INFORMATION STATEMENT ON THE PROCESSING OF PERSONAL DATA
for users who visit the website: www.carpadspa.com in compliance with article 13 of the Regulation EU 2016/679

The purpose of this document is to provide utmost transparency on the information gathered through the website: www.carpadspa.com and on the methods with which said information is processed. This document does not apply to data gathered through channels other than those specified above.

This Privacy Policy describes how CARPAD SPA manages its website in relation to personal data processing of clients, users and visitors that browse the site.

For individual processing on specific channels, refer to the detailed information statements for the specific requested services.

FOREWORD

In compliance with the Regulation EU 2016/679 (hereinafter, GDPR), as well as the applicable national regulation, this Digital Privacy Policy outlines the personal data processing methods of clients, users and visitors that browse the institutional site of CARPAD SPA (www.carpadspa.com).

1) DATA CONTROLLER

The Data Controller (hereinafter “Data Controller” or “the Company”) is CARPAD SPA, with head office located in Viale Dell’Industria 16-35014, Fontaniva (PD), VAT number 01747990289, Economic and Administrative Index no. PD – 180262, share capital of Euro 3,000,000.00, as represented by its pro tempore legal representative that can also be contacted at the following contact details: Tel. +39 049 594 2430; Fax: +39 049 594 1525; Certified Email Address: carpadspa@legalmail.it

2) CATEGORIES OF PERSONAL DATA PROCESSED IN RELATION TO THE WEBSITE

The personal data processed are those that you provided or that is legitimately gathered by the Data Controller. The type of data processing and methods regarding the websites are described below:

  • Browsing/functional data of the websites. The information systems and software procedures set out to run these websites collect information during their standard operation and the disclosure of several information is implied in the use of internet communication protocols. This data category includes for example IP addresses, the date and time of access, the visited pages (URI/URL), the numeric code indicating the response status given by the server, the method used to submit the request to the service, the names and devices used to connect to the sites and other parameters regarding the operating system and IT environment of the user;
  • Data provided voluntarily and spontaneously: Certain sections of the website require some personal data, for example, to allow the user to subscribe to the CONTACT SECTION (where a proper information statement will be provided pursuant to article 13 of the GDPR) or to register;
  • Data gathered through tracking (cookies and other tracking tools) Tracking takes place with a code run within the website at server level (e.g. services, procedures) or at client level (e.g. tag, pixel), even with the support of a code installed in the user’s browser (e.g. cookies). As for the purposes and management of consents regarding tracking, refer to the specific “Cookie Information Statement” section of the website;
  • Location data The websites may gather location data (approximate) provided by the user’s IP address, after the user’s specific authorisation.

3) PROVISION OF DATA

Notwithstanding the above regarding browsing data and the information provided in the individual sections of the above channels, the provision of data for additional purposes is optional. Failure to provide said data may result in the inability to pursue said additional purposes with respect to those outlined in section 4.

4) PROCESSING PURPOSES, LEGAL BASIS AND RETENTION TIMES

The Data Controller will process your Personal Data to pursue specific purposes and only in the presence of specific legal basis set out by applicable laws on privacy and personal data protection. The list below outlines all the processing performed by CARPAD SPA to allow you to use the digital channels and allow the Data Controller to guarantee their proper operation and conformity of the processing.

The Data Controller will process your personal data for the following purposes, legal basis and retention times:

  • operation of the digital channels, delivery of the respective services and checking on their proper operation:
    • legal basis: execution of a contract of which you are part of;
    • retention: the personal data is retained for the time required to render the services to run the digital channels and the data is then deleted or made anonymous;
  • statistical analysis of the performance:
    • legal basis: your consent is optional, free and can be withdrawn at any time.
      Refer to the specific “Cookie Information Statement” section;
    • retention: refer to the above information statement;
  • profiling and profiling marketing;
    • legal basis: your consent is optional, free and can be withdrawn at any time.
    • retention: refer to the information statement available through the above links;
  • prevention and suppression of fraud/abuse/fraudulent activities conducted through the digital channels:
    • legal basis: legitimate interest of the Data Controller;
    • retention: personal data is retained for a maximum of 360 days and deleted or made anonymous thereafter;
  • establishment, exercise or protection of a right of the Data Controller in a court of law:
    • legal basis: legitimate interest of the Data Controller;
    • retention: the personal data is retained for the entire duration of the complaint, legal proceeding or out-of-court proceeding until the enforceability term of the legal protection or appeal actions expire.

5) RECIPIENTS AND PERSONS AUTHORISED TO PROCESS THE DATA

Your Personal Data will be processed by employees and collaborators of the Data Controller or by external bodies in their capacity as persons authorised to process your data who carry out technical and organisational tasks on behalf of the Data Controller, acting based on specific instructions given by the Data Controller.

6) TRANSFERRING PERSONAL DATA OUTSIDE THE EU

Your Personal Data could be transferred outside the EU to pursue certain purposes outlined in section 4. Whenever data is transferred to third parties located outside the EU (e.g. USA), the data shall be transferred according to the provisions of the GDPR, title V, article 44 and subsequent articles.

In particular, the transfer to a third country considered adequate pursuant to article 45 of the GDPR or to a third country that guarantees an adequate level of protection of the Personal Data shall take place after a verification by the Data Controller and in accordance with the guarantees envisaged in article 46 of the GDPR.

7) RIGHTS OF THE DATA SUBJECT

The regulation allows the Data Subject to exercise specific rights outlined in articles 15 through 22 of the GDPR, including the right to obtain confirmation of the existence or otherwise of personal data concerning them, the communication in intelligible form, as well as their rectification, deletion, restriction or objection to data processing for legitimate reasons or withdrawal of their consent at any time (notwithstanding the consequences outlined herein) or the right to request portability of data regarding data subject to specific consent or their updating.

The data subject has the right to know the origin of the personal data, the purpose and the methods of processing, the logic applied in the processing, the identification data concerning the data controller and the persons to whom the data may be disclosed.

Moreover, the data subject has the right to request the transformation of the data in anonymous form, the restriction or blocking of the data processed in breach of law. Furthermore, the data subject may lodge a complaint with the Data Protection Authority for unauthorised processing of the data provided, following the methods published on the website of said authorities (http://www.garanteprivacy.it/).

Requests regarding the exercise of the above rights can be addressed to the Data Controller, to the above contact details, without formalities or alternatively, using the form provided by the Data Protection Authority available at the following website: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/l 089924.

It must be noted that the Data Protection Authority's offices are located in Rome, Piazza Montecitorio no. 121; Fax: (+39) 06.69677.3785, Telephone Number (+39) 06.696771; e-mail: garante@gpdp.it; certified email address: protocollo@pec.gpdp.it

8) RIGHT TO LODGE A COMPLAINT

If the data subject believes that the data is processed in breach of the above regulations, the latter may lodge a complaint with the Data Protection Authority (to the following email address: garante@gpdp.it, garante@gpdp.it, or lodge a complaint by post to the Data Protection Authority, with head office located in Rome (Italy), Piazza Venezia 11, Scala B, postcode 00187), as envisaged in article 77 of the GDPR or take the appropriate legal actions as set out in article 79 of the GDPR.

9) CHANGES TO THIS INFORMATION STATEMENT

This information statement is subject to change over time depending on the possible enter into force of new regulations, the updating or provision of new services or depending on intervening technological innovations.

Fontaniva, 15 October 2024

Carpad S.p.a.

Cookie

Domain

Type

Description

Duration

django_language

carpadspa.com

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

This cookie is used to store the user-selected language.

Session

sessionid

carpadspa.com

Necessary

Used to keep the browsing session active.

2 weeks

csrftoken

carpadspa.com

Necessary

Automatically generated, necessary for the functioning of the website. It does not contain personal user information.

1 year

_ga

.carpadspa.com

Statistics

Installed by Google Analytics, used to store and count page views.

1 year

_ga_0K6PNP22M0

.carpadspa.com

Statistics

Installed by Google Analytics, used to store and count page views.

1 year

_gat

.carpadspa.com

Statistics

Installed by Google Analytics to read and filter bot requests.

10 minutes

__Secure-3PSID __Secure-3PSIDCC __Secure-1PSID __Secure-1PAPISID __Secure-1PSIDCC

.google.com

Advertising

Google may use these cookies to build a profile of website visitors’ interests to show relevant and personalized ads through retargeting.

1 year

AEC
APISID
HSID
NID
SAPISID
SID*
SSID
SOCS

.google.com

Advertising

Google may use these cookies for security purposes, remembering your preferences, gathering information about videos watched for analytics and advertising purposes, and collecting data linked to your Google account.

between 180 and 400 days

_GRECAPTCHA

www.google.com

Functional

Installed by Google reCAPTCHA to provide protection from spam.

6 months

cc_cookie

carpadspa.com

Necessary

This cookie is set by the website to store the user's cookie preferences.

6 months