Privacy Policy

Information notice on the processing of personal data

This information policy is provided pursuant to art. 13 of (It.) Legislative Decree 30/06/2003, no. 196 (Code regarding the protection of personal data) and art. 13 of Regulation (EU) no. 679/2016 (European General Data Protection Regulation).
Italtherm S.p.A., with registered office in Pontenure (PC), Tax Code and VAT No.: 01594830331, in the person of Mr Paolo Mazzoni in its capacity as Data Controller (hereinafter , Controller), ), would like to inform you, pursuant to art. 13 of (It.) Legislative Decree 30/06/2003 no. 196 (hereinafter , “Privacy Code”) and art. 13 of Regulation (EU) no. 679/2016 (hereinafter , “GDPR”) that the data will be processed in the following manner and for the following purposes:

  1. Subject of the Processing
    Italtherm S.p.A. protects your personal data and complies with the applicable personal data protection legislation (Privacy Code e GDPR 12016/679). Your personal data are processed confidentially and transferred to third parties solely on the basis of the provisions of this policy, or with your consent. We process the personal data that you provide during the use of the website and/or after registering on the website and/or filling out registration forms for participation in events.
    In particular, we process:
    1. i. personal, identifying and non-sensitive data (in particular, name, surname, tax code, VAT number, e-mail, telephone number - hereinafter "personal data" or even "data") directly supplied by you, with registration on the site and/or during the use thereof and/or by filling in registration forms for participation in events;
    2. ii. data not directly supplied by you - however acquired within the limits of the provisions of art. 14, paragraph 5 of the GDPR - whose transmission is connected to the use of Internet communication protocols (including but not limited to page accesses, amount of data transferred, message status following accesses, session ID numbers, IP addresses, URL addresses, etc.). These data allow us to trace your visits to the site.

  2. Purpose of the processing
    Your personal data are processed:
    1. A. Without your express consent (art. 24 letter a), b), c) of the Privacy Code and art. 6 letter b), c), d), e) of the GDPR), for the following service purposes:
      1. to process a contract request;
      2. to execute pre-contractual measures adopted at your request;
      3. to process internal statistics;
      4. to fulfil pre-contractual, contractual and fiscal obligations deriving from existing relationships;
      5. to fulfil the obligations envisaged by the law, by a regulation, by EU legislation or by an order of the authorities;
      6. to safeguard the vital interests of the data subject or of another natural person;
      7. to carry out public interest tasks or in relation to the exercise of public powers held by the data controller;
      8. to prevent or detect fraudulent activity or malicious abuse of the website;
      9. to pursue a legitimate interest of the Data Controller or third parties, within the limits and under the conditions set forth in art. 6, letter f) of the GDPR;
      10. x. to exercise the rights of the Data Controller (including but not limited to the right of defence in court);
    2. B. Only with your specific and unequivocal consent (Articles 23 and 130 of the Privacy Code and art. 7 of the GDPR), for marketing purposes, namely:
      1. send newsletters, commercial communications and/or advertising material on products and/or services, different from and/or unlike those already purchased, offered by the Data Controller, by e-mail

  3. Nature of the provision of the personal data
    The provision of data for the purposes referred to in art. 2, letter a), no. i) and ii) is necessary. In the absence of their provision, we cannot guarantee satisfaction of your requests. The provision of data for the purposes referred to in art. 2, letter b), instead, is optional. You may therefore decide not to provide any data or withdraw the possibility for us to process data previously provided.

    In this case, you will no longer receive our newsletters, while you will continue to receive our services, retaining the right to register on the site and/or on the participation form.

  4. Methods of processing
    The processing of your personal data is carried out through operations indicated in the art. 4 of the Privacy Code and art. 4, no. 2) of the GDPR and specifically: collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data.

    The processing of your data will be based on principles of fairness, lawfulness and transparency and may also be carried out through automated methods designed to memorise, manage and transmit the data and will be performed through the use of suitable tools, where appropriate and in accordance with the state of the art, to guarantee security and confidentiality through the use of appropriate procedures that avoid the risk of loss, unauthorised access, illicit use, and dissemination.

  5. Data retention period
    The controller will process the personal data for the time necessary to fulfil the aforementioned purposes and however for no more than 10 years from the termination of the relationship for "service purposes" and for no more than 2 years from the collection of data for marketing purposes. Once the aforementioned retention period has expired, the data will be destroyed or made anonymous.

  6. Access to the data
    The personal data processed by the Data Controller will not be disclosed, that is to say they will not be disseminated to undetermined subjects, in any form, including that of making them available or simple consultation. They may, on the other hand, be disclosed to the employees of the Controller and some external subjects that collaborate with them. In particular, your data may be made accessible to:
    1. employees and collaborators of the Data Controller, consultants authorised to manage the site and to supply the related services (for example: customer service department, IT, etc.), in their capacity as internal Processors and/or Persons tasked with the processing of personal data and/or System administrators;
    2. i. third-party companies or other subjects (for example: credit institutions, professional firms, consultants, insurance companies, etc.) that carry out outsourced activities on behalf of the Data Controller, in their capacity as external Processors and/or Persons tasked with the processing of personal data

  7. Disclosure of the data
    Without your express consent (pursuant to art. 24, letter a), b), d) of the Privacy Code and art. 6 letter b), c) of the GDPR), the Data Controller may in any case disclose your data for the purposes indicated to supervisory bodies, Judicial authorities as well as to all other subjects to whom disclosure is obligatory by law for the fulfilment of the aforementioned purposes.

  8. Data transfer
    The management and storage of personal data will take place on the Data Controller’s servers and/or those of third-party companies duly tasked and appointed as Data Processors (including but not limited to the servers used for electronic mail) located within the European Union, or in compliance with the provisions of articles 45 et seq. of the GDPR. Currently the servers are located in Italtherm S.p.A., in 29010 Pontenure (PC), Via Salvo D’Acquisto without stree number.
    The data will not be transferred outside the European Union. However, it is understood that, should it be necessary to transfer the location of the servers, in Italy and/or the European Union and/or non-EU countries, such transfer will always take place in compliance with articles 45 et seq. of the GDPR. In this case, however, the Data Controller hereby guarantees that the transfer of data to non-EU countries will be in compliance with the applicable legal provisions, concluding, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.

  9. Navigation data
    The computer systems and software procedures used to operate the site may acquire, during their normal activity, some personal data, the transmission of which is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified (i.e. parameters relating to the user’s operating system and IT environment).

    These data are used by the Controller for the sole purpose of obtaining statistical, anonymous information on the use of the site and to check its correct functioning and are deleted immediately after processing. These data can also be used to ascertain responsibility in case of hypothetical computer crimes against the site.

  10. Cookies
    When you use our site, cookies are stored on your computer. Cookies consist of small text files that are saved on your computer and provide us with certain information. They are widely used in order to make websites work more efficiently to improve the user experience, as well as to provide information to the site owners. Our site uses cookies that remain on your computer for different periods of time. Some expire at the end of each session and some remain longer, so that, when you return to our site, you can benefit from a better user experience.
    Web browsers allow you to exercise some control over cookies through browser settings. Most browsers allow you to block cookies or block cookies from certain sites. Browsers can also help you delete cookies when you close your browser. However, bear in mind that this could mean that any opt-outs or preferences you have set on the site will be lost. Please consult the technical information relating to your browser for instructions.
    If you choose to disable the cookie settings or if you refuse to accept a cookie, some parts of the service may not work properly or may be significantly slower.

  11. 11. Rights of the data subject
    In your capacity as the data subject, you have the rights set forth in art. 7 of the Privacy Code and art. 15 of the GDPR and specifically the right to:
    1. obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
    2. obtain from the Data Controller the rectification and/or supplementation of inaccurate personal data concerning you without unjustified delay:
    3. obtain indication:
      1. of the origin of the personal data;
      2. of the purposes and methods of processing;
      3. of the logic applied in the event of processing carried out with the aid of electronic tools;
      4. of the identification data of the controller, processors and the representative designated pursuant to art. 5m, paragraph 2m of the Privacy Code and art. 3, paragraph 1 of the GDPR; e) the subjects or categories of subjects to whom the data may be disclosed or who can learn about them in their capacity as appointed representative in the territory of the state, processors or persons in charge of the processing;
    4. obtain:
      1. the update, rectification or, when applicable, the supplementation of data;
      2. the erasure, anonymisation or blocking of data processed in violation of the law, including those for which storage is not required in relation to the purposes for which the data were collected or subsequently processed; c) the certification that the operations referred to in the aforementioned points have been brought to the attention, also with regard to their content, of those to whom the data have been disclosed or disseminated, except in the case where such fulfilment proves impossible and involves the use of means manifestly disproportionate to the protected right;
    5. object, in whole or in part:
      1. for legitimate reasons, to the processing of personal data concerning you, even though they are relevant to the purpose of the collection;
      2. to the processing of personal data concerning you for purposes of advertising or direct sales or for carrying out market research or commercial communications, through the use of automated call systems without the intervention of an operator, by e-mail and/or through traditional marketing methods by telephone and/or paper-based mail. Please note that the data subject’s right to object as set out in the previous point b) for direct marketing purposes by automated means extends to the traditional ones and the data subject’s authority to exercise the right to object even only in part remains valid. Therefore, the data subject may decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
    Where applicable, you also have the rights set forth in articles 16-21 of the GDPR (right of rectification, right to be to forgotten, right of limitation of the processing, right to data portability, right of objection), as well as the right to lodge a complaint with the Italian Data Protection Authority.

  12. Methods of exercising the rights
    You have the right to request access to the data concerning you, their correction or erasure, the supplementation of incomplete data, the limitation of processing; to receive the Data in a structured, commonly used and machine-readable format; to withdraw any consent given in relation to the processing of your sensitive data at any time and object in whole or in part to the use of the data; to lodge a complaint with the Authority, as well as to exercise the other rights recognised by the applicable law.
    • a registered letter with return receipt to: Italtherm S.p.A., Via S. D’Acquisto without street number – 29010 Pontenure (PC)
    • an e-mail to the address

  13. Minors
    If the person providing the data is under the age of 16, such processing is lawful only if and to the extent that such consent is given or authorised by the person holding the parental responsibility for whom the identification data and copies of the identification documents are acquired.

  14. Controller, Processor and persons tasked with the processing
    The Data Controller is Italtherm S.p.A. with registered office at 29010 Pontenure (PC), in Via Salvo D’Acquisto without street number, Tax Code/VAT No. 01594830331, in the person of Paolo Mazzoni.
    The updated list of data processors and persons tasked with the processing is kept at the headquarters of the Data Controller.

  15. Amendments to this information notice
    This information notice may be subject to amendments. We therefore recommend that you regularly check this information notice and refer to the most up-to-date version.