Privacy Policy - Contacts

Privacy policy in accordance with Art. 13 of Regulation (EU) 2016/679 ("GDPR") on personal data processing

1. Data Controller
We inform you that, pursuant to Art. 13 of the GDPR, Sofidel S.p.A., which can be reached at the address gdpr.holding@sofidel.com will process the personal data which you provide by filling in the contact form on the site www.papernet.com and for the management of your request, as data controller (hereinafter, "Data Controller" or" Company").

2. Data Protection Officer
We inform you that the Company has appointed a Data Protection Officer (“DPO”), who is available for any information concerning the processing of your personal data and can be reached at dpo.holding@sofidel.com.

3. Types of data processed
The data processed by the Data Controller may include:
1) common data, such as, by way of example, personal details (name, surname, etc.) and contact details (mobile or landline telephone number, residential address, e-mail address, etc.) as well as any other information concerning you contained in the message sent to the Data Controller. 
The personal data indicated above will be jointly defined below, for brevity, as "personal data". 

4. Purpose and legal basis of data processing
Your personal data will be processed: 
a. for the purposes of managing your message; 
b. To meet any defence requirements; 
c. To fulfil any legal obligations to which the Data Controller is subject.
The legal basis of the processing for purpose a. lies in Art. 6(1)(b) of the GDPR; for purpose b. in Art. 6(1)(f) and finally, for purpose c. in Art. 6(1)(c) of the GDPR. 
The provision of your personal data for the purposes indicated above is optional but in its absence it will not be possible to follow up your request

5. Personal data processing methods
Your personal data will be processed by means of computer, manual and/or telematic tools and/or instruments, using a logic strictly related to the purpose of the processing and in any case guaranteeing the confidentiality and security of the data and compliance with the specific obligations laid down by law.

6. Recipients of personal data
Your data may be shared with: 
1. Subjects who typically act as data processors pursuant to Art. 28 of the GDPR; 
2. Persons in charge of processing pursuant to Art. 29 of the GDPR; 
3. Subjects, entities or authorities, independent data controllers, to whom it is compulsory to communicate your personal data pursuant to the provisions of law or orders by the authorities. 
The above common data may be accessed by the other companies in the Sofidel Group for the same purposes as above and/or for administrative and accounting purposes pursuant to Art. 6(1)(f) and recitals 47 and 48 of the GDPR. 
The updated and complete list of processors can be requested from the Data Controller at the above addresses. 

7. Transfer of data outside the EU
With regard to the possible transfer of personal data to third countries, the Company informs you that the processing will take place according to one of the methods permitted by current law, such as the data subject’s consent, the adoption of Standard Clauses approved by the European Commission, the selection of parties participating in international programmes for the free movement of data (e.g. EU-USA).

8. Retention of personal data
Your personal data will be kept only for the time necessary for the purposes for which it was collected, in accordance with the principles of data minimisation and storage limitation referred to in Art. 5(1)(c) and (e) of the GDPR. Further information may be obtained, on request, from the Data Controller or the DPO using the above contact details. 

9. Your privacy rights
You have the right to access your data at any time in accordance with Art. 15-22 of the GDPR. In particular, you may request the rectification, erasure or restriction of the processing of such data in the cases set out in Art. 18 of the GDPR, withdraw your consent, or obtain the portability of data relating to you in the cases laid down in Art. 20 of the GDPR.

You can object to the processing of your data under Art. 21 of the GDPR in which you give evidence of the reasons for your objection. The Data Controller reserves the right to evaluate your request, which will not be accepted if there are legitimate grounds for the processing which override your interests, rights and freedoms.

Requests must be addressed in writing to the Data Controller at the above addresses.

If you believe that the processing of your personal data performed by the Data Controller is in violation of the provisions of the GDPR, you have the right to lodge a complaint with the Data Protection Authority, as set out in Art. 77 of the Regulation itself, or to take appropriate legal action (Art. 79 of the GDPR).

 

Privacy Policy - User Register

Privacy policy in accordance with Art. 13 of Regulation (EU) 2016/679 on personal data processing

This information is provided pursuant to Art. 13 of Regulation (EU) 2016/679 (hereinafter, “GDPR”) to the user who provides his or her personal data through the registration form in the restricted area of the site www.papernet.com.  

1. Data Controller and Data Protection Officer
Personal data will be processed by Sofidel S.p.A., Via Giuseppe Lazzareschi, 23 - 55016 Porcari (LU), as data controller (hereinafter "Sofidel" or “Data Controller"), which can be reached at the address gdpr.holding@sofidel.com 
Sofidel’s Data Protection Officer ("DPO") can be contacted at the address dpo.holding@sofidel.com

2. Types of data processed
The Personal Data processed by the Controller, as requested in the collection form on the site www.papernet.com include common data, such as name, surname, contact information (e-mail address) and information on the company to which the user belongs.

3. Purpose and legal basis of the processing of personal data
Personal Data will be processed for the following purposes:
a) to manage the request for registration on the reserved area of the site by the user;
b) to provide the services that the user can use through the reserved area, such as for example the complete download of data sheets, catalogues and leaflets relating to the Controller's products. 
The legal basis of the processing for the purposes referred to in points a) and b) is represented by Art. 6(1)(b) of the Regulation, as the processing is necessary to manage the request for registration on the reserved area and, therefore, to provide the services requested;
c) with the express consent of the user, for promotional and/or direct marketing activities, including the sending of newsletters and market research, relating to the company's and/or Sofidel Group's brands and products, through automated tools (SMS, MMS, email, fax, automated unmanned calling systems, use of social networks, Whatsapp) and non-automated means (paper mail, telephone with operator). 
The legal basis of the processing for the purposes referred to in points c) is represented by the express, free and unequivocal consent of the data subject pursuant to Art. 6(1)(a) of the Regulation.
This consent may be revoked at any time and the revocation shall not affect the lawfulness of the processing carried out before the revocation.
The processing of Personal Data for the purposes referred to in point c) is optional; refusal will not have any consequences and registration to the reserved area will not be affected in any way.

Once provided, the data may also be processed for the following purposes:
d) compliance with any regulatory obligations to which the Data Controller is subject; the legal basis for the processing referred to in d) is Art. 6(1)(c) of the Regulation;
e) any defensive purposes; the legal basis for the purpose referred to in point e) is to be found in Art. 6(1)(f) of the Regulation.

Personal Data may not be accessed by Sofidel Group companies for administrative-accounting purposes pursuant to Art. 6(1) and Recitals 47 and 48 of the GDPR.

4. Retention of personal data
Personal data will be kept only for the time necessary for the purposes for which it was collected, in line with the principles of data minimisation and limitation of purpose referred to in Art. 5(1)(c) and (e) of the GDPR. Specifically, the Personal Data processed for the purposes set forth in points a) and b) will be kept by the Data Controller for as long as it is necessary for the pursuit of such purposes. With regard to the purpose referred to in point c), the Personal Data will be kept until consent is revoked and, in any case, for a maximum period of 24 months from their recording, after which the Company will definitively delete them.  The Data Controller reserves the right to retain the Personal Data for as long as necessary to comply with any regulatory obligations as well as to meet any defence requirements. Further information may be obtained from the Data Controller and/or the DPO who can be contacted at the addresses given above.

5. Recipients of personal data
Personal Data may be shared with:

  • subjects who typically act as data processors pursuant to Art. 28 of the GDPR (e.g. providers of IT services);

  • personnel authorized to process data pursuant to Art. 29 of the GDPR and Art. 2-quaterdecies of Legislative Decree 196/2003 ("Privacy Code");

  • Sofidel Group companies, as autonomous data controllers, for administrative-accounting purposes on the basis of the legitimate interest pursuant to Art. 6(1)(f) and Recitals 47 and 48 of the Regulations;

  • subjects, entities or authorities, autonomous data controllers, to whom it is mandatory to communicate Personal Data pursuant to provisions of law or orders of the authorities.

An updated and complete list of the recipients of Personal Data is available at the registered office of the Data Controller and may in any case be requested from the Data Controller and the DPO at the addressed specified above.

6. Transfer of data outside the EU
With regard to the possible transfer of personal data to third countries, the Data Controller informs you that the processing will take place according to one of the methods permitted by current law, such as the data subject’s consent, the adoption of Standard Clauses approved by the European Commission, the selection of parties participating in international programmes for the free movement of data (e.g. EU-USA).

7. Data processing methods
The personal data will be processed by means of computer, manual and/or telematic tools and/or instruments, using a logic strictly related to the purpose of the processing and in any case guaranteeing the confidentiality and security of the data and compliance with the Regulation and the applicable provisions of the Data Protection Authority. Further information is available from the Data Controller and/or the DPO who can be contacted at the contact details indicated above.

8. Rights of the data subject
The data subject has the right to access Personal Data concerning him/her at any time, pursuant to Arts. 15-22 GDPR. In particular, he/she may request the rectification, erasure or restriction of the processing of such data in the cases set out in Art. 18 of the GDPR, withdraw consent or obtain the portability of data relating to him/her in the cases laid down in Art. 20 of the GDPR. 
The Data Subject may also object to the processing of their data under Art. 21 of the GDPR, giving evidence of the reasons for the objection. The Data Controller reserves the right to evaluate the request, which will not be accepted if there are legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject. 
The data subject also has the right to object at any time and without any justification to the sending of direct marketing through automated tools (e.g. SMS, MMS, email, push notifications, fax, automated unmanned calling systems) and non-automated means (paper mail, telephone with operator). Moreover, with regard to direct marketing, this right may also be exercised in part, i.e., in this case, by objecting, for example, only to the sending of promotional communications by automated means.
Requests must be made in writing and sent to the Data Controller or to the DPO at the above addresses.

9. Complaint to the Data Protection Authority 
If the data subject believes that the processing of his/her personal data performed by the Data Controller is in violation of the provisions of the GDPR, he/she has the right to lodge a complaint with the Data Protection Authority, as set out in Art. 77 of the Regulation itself, or to take appropriate legal action (Art. 79 of the GDPR).

 

DPO - Sofidel S.p.A e Soffass S.p.A:
Gloria Ricci
+39 0583 268258
Dpo.holding@sofidel.com