PRIVACY POLICY

Demeglio S.P.A., as the data controller of the eponymous company, headquartered at corso duca degli abruzzi 27, 10129 torino, is the controller of the personal data collected on this site in accordance with the provisions of EU Regulation 679/2016 (hereinafter GDPR):

1. PERSONAL DATA COLLECTED DURING NAVIGATION

Demeglio S.P.A. is committed to protecting personal data and asks you to take a few minutes to read about how we collect, use, disclose, and transfer the personal data provided to us through our website or through interactions via data transmitted to Demeglio S.P.A. by third-party companies providing technological and/or IT, logistical, and commercial services. Additionally, this policy explains how we collect data through the use of cookies and related technologies using our platforms.

Personal data processed for contractual purposes, legal obligations, rights of the data controller.

Personal data: demographic information, contact details.

Personal data processed for generic marketing purposes of the joint data controllers.

Personal data: demographic information, contact details.

Personal data processed for marketing and profiling purposes.

Personal data: demographic information, contact details, data collected by cookies installed by the websites.

Personal data processed for newsletter distribution.

Contact details.

Personal data processed for site operation.

IP addresses or domain names of the computers used by users connecting to the sites, URI (Uniform Resource Identifier) addresses of the requested resources, time of the request, method used in submitting the request to the server, size of the file obtained in response, numerical code indicating the status of the response given by the server (successful, error, etc.), other parameters relating to the user's operating system and computer environment, information regarding the user's behavior on the sites, pages visited or searched, in order to select and display specific advertisements to the user on the sites, and data regarding the user's browsing behavior on the sites, for example, using cookies.

Demeglio S.P.A. considers it essential to guarantee the protection of children's safety and privacy. It is not in our interest to knowingly collect or use personal data from anyone under the age of sixteen (16) or any age limit established by the legislation of their country of residence.

By registering on the site, you confirm that you have reached the legal age in your country of residence.

2. PURPOSES AND LEGAL BASES OF PROCESSING

The data and cookies received will be processed by Demeglio S.P.A. exclusively by methods and procedures necessary to provide the requested services and for additional purposes for which consent has been provided.
Generic marketing purposes of the joint data controllers: for example, sending - via automated contact methods (email) - promotional and commercial communications related to services/products similar to those already used by the joint data controllers, such as notifying corporate events or webinars or white papers or subscribing to newsletters.
Marketing purposes of third parties (with data communication) belonging to the services sector (in particular ICT and digital) and consultancy, manufacturing, commerce, public administration: sending - via automated contact methods (such as SMS, MMS, email) and traditional methods (such as operator telephone calls) - promotional and commercial communications, advertising material related to offers of services/products, notification of corporate events, as well as conducting market research and statistical analysis by the specified third parties, with respect to the joint data controllers, to whom the data are communicated.
Marketing purposes by the joint data controllers in favor of third parties (without data communication) belonging to the services sector (in particular ICT and digital) and consultancy, manufacturing, commerce, public administration: sending - via automated contact methods (such as SMS, MMS, email) and traditional methods (such as operator telephone calls) - promotional and commercial communications, advertising material related to offers of services/products, notification of corporate events, as well as conducting market research and statistical analysis by the joint data controllers on behalf of third parties.
Profiling purposes: analysis of preferences, habits, behaviors, inferred interests, for example, from online clicks on articles/sections of Demeglio S.P.A.'s websites, in order to send personalized commercial communications/conduct targeted promotional actions, business intelligence. The processing of personal data for profiling purposes will take place, if consented to, using data processing tools that, through cross-referencing, create a personal commercial and behavioral profile on the web. This data processing tool relates the data collected during navigation on the sites through the use of first-party profiling cookies accepted personally with the data collected through registration with Demeglio S.P.A. via the appropriate forms. Furthermore, such data and/or information will be associated with any additional data and/or information already in our possession following enrollment in our services.
Legal obligations: compliance with obligations provided for by regulations and national and international applicable legislation.
Newsletter delivery: if explicitly requested upon registration for such service.
- Rights of the joint data controllers: if necessary, to establish, exercise, or defend the rights of the joint data controllers in court.
- Site operation: the IT systems and software procedures used to operate the sites acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. These are information not collected to be associated with identified individuals, but which by their nature could, through processing and association with data held by the joint data controllers or third parties, allow users of the sites to be identified.

3. DISCLOSURE, COMMUNICATION, AND DATA ACCESS

The data may be processed by external parties acting as data controllers, such as, for example, authorities and supervisory bodies and, in general, subjects, including private ones, authorized to request data, public authorities making an express request to the joint data controllers for administrative or institutional purposes, in accordance with current national and European regulations, as well as persons, companies, associations, or professional firms providing assistance and consultancy services.

The data may also be processed, on behalf of the joint data controllers, by external parties designated as data processors pursuant to art. 28 of the GDPR, to whom appropriate operational instructions are given. 

These subjects are essentially included in the following categories:
- Companies offering website and IT system maintenance services;
- Companies providing support in conducting market research;
- Companies performing management and maintenance services for the joint data controllers' database;
- Companies offering email delivery services;
- Companies offering marketing automation platform management services;
- Companies providing organizational support and event hosting.
Personal data may be processed, with explicit consent provided, by third parties to whom the data are communicated.
Personal data will not be disclosed.

4. TRANSFER OF DATA ABROAD
Data may be transferred abroad to non-European countries, particularly to the United States, only following verification of standard contractual clauses adopted/approved by the European Commission pursuant to art. 46, par. 2, lett. c) and d) of the GDPR or binding corporate rules pursuant to art. 47 of the GDPR or, in the absence thereof, under one of the derogations set forth in art. 49 of the GDPR. A copy of the guarantees referred to in art. 46, par. 2, lett. c) and d) of the GDPR, adopted by the joint data controllers, can be obtained by writing an email to the following address: [email protected]
5. DATA PROCESSING DURATION AND PERSONAL DATA STORAGE

In accordance with art. 5.1 e) of the GDPR, Demeglio S.P.A. will process the data provided for the period necessary to achieve the purposes for which they were collected. Generally, we retain personal data for one year from the end of our relationship or last contact, unless otherwise required by local legislation. In some cases, it may be necessary for us to retain personal data for a longer period, for example, if required for legal, tax, and financial reasons:
- Contractual purposes, legal obligations, and newsletter delivery: for the entire contractual duration and, after termination, for 10 years.
- Generic marketing purposes of the joint data controllers: until the exercise of the right to object exercisable via the appropriate unsubscribe button ("click here") or by directly contacting the joint data controllers.
- Marketing and profiling purposes: until withdrawal of consent for such purposes.
- Rights of the data controller: in case of judicial disputes, for the entire duration thereof, until the expiry of the terms for challenging actions.
- Site operation: for the entire duration of the browsing session on the sites.
- Once the above storage periods have elapsed, personal data will be destroyed, deleted, or anonymized, in accordance with technical deletion and backup procedures.

6. SECURITY

At Demeglio S.P.A., personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected, in accordance with the principles of necessity and proportionality, avoiding the processing of personal data where operations can be performed using anonymous data or other methods.
We have adopted specific security measures to prevent the loss of personal data, unlawful or incorrect use, and unauthorized access. It is essential for the security of personal data that the device is equipped with tools such as constantly updated antivirus software, and that the provider providing the internet connection guarantees secure data transmission through firewalls, anti-spam filters, and similar measures.

7. RIGHTS OF THE DATA SUBJECT
By contacting the data controllers via email at [email protected]you can request access to your data, their deletion, correction of inaccurate data, integration of incomplete data, and limitation of processing as provided for in Article 18 GDPR. Furthermore, where processing is based on consent or a contract and carried out by automated means, you have the right to data portability, i.e., to receive your personal data in a structured, commonly used, machine-readable format and, if technically feasible, to transmit them to another controller without hindrance. You have the right to withdraw consent at any time for marketing and/or profiling purposes, as well as to object to processing for reasons related to your particular situation, including where processing is based on the legitimate interests pursued by the data controllers or for direct marketing purposes, including profiling related to direct marketing. You retain the option to be contacted for the aforementioned purposes exclusively through traditional methods and to express your objection solely to receiving communications via automated means. The data controllers refrain from processing unless there are legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. You have the right to lodge a complaint with the competent supervisory authority in the member state of your habitual residence, place of work, or the place where the alleged infringement occurred.
8. DATA PROTECTION OFFICER

The data may be processed by employees of the data controllers' business functions appointed to achieve the aforementioned purposes, who have been expressly authorized to process the data and have received adequate operational instructions.
Personal data processed for the operation of the websites, collected during navigation on the sites, will be processed by employees, collaborators of the data controllers, or external parties, acting as processors and data controllers, duly instructed by the data controllers, performing technical and organizational tasks on behalf of the data controllers concerning the operation of the websites.