Information on the processing of personal data for the Contact Service provided pursuant to Article 13 Regulation (EU) 2016/679 ("GDPR")
This notice complements the website's Privacy Policy in order to illustrate to the User how the Data Controller will specifically process the data entered in this contact form:
you are therefore invited to read our Privacy Policy.

https://www.keraglass.com/en/page/privacy-and-policy

1. DATA CONTROLLER AND DATA PROTECTION OFFICER
Data controller: Keraglass S.r.l., in the person of its legal representative pro tempore, with registered office at Via Sassogattone, 13/A 42031 Baiso (RE) - Italy, e-mail info@keraglass.com, C.F. / p. IVA 2611750353.
Data Protection Officer (DPO): Dr. Donato Eugenio Caccavella, e-mail address: dpo.voilap@amicadpo.eu

2. PERSONAL DATA PROCESSED, PURPOSE OF PROCESSING AND LEGAL BASIS
The Controller shall process your personal identification and contact data (such as: name, surname, company name, address, city, postcode, province, state, e-mail address, telephone number) directly provided by you by filling in the data collection form in the "CONTACTS" section on the Controller's website (www. keraglass.com, the "Site").
The Controller intends to process your personal data for the purpose of:
a) respond to your message or request for information submitted through this form, e.g. to obtain information on products or services offered (including the sending of free invitations and company information material), and to obtain a quote, etc.; the legal basis for this purpose is the legitimate interest of the Controller within the meaning of Article 6(1)(f) of the GDPR to be identified in the reasonable expectation that you would expect your personal data to be processed by the Controller in order to respond to your contact request;
b) to send you promotional communications regarding the services and products of the Controller and/or the companies in the Controller's Group and/or events organised by them or to contact you for market research purposes by telephone contact with an operator or by automated contact methods (e.g. automated email campaigns, SMS, automated telephone contact, instant messaging, etc.); the legal basis for the processing of the data is the provision of your consent, pursuant to Article 6(1)(a) of the GDPR;
c) promotion and sale of "dedicated" products and services of the Data Controller and/or of the companies of the Data Controller's Group, specifically identified through customer profiling techniques having as their object the analysis and prediction of information relating to the data subject's preferences, habits, consumption choices, also through the use of automated techniques or systems, implemented also through the enrichment of data with information acquired from third parties (enrichment). The legal basis for this purpose is your consent pursuant to Article 6(1)(a) of the GDPR.

3. NATURE OF CONFERMENT, DATA RETENTION PERIOD AND PROCESSING METHODS
For the purpose referred to in paragraph 2, letter (a) above, the provision of your personal data is mandatory for the purpose of formulating a reply to your request, since your refusal to provide such data will make it impossible for the Controller to reply to your message, acknowledging your request for information.
With reference to the purposes set out in paragraph 2 letters (b) and (c) above, the provision of your personal data is optional and your refusal to provide them would only make it impossible for the Data Controller to update you on its products, services and/or initiatives or to develop promotional initiatives for you that are more in line with your profile.
The retention period of your personal data:
• for the purpose referred to in paragraph 2(a) above, will last for the period necessary to respond to each individual request for information and in any case for a period not exceeding 20 days from the collection of the data. Once the aforementioned period has elapsed or the current requests have been dealt with, your data will be destroyed or rendered anonymous;
• for the purposes set out in paragraph 2(b) and (c) above, shall continue for 2 years from the date of issue of the relevant consent or until you decide to revoke your consent;
Processing is carried out in compliance with the requirements of the GDPR, according to the principles of fairness, lawfulness and transparency and the protection of your rights described therein. Personal data is processed by means of computerised, telematic and/or paper-based tools, as well as with the use of security measures to ensure the confidentiality of personal data and to prevent undue access by unauthorised parties.

4. COMMUNICATION OF DATA
For the pursuit of the purposes described in paragraph 2 above, the personal data processed will be known to the employees, assimilated personnel and collaborators of the Controller, who will act as authorised persons for the processing of personal data.
Furthermore, your personal data may be processed by third parties belonging, by way of example, to the following categories:
• technical support service providers for computer system management, logistics providers, advertising agencies or other service providers;
• business partners;
• providers of external telematic platforms for sending communications;
• companies belonging to the Group to which the Controller belongs, for the performance of instrumental activities connected with or supporting that of the Controller.
The entities belonging to the above categories operate, in some cases, as data controllers specifically appointed by the Data Controller in compliance with Article 28 GDPR, and in other cases completely autonomously as separate data controllers, it being understood that, in the latter case, the communication of your personal data to such autonomous data controllers would take place solely for the purpose of pursuing the purposes set out in paragraph 2 above. Your personal data will not be disseminated.

5. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION
Data will generally not be transferred outside the European Union; however, should it be necessary to transfer data to countries outside the EU for specific needs related to the location of the services rendered by the suppliers, including to countries that do not offer adequate protection, the Company undertakes to guarantee adequate levels of protection and safeguards, including contractual ones, in accordance with the applicable rules, including the stipulation of standard contractual clauses.

6. RIGHTS OF THE PERSONS CONCERNED
In relation to the processing described in this Notice, as a data subject, you may, under the conditions set out in the GDPR, exercise the rights set out in Articles 15 - 21 of the GDPR, in particular:
• Right of access: the right to obtain confirmation as to whether or not personal data relating to you are being processed and, if so, to obtain access to your personal data - including a copy thereof - and communication of, inter alia, the information referred to in Article 15 of the GDPR;
• Right of rectification: the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data pursuant to Article 16 of the GDPR;
• The right to erasure (right to be forgotten): the right to obtain, without undue delay, the erasure of personal data concerning you, in the cases referred to in Article 17 of the GDPR; the right to erasure does not apply to the extent that the processing is necessary for the performance of a legal obligation or the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims;
• Right of restriction of processing: right to obtain restriction of processing, in the cases indicated in Article 18 of the GDPR;
• Right to data portability: the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you provided to the Data Controller and the right to transmit them to another data controller without hindrance, where the processing is based on consent and is carried out by automated means, as set out in Article 20 of the GDPR. In addition, the right to have your personal data transmitted directly by the Controller to another controller if this is technically feasible;
• Right to object: the right to object to the processing of personal data concerning you, unless there are legitimate grounds for the Controller to continue the processing, pursuant to Article 21 of the GDPR;
• Right to revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before revocation;
• Right to lodge a complaint with the Garante per la protezione dei dati personali, Piazza Venezia n. 11, 00187, Rome (RM).
To exercise all rights as identified above, simply contact the data controller or the DPO at the following e-mail address: dpo.voilap@amicadpo.eu


7.PERSONAL DATA OF MINORS
The services on this site are intended for a general public and are not intended for children under the age of 14. The Owner does not knowingly collect personal data from users under this age group. In the event of the release of personal data belonging to a child under the age of 14, the Data Controller will immediately delete them.