Pursuant to art. 13 of European Regulation No. 679 of 2016 and art. 13 of Legislative Decree No. 196 of 30 June 2003

Deka M.E.L.A. S.r.l. is committed to protecting the privacy and confidentiality of personal data and ensures them the necessary protection from any event that might put them at risk of a breach.
Pursuant to article 13 of Legislative Decree No. 196 of 30 June 2003 (“Privacy Code”), article 13 of European Regulation No. 679 of 2016 (“GDPR”), Deka M.E.L.A. S.r.l. intends to inform all users and/or visitors to this website (respectively the “Users” or “Data Subject” and the “Site”), on the use of personal data collected by Deka M.E.L.A. (“Personal Data”).

1. Data Controller, Data Processors and Data Protection Officer

The personal data processing controller is Deka M.E.L.A. S.r.l. with registered office at Via Baldanzese, No. 17 – 50041 Calenzano (FI) – Italy, TAX and VAT No. IT04190470486 (herein after referred to as the “Data Controller”).
The Data Protection Officer (article 37 GDPR) can be contacted at the following Email address:
dpo@elen.it (hereinafter referred to as the “DPO”).

2. The Personal Data subject to processing

The following categories of Personal Data could be collected through the use of the Site:

  • Contact details: name, address, telephone number, email address;
  • Interests: information provided by users about their interests, including type of product they are interested in;
  • References of the contract: customer number, contract number, etc.;
  • Registration data of the online accounts;
  • Information about sale and maintenance: purchasing and information, information relating to assistance, including complaints;
  • Data relating to the request for participation in training courses: data and place of birth, nationality, passport, Visa, inquiries and special requirements relating to transport, residence, etc.

In certain circumstances we may also collect:

  • Biometric data, such as digital images and video.

3. Purposes of the processing

The Personal Data of the Data Subject is processed exclusively for the following purposes:

  1. Without express consent (art. 6 GDPR)
    • to fulfil obligations required by law, rules, European regulations or authorities;
    • to meet, prior to the conclusion of a contract, specific requests of the Data Subjects (e.g. request for information, quotations, etc.);
    • to execute the contract concluded between the parties;
    • to provide after-sales service;
    • to manage requests and reports received through the Site, including any complaints and disputes;
    • to establish, exercise of defend a legal claim;
  2. Only with declared consent (art. 7 GDPR)
    • to improve and customize Users experience on the Site;
    • to allow the recording to restricted areas of the Site and such initiatives (e.g. events, contests);
    • to manage applications;
    • to manage requests for participation in training courses;
    • to allow subscription to the newsletter provided by the Data Controller;
    • to send by e-mail, mail and/or text message, newsletter, commercial communications and/or advertising material about products or services offered by the Data Controller and customer satisfaction surveys on the quality of services;
    • to send by e-mail, mail and/or text message, newsletter, information about events, contests, educational activities organised by the holder;
    • to send by e-mail, mail and/or text message, newsletter, promotional and/or commercial communications of third partied (e.g. business partner).
    • to send information and updates about the results and the activities of the Data Controller

4. Processing methods

The Data Controller applies all technical and organizational measures necessary to ensure adequate
protection and accuracy of the Personal Data processed.
Pursuant to art. 5 of the GDPR, the Personal Data will be:

  • processed in a lawful, proper and transparent toward the Data Subject;
  • collected and recorded for specified, explicit and legitimate purposes and subsequently processed in a time frame compatible with that purpose;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and, where necessary, kept up to date;
  • processed by manual, cyber and telematics tools and with logics that are appropriate to ensure an adequate level of security.

5. Data retention

The Data Controller, in accordance with the principles of legality, purpose limitation and data minimisation, pursuant to art. 5 of GDPR, stores and processes personal data for the time strictly necessary to fulfil the purposes identified above and until the Data Subjects parties to revoke the consent given.

For the purpose of determining the appropriate retention period, the Data Controller shall consider the quantity, nature and sensitivity of the Personal Data, the purposes for which they are processed and if the same purposes can be achieved by means of other instruments.

In particular, for the purposes of marketing, personal data may be kept for a period of 24 months from the granting of consent for this purposes, unless renewal thereof (expect the opposition to receive further communications). The Data Controller every two years shall request renewal of consent.

The processing and retention of digital material, such as pictures or video, will be performed until the data subjects communicate the withdrawal of consent to data processing.

6. Access to personal data and to whom these can be communicated

Pursuant to art. 6 of GDPR, without the express consent of the Data Subjects the Data Controller can disclose the personal data to the supervisory bodies, judicial authorities and all other persons to whom that kind of communication is required by law and to the accomplishment of the purposes of art. 3. These subjects will process personal data as autonomous Data Controllers.

Personal data will not be disclosed, sold or exchanged with any third party without the express consent of the Data Subjects.

The management and conservation of personal data will happen on server (located within the European Union) of the Data Controller and/or of third parties appointed as data processors.

Personal Data may be brought to the attention of::

  1. Data Controller’s employees or collaborators, that are formally appointed and authorized to process and their receive opportune operational instructions in this regards;
  2. External companies and third parties which Data Controller may make use of in relation to the management of the contractual relationship with customers or for its own organisational needs and its activities (e.g. IT service suppliers, consultants, agents, etc.)
  3. Other companies of the El.En. Group.

7. Rights of the Data Subject

Pursuant to articles 15-22 of the GDPR,, the Data Subject is entitled:

  1. To be inform of:
    • source of the Personal Data;
    • processing purposes and methods;
    • logic applied when data are processed using electronic equipment;
    • identity of the Data Controller, data processors and designated representative pursuant to article 5;
    • parties or categories of parties to whom the personal data may be communicated;
  2. To obtain:
    • the updating, rectification or, where he/she wishes, the integration of the data;
    • the cancellation, anonymization, or blocking of data processed unlawfully, including data that does not need to be retained for the purposes for which it was collected or subsequently processed;
    • certification that the activities mentioned above, including their content, have been notified to those to whom the data was disclosed, unless this requirement proves impossible or implies manifestly disproportionate measures with respect to the protected right;
    • data portability: the right to receive personal data in a structured, commonly used and automatically readable format, and to transmit such data to another data controller, only for cases where the processing is based on consent and for only data processed by electronic means;
  3. To oppose, in whole or in part:
    • for legitimate reasons, to the processing of his/her personal data, even if it is pertinent for collection purposes;
    • for the purposes of this article, the Data Subject is entitled to request the cancellation, transformation into an anonymous form or blocking of data processed in violation of the law and, in any case, to abject, for legitimate reason, to their processing.

All requests must be addressed to the DPO at the following address: dpo@elen.it. Before responding the request, the DPO may ask for confirmation of the Data Subject’s identity and for information to substantiate its interaction with the Data Controller, so that he can identify the relevant Personal Data.
Insofar as the Data Subjects are provided with tools that allow the self-management of Personal Data, including the withdrawal of consent to the processing of the same, we expect such tools to be used.

8. Data transfer

  1. Depending on the circumstances Deka M.E.L.A. S.r.l. could transfer Personal Data collected through the Site to other companies of the El.En. Group or to third parties located in other countries, even outside the European Union, which does not offer the same level of protection of personal data. The European Commission puts the countries deemed “adequate”, namely those that preparing an adequate protection, in a separate list, which can be viewed at: https://www.garanteprivacy.it/temi/trasferimento-di-dati-all-estero.Transfers of Personal Data outside the European Union and to countries not belonging to the above list, will be carried out exclusively under specific agreements between Deka M.E.L.A. S.r.l. and the companies involved, through the use of tools accepted by the European Commission.

Last amendment 12.4.2024

 TYPE OF COOKIES PURPOSES DURATION OF RETENTION EFFECTS OF DESELECTION

Navigation cookies

These allow normal navigation and use of the website

Valid for the browsing session

Browsing would not be possible if these were deactivated, which makes these cookies necessary

Analytics cookies

These gather information in aggregate form on navigation by users to optimise the experience of navigation and the services themselves.

Established by third parties, reference is made to the privacy notice referred to below

It would not be possible for the Data Controller to obtain the information in aggregate form

Functionality cookies

These facilitate navigation and the service rendered to the user based on a series of criteria selected by the latter.

Retained to preserve functionality for 30 days.

It would not be possible to retain the selections made by users during navigation

b.3) THIRD PARTY COOKIES

Third party cookies also operate on this website i.e. cookies created by a website other than the one that the user is currently visiting.
Based on the provisions of the Ruling of the Italian Data Protection Commissioner of 8 May 2014, the Data Controller is bound to provide the updated link to the privacy notices and consent forms of third parties with whom special agreements have been stipulated for the installation of cookies through its own website.

Third party cookies are:

Anonymous third party cookies
The use of anonymous third party cookies is provided for; these cookies facilitate the anonymous gathering and recording of information on pages of the website that have been accessed, without allowing the visitor to be identified, and they are not combined in any way with other information. Such data are used exclusively to track and examine the use of the sites by users, to compile statistics based on information gathered anonymously and by using data in aggregate form.

In particular, users are informed that the web analytics service that issues cookies used by the Data Controller is “Google Analytics”, described below.

Google Analytics is a web analytics service provided by Google, Inc. (“Google”) that uses “cookies” placed on the user’s computer to enable the website visited to analyze how it is used by users. The information generated by the cookie about the use of the website visited (including the IP address) will be sent to Google and stored on Google servers in the United States. Google will use this information in order to track and examine the user’s use of the website, compile reports on the website’s activity for website operators and provide other services relating to the website’s activity and to internet usage. Google may also transfer this information to third parties if legally required to do so, or where the third parties process the aforementioned information on Google’s behalf. Google will not associate the user’s IP address with any other data held by Google. The user may at any time refuse the use of cookies by selecting the appropriate setting on his or her browser.

To consult Google’s privacy policy in relation to the Google Analytics service, see the website  https://policies.google.com/privacy?hl=en.

b.4) RETENTION PERIOD

By accessing the Site and going beyond the introductory banner containing the short privacy notice, the Users consents to the use of the technical cookies specified in this document. This consent may be revoked at any time by pressing the button “I do not consent” at the end of this privacy and cookies policy.

Individual cookies may be freely selected/deselected using this system, but this may also be done by using one’s web browser (selecting the settings menu, clicking on internet options, opening up the privacy tab and selecting the desired level for blocking cookies).

By failing to accept functional cookies certain pages of the Site will not be visible.

3. The personal data that Data Subject provide to us using the Site

The following categories of personal data could be collected through the use of the Site:

  • Contact details: name, address, telephone number, email address;
  • Interests: information provided by users about their interests, including type of product they are interested in;
  • References of the contract: customer number, contract number, etc.;
  • Registration data of the “Deka Club” portal: product’s serial number;
  • Information about sale and maintenance: purchasing and information, information relating to assistance, including complaints;
  • Data relating to the request for participation in training courses: data and place of birth, nationality, passport, Visa, inquiries and special requirements relating to transport, residence, etc..

In certain circumstances we may also collect:

  • Data concerning family members and partners;
  • Biometric data, such as digital images and videos;
  • Pictures, video and audio via surveillance cameras placed in public areas of our facilities.

4. Purposes of the processing

The personal data of the Data Subject is processed exclusively for the following purposes:

A) Without express consent (art. 6 Privacy Regulation)

  • to fulfil obligations required by law, rules, European regulations or authorities;
  • to meet, prior to the conclusion of a contract, specific requests of the Data Subjects (e.g. request for information, quotations, etc.);
  • to execute the contract concluded between the parties;
  • to provide after-sales service;
  • to manage requests and reports received through the Site, including any complaints and disputes;
  • to establish, exercise of defend a legal claim;

B) Only with declared consent (art. 7 Privacy Regulation)

  • to improve and customize Users experience on the Site;
  • to allow the recording to restricted areas of the Site and such initiatives (e.g. events, contests);
  • to manage applications;
  • to manage requests for participation in training courses;
  • to allow subscription to the newsletter provided by the Data Controller;
  • to send by e-mail, mail and/or text message, newsletter, commercial communications and/or advertising material about products or services offered by the Data Controller and customer satisfaction surveys on the quality of services;
  • to send by e-mail, mail and/or text message, newsletter, information about events, contests, educational activities organised by the holder;
  • to send by e-mail, mail and/or text message, newsletter, promotional and/or commercial communications of third partied (e.g. business partner).

The legal basis of the processing is the consent freely given.

The Data Subjects have the right to revoke the consent given at any time and without any particular formality: in any commercial communication there will be a section that will allow to easily revoke the consent given.

The Data Subjects can also revoke the consent given by sending a simple communication to the addresses referred in art. 11 below.

5. Legal basis of the processing

Apart from what is specified for cookies and browsing data, the Data Subjects are free to provide personal data contained in the forms on the Site or in any case indicated on the occasion of contacts with the Data Controller to request the sending of informative material or other communications or to access specific services. The absence of this data may make impossible to fulfil the request.

6. Processing methods

Pursuant to art. 5 of the Privacy Regulation, the personal data will be:

  • processed in a lawful, proper and transparent toward the Data Subject;
  • collected and recorded for specified, explicit and legitimate purposes and subsequently processed in a time frame compatible with that purpose;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and, where necessary, kept up to date;
  • processed by manual, cyber and telematics tools and with logics that are appropriate to ensure an adequate level of security.

7. Data retention

The Data Controller, in accordance with the principles of legality, purpose limitation and data minimisation, pursuant to art. 5 of Privacy Regulation, stores and processes personal data for the time strictly necessary to fulfil the purposes identified above and until the Data Subjects parties to revoke the consent given.

For the purpose of determining the appropriate retention period, the Data Controller shall consider the quantity, nature and sensitivity of the Personal Data, the purposes for which they are processed and if the same purposes can be achieved by means of other instruments.

In particular, for the purposes of marketing, personal data may be kept for a period of 24 months from 25 may 2018, unless renewal thereof (expect the opposition to receive further communications). The Data Controller shall, every two years from the data of publication of this notice, to request the renewal of consent.

The Data Controller shall consider the periods for which he might need to retain the Personal Data in order to fulfil legal obligations (e.g. administrative tasks) or to examine Users’ requests, complaints and defend its rights where necessary.

The processing and retention of digital material, such as pictures or video,  will be performed until the data subjects communicate the withdrawal of consent to data processing.

8. Access to personal data and to whom these can be communicated

Personal data may be brought to the attention of:

  1. Data Controller’s employees or collaborators, that are formally appointed and authorized to process and their receive opportune operational instructions in this regards;
  2. External companies and third parties which Data Controller may make use of in relation to the management of the contractual relationship with customers or for its own organisational needs and its activities (e.g. IT service suppliers, consultants, agents, etc.)
  3. Other companies of the El.En. Group.

Pursuant to art. 6 of the Privacy Regulation, without the express consent of the Data Subjects the data Controller can disclose the personal data to the supervisory bodies, judicial authorities and all other persons to whom that kind of communication is required by law and to the accomplishment of the purposes of art. 3. These subjects will process personal data as autonomous Data Controllers.

Personal data will not be disclosed, sold or exchanged with any third party without the express consent of the Data Subjects.

The management and conservation of personal data will happen on server (located within the European Union) of the Data Controller and/or of third parties appointed as data processors.

 

9. Rights of the Data Subject

Pursuant to articles 15-22 of the Privacy Regulation, the Data Subject is entitled:

a) To be inform of:

  • The source of the personal data;
  • The processing purposes and methods;
  • The logic applied when data are processed using electronic equipment;
  • The identity of the data controller, data processors and designated representative pursuant to article 5;
  • The parties or categories of parties to whom the personal data may be communicated;

b) To obtain:

  • The updating, rectification or, where he/she wishes, the integration of the data;
  • The cancellation, anonymization, or blocking of data processed unlawfully, including data that does not need to be retained for the purposes for which it was collected or subsequently processed;
  • Certification that the activities mentioned above, including their content, have been notified to those to whom the data was disclosed, unless this requirement proves impossible or implies manifestly disproportionate measures with respect to the protected right;
  • Data portability: the right to receive personal data in a structured, commonly used and automatically readable format, and to transmit such data to another data controller, only for cases where the processing is based on consent and for only data processed by electronic means;

c) To oppose, in whole or in part:

  • For legitimate reasons, to the processing of his/her personal data, even if it is pertinent for collection purposes;

For the purposes of this article, the Data Subject is entitled to request the cancellation, transformation into an anonymous form or blocking of data processed in violation of the law and, in any case, to abject, for legitimate reason, to their processing.

 

10. Data transfer

Appropriate Deka M.E.L.A. S.r.l. could transfer personal data collected through the Site to other companies of the El.En. Group or to third parties located in other countries, even outside the European Union, which does not offer the same level of protection of personal data. The European Commission puts the countries deemed “adequate”, namely those that preparing an adequate protection, in a separate list, which can be viewed at:  https://www.garanteprivacy.it/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-intenazionale/trasferimento-dei-dati-verso-paesi-terzi#1.

Transfers of personal data outside the European Union and to countries not belonging to the above list will be carried out exclusively under specific agreements between Deka M.E.L.A. S.r.l. and the companies involved, through the use of tools accepted by the European Commission.

 

11. Contact details

To exercise all rights ad identified above and to request information about this privacy policy, Data Subjects can contact the Data Controller by sending an e-mail to privacydeka@dekalaser.com.

 

12. Requests for the exercise of Data Subject’s rights

If you request information about your data the Data Controller shall respond promptly – unless this proves impossible or involves a manifestly disproportionate effort compared with the right to be protected – and in any case no later than 30 days from the request. The Data Controller will justify any inability to meet the request, or delay in doing so.

 

Last amendment 12 July 2018