provided pursuant to art. 13, Regulation (EU) 2016/679 (“GDPR”)
1. Data Controller and Data Protection Officer (DPO)
The Data Controller is Marazzi Group S.r.l. a Socio Unico with registered office at Viale Regina Pacis 39, 41049 Sassuolo (MO) Italy, in the person of its current legal representative (“Data Controller" or “Marazzi”).
2. What are cookies and what are they used for?
Cookies are small strings of text, usually consisting of letters and/or numbers, that websites visited by the user send and install on the user’s terminal (normally via the browser), where they are memorised and stored to be retransmitted to the same websites that generated them the next time the same user visits them, enabling the websites to recall the user’s previous interaction with them.
The information codified by cookies includes personal data (e.g. IP address, username, email address, etc.) and non-personal data, such as language settings or information on the type of device used by the User to browse the website.
Cookies therefore carry out various functions and make it possible to browse the website in an efficient way, memorising the User’s preferences and improving their browsing experience. For example, cookies are used to memorise credentials, the User’s language preferences or other information or preferences relating to specific settings, monitor sessions, facilitate and streamline the accessing of online content, show the User adverts that may be of greater interest to them, etc.
On the basis of this criteria, cookies can be classified into various categories.
For example, depending on the party which installs the cookies on the User’s terminal, a distinction is made between: (a) “first-party cookies", installed directly by the manager of the website visited by the User and only visible to him/her; and (b) “third-party cookies” installed by the manager of another website, which installs the cookies via the former.
On the basis of the duration of the processing, it is possible to distinguish between: (a) “session cookies”, which are stored temporarily during the browsing session and automatically erased from the user’s terminal after the browser is shut down; and (b) “persistent cookies”, which persist on the User’s terminal until a set expiry date or until they are erased.
The classification that best responds to the provisions of the personal data protection law is the one that separates cookies into two macro-categories:
• “technical cookies”, i.e. the cookies strictly required for the correct functioning of the website or its operations in relation to the browsing choices made by the User. This category includes “navigation cookies”, which guarantee the regular browsing and access of the website (for example, enabling the regular display of pages and their browsing, etc.), and also “function cookies”, which allow Users to navigate the website on the basis of the criteria they have chosen (e.g. language, products selected for purchase) in order to improve the requested service. The technical storage and accessing of the information contained in technical cookies does not require the consent of the User;
• “targeting cookies”, which analyse and record the recurring actions and behaviours of Users when using the functions of the website in order to (i) create a User profile, (ii) classify the User within homogenous groups of user profiles, (iii) with the ultimate goal of sending the User targeted advertising messages in line with the preferences they have displayed when browsing online. The User must consent to the technical storage and accessing of the information contained in targeting cookies.
The two macro-categories mentioned above can also be joined by “analytics cookies”, which are used to perform statistical analyses aimed at (i) assessing the effectiveness of the services provided via the Website, (ii) designing the Website, or (iii) measuring its “traffic”, i.e. the number of visitors, who can also be classified on the basis of certain parameters of interest (e.g. geographical area, time slot etc.).
The processing of data collected via analytics cookies does not require the consent of the User if such data is used purely to produce aggregated statistics on a single website or mobile application, and for data collected with “third-party” analytics cookies, only if (a) the structure of the “third-party” analytics cookie prevents the identification of the User and if (b) the “third party” refrains from performing processes on the data (e.g. combination, enrichment etc.) aimed at identifying the User. In the presence of these specific conditions analytics cookies (both first- and third-party) can be equated to technical cookies.
3. Managing cookie preferences using the cookie preferences centre
In particular, through the functions contained in the banner, Users may: (i) accept all cookies on the Website, including those for targeted advertising, giving their consent; (ii) refuse the enabling of all cookies present on the Website other than those strictly necessary for its correct functioning (i.e. “Required Cookies”); (iii) access, via the link, the “Cookie preferences centre”, where they can get more information on the cookies present on the Website, grouped into homogeneous categories, and, where applicable, give or withdraw their consent or object to processing with regard to categories of cookies to enable or disable on their device; (iv) close the cookie banner by clicking on the specific icon and continue browsing the Website maintaining the default settings.
The Data Controller informs Users that the “default” cookie setting only involves the enabling of Required Cookies.
As expressed in the Guidelines, the Website has specific functionalities that enable it to memorise for a period of at least 6 (six) months the choices made by the User with regard to their consent to the use of the cookies and tracking tools present on the Website. Once this period of time has elapsed from the last choice expressed by the User, these preferences will be erased and the next time they visit the Website the above banner will reappear.
Users can change or withdraw their consent to all or some categories of cookies at any time by accessing the “Cookie preferences centre” from the Website.
Users can also manage their cookie preferences from their browser settings, which allow them to clear/remove all or some cookies or block cookies or restrict cookies to certain sites.
Below are the instructions and links to the guides for managing cookies in the main browsers:
• Microsoft Edge: click on the 3-dot icon in the top-right hand corner and then on “Settings". From the menu on the left select “Cookies and site permissions” and adjust your cookies settings. Click on the link below for more information:
• Google Chrome: click on the 3-dot icon in the top-right hand corner and then on “Settings". Select “Advanced” and in the “Privacy and security” section click on “Site Settings”. Adjust the cookies settings by selecting “Cookies and site data”. Click on the link below for more information:
• Mozilla Firefox: click on the icon with the three horizontal bars in the top-right hand corner and select “Options”. In the window select “Privacy and security” to adjust your cookies settings. Click on the link below for more information:
• Apple Safari: select “Preferences” and then “Privacy” and adjust your cookies settings. Click on the link below for more information:
• Opera: click on the icon with the three horizontal bars in the top-right hand corner and then on “Advanced”. Select “Privacy & Security” and then “Site settings”. Adjust your cookies settings from the “Cookies and site data” section. Click on the link below for more information:
For different browsers to those mentioned above check the relevant guide to find out how to manage cookies. For example, if you are using a mobile device refer to the instructions manual to find out how to manage cookies.
4. Types of cookies used by this Website, purposes, legal basis
More specifically, the Data Controller has divided the cookies present on the Website into the following types:
5. Transfer of personal data outside the EU
The personal data of the User collected using cookies (e.g. third-party cookies) may be transferred to non-EU countries: such transfers are lawful as they are covered by adequacy decisions issued by the European Commission and/or by the prior signing of Standard Contractual Clauses adopted on the basis of the models established by the European Commission pursuant to art. 46, 2, letters c) and d) of the GDPR.
6. Recipients of personal data
The personal data of the User may come to the knowledge of employees, contract staff and associates of the Data Controller assigned to pursue the aforementioned goals, who shall work in the capacity of authorised data users having received suitable operating instructions.
In addition, to pursue the purposes referred to in paragraph 3 above, the User’s personal data may be processed by third parties belonging, for example, to the following categories:
- providers of technical assistance services for the management and maintenance of the Website;
- advertising agencies;
- providers of statistical processing services on the use of the Website;
- companies that carry out management and maintenance services on the Data Controller’s computer systems;
- business partners;
- companies that own social media websites;
- companies that provide email delivery services or other suppliers of external digital communications platforms;
- supervisory and controlling authorities and bodies and, in general, public or private bodies with a public interest function that may justifiably request such data in accordance with national and European legislation;
- companies, associations or professional practices that perform assistance and consultancy activities.
The entities in the aforesaid categories operate in some cases as Data Processors specifically designated by the Data Controller in accordance with article 28 of the GDPR, and in other cases fully independently as separate Data Controllers, in which case your personal data will only be disclosed to the said independent data controllers where legitimately established as per paragraph 3 above.
The data collected using cookies will not be disseminated.
7. Rights of the data subject
- right of access: right to obtain confirmation of whether or not personal data concerning you are being processed and, if this is the case, to obtain access to your personal data - including a copy of them - and communication, amongst other things, of the information outlined in art. 15 of the GDPR;
- right to rectification: right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data pursuant to art. 16 of the GDPR;
- right to erasure (right to be forgotten): the right to obtain, without undue delay, the erasure of personal data concerning you, in the cases indicated in art. 17 of the GDPR; the right to erasure does not apply to the extent to which the processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or for the establishment, exercise or defence of legal claims;
- right to restriction of processing: right to obtain restriction of the processing, in the cases indicated in art. 18 of the GDPR;
- right to data portability: right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance, if the processing is based on consent and is carried out by automated means, as indicated in art. 20 of the GDPR. In addition, the right to have your personal data transmitted directly by the Data Controller to the other controller, where technically feasible;
- right to object: right to object to the processing of personal data concerning, you, unless there are legitimate grounds for the Data Controller to continue the processing, pursuant to art. 21 of the GDPR;
- the right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal;
- right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
The above rights may be exercised in relation to the Data Controller using the contacts provided in paragraph 1 above. The Data Controller shall examine your request and provide you, without undue delay and in all cases within no more than one month of receiving said request, with information concerning the action taken with regard to your request.
The exercising of your rights as data subject is free of charge in accordance with art. 12 of the GDPR. However, in the event of requests which are manifestly unfounded or excessive, in particular because of their repetitive character, the Data Controller may charge you a reasonable fee taking into account the administrative costs of dealing with your request, or refuse to act on the request.
Please also note that the Data Controller may request further information necessary to confirm the identity of the data subject.
The Data Controller
Marazzi Group S.r.l. a Socio Unico