Reasons for providing the privacy notice / Your privacy is important to us

This Privacy Notice contains important information on your personal data being collected by visiting this website solgrouplat.it (the “Website”) as an unregistered user (the “User”) in order to view and/or use the services [or the products] offered on the Website (the “Services”).

Our Company, which is part of the SOL Group, with registered offices at Costabissara (VI), Via Antonio Meucci, 26 - 36030, e P. IVA 02195260241, Iscrizione R.E.A. di Vicenza n. 213642, in its capacity as data controller (the “Company” or the “Data Controller”), informs you, pursuant to the applicable data protection laws (the “Privacy Laws”), including Regulation (EU) 2016/0679 (“GDPR”), that it will process its Users’ data in the manners and for the purposes detailed below.

The terms in this Privacy Notice apply exclusively to the Website only, and do not apply to other websites owned by the Data Controller or by third-parties, which the User may access through any of the links that may be included in the Website. If the User should access to a different website, we advise to carefully read the information on the processing of personal data applicable to said different website.

Consent

By visiting the Website, using the Services offered or interacting with the Company, the User confirms to have read and understood this Privacy Notice and gives its consent to the Company to collect, use, archive, transmit, and disclose the personal data collected through the Website in line with this Privacy Notice and under the Privacy Laws. [Except in case a user is already registered], the Company may request Users to provide their consent (for example, by checking a box), where it should deem it opportune to protect your rights, or where required under the applicable laws and regulations.

If you decide not to accept the conditions of this Privacy Notice, we would ask you not to visit this Website [not create an account (as defined below)] or otherwise use this Website or send your personal data, or give your consent when you are given the option under the Privacy Laws.

The Data Controller reserves the right to make modifications to this Privacy Notice at any time, publishing said modifications on this page. We ask you to check this page often, using as reference the date of the last modifications made, as indicated below. If you should decide not to accept the modifications made to this Privacy Notice, we would ask you to stop using this Website. You may also ask the Data Controller to remove your personal data. Unless otherwise specified, the above Privacy Notice shall continue to apply to the personal data collected up to that moment.

This Privacy Notice contains important information on the following:

  1. TYPE OF DATA PROCESSED BY THE COMPANY THROUGH THE WEBSITE
  2. LEGAL GROUNDS AND PURPOSES OF PROCESSING
  3. MANDATORY OR OPTIONAL PROVISION OF PERSONAL DATA
  4. PROCESSING OF PERSONAL DATA AND METHODS OF PROCESSING
  5. ACCESS TO PERSONAL DATA
  6. COMMUNICATION OF PERSONAL DATA
  7. TRANSFER OF PERSONAL DATA OUTSIDE THE EU
  8. YOUR RIGHTS
  9. EXERCISING YOUR RIGHTS AND LODGING A COMPLAINT WITH THE PRIVACY SUPERVISORY AUTHORITY
  10. DATA CONTROLLER, DATA PROCESSOR AND DATA PROTECTION OFFICER

1. Type of data processed by the company through the website

Under the Privacy laws, the Data Controller processes the following personal data your provide (your “Personal Data”) when you navigate the Website [when you register in the Reserved Area]:

  • general identification data (such as, by way of example and not limitation, name, surname, e-mail address, etc.);

1.1 Data obtained when a User navigates the Website

The computer systems, cookie technology, and software procedures used for the running of the Website acquire, over the course of their normal operation, certain data which transmission is implicit to the use of the Internet. This information is not collected to be associated to identified data subjects; however, the nature of said data might, through processing and associations with data held by third parties, allow the identification of the Users who navigate a website.

This category of data include, by way of example, IP addresses or domain names of the computers used by the Users connecting to the Website, the pages viewed by Users within the Website, the domain names and the Internet addresses from which Users have accessed the Website (through referrals), the URL (Uniform Resource Identifiers) of the queries made, the time of queries, the method used to submit a query to a web server, the size of the file obtained in reply, the numeric code indicating the status of the reply from the web server, and the other parameters on the type of browser used (e.g., Internet Explorer, Google Chrome, Firefox), the operating system (e.g., Windows), and the User’s computer environment.

Such data are collected through first- party technical cookies [and third-party analytics cookies]. For more information on navigation data, we invite Users to read the Website's Cookie Policy.

1.2 Personal Data provided by Users when registering with the Website

Most of the pages and content of the Website can be accessed and viewed by Users without requiring their registration and/or identification.

Users may, if they wish, register in an area of the Website (the “Reserved Area”) strictly reserved to certain categories of users - such as (the “Registered Users”), in order to access offers of certain Services and enter into agreements with the Company and/or take certain pre-contractual steps. The terms and conditions for using the Website and the Reserved Area are found in the “Conditions of Use” section in the Website.

Users are responsible for the truthfulness of the personal data declared, published, or shared through this Website, and guarantee they have the right to communicate or diffuse them, holding the Data Controller harmless from any third-party liability.

2. Legal grounds and purposes for the processing of personal data

The legal ground for the Processing of your Personal Data, collected through the Website, is your consent.

2.1 We wish to also inform you that your Personal Data shall be processed without your consent, under Article 6 of the GDPR, for the following purposes (the “Purposes”):

  • a) provide the maintenance and technical assistance required to ensure the proper operation of the Website and the services connected thereto;

  • b) improve the quality and the structure of the Website, and create new Website Services, functionalities, and/or characteristics;

  • c) allow the Data Controller to provide its Services;

  • d) allow the Company to exercise its rights in legal proceedings and to handle litigation;

  • e) comply with obligations of law and/or regulation;

  • f) the collaboration with the public authorities, and the prevention and suppression of unlawful acts, including by way of disciplinary measures;

  • g) for statistical and historical purposes, if any.

2.2 The data provided by the Registered User shall be processed, without the prior consent of the latter under Article 6, letter b) of the GDPR, for the following purposes:

  • a) to enable the Registered User to access the Reserved Area of the Website and to create and maintain a user account (“Account”);

  • b) to access the services offered by the Company to Registered Users and comply with any pre-contractual and contractual, legal, accounting, and tax obligations deriving therefrom, and to ensure an effective management of the business relations with the Company.

2.3 The data provided by the Registered User may be processed, with the prior consent of the latter under Article 6, letter a) of the GDPR, for the following purposes:

  • a) to allow the dispatch to the Register User of communications via e-mail on products, initiatives and/or Services offered by the Company, and or of newsletters or other advertisement, information, or promotional material.

[Please note that the Users with whom the Company has entered into any agreements may receive communications from the Company regarding services and products similar to those provided under the above agreements, in compliance with all the provisions of law and guidelines applicable, unless such Users should object to the above, under Article 21, paragraph 2 of the GDPR]

3. Provision of Personal Data

The provision of data by Users is mandatory for the purposes of the service as per points 2.1 and 2.2 herein. Where Users should refuse to provide said data, the Company may be unable to provide the Services offered through the Website.

The provision of the data by Users is optional for the commercial purposes as per point 2.3 above. Where Users should refuse to provide said data, they will not receive any commercial communications on products, initiatives and/or services offered by the Data Controller. However, they may still access the services under points 2.1 and 2.2 above.

4. Processing of personal data and methods of processing

We inform you also that the processing of your Personal Data may, under Article 4 of the GDPR, consist in the following activities (the “Processing”): collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission or otherwise making available, alignment, interconnection, restriction, erasure, or destruction of the Personal Data.

We also inform you that your Personal Data:

  • shall be processed in line with the principles of lawfulness, fairness, and transparency;
  • shall be collected for the legitimate Purposes indicated above;
  • shall be adequate, relevant, and limited to what is necessary for the Purposes for which they are processed;
  • shall be stored, in a form that enables your identification, for a period of time not exceeding the attainment of the Purposes for which they are processed, and, in any case, not exceeding 1 year of their collection for the Purposes under point 2.1 and 2.2, and not exceeding 1 year of their collection for the commercial purposes under point 2.3 herein.
  • shall be processed in a manner such as to ensure adequate security from the risk of destruction, loss, modification, distribution, or unauthorised access, by implementing technical and organisational security measures;

Your Personal Data may be processed through the use of paper media, automated, computer, or telecommunication tools, with organisational means and a logic strictly connected to the Purposes indicated above.

The Data Controller uses the most appropriate technological and security measures (electronic, computer, physical, organisational, and procedural) to ensure the security and confidentiality of the data processes. Such measures include maintaining a secure system for storing and using data, based on encryption, detection of intrusions, and prevention and protection software.

Users, however, acknowledge that the very communication of personal data via Internet sites presents risks connected to the disclosure of such data, and that no system is completely secure or immune from tampering and/or intrusions by third parties.

5. Access to Personal Data

Without prejudice to the communications carried out in compliance of the obligations of law and/or regulation, your Personal Data may be made accessible, for the Purposes, to:

  • a) Employees and/or collaborators in our headquarters or territorial offices, duly authorised by the Data Controller, in their capacity as persons authorised to process Personal Data and/or system administrators.

6. Communication of Personal Data

Without the express consent of the User (under Article 6, letters b) and c) of the GDPR), the Data Controller may communicate the User’s data for the Purposes of the service as per points 2.1, letters d) and f), to supervisory and/or control bodies, judicial Authorities and any other entities to whom the Data Controller is under legal obligation to disclose such data for the performance of the above Purposes, in their capacity as autonomous data controllers.

The Users’ data shall not be disclosed to the public or to unknown parties.

In addition to the Data Controller, in certain cases the Personal Data may be accessed or processed, in the Data Controller Country and abroad, for the above Purposes, by categories of third-parties involved in the organisation of the Data Controller or the Website - who, if required, are appointed as Processors by the Data Controller - including, by way of example,

  • providers of third-party technical services;
  • couriers and postal services;
  • hosting providers;
  • information technology companies;
  • experts or consultants (on legal, commercial, administrative, fiscal, tax, city planning, environmental, and quality and security matters, and on issues pertaining to financial statement certifications, the Group’s listing in the Stock Exchange, etc.) who have been assigned tasks for which the knowledge of the Users’ Personal Data is required;
  • communication agencies;
  • credit institutions;
  • insurance companies;
  • companies within the SOL Group (for management, statistical, or data consolidation needs);

7. Data Transfer outside the EU

Your Personal Data shall not be transferred to recipients other than those indicated in this document.

Your Personal Data may be communicated abroad exclusively for the Purposes.

Your Personal Data may be transferred to non-EU Countries exclusively within the terms and with the guarantees provided for in the Privacy Laws and within the limitations of what is useful to best manage the service.

8. Your rights

We wish you to know that, in your capacity as data subject, you have the legal right to revoke your consent to the processing of your personal data at any time. Furthermore, you may, at any time, exercise the following rights (“Your Rights”):

  • a) the “right of access” to your Personal Data as per Article 15 of the GDPR, and namely: obtain confirmation on the existence of Personal Data that concern you, including when not yet recorded, and obtain the communication thereof in intelligible form, and obtain the following information:

    1. the purposes and methods of Processing of your Personal Data (including the existence of an automated decision-making process, including profiling as per Article 22, paragraphs 1 and 4 of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject), the categories of your Personal Data processed, the origin of your Personal Data, the period of retention of your Personal Data (where possible) or the criteria used to determine such period;

    2. the identification details of the data controller, the processors, and the supervisor appointed under Article 5, paragraph 2, e) of the GDPR and in general of all the parties or categories of parties to whom your Personal Data have been or shall be communicated within the Country, and in particular whether or not there are third-Country recipients or international organisations involved (and, in such case, you shall also have the right to be informed on the existence of adequate guarantees under Article 46 of the GDPR with respect to the transfer of Personal Data);

    3. the existence of your right, as Data Subject, to request from the data controller rectification or restriction of processing of personal data concerning you, or to object to such processing;

    4. the right to lodge a complaint with the Privacy Supervisory Authority for the protection of your Personal Data (the “Privacy Supervisory Authority”);

  • b) the “right to rectification” as per Article 16 of the GDPR: the right to request the rectification or, where in your interest, to obtain completion of your Personal Data;

  • c) the “right to erasure”(right to be forgotten) as per Article 17 of the GDPR: the right to obtain the erasure, anonymisation, or blocking of data processed in violation of the law, including data which storage is not required with respect to the purposes for which your Data was collected or subsequently processed;

  • d) the “right to restriction of processing” as per Article 18 of the GDPR: the right to obtain restriction of processing in some of the cases provided for in the Privacy Law;

  • e) the right to request the Data Controller, under Article 19 of the GDPR, indication of the recipients to whom the Data Controller has disclosed any rectifications or cancellations or restrictions of processing (carried out under Articles 16, 17, and 18 of the GDPR, in compliance with the notification obligation, unless this proves impossible or involves a disproportionate effort);

  • f) the “right to data portability” as per Article 20 of the GDPR: the right to receive your Data (or transmit those Data to another controller) in a structured, commonly used and machine-readable format;

  • g) the “right to object” as per Article 21 of the GDPR: the right to object, in whole or in part,

    1. on legitimate grounds, to the processing of your Personal Data, including where pertinent to the purpose for which they were collected;

In the cases above, where necessary, the Data Controller shall inform the third parties to whom your Personal Data have been communicated of the exercise of your rights, except for specific cases (e.g., when such obligation proves to be impossible or involves a use of means that is manifestly disproportionate to the right being protected).

9. Exercising your Rights and Lodging a Complaint with the Privacy Supervisory Authority

The Data Controller is the Company Sol Group Lab Srl Unipersonale with registered office in Costabissara (VI) - IT, Via A. Meucci, n. 26 and VAT no. 02195260241 Registration R.E.A. of Vicenza n. 213642.

The updated list of any Data Processors, (to whom your Personal Data is disclosed and duly appointed by written deed), is freely available at the Company's registered office.

The SOL Group has availed itself of the option of appointing a Group DPO Body, based in Monza, Via G. Borgazzi n. 27 (MB-Italy) at the registered office of the Parent Company SOL SPA. The details of the Body's Members are freely available at the Head Office itself. The DPO Body can be contacted at e-mail: organismodpo@pec.sol.it.