Privacy

PRIVACY POLICY


1. About us

This notice is made available under Article 13 of European Regulation 2016/679 on the protection of personal data (‘Regulation’ or ‘GDPR’) and Legislative Decree 30/06/2003 no. 196 (‘Privacy Code’), as amended and supplemented by Legislative Decree 101/2018, and subsequent amendments and additions - by Schnell S.p.A. (hereinafter also the ‘Company’).
The purpose of this Information Notice is to inform the data subject about how his or her data is processed.

The Data Controller is Schnell S.p.A., registered office in Via Sandro Rupoli 2, 61036 Colli al Metauro (PU), telephone +39 0721 878711.
The DPO/RPD, Data Protection Officer, is Lorenzo Lanzoni. E-mail privacy@schnell.it.


2. Type of data processed

The website offers informative and, at times, interactive content. While browsing the site, the Company may, therefore, acquire information on the visitor in the following ways:

Browsing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses, the type of browser used, the operating system, the domain name and addresses of websites from which access was made, information on the pages viewed by users within the website, access time, the length of time spent on the page, internal path analysis and other parameters relating to the user's operating system and computer environment.

Other data categories
These are all the personal data provided by the visitor through the site, for example: 
  • by filling in a form to ask for a quote and/or information on the services offered and/or a contact request; 
  • by writing to the e-mail addresses indicated on our site to request information; 
  • by accessing a reserved area and/or service;
  • by filling in a form to submit your curriculum vitae; 
  • by filling in a form to receive our newsletter and marketing communications; 
  • by filling in a form to register for one of our initiatives (conferences, seminars, workshops, events).


3. Purpose of processing and legal basis

The data provided are processed for the following purposes:

  • to provide the good and/or service requested by the user, to manage the contracts finalised by the user, to fulfil the relevant administrative, accounting, tax and legal requirements, and to process requests made by the user. Processing for these purposes is necessary for the fulfilment of contractual obligations or as requested by the data subject, and does not require specific consent;
  • detecting the user experience of our platforms, products and services and ensuring the correct functioning of the web pages and their contents. The processing carried out for these purposes is based on a legitimate interest of the Data Controller;
  • send communications and promotional, commercial and advertising material or concerning initiatives and events of the Data Controller, using newsletters. This processing is based on the consent freely expressed by the User;
  • conducting market research, sending communications and promotional, commercial and advertising material or material relating to initiatives and events, by e-mail, SMS, WhatsApp, Chat, Facebook Forms, social networks or by telephone calls, paper mail and other informative material. This processing is based on the consent freely expressed by the User;
  • soft spam activity that allows the Data Controller to send promotional communications by email to the User concerning Products and/or Services purchased without the need for the express and prior consent of the User, as provided for by Article 130, 4 paragraph, Privacy Code, and provided that the User does not exercise the right to object; This processing is based on the legitimate interest of the Data Controller, as provided for by Article 130, 4 paragraph, of the Privacy Code as amended by Legislative Decree no.101 of 2018;
  • performing statistical analysis on aggregated and anonymous data, to analyse the behaviour, of the User, to improve the products and services provided by the Owner as well as to meet the User's expectations
  • profiling activities for marketing purposes. This Processing is based on the consent freely expressed by the User.

4. Sharing and Transfer of Personal Data

Data collected by the Controller will only be shared for the purposes set out above; we will not share or transfer personal data to third parties other than those listed in this Privacy Policy.
During our activities and only for the same purposes as those listed in this Privacy Policy, the personal data collected may be transferred to the following recipients:

  • specially trained personnel involved in the organisation of the website (administrative, sales, marketing, legal, system administrators);
  • service providers (e.g. IT system providers, cloud service providers, database providers and consultants);
  • public administrations for legal purposes;
  • any public and/or private entity to which it may be necessary to communicate your data concerning the purposes mentioned above.

The updated list of Data Processors is available at the Controller's registered office and will be provided upon written request.

The Data are processed at the operational headquarters of the Data Controller. For further information, please contact the Data Controller. The Data may be processed by natural persons and/or legal entities operating on behalf of the Controller and under specific contractual obligations and based in EU or non-EU countries. If the Data is transferred outside the EEA, the Controller will take all appropriate contractual measures to ensure adequate Data protection.


5. Protection of personal data

Schnell S.p.A. has implemented appropriate technical and organisational measures to provide an adequate level of security and confidentiality for personal data.

These measures take into consideration:
  • the state-of-the-art technology;
  • the implementation costs;
  • the data nature; 
  • the processing risk.
The purpose is to protect them against accidental or unlawful destruction or alteration, accidental loss, unauthorised disclosure or access, and other forms of unlawful processing. Furthermore, the processing of personal data must be adequate, relevant and not excessive, and the Controller must ensure that such data remains up-to-date and accurate.

6. Data retention periods

Without prejudice to the right granted to each user to object to the processing of personal data and/or to request their cancellation, the Company will retain the personal data collected only for the time necessary to achieve the purpose for which they were collected and received, or to meet legal or regulatory requirements, as provided for in Article 5, co. 1, letter e) of the GDPR.

In particular:
  • The data collected for Purposes attributable to the legitimate interest of the Data Controller will be retained until such interest is satisfied; The user may obtain further information regarding the legitimate interest pursued by the Data Controller by contacting the Data Controller;
  • Data collected based on the User's Consent may be retained until the legal expiry date or until such Consent is revoked;
The Data may be stored by the Owner for a longer period in compliance with legal obligations or by order of an authority.
At the end of the retention period, the Personal Data will be deleted; therefore, the relevant rights can no longer be exercised.

7. Exercise of the Data Subject's Rights

The Data Subject has the right to exercise the faculties provided for in Articles 15-22 of European Regulation 679/2016. In particular, he/she is recognised the: 
  • RIGHT TO RECTIFICATION. The data subject may obtain rectification of the personal data concerning him/her or communicated by him/her to the Company, which shall make reasonable efforts to ensure that the personal data in its possession are accurate, complete, updated and relevant, based on the most recent information available;
  • RIGHT TO LIMITATION. The data subject may obtain a restriction on the processing of his data if:
- he contests the accuracy of his data during the period in which the Controller has to verify its accuracy;
- the processing is unlawful and requires a restriction of the processing or deletion of his data;
- there is no longer any need for the Company to retain the personal data collected; 
- the user objects to the processing while the Controller verifies whether its legitimate reasons prevail on the user's.

  • RIGHT OF ACCESS. The data subject may ask the Data Controller for information about the stored data, including information about which categories of personal data the Company owns or controls, for what purpose they are used, where they were collected (if not directly from the data subject), and to whom they may have been provided.
  • RIGHT TO PORTABILITY. The data subject may request the Company to transfer his or her data to another Data Controller, if technically possible, provided that the processing is based on the user's consent or is necessary to perform a contract.
  • RIGHT TO CANCELLATION. The data subject may obtain from the Controller the cancellation of his/her data if :
- personal data are no longer necessary to the purposes for which they were collected or otherwise processed;
- the user has the right to object to further processing of his/her data; 
- personal data have been processed unlawfully.
Unless the processing is necessary because of legal or statutory obligations or to establish, exercise or defend a legal claim.

  • RIGHT TO OBJECT. The data subject may object to the processing of his or her data at any time, provided that the processing is not based on his or her consent but on the legitimate interests of the Controller or third parties. In such cases, the Company will no longer process the user's data unless it can prove compelling legitimate reasons, an overriding interest in the processing or establishment, or the exercise or defence of a right in court. If the user objects to the processing, it is necessary to specify whether he/she wishes to delete his/her data or to restrict their processing.
  • RIGHT TO LODGE A COMPLAINT. In case of an alleged violation of the applicable privacy law, the user may complain to the competent authorities in his or her country or in the place where the alleged violation took place.

8. Changes to this Privacy Policy

Any future changes or additions to the processing of personal data as described in this Privacy Policy will be notified through the usual communication channels used by the Controller (e.g. via the website).

Privacy Policy updated 13.05.2024