- Privacy statement
WWW.CAREL.IT, WWW.CAREL.CZ, WWW.CAREL.COM, WWW.CAREL.DE, WWW.CAREL.ES, WWW.CAREL.MX, WWW.CAREL.NZ, WWW.CAREL.PL, WWW.CAREL.KR, WWW.CAREL.COM.BR, WWW.CAREL.CO.TH, WWW.CARELFRANCE.FR, WWW.CARELRUSSIA.COM, WWW.CARELUK.COM, WWW.CARELUSA.COM, WWW.CAREL-CHINA.COM, MCE.CAREL.COM, MCE.CAREL.IT, CHILLVENTA.CAREL.COM, DRINKTEC.CAREL.COM, EUROSHOP.CAREL.COM, IOT.CAREL.COM, NATREF.CAREL.COM
DATA CONTROLLER AND DATA PROTECTION OFFICER
The data controller is Carel Industries S.p.A., headquarters in Brugine (PD), at 11 Via dell’Industria. The data controller can be contacted as follows:
Luigi Neirotti is appointed Data Protection Officer (DPO)
Studio Legale Tributario
Street Meravigli, n. 14
PURPOSES AND METHODS OF DATA PROCESSING
Your data acquired after having been directly entered on sign-up forms, including, by way of example, name, company name, address, telephone number and email address, will only be used to provide you the requested services (response to queries, recruiting in relation to job applications, etc.). Any other purposes will be described in a specific policy and will require additional consent. As regards data acquired via cookies, please see the corresponding section of this policy. All data is processed using electronic means, however may also be processed in paper form. Data processing is necessary for the performance of a contract to which the data subject is party (article 6, paragraph 1, letter b) of the GDPR).
TRANSFER OF DATA TO THIRD PARTIES FOR MARKETING PURPOSES
Under no circumstances will your data be transferred to third parties for marketing purposes.
TRANSFER OF DATA TO FOREIGN COUNTRIES OR INTERNATIONAL ORGANISATIONS
Your data will not be transferred to countries outside of the EU or to international organisations, nor will the data be stored on servers located in foreign countries.
DURATION OF PERSONAL DATA STORAGE
The processed data will be stored for the time needed to fulfil the related purpose and in any case in compliance with the limits specified in the applicable laws and regulations. After such period, the data will be deleted or anonymised.
DATA SUBJECTS’ RIGHTS AND WITHDRAWAL OF CONSENT
You may at any time to exercise your rights in accordance with articles 15 to 22 of Regulation (EU) 2016/679, including:
- the right to obtain from the controller, at any time, confirmation as to whether or not your personal data are being processed, the origin of such data and the purposes of processing, and to access the personal data and the information referred to in article 15 of the GDPR.
- the right to request the updating, rectification, integration, erasure and restriction of processing where one of the conditions provided for in article 18 of the GDPR applies, the anonymisation or blocking of personal data that have been unlawfully processed, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed.
- the right to object, in whole or in part, on legitimate grounds, to the processing of your personal data, even though they are relevant to the purpose of the collection, and to the processing of your personal data for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys. You also have the right to withdraw your consent at any time; the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- the right to receive your personal data, provided knowingly and actively or when using or benefiting from a service, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance.
A reply will be given within 30 days in writing (unless a verbal reply is specifically requested), including using electronic means. You may at any time withdraw the consent given in accordance with this policy. To withdraw consent, in whole or in part, simply contact the data controller as specified under “Data controller”.
COMMUNICATION AND DISSEMINATION
Your data will not be communicated nor disseminated to any parties outside of Carel Industries S.p.A. or its associated companies.
The data acquired via the website may be made known to businesses or professionals who are involved in the management of the web pages specified above, as well as all personnel involved in processing the data on a case-by-case basis (for example, for recruitment the company may use the services of third parties). The updated list of the third-parties to whom your data may be provided, as data processors and persons in charge of processing , is available on request via the contacts listed in the paragraph "Data Controller and Data Protection Officer".
RIGHT TO LODGE A CLAIM WITH THE DATA PROTECTION AUTHORITY
If you believe that your data have been processed unlawfully, you have the right to lodge a claim with the data protection authority.
AUTOMATED DECISION-MAKING PROCESSES
The data controller does not in any way use automated decision-making processes involving your personal data.
When browsing the website, a series of information relating to the device used is acquired. This includes IP addresses, domain names and MAC addresses (i.e. physical, Ethernet or LAN addresses assigned uniquely by the manufacturer of the network interfaces, either Ethernet or wireless).
These data can be used to compile statistical information on web page usage and monitor operation. The data can also be used to verify responsibility in the event of computer crime that damages the website.
Cookies are small strings of text that a website sends to the user’s device, where they are saved and then sent back to the same website the next time the user visits it. When browsing a website, users may also receive cookies sent by different web pages (see Italian Data Protection Authority guidelines no. 229 of 8 May 2014).
Technical cookies are those used only for the purpose of "carrying out the transmission of a communication on an electronic communications network, or insofar as this is strictly necessary to the provider of an information society service that has been explicitly requested by the contracting party or user to provide the said service" (see section 122, paragraph 1, of the Italian Personal Data Protection Code and guidelines 229/2014).
These can be grouped into browsing or session cookies, which allow users to navigate and use a website (e.g. to purchase items online or authenticate themselves to access reserved areas).
These cookies can be installed without requiring the user’s consent.
Profiling cookies are designed to create user profiles and are used to send advertising based on preferences shown when browsing the internet.
Given their invasive nature, users must consent to their installation.
These are used to monitor the use of web pages by users, providing statistical reports that can help site managers optimise their websites. One of the most commonly-used web analytics tools is “Google Analytics”, a service provided by Google Inc. that offers the possibility to compile browsing statistics. The Italian Data Protection Authority has ruled that these cookies can be considered technical cookies in cases where the user’s IP address is hidden (including partially) and no information is shared with Google. In all other cases, they are considered profiling cookies.
All types of cookies may be first party (i.e. processed and managed directly by the website’s owner) or third party (when installed or acquired by other subjects). Third party cookies include so-called social plugins, in other words components that allow users to interact with social media (such as Facebook, Twitter, Google+, LinkedIn, Pinterest, Tumblr etc.) via the website, where these generate cookies. Management of information gathered by third parties is regulated by a specific policy, which can be referred to for further information.
All types of cookies may be first party (i.e. processed and managed directly by the website’s owner) or third party (when installed or acquired by other subjects).
Third party cookies include so-called social plugins, in other words components that allow users to interact with social media (such as Facebook, Twitter, Google+, LinkedIn, Pinterest, Tumblr etc.) via the website, where these generate cookies.
Management of information gathered by third parties is regulated by a specific policy, which can be referred to for further information.
The following is a list of cookies used by our website:
__utma: this cookie stores information on when the user visited the site for the first time, the previous visit and the number of visits (expires after two years).
__utmb: this cookie stores information on when the user loaded the website. In combination with the __utmc cookie, this cookie measures the duration of the visit (session cookie).
__utmc: this cookie contains information on when the user leaves the website. In combination with the __utmb cookie, this cookie measures the duration of the visit (session cookie).
__utmt: used by Google Analytics to monitor the type of request (session cookies)
__utmz: this contains information on which site the user has visited before accessing on the site in question. It may also store information on the search engine and the search keywords used, or where the IP address is recorded (expires after six months).
COOKIE_SUPPORT: used by websites to manage the home page disclaimer (expires after one day).
GUEST_LANGUAGE_ID: this cookie is used to keep track of the user’s language preferences (expires after one day).
JSESSIONID: this cookie is used to identify the user when loading a page and remember the user’s settings (session cookie).
LFR_SESSION_STATE_10157: this cookie is used to manage the user’s interaction with the website (session cookie).
_CKAPPR: this is a system application cookie (expires after one year).
eu_cn: this cookie stores browsing information
neptu: Twitter cookie (persistent cookie).
external referer: Twitter cookie used to monitor, for statistical purposes, where the users browse to their profile from (expires after one day).
guest_id: Twitter cookie used to manage social network sharing and updates (duration 2 years).
twitter_ads_id: Twitter third-party cookie used for retargeting (persistent cookie).
_ga: used to differentiate users and track sharing of contents on Twitter (persistent cookie).
Considering the use of profiling (or equivalent) cookies by this website, the data controller provides notification to users in accordance with the aforementioned law (section 37 of the Italian Personal Data Protection Code).
BRIEF NOTIFICATION ON FIRST ACCESS – BANNER.
LINKS TO PROCEDURES FOR DISABLING COOKIES ON A PERSONAL COMPUTER
IN THE MAIN BROWSERS
The preferences a user sets when first accessing a website can be modified subsequently using the following procedures.
Microsoft Internet Explorer
LINKS TO RELATED SITES AND/OR SITED WITH RELATED FUNCTIONS
As our website uses third party cookies (for example Google, Facebook, Twitter, Linkedln), below are the links to the corresponding privacy policies.
Google Analytics, Google+ & YouTube:
- Supplier/Customer Privacy
pursuant to the Regulation (EU) 2016/679
Carel Industries S.p.A., headquarters in Brugine (PD), at 11 Via dell’Industria (hereinafter “the Company”), Data Controller of the personal data processing, pursuant to art. 13 of the Regulation (EU) 2016/679 (hereinafter, the “GDPR”) is obliged to inform you, as data subject, with regard to the processing of your personal data (hereinafter: the “Data”).
Personal data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
The Data Controller therefore informs you that according to art. 13 and 14 of the GDPR will proceed to the relative processing for the following purposes manually and / or with the support of IT or telematic means.
- Purposes of the processing of Data
The data are acquired and processed in observance of the rules established by the Regulation for the following purposes:
a) fulfilment of the obligations deriving from the contracts stipulated with the Data Controller;
b) Implementation of the pre-contractual measures deriving from the compilation of contact forms for the request for information;
c) Compliance with the obligations set forth by the law, regulations or EU legislation;
d) Transmission of commercial communications for business purposes connected with the activities and/or services offered by the Data Controller.
e) Management of receipt of e-mails sent to the addresses given on the website www.carel.com, which entails the subsequent acquisition of the sender's address, necessary in order to reply to requests, and of any other personal data as may be included in the communication.
The personal data collected and processed by Carel Industries S.p.A. to meet the relevant objectives are of a personal and fiscal nature.
With reference to the purposes set forth in letters a), b) and c), the legal basis for the processing is the implementation of the pre-contractual and/or contractual measures which the data subject is party to and the fulfilment of a legal obligation which the Data Controller is subject to in accordance with art. 6, paragraph 1 of the Regulation, letters b) and c) respectively.
With reference to the purposes set out in letter d), the transfer of personal data is based on the consent issued pursuant to art. 6, paragraph 1, letter a) of the Regulation.
In any case, you can revoke the consent given at any moment without this compromising the lawfulness of the processing based on the consent given before the revocation.
- Communication of the Data
In addition to the communications made in fulfillment of legal obligations, including the ones made to prevent / repress of any illegal activity, the data collected and processed can be communicated, for the purposes mentioned above, to other subjects (listed by categories below) in quality of Processor or subjects to the authority of the Data Controller:
- to employees and collaborators of the Data Controller, for purposes of executing obligations from contracts stipulated with the Data Controller and / or for the fulfillment of obligations established by law, regulations or Community legislation;
- to external parties for purposes of executing obligations from contracts stipulated with the Data Controller and / or for the fulfillment of obligations established by law, regulations or EU legislation;
- to suppliers, technicians in charge of hardware and software assistance, who carry out activities in outsourcing on behalf of the Data Controller;
- to consultancy companies, collaborating with the Data Controller.
- Nature of the provision of Data and consequences of the refusal
The provision of Data to the Data Controller is necessary for the abovementioned purposes and a refusal to provide the Data or the provision of incorrect and or incomplete data could prevent the execution of the contract.
- Transfer of the Personal Data to non-EU Third Countriesl
The collected and processed data will not be transferred to Companies or other entities outside the European Union territory.
- Duration of the processing of the Data
The personal data will be stored for the time necessary to achieve the purposes indicated in paragraph 1 and also afterwards for the fulfilment of any legal obligations.
- Data Controller, Processor and DPO
The data controller is Carel Industries S.p.A., headquarter in Brugine (PD), at 11 Via dell’Industria. The updated list of data processors (if appointed) can be found at the aforementioned headquarter. The address for the exercise of rights pursuant to Articles 15-22 of the Regulations is the following: firstname.lastname@example.org.
Data Protection Officer
Luigi Neirotti is appointed Data Protection Officer (DPO), Studio Legale Tributario, Street Meravigli, n. 14 20123 Milan email: email@example.com.
Rights of the Data Subject
Regulation (EU) 2016/679 of the European Parliament and of the Council
- Articles 15 to 22 -
According to articles 15 to 22 of the GDPR, the Data Subject has the right to access to a copy of the information comprised in their personal data, object to processing that is likely to cause or is causing damage or distress, object to decisions being taken by automated means, obtain the limitation of the process(in certain circumstances), have (in certain circumstances) his personal data rectified, integrated, blocked, erased or destroyed, obtain the portability of his personal data and the right to propose a claim to the Privacy Authority.
- Purposes of the processing of Data