of processing (Article 13 (1) (c) of the GDPR)The processing activities for these purposes are carried out on the basis of various conditions of lawfulness: to perform contracts or pre-contractual measures (Article 6 (1) (b) of the GDPR); to fulfil legal obligations (Article 6, (1) (c) of the GDPR); to pursue the legitimate interests of the Data Controller (e.g.: exercise or defend rights in court or out of court) (Article 6 (1) (f) of the GDPR).
Scope of communication (Article 13 (1) (e) and (f) of the GDPR)The data are processed exclusively by personnel authorised and trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (e.g.: tax/fiscal consultants, law firms, public bodies and competent authorities). In some cases, these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. In specific cases (e.g. investigations and verifications), the personal data may be made available to the competent authorities. In any case, personal data will not be disclosed to third parties, or disseminated or transferred outside the European Union/European Economic Area.
Data processing methods (Recital 39, GDPR)Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. The relative processing takes place through IT and hard copy tools. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access.
Data storage period (Article 13 (2) (a) of the GDPR)The data are stored for the time strictly necessary to fulfil contractual or regulatory obligations.
Nature of the provision (Article 13 (2) (e) of the GDPR)The provision of your data is mandatory for the fulfilment of the purposes described above.
4.6. DATA FOR SUBSCRIPTION TO PERSONALISED INFORMATIVE NEWSLETTERSPersonal data are processed for purposes connected with sending informative newsletters, where the data subjects fill out specific forms on this site.
Purposes of processing (Article 13 (1) (c) of the GDPR)When you fill out specific forms on this website, your personal data are collected in order to send you periodic communications that promote the image and professionalism of the Data Controller (catalogues and other promotional objects; services offered by the Data Controller or by companies in the same group; notice of trade fairs, exhibitions, exhibits; invitations to participate in such events). Communications will be sent as newsletters to the email address indicated by the data subject, and may be personalised in some cases.
Categories of personal datapersonal details (name, surname);contact details (email address);data relating to the professional sphere (field of employment);information relating to the personal sphere (country).
Lawfulness of processing (Article 13 (1) (c) of the GDPR)Personal data are processed for the purposes and in the manner described in this paragraph with the consent of the data subject (Article 6 (1) (a) of the GDPR).
Scope of communication (Article 13 (1) (e) and (f) of the GDPR)The data are processed exclusively by authorised personnel, trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (support for the management of the website; consulting firms or customer service companies). In some cases, these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. In any case, personal data will not be disclosed to third parties, or disseminated or transferred outside the European Union/European Economic Area.
Data processing methods (Recital 39, GDPR)Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. The relative processing takes place through IT and automated tools. The profiling and personalisation of newsletters will be carried out on the basis of the following criteria: (i) territorial/geographical criteria, taking into account the country of the data subject; (ii) field of employment of the data subject. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access.
Data storage period (Article 13 (2) (a) of the GDPR)Personal data are stored for the time necessary for the management of the relationship with the requesting party.
Nature of the provision (Article 13 (2) (e) of the GDPR)The provision of your personal data for the purposes indicated above is optional. However, failure to provide it may affect the correct sending of the requested informative newsletters.
4.7. DATA FOR REGISTRATION TO AND PARTICIPATION IN EVENTSYour personal data may be collected to allow you to register for and participate in events organised by the Data Controller, or by third parties, and hosted at the Data Controller's offices.
Purposes of processing (Article 13 (1) (c) of the GDPR)The purpose of this processing is to allow the data subject to register and participate in events, as well as to register attendance at them. The processing is also necessary to manage safety requirements at the premises where said events will take place.
Categories of personal datapersonal details (name, surname);contact details (email address, address, company you work for, occupation, sales contact person)
Lawfulness of processing (Article 13 (1) (c) of the GDPR)The processing of personal data is carried out to meet the request of the data subject to register and participate in specific events (fulfilment of contractual or pre-contractual measures requested by the data subject, Article 6 (1) (b) of the GDPR). The processing is also carried out in compliance with the requirements on safety in the workplace (Article 6 (1) (c) of the GDPR).
Scope of communication (Article 13 (1) (e) and (f) of the GDPR)The data are processed exclusively by authorised personnel, trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (e.g.: support for the management of IT systems, event planning companies or customer service companies). In some cases, these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. The data may be disclosed to the competent authorities in specific cases. In any case, personal data will not be disclosed to third parties, or disseminated or transferred outside the European Union/European Economic Area.
Data processing methods (Recital 39, GDPR)Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. The relative processing takes place through IT and automated tools. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access.
Data storage period (Article 13 (2) (a) of the GDPR)Personal data are stored only for the time necessary to carry out the services requested in relation to the events organised.
Nature of the provision (Article 13 (2) (e) of the GDPR)The provision of your personal data for the purposes indicated above is optional. However, failure to provide it may make it impossible for you to register and participate in the events organised.
4.8. IMAGES TAKEN WHEN YOU PARTICIPATE IN EVENTSYou may be filmed or photographed when you participate in events organised or hosted by the Data Controller.
Purposes of processing (Article 13 (1) (c) of the GDPR)Participants in events held at the Data Controller's premises may be filmed and photographed. The photographs or recordings will be used for the purposes of communicating and promoting the services and initiatives of the Data Controller and may be published on the website and social media, and in the media and the press. The Data Controller guarantees that the images will not be used in contexts that may affect the personal dignity and decorum of the data subjects. The use of the images is free of charge and no future claims can be made in this regard.
Lawfulness of processing (Article 13 (1) (c) of the GDPR)Personal data are processed where the data subject provides his or her consent (Article 6 (1) (a) of the GDPR). Consent will be acquired during events data subject takes part in.
Scope of communication (Article 13 (1) (e) and (f) of the GDPR)The data are processed exclusively by personnel authorised and trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (e.g.: support for the management of IT systems, event planning companies, marketing or communications companies). In some cases, these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. The data may be disclosed to the competent authorities in specific cases. The images may also be communicated to third parties and disseminated through the website, communication tools, print media, social networks, social media, television, through publication in magazines or presentations at seminars and conferences, etc.
Data processing methods (Recital 39, GDPR)Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. The relative processing takes place through IT and automated tools. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access.
Data storage period (Article 13 (2) (a) of the GDPR)With the exception of the data that is disseminated, personal data will be stored for the time necessary to carry out the purposes set out above.
Nature of the provision (Article 13 (2) (e) of the GDPR)The provision of data is optional and subject to the consent of the data subject. However, if you do not give your consent, you will not be able to access the Data Controller's premises or take part in the event.
4.9. DATA FOR REQUESTING THE ACTIVATION OF A FLORIM STONE WARRANTYThe management of requests to activate a warranty after you purchase Florim products, to be carried out by filling out a form at the following link https://www.florim.com/en/florimstone/warranty/, involves acquiring your personal data.
Purposes of processing (Article 13 (1) (c) of the GDPR)The personal data collected will be used exclusively to decide whether to activate a warranty on the FLORIM stone materials purchased, that protects against possible product manufacturing defects for an unlimited time from the date of purchase, according to the terms and conditions reported in the Warranty certificate. The disclosure of certain data is mandatory and marked by specific asterisks.
Categories of personal datapersonal details (name, surname);contact details (email address);country of residence.
Lawfulness of processing (Article 13 (1) (c) of the GDPR)Processing is carried out to perform an activity requested by the data subject (Article 6 (1) (b) GDPR).
Scope of communication (Article 13 (1) (e) and (f) of the GDPR)The data are processed exclusively by authorised personnel, trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (support for the website, consulting firms): these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. In any case, personal data collected will not be disclosed to third parties, or disseminated or transferred outside the European Union/European Economic Area.
Data processing methods (Recital 39, GDPR)Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. The personal data will be processed using computerised and automated tools. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access.
Data storage period (Article 13 (2) (a) of the GDPR)Personal data are stored for the time necessary for the management of the relationship with the requesting party.
Nature of the provision (Article 13 (2) (e) of the GDPR)The data are provided optionally by the data subjects. However, failure to provide them may affect the handling of the request and the sending of feedback.
4.10. DATA FOR SAVING FLORIM VISUALIZERYour personal data may be collected as part of the configuration service made available by Florim on this website, at the following link https://visualizer.florim.com/?lang=en.
Purposes of processing (Article 13 (1) (c) of the GDPR)The personal data collected are used for the exclusive purpose of sending you the details of the configurations that you intend to save by email.
Categories of personal datapersonal details (name, surname);contact details (email address).
Lawfulness of processing (Article 13 (1) (c) of the GDPR)Processing is carried out to perform an activity requested by the data subject (Article 6 (1) (b) GDPR).
Scope of communication (Article 13 (1) (e) and (f) of the GDPR)The data are processed exclusively by authorised personnel, trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (support for the website, consulting firms): these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. In any case, personal data collected will not be disclosed to third parties, or disseminated or transferred outside the European Union/European Economic Area.
Data processing methods (Recital 39, GDPR)Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. The personal data will be processed using computerised and automated tools. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access.
Data storage period (Article 13 (2) (a) of the GDPR)Personal data are stored for the time necessary for the management of the relationship with the requesting party.
Nature of the provision (Article 13 (2) (e) of the GDPR)The data are provided optionally by the data subjects. However, failure to provide them may affect the handling of the request and the sending of what you requested.
4.11. BROWSING DATADuring their normal operation, the IT systems and software procedures which operate this website acquire some personal data, the transmission of which is implicit in the use of Internet communications protocols. This category of data includes the IP addresses or domain names of the computers used by users who log onto the website, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used when submitting the request to the server, the size of the file obtained in reply, the numerical code indicating the server’s response status (concluded successfully, error, etc.) and other parameters relating to the user’s operating system and IT environment.
Purposes of processing (Article 13 (1) (c) of the GDPR)These data are used for the sole purpose of obtaining statistical information concerning use of the website and to check that it is operating correctly. The data might also be used to identify those responsible in the event of cyber offences against the website (legitimate interest of the Data Controller).
Lawfulness of processing (Article 13 (1) (c) of the GDPR)The processing is necessary to pursue the legitimate interests of the Data Controller regarding the security of its IT system, and assessing the use of the website and its operation (Article 6 (1) (f) of the GDPR).
Scope of communication (Article 13 (1) (e) and (f) of the GDPR)The data are processed exclusively by personnel authorised and trained to process them, and adequately informed. They may also be processed by other parties who are involved by the Data Controller for purposes related to the processing (e.g.: support for the management of IT systems and this website). In some cases, these parties have the role of data processors and have signed specific agreements with the Data Controller pursuant to Article 28 (3) of the GDPR. The data may be disclosed to the competent authorities in specific cases. In any case, personal data will not be disclosed to third parties, or disseminated or transferred outside the European Union/European Economic Area.
Data processing methods (Recital 39, GDPR)Personal data are processed lawfully, fairly and in a transparent manner, in compliance with the principles provided for by current legislation. The relative processing takes place through IT and automated tools. Taking into account the nature and characteristics of the processing, the Data Controller has adopted technical and organisational security measures aimed at limiting or excluding the risks of data loss, any unlawful or incorrect use, or unauthorised access.
Data storage period (Article 13 (2) (a) of the GDPR)The data are normally stored to fulfil the purposes indicated above, for short periods of time, with the exception of any extensions related to investigation activities.
Nature of the provision (Article 13 (2) (e) of the GDPR)The provision of data is implicit in accessing and navigating the website.
4.12. COOKIESFor more general information on cookies and how to enable and disable them, see the Cookie Policy https://www.florim.com/en/cookies/
5. RIGHTS OF THE DATA SUBJECT (GDPR Articles 15-22)At any time, the data subject may exercise the following rights:request confirmation as to whether his or her personal data has been processed.obtain information regarding the purposes for which the data are being processed, the categories of personal data, the recipients or categories of recipient to whom the personal data have been or will be disclosed and the storage period (or, if not possible, indication of the criteria that make it possible to determine the storage period).have data rectified or erased.obtain, under the conditions and in the cases provided for by current legislation, the restriction of processing.in the cases provided for by current legislations, obtain data portability, that is, the right to receive them from a Data Controller, in a structured, commonly used and machine-readable format, also for the purpose of transmitting those data to another Data Controller without hindrance.in the cases provided for by current legislation, object to processing at any time, including processing for direct marketing purposes.lodge a complaint with the (Italian) Data Protection Authority for the protection of personal data, in the manner provided by this authority.Requests should be addressed to the Data Controller by writing to the email privacydpo@florim.com for the processing described.