Product - App Privacy Policy
Products privacy policy
VIMAR S.p.A. protects the privacy of consumers (hereinafter, the “Data Subjects”) by taking all appropriate measures to protect personal data in accordance with legal provisions. VIMAR S.p.A. guarantees that the processing of data collected at the time of registration of the product or through other electronic tools is carried out in compliance with the principle of “minimisation”, i.e. limiting their collection to cases in which it is strictly necessary in order to achieve the purposes set out herein.
This notice describes the methods by which the information that comes into the possession of VIMAR S.p.A., the Support Centres or the installers as a result of a product registration is processed in cases where this is connected to the internet.
The data processing is carried out in compliance with the fundamental rights of freedom and personal dignity, with particular reference to privacy, personal identity and the right to the protection of personal data. VIMAR S.p.A. guarantees that specific safety measures will be implemented and adhered to prevent the loss of the data, any unlawful or incorrect use of the same and/or any unauthorised accesses to the same.
Pursuant to article 13 GDPR, we provide Data Subjects with the following information:
Data controller
The Data Controller is VIMAR S.p.A. with registered office at Viale Vicenza 14, Marostica (VI) (hereinafter, “VIMAR”).
All requests and enquiries about the processing of personal data may be sent to the Data Controller at the following address:
· Viale Vicenza, 14 - 36063 Marostica (VI)
· privacy@vimar.com
Data processed
VIMAR collects the following categories of personal data:
- Common data: name, surname, IP address, email address, address (residence/domicile).
Data collection - legal bases
Data may be collected by Vimar when a product is registered or when the Data Subject makes a request for support from VIMAR or Vimar Support Centres.
In the case of product registration, in order to guarantee the secrecy of the data, Data Subjects must keep their login details (password) confidential. These details must be changed after each intervention by the VIMAR technical service and/or the Technical Support Centres.
The legal bases that legitimise the processing of personal data are:
- performance of a contractual or pre-contractual obligation (for the purpose stated in 4.(i) limited to the contractual warranty);
- legitimate interest of the Data Controller (for the purposes stated in 4 (i) for work outside the warranty period and for the other purposes stated in 4.(ii));
- fulfilment of a legal obligation (for the purpose stated in 4.iii));
- Consent within the limits specified in the registration/subscription form (newsletter and marketing activities) (for the purposes stated in 4.iv).
Purposes of the processing and nature of the provision
(i) The personal data will be processed for the purposes of registering the products, managing their functionality and resolving technical problems for which the Data Subject requests the technical intervention of VIMAR and/or VIMAR Support Centres. To this end, VIMAR may process the contact details and data relating to requests for support made by Data Subjects by completing specific forms. In these cases, provision of the data is necessary because the requests made cannot be processed without them.
(ii) The contact details and/or data relating to requests for support made by Data Subjects may also be used for the purposes of defending rights in the course of judicial, administrative or extrajudicial proceedings and in the context of disputes arising in relation to the products and the services offered. In these cases, provision of the data is necessary because these purposes cannot be pursued without them.
(iii) The contact details may also be processed for purposes related to obligations established by laws, national and/or European regulations, instructions given and/or requests made by the authorities under the law and/or by supervisory and control bodies, including the management of your requests as a Data Subject, pursuant to articles 15 et seq. of the GDPR (Rights of the data subject). In these cases, the provision of data is necessary because these purposes cannot be pursued without them.
(iv) Subject to consent by the Data Subjects, the contact details may be used for marketing activities aimed at providing information on promotional campaigns carried out using automated methods (e.g. email) or traditional methods (phone calls, sending brochures, etc.) or market research and statistical surveys. In these cases provision of the data is optional. Failure to provide the necessary data will make it impossible to receive marketing communications, without prejudice to the other stated purposes.
Information retention period
For the purposes stated in 4.i, the personal data will be kept for the period of installation/use of the product needed to ensure correct provision of the services offered by VIMAR to the Data Subjects in relation to the products installed and, in any case, within the limits of the purposes for which they are collected. On expiry of this period, or at the request of the Data Subject, the data will be deleted.
For the purposes stated in 4.ii, the personal data will be retained until the relevant court order/sentence becomes final.
For the purposes stated in . 4.iii, the personal data will be retained for up to 5 years from closure of the request, barring any disputes or different specific legal terms.
For the purposes stated in 4.iv, the personal data will be retained until consent is revoked (opt-out).
Sharing of personal data
The personal data of the Data Subjects may be accessed by specifically authorised VIMAR employees, third parties (in order to perform services such as maintenance, analysis, auditing, payments, fraud detection, marketing and development), installers or authorised Technical Support Centres.
The third parties will have access to the personal data of the Data Subjects to the extent reasonably necessary to perform the above activities and are obliged not to disclose or use them for other purposes.
Transfer for personal data outside the eea
Personal data will not be transferred outside the EEA.
Should transfers become necessary to countries that do not provide the same level of protection provided by the GDPR or applicable legislation, VIMAR S.p.A. will ensure that each of these recipients assumes specific contractual obligations in compliance with the applicable regulations regarding the protection of personal data (articles 44 et seq. GDPR, including the signing of the Standard Contractual Clauses approved by the European Commission), unless the Data Controller can refer to any other legal basis for the transfer of such information. In this case, the Data Controller will provide the necessary information on the transfer. The Data Subject may nevertheless request further information, including the countries receiving the personal data, by writing to the email address privacy@vimar.com
Rights of data subject
In relation to the personal data provided, the Data Subjects are entitled to exercise, at any time and in accordance with the provisions of the EU Regulation, the rights established by the latter and stated below:
• Right to revoke consent (article 7(3) of the EU Regulation): right to revoke the consent given. Revoking consent does not affect the lawfulness of the processing based on the consent given before the revocation. Specifically, in order to stop receiving automated direct marketing communications (email), Data Subjects are requested to write an email to privacy@vimar.com with the subject line “unsubscribe from automated” or use our automatic unsubscribe systems provided for emails only (opt-out).
In order to stop receiving traditional direct marketing communications (telephone calls from operators and brochures), Data Subjects are requested to write an email to privacy@vimar.com @ with the subject line “unsubscribe from traditional”.
In order to stop receiving any marketing communications, Data Subjects are requested to write an email to privacy@vimar.com with the subject line “unsubscribe from marketing”.
• Right of access by the data subject (article 15 of the EU Regulation): right to obtain confirmation of the existence or otherwise of personal data relating to them and a copy of them in an intelligible form;
• Right to rectification (article 16 of the EU Regulation): right to obtain the rectification of personal data concerning them;
• Right to erasure or “right to be forgotten” (article 17 of the EU Regulation): right to have their data erased;
• Right to restriction of processing (article 18 of the EU Regulation): right to obtain the restriction of processing if, for example, the accuracy of the personal data is contested or the processing is unlawful;
• Right to data portability (article 20 of the EU Regulation): right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format and right to transmit those data to another Data Controller without hindrance if the processing is based on consent or on a contract, or is carried out by automated means;
• Right to object (article 21 of the EU Regulation): right to object to the processing of their personal data;
• Right not to be subject to automated decision-making processes (article 22 of EU Regulation): right not to be subject to a decision based solely on automated processing.
Requests must be sent to email address: privacy@vimar.com
VIMAR undertakes to respond to requests within one month, except in the case of particularly complex requests, for which a maximum of 3 months may be required. In any case, VIMAR will communicate the reason for the wait within one month of your request.
The outcome of the request will be provided in writing (at the request of the Data Subject) or in electronic format (and, in this case, free of charge). The Data Controller specifies that the Data Subject may be asked to make a contribution if their questions are manifestly unfounded, excessive or repetitive: in this regard VIMAR S.p.A. will keep track of requests. In compliance with article 19 of the EU Regulation, where possible, VIMAR S.p.A. undertakes to inform recipients to whom the personal data of the interested party has been communicated of any corrections, cancellations or limitations of processing requested by the Data Subject. You are reminded that revoking consent does not affect the lawfulness of the processing based on the consent given before the revocation.
If the Data Subject believes that their rights have been compromised or violated, or that the processing of their data is contrary to the legislation in force, they have the right to lodge a complaint with the Italian data protection authority (Autorità Garante per la protezione dei dati personali) (Supervisory Authority www.garanteprivacy.it).
Amendments
VIMAR S.p.A. may make changes and/or additions to this information also as a consequence of any subsequent regulatory changes and/or additions. In such cases, the new version of this notice will be available on the VIMAR S.p.A. website. and will state the update date.
Last update 01/02/2024
Vimar apps and my vimar portal privacy policy
VIMAR S.p.A. protects the confidentiality and security of the personal data of users (“Data Subjects”) of apps downloaded to access the services and features of Vimar products and/or the My VIMAR world.
By using the services of VIMAR apps, Data Subjects consent to the processing of their personal data by the latter in compliance with this Policy.
Data controller
The Controller is VIMAR S.p.A. with registered office at Viale Vicenza 14, Marostica (VI) (hereinafter, “VIMAR”).
All requests and enquiries about the processing of personal data may be sent to the Data Controller at the following address:
· Viale Vicenza, 14 - 36063 Marostica (VI)
Data processed
Contact details: name and surname, email address and/or mobile number, the UDID (i.e. Unique Device Identifier) of the device on which the app is installed, the serial number of the VIMAR device and/or system and a password.
Commercial data: VAT no. and/or tax code.
Registration data – the information provided by completing the registration form on the website www.vimar.com (customer account, name, surname, VAT number, language and country of origin, email address and username).
Localisation data: for VIEW Product applications, personal data relating to the position of the installed devices may be collected if the Data Subjects enable automations linked to changing the position of the smartphone or tablet where the apps are installed, all by enabling permissions to share your location in the background.
Technical support data: all the information provided by Data Subjects when they make contact requests for technical support relating to VIMAR products.
Data collection - legal bases
Personal data is collected by Vimar when the app is downloaded and the Data Subjects register on the My VIMAR portal. Registration allows access to all product features and the My VIMAR world.
VIMAR takes appropriate security measures to ensure the protection, security, integrity and accessibility of the personal data of Data Subjects. However, it is the responsibility of the Data Subjects to ensure the safekeeping of their login details.
The legal bases that legitimise the processing of personal data are:
- performance of a contractual obligation (for the purposes stated in 4.i and 4.ii – limited to the contractual warranty ) - provision of the data is required in order to handle the registration requests made by Data Subjects);
- legitimate interest of the Data Controller (for the purposes stated in 4.ii e 4.iii);
- fulfilment of a legal obligation (for the purposes stated in 4.iv);
- Consent within the limits specified in the registration/subscription form (newsletter and marketing activities) (for the purposes stated in 4.v)
Purposes of the processing and nature of the provision
The personal data is processed for the following purposes:
(i) registration of the Data Subjects within the apps and the My Vimar portal; in these cases, provision of the data is required because these purposes cannot be pursued without them.
(ii) managing and improving the functions and services connected with the apps and the MyVIMAR world, including the management of product maintenance; in these cases, provision of the data is required because these purposes cannot be pursued without them.
(iii) The contact details and/or data relating to requests for support made by Data Subjects may also be used for the purposes of defending rights in the course of judicial, administrative or extrajudicial proceedings and in the context of disputes arising in connection with the products and services offered. In these cases, provision of the data is necessary because these purposes cannot be pursued without them.
(iv) The contact details may also be processed for purposes related to the obligations established by laws, national and/or European regulations, instructions given and/or requests made by the authorities under the law and/or by supervisory and control bodies, including the management of your requests as a Data Subject, pursuant to articles 15 et seq. of the GDPR (Rights of the data subject). In these cases, provision of the data is necessary because these purposes cannot be pursued without them.
(v) Subject to consent, VIMAR may process the personal data of the Data Subjects for marketing and advertising communication purposes aimed at informing such Data Subjects about promotional and sales initiatives carried out either by automated contact methods (email, in-app messaging, etc. ) or by traditional methods (e.g. telephone calls from operators), market research and statistical surveys if the appropriate consent is given and within the limits stated in this notice. In these cases provision of the data is optional. Failure to provide the necessary data will make it impossible to receive marketing communications, without prejudice to the other stated purposes.
Information retention period
For the purposes stated in (i) and (ii), the personal data collected by VIMAR are retained for as long as the MyVIMAR profile on the portal remains active, in order to allow the correct performance of the services offered. Once the Data Subject’s MyVIMAR profile is deleted, or following the Data Subject’s request, data will be deleted within 7 days from the request.
For the purposes stated in (iii), the personal data will be retained until the relevant judicial sentence/measure becomes final.
For the purposes stated in (iv), the personal data will be retained for up to 5 years from closure of the request, barring any disputes or different specific legal terms.
For the purposes stated in (v), the personal data will be retained until consent is revoked (opt-out).
Sharing of personal data
The personal data of the Data Subjects may be accessed by specifically authorised VIMAR employees, third parties (in order to perform services such as maintenance, analysis, auditing, payments, fraud detection, marketing and development), or authorised Technical Support Centres.
The third parties will have access to the personal data of the Data Subjects to the extent reasonably necessary to perform the activities stated in this notice and are obliged not to disclose or use them for other purposes.
If Data Subjects request the intervention of Customer Services and need to share their login details (passwords) to the apps and/or devices connected to them, they will be asked to change them on completion of the intervention.
Transfer for personal data outside the eea
Personal data will not be transferred outside the EEA.
Should transfers become necessary to countries that do not provide the same level of protection provided by the GDPR or applicable legislation, VIMAR S.p.A. will ensure that each of these recipients assumes specific contractual obligations in compliance with the applicable regulations regarding the protection of personal data (articles 44 et seq. GDPR, including the signing of the Standard Contractual Clauses approved by the European Commission), unless the Data Controller can refer to any other legal basis for the transfer of such information. In this case, the Data Controller will provide the necessary information on the transfer. The Data Subject may nevertheless request further information, including the countries receiving the personal data, by writing to the email address privacy@vimar.com
Rights of data subjects
In relation to the personal data provided, Data Subjects are entitled to exercise, at any time and in accordance with the provisions of the EU Regulation, the rights established by the latter and stated below:
To revoke consent (article 7(3) of the EU Regulation): right to revoke the consent given. Revoking consent does not affect the lawfulness of the processing based on the consent given before the revocation. Specifically, in order to stop receiving automated direct marketing communications (email, messaging), Data Subjects are requested to write an email to privacy@vimar.com with the subject line “unsubscribe from automated” or use our automatic unsubscribe systems provided for emails only (opt-out).
In order to stop receiving traditional direct marketing communications (telephone calls from operators), Data Subjects are requested to write an email to privacy@vimar.com @ with the subject line “unsubscribe from traditional”.
In order to stop receiving any marketing communications, Data Subjects are requested to write an email to privacy@vimar.com with the subject line “unsubscribe from marketing”.
· Right of access by the data subject (article 15 of the EU Regulation): right to obtain confirmation of the existence or otherwise of personal data relating to them and a copy of them in an intelligible form;
· Right to rectification (article 16 of the EU Regulation): right to obtain the rectification of personal data concerning them;
· Right to erasure or “right to be forgotten” (article 17 of the EU Regulation): right to have their data erased;
· Right to restriction of processing (article 18 of the EU Regulation): right to obtain the restriction of processing if, for example, the accuracy of the personal data is contested or the processing is unlawful;
· Right to data portability (article 20 of the EU Regulation): right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format and right to transmit those data to another Data Controller without hindrance if the processing is based on consent or on a contract, or is carried out by automated means;
· Right to object (article 21 of the EU Regulation): right to object to the processing of their personal data;
· Right not to be subject to automated decision-making processes (article 22 of EU Regulation): right not to be subject to a decision based solely on automated processing.
Requests must be sent to email address: privacy@vimar.com
VIMAR undertakes to respond to requests within one month, except in the case of particularly complex requests, for which a maximum of 3 months may be required. In any case, VIMAR will communicate the reason for the wait within one month of your request.
The outcome of the request will be provided in writing (at the request of the Data Subject) or in electronic format (and, in this case, free of charge). The Data Controller specifies that the Data Subject may be asked to make a contribution if their questions are manifestly unfounded, excessive or repetitive: in this regard VIMAR S.p.A. will keep track of requests. In compliance with article 19 of the EU Regulation, where possible, VIMAR S.p.A. undertakes to inform recipients to whom the personal data of the interested party has been communicated of any corrections, cancellations or limitations of processing requested by the Data Subject. You are reminded that revoking consent does not affect the lawfulness of the processing based on the consent given before the revocation.
If the Data Subject believes that their rights have been compromised or violated, or that the processing of their data is contrary to the legislation in force, they have the right to lodge a complaint with the Italian data protection authority (Autorità Garante per la protezione dei dati personali) (Supervisory Authority www.garanteprivacy.it).
Amendments
VIMAR S.p.A. may make changes and/or additions to this notice, including as a consequence of any subsequent regulatory changes and/or additions. In such cases, the new version of this notice will be available on the VIMAR S.p.A. website. and will state the update date.
Last update 11/10/2024