The Privacy Policy of this website

Data controller

The Controller is VIMAR S.p.A. with registered office at Viale Vicenza 14, Marostica (VI) (hereinafter, “VIMAR”).

All requests and enquiries about the processing of personal data may be sent to the Data Controller at the following address:

•          Viale Vicenza 14, 36063 Marostica (VI)

•          privacy@vimar.com

Types of data processed

In order to pursue the purposes stated below, the Data Controller will, as appropriate and if necessary, process personal data belonging to the following categories:

• Browsing data (common personal data): data belonging to this category are collected via cookies. For detailed information regarding the cookies used, see the Cookie policy.

 Common personal data: personal and contact data relating to the services offered on this website.

The optional, explicit and voluntary sending of emails to the addresses given on this Website allows the recipient to obtain the sender's address, which is necessary to respond to requests, as well as any other personal data included in the communication.

Information regarding the processeing of personal data carried out through social media platforms

For information regarding the processing of personal data carried out by the operators of the Social Media platforms used by the Data Controller, please see their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of dedicated Social Media platforms to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation.

Cookies and other tracking systems

For Cookies and other tracking systems, see the cookies policy provided in the website footer and at the following link.

Purposes of the processing and retention period

The purposes of the processing are the following:

 1. Purpose of protecting a legitimate interest of the Data Controller (article 6(1)(f) GDPR):

    a. To ensure the correct operation of the Website and browsing of the same.

    b. To prevent or uncover fraudulent activities or abuses that are harmful to the Website.

    The data processed for the above purposes will be retained in accordance with the cookie policy (subject to any requirement on the part of the judicial authority to ascertain a criminal offence).

    c. To exercise the rights of the Data Controller, for example the right of defence in court.

If it is necessary to ascertain, exercise or defend the rights of the Data Controller in court, the retention period may last until the sentence becomes final.

2. Purpose based on a contract or pre-contractual measures taken at the request of the Data Subject (article 6(1)(b) GDPR):

    d. Registration in the reserved area of the My VIMAR Website.

    The data processed for the aforementioned purpose will be retained for the entire duration of the contractual relationship or until a request is made to delete the account. Data relating to inactive registrations is retained for three years and data relating to incomplete registrations is retained for five days. 

    e. Sending an application via "Work with us" section.

    The data processed for the above purpose will be retained for a period of 24 months.

 3. Purpose based on consent given by the Data Subject (article 6(1)(a) GDPR)

    f. Subscription to the newsletter service to receive commercial communications and/or advertising material regarding the products or services offered by the Data Controller;

    g. Carrying out marketing activities: sending -  via online and offline channels - using automated contact methods (such as text messages, email, social media accounts) and traditional methods (such as telephone calls with an operator and traditional mail) - of promotional and commercial communications and as well as measuring the degree of customer satisfaction with the quality of services and the activities carried out.

In the above cases, the Data Subject is given the opportunity to revoke consent at any time (article 7(3) GDPR).

 4. Purpose based on a legal requirement (Article 6(1)(c) GDPR)

h. MANAGEMENT OF YOUR REQUESTS and the requests of other Data Subjects, pursuant to articles 15 et seq. GDPR (Rights of the data subject).

The data processed for the above purpose will be retained for a period of 5 years from closure of the request, barring any disputes.

Legal bases for the processing

The processing of the above personal data is based on the following legal bases:

• Legitimate interest of the Data Controller (article 6(1)(f) GDPR) for the purposes referred to in letters a) to c).

• Contract or pre-contractual measures taken at the request of the Data Subject (article 6(1)(b) GDPR) for the purposes referred to in letters d) and e);

• Consent of the Data Subject (article 6(1)(a) GDPR) for the purposes referred to in letters f) and g).

• Compliance with a legal obligation (article 6(1)(c) GDPR) for the purposes referred to in letter h).

Categories of recipients

The personal data will be communicated, based also on the purposes envisaged in specific areas, to entities that will process the data as independent data controllers, or data processors (article 28 GDPR) and processed by natural persons (article 29 GDPR ) acting under the authority of the Data Controller and/or Data Processor on the basis of specific instructions provided regarding the processing purposes and methods. In particular, the data obtained by the Data Controller, within the scope of the aforementioned purposes, may be communicated to one or more of the categories of entities specified below:

• Third parties (e.g., lending establishments, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external data controllers;

• Entities who manage the Data Controller's IT system and communication networks, including website and hosting, email, newsletter services;

• Marketing and advertising agencies;

• For the "Work with us" area, to entities in charge of selection activities;

• Judicial authorities, Revenue Agency, social security bodies, administrative and industry-related authorities, as well as to any entities that are required to be informed by law.

The list of Data Processors is available by writing to privacy@vimar.com or to the other addresses given above.

Tranfer of personal data outside the sea

The data will be processed within the European Economic Area (EEA) by the Data Controller and/or by third-party companies duly appointed as Data Processors (the data are stored in Italy on servers operated by the company Axera (VI)). Should transfers become necessary to countries that do not provide the same level of protection provided by the GDPR or applicable legislation, VIMAR S.p.A.  will ensure that each of these recipients assumes specific contractual obligations in compliance with the applicable regulations regarding the protection of personal data (articles 44 et seq. GDPR, including the signing of the Standard Contractual Clauses approved by the European Commission), unless the Data Controller can refer to any other legal basis for the transfer of such information. In this case, the Data Controller will provide the necessary information on the transfer. The Data Subject may nevertheless request further information, including the countries receiving the personal data, by writing to the email address privacy@vimar.com

For information about transfers via cookies, see the cookie policy.

Processing methods

Personal data will be processed both on paper and electronically and/or automatically. Data collection, recording, organisation, storage, viewing, processing, amendment, extraction, comparison, use, interconnection, communication, cancellation and destruction operations, and any other appropriate operation, may be carried out, including by automated means, in compliance with the legal provisions required to guarantee, among other things, the confidentiality and security of the data as well as the accuracy, updating and relevance of the data with respect to the declared purposes.

Rights of the data subject

In relation to the personal data provided, the Data Subject is entitled to exercise, at any time and in accordance with the provisions of the EU Regulation, the rights established by the latter and stated below:

• Right to revoke consent (article 7(3) of the EU Regulation): right to revoke the consent given. Revoking consent does not affect the lawfulness of the processing based on the consent given before the revocation. Specifically, in order to stop receiving automated direct marketing communications (via text messages, email, social media accounts), Data Subjects are requested to write an email to privacy@vimar.com with the subject line “unsubscribe from automated” or use our automatic unsubscribe systems provided for emails only (opt-out).

In order to stop receiving traditional direct marketing communications (telephone calls from operators and printed mail), Data Subjects are requested to write an email to privacy@vimar.com @ with the subject line “unsubscribe from traditional”.

In order to stop receiving any marketing communications, Data Subjects are requested to write an email to privacy@vimar.com with the subject line “unsubscribe from marketing”.

 

• Right of access by the data subject (article 15 of the EU Regulation): right to obtain confirmation of the existence or otherwise of personal data relating to them and a copy of them in an intelligible form;

• Right to rectification (article 16 of the EU Regulation): right to obtain the rectification of personal data concerning them;

• Right to erasure or “right to be forgotten” (article 17 of the EU Regulation): right to have their data erased;

• Right to restriction of processing (article 18 of the EU Regulation): right to obtain the restriction of processing if, for example, the accuracy of the personal data is contested or the processing is unlawful;

• Right to data portability (article 20 of the EU Regulation): right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format and right to transmit those data to another Data Controller without hindrance if the processing is based on consent or on a contract, or is carried out by automated means;

• Right to object (article 21 of the EU Regulation): right to object to the processing of their personal data;

• Right not to be subject to automated decision-making processes (article 22 of EU Regulation): right not to be subject to a decision based solely on automated processing.

Requests must be sent to email address: privacy@vimar.com

We inform you that the Company undertakes to respond to your requests within one month, except in the case of particularly complex requests, for which a maximum of 3 months may be required. In any case, the Company will explain the reason for the wait within one month of your request.

The outcome of the request will be provided in writing (at the request of the Data Subject) or in electronic format (and, in this case, free of charge). The Data Controller specifies that the Data Subject may be asked to make a contribution if their questions are manifestly unfounded, excessive or repetitive: in this regard VIMAR S.p.A. will keep track of requests. In compliance with article 19 of the EU Regulation, where possible, VIMAR S.p.A. undertakes to inform recipients to whom the personal data of the interested party has been communicated of any corrections, cancellations or limitations of processing requested by the Data Subject. You are reminded that revoking consent does not affect the lawfulness of the processing based on the consent given before the revocation.

Right to lodge a complaint (article 77 of the EU regulation)

If the Data Subject believes that their rights have been compromised or violated, or that the processing of their data is contrary to the legislation in force, they have the right to lodge a complaint with the Italian data protection authority (Autorità Garante per la protezione dei dati personali) (Supervisory Authority www.garanteprivacy.it).

Nature of the data provision

The provision of data for purposes a), b), c) is necessary (failure to provide it will make it impossible to browse the website and ensure its security).

The provision of data for purposes d) and e) is also necessary (failure to provide it will not allow the correct establishment and/or continuation of the contract stipulated between the parties).

For purposes f) and g), the provision of data by the Data Subject is optional (any failure by the Data Subject to provide the data will make it impossible for the Data Subject to receive commercial communications, including personalised ones, regarding products or services offered by the Data Controller).

The provision of data for purpose h) is necessary (failure to provide it will make it impossible to fulfil the legal obligations of the Data Controller).

Amendments and updates

VIMAR S.p.A. may make changes and/or additions to this information also as a consequence of any subsequent regulatory changes and/or additions. In such cases, the new version of this notice will be available on the VIMAR S.p.A. website. and will state the update date.

Last update 01/02/2024