1. Types of data collected, purposes, legal basis of the processing and storage period of data
What are cookies?
Cookies are short strings of texts sites the user visits send to his/her terminal (usually to the browser), where they are saved to be sent back to the same sites the next time the user visits them.
Strictly necessary, functional, performance cookies and analytical cookies with limited identification potential.
Strictly necessary cookies are used for the sole purpose of transmission of communications over an electronic communications network, or as strictly necessary to the service provider of a company of the information explicitly requested by the subscriber or user to provide the service. On the other hand, analytical cookies are used to analyse and measure the use of the website by users. Analytical cookies are similar to strictly necessary cookies when used directly by the website manager to collect aggregate information on the number of users and how they visit the site. The legal basis that legitimises the processing of personal data for this purpose is to be found in the cases provided for in Article 6, paragraph 1, lett. b) of the EU Regulation No. 679/2016, or to allow the user to use the requested service.
First-party and third-party profiling cookies (for targeted advertising, social media, etc.).
Profiling cookies are designed to create user profiles and are used to send advertising messages that match the preferences shown by the user while browsing the Internet. This sort of processing will in no case result in discrimination or negative effects on the data subject. This process also enables the Controller to evaluate his services, and allows him to improve them by making them more efficient and usable by third parties. The legal basis that legitimises the processing of personal data for this purpose is to be found in the cases provided for in Article 6, paragraph 1, lett. a) of the EU Regulation No. 679/2016, or because the user has given his consent to the installation of profiling cookies.
The cookies used by this site are:
All modern browsers allow users to decide whether to block the installation of cookies on their terminal and to delete any already installed. This also applies to cookies installed as a result of browsing this site. Blocking the installation of cookies, or deleting them could make browsing our site difficult or even impossible.
Below are links to instructions for disabling the installation of cookies in the most modern browsers:
In addition to the foregoing, the Controller informs the User that he can use Your Online Choices. Through this service it is possible to manage the tracking preferences of most advertising tools. The Controller, therefore, recommends using this resource in addition to the information provided in this document.
2. Storage period of data
The cookies installed through our site are temporary and are automatically deleted at the expiry date indicated in this personal data processing policy. The data collected will be stored in accordance with the provisions of this policy or, for third-party cookies, the respective privacy policies.
3. Processing methods
The personal data collected will be processed and stored with electronic tools both on computer and on hard copy, organised in a database, and on any other type of suitable media.
Specific security measures are taken to prevent the loss or unlawful or improper use of your data, as well as unauthorised access to them.
The processing of personal data carried out by the Data Controller does not involve automated decision-making processes.
4. Provision of personal data
The provision of browsing data is necessary for the supply of the requested service (browsing the site) and therefore required for this purpose: failure to communicate personal data by the data subject will make it impossible to allow browsing of this site. The provision of data for further purposes is optional: in such cases, failure to provide your data will have no consequences for the data subject. The installation of strictly necessary and analytical cookies is optional (it can be prevented through the browser settings), but could make the site or some of its services unusable.
5. Entities to whom personal data may be disclosed
The personal data collected will not be diffused and may be disclosed, not only to entities who have the right and interest to access your personal data by law or by secondary and / or community regulations, to internal staff of the Data Controller, but also to companies, associations or professional firms that provide services or perform tasks on behalf of the Data Controller as Data Processors for the fulfilment of legal obligations, as well as for any organizational and administrative purposes required for providing the requested services.
The names of the other entities who may become aware of your personal data as Processors are on an updated list obtainable from the Data Controller (to be requested at the addresses provided in point 9).
6. Transfer of data abroad or to international organizations
The personal data of data subjects collected through browsing or using the services on this site shall not be transferred abroad or to international organizations by the Controller.
7. Link to third-party sites or services
This notice is provided only for personal data processing carried out through this site or the tools provided by it, and not for other websites that may be visited by the user through a link, whose managers operate as independent data controllers. Before accessing third-party services, users are therefore invited to carefully read their privacy policies.
8. Rights of the data subject
In relation to the aforementioned personal data processing, the data subject has the right at any time to exercise the rights provided for by EU Regulation No. 679/2016, including, for example, to know:
- the source of the personal data;
- the purposes and methods of the processing;
- the logic applied in the event electronic instruments are utilised for processing;
- identifying details on the Controller, processors and the designated representative.
The data subject has the right to obtain:
- access, update, rectification or, when interested, completion of incomplete data;
- erasure, transformation into anonymous form or blocking of data processed against the law;
- restriction of processing of his or her personal data, i.e. to ask the Controller or processor to limit the purposes or the ways in which his or her data are processed.
The data subject may also request a copy of his or her data in standard format (the so-called right to data portability).
Finally, the data subject has the right to object at any time and at no cost, in whole or in part:
- for legitimate reasons, to the processing of his or her personal data, even if pertinent to the purpose of collection;
- to the processing of his or her personal data carried out pursuant to article 6, paragraph 1 of the GDPR, letters e. (“the processing is necessary for the performance of a task carried out in the public interest or connected to the exercise of public authority vested in the data controller”) or f. (“the processing is necessary for the pursuit of the legitimate interest of the data controller or third parties”) including profiling based on such provisions;
- to the processing of his or her personal data where it is carried out for the purpose of sending advertising or direct sales materials or for conducting market or commercial communication surveys (direct marketing), including profiling to the extent in which it is connected.
The data subject has the right to withdraw his consent to processing, when this is based on the case provided for by Art. 6, paragraph 1, letter a. (when “the data subject has given consent to the processing of his personal data for one or more specific purposes”), or by article 9, paragraph 2, letter a. (when “the data subject has given his explicit consent to the processing of such personal data for one or more specific purposes”) of EU Regulation 679/2016, at any time without prejudice to the lawfulness of the processing based on the consent given before withdrawal.
If the data subject believes that the processing of his or her personal data violates the legislation in force, he/she has the right to lodge a complaint with a supervisory authority, particularly in the Member State in which he/she habitually resides, works or in the place where the alleged violation took place. The Italian supervisory authority can be reached at the addresses shown on his website.
9. Data Controller and Data Protection Officer - Contact info
The data controller is Candy Hoover Group S.r.l., with registered office in Via Comolli, 16 - 20861 Brugherio (MB), Tax ID 04666310158, in the person of its legal representative in office. The Company can also be contacted at the email address firstname.lastname@example.org and at the certified email address email@example.com.
To exercise the rights listed above, the data subject may send a request using the e-mail address firstname.lastname@example.org or by contacting the Data Protection Officer at email@example.com.
10. Data Protection Officer
The Data Controller has appointed a Data Protection Officer who can be contacted in a secure and confidential manner, at any time, if you have general questions on the processing of your personal data, or for any matter relating to data protection. The email address of the Data Protection Officer is: firstname.lastname@example.org.