This online space has been dedicated by CIMAC to provide interested parties with suitable information regarding the processing of personal data. Below are the Privacy Policies on the processing of Customers’ and Suppliers’ personal data, as well as the Privacy Policies for data subjects who provide their data by informal means, for example through e-mails or business cards, and for all those who send us spontaneous applications to join our staff.

Subject: privacy policy on the processing of costumers’ personal data.
Data controller

The Data Controller, pursuant to art. 4 and 24 of the GDPR, is Anci Servizi S.r.l. a Socio Unico, with registered offices in Milan, Via Alberto Riva Villasanta 3, with CIMAC B.U. in Vigevano, Via Aguzzafame 60/B. To contact the Data Controller, simply send an e-mail to info@cimac.it or call either +39.0381.84722 or +39.02.438291.

Data protection officer

The Data Controller has appointed its own Data Protection Officer (hereinafter the DPO), Atty. Laura Marretta, who can be contacted at the telephone numbers listed above or at the e-mail address: privacy@assocalzaturifici.it.

Purpose of the privacy policy

As required by art. 12 of the GDPR, the Data Controller has adopted this Privacy Policy to provide the information set forth in art. 13 of the GDPR and the communications set forth in artt. 15 to 22 and 34 of the GDPR relating to the processing of the data you supply to execute the contract.

Processing purposes

Data is processed on the basis of the conditions of lawfulness provided for under art. 6 of the GDPR and on the basis of the principles described in art. 5 of the GDPR (i.e. the principles of fairness, relevance, transparency, adequacy, protection of confidentiality and rights, etc.), for purposes relating to the relationship established with the Data Controller.

Processing type and method

Given the above purposes, the processing of data supplied to the Data Controller will include activities that are necessary for the proper execution of the commercial agreement, such as, inter alia: the management, organisation, storage and insertion in the database and CRM, consultation, archiving, communication of initiatives, processing for administrative-accounting purposes, the production of anonymous statistics, the use, destruction and rectification of data processed following the data subject’s notification. Moreover, the Data Controller, in accordance with art. 21 of the GDPR and considering art. 47 of the GDPR, in virtue of its legitimate interest balanced with the reasonable expectations and the interests of the data subject, will send you its marketing communications inclusive of initiatives carried out as part of its commercial partnerships (via web marketing, telemarketing, DEM, MMS, sms, e-mail, fax, mail, carried out by the Data Controller or by third-party companies appointed as processors). It is understood that the data subject may oppose these marketing communications at any time by following the instructions contained in the footer of the messages received or by e-mailing the DPO at privacy@assocalzaturifici.it, stating “no MKT” in the subject line.
Providing your data is optional. However, failure to provide same may prevent the execution of the obligations arising from the contract between the parties. Therefore, in the case of pursuing the commercial relationship, the processing of any personal data supplied (also in the name, on behalf and in the interest of employees and/or consultants, collaborators and agents) shall in any case be deemed authorised pursuant to art. 6, para. 1 b) of the GDPR.
Data will be processed in paper form and/or electronically by parties specially authorised to do so.

Retention period

Data processed for accounting and/or administrative purposes will be stored for 10 years, as will any data processed for the CE/EU certification of PPE; for all other purposes, the retention period shall in no case be more than 10 years and will comply with the purposes for which the data was collected. In the event of your raising an objection, we will process your request as soon as possible so that you do not receive any further communications from us. However, should you receive further communications from us, please note that this is due to the time materially required to implement your right.

Legal basis

Legal basis for pursuing the main relationship between the parties: contract (under art. 6, paragraph 1(b) of the GDPR). Legal basis for sending of marketing communications: legitimate interest of the Data Controller (under art. 6, paragraph 1(f) of the GDPR).

Scope of communication and dissemination

Processing includes communication of data to members of the Data Controller’s organisational structure, i.e. to its consultants entrusted with managing the business, in order to fulfil the established trade relationship. Moreover, it should be noted that the data collected and subsequently processed will be communicated and hence made available to the DPO for accounting and/or administrative purposes and in any case to related parties in order to ensure the correct execution of the existing contract, as well as to the Ministry of Economic Development and the Ministry of Labour as regards the CE certification of Personal Protective Equipment (PPE).
The data collected will not be disseminated.

Transferral of personal data

Processing will include the use of data supplied both within and outside the EU, but only in the countries set forth in artt. 45 and 46 of the GDPR.

Special categories of personal data

The Data Controller reminds the data subject that the personal data requested and supplied does not fall under the categories of personal data listed in artt. 9 and 10 of the GDPR.

Existence of automated decision-making, including profiling

The Data Controller does not process data on the basis of automated decision-making processes or for profiling purposes.

Rights of personal subjects and limitations

The Data Controller informs you that you have the rights set forth in art. 13, para. 2 of the GDPR and all the rights set forth in artt. 15 to 22 of the GDPR, and therefore:
The right of access to personal data and to related information as listed under art. 15 of the European Regulation;

  • The right to correct or delete the data supplied, or request limitation of data processing;
  • The right to object to data processing;
  • The right to data portability;
  • The right to revoke your consent at any time without affecting the lawfulness of data processing on the basis of consent given prior to revocation, if processing is based on article 6, para. 1 a), or art. 9, para. 2 a) of the GDPR;
  • The rights set forth in art. 21 of the GDPR, including the right to object at any time, for reasons connected with your particular situation, to the processing of data to pursue the legitimate interest of the Data Controller or of third parties, and the right to object at any time to the processing of data for direct marketing purposes;
  • The right not to be subject to a decision based solely on automated processing which has legal effects or which similarly significantly affects you.
 
The exercising of rights

To exercise the rights listed above, simply e-mail the DPO at privacy@assocalzaturifici.it, stating the wording: “Exercising of rights under the GDPR” in the subject line and specifying the right that you wish to exercise in the body of the email, along with your name, surname and the email address where you wish to receive a reply from Anci Servizi s.r.l. a socio unico. Once your request has been processed, the Data Controller will send its feedback in the terms set forth in art. 12, point 3, of the GDPR.
It is our right to refuse to fulfil your cancellation request for one of the following reasons:

  • To exercise the right to freedom of expression and information;
  • To fulfil legal obligations or carry out an assignment in the public interest or exercise an official authority;
  • For reasons of public health in the public interest;
  • For storage, research or statistical purposes;
  • To exercise or defend a legal right.
 

Complaints

The data subject is also entitled to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or with the Data Protection Authority of the EU State in which the data subject habitually resides or works, or of the place where the alleged infringement occurred in relation to processing you deem to be non-compliant (on this point, we recommend checking the relevant procedure on the website of the competent Authority; for Italy: https://www.garanteprivacy.it/).

Further processing

Pursuant to the provisions in art 13 paragraph 3 GDPR, the Data Controller hereby also informs you that, should it wish to process personal data for a purpose other than that for which it was collected, you will be provided in advance with information on this new purpose and all other pertinent information, and, if applicable, the Data Controller will seek your prior consent.

For more information

For more information on the processing of personal data by the Data Controller, please read the privacy policy found in the website footer or contact the DPO.

Privacy policy on the suppliers’ personal data.
Data controller

The Data Controller, pursuant to art. 4 and 24 of the GDPR, is Anci Servizi S.r.l. a Socio Unico, with registered offices in Milan, Via Alberto Riva Villasanta 3, with CIMAC B.U. in Vigevano, Via Aguzzafame 60/B. To contact the Data Controller, simply send an e-mail to info@cimac.it or call either +39.0381.84722 or +39.02.438291.

Data protection officer

The Data Controller has appointed its own Data Protection Officer (hereinafter the DPO), Atty. Laura Marretta, who can be contacted at the telephone numbers listed above or at the e-mail address: privacy@assocalzaturifici.it.

Purpose of the privacy policy

As required by art. 12 of the GDPR, the Data Controller has adopted this Privacy Policy to provide the information set forth in art. 13 of the GDPR and the communications set forth in artt. 15 to 22 and 34 of the GDPR relating to the processing of the data you supply to execute the contract.

Processing purposes

Data is processed on the basis of the conditions of lawfulness provided for under art. 6 of the GDPR and on the basis of the principles described in art. 5 of the GDPR (i.e. the principles of fairness, relevance, transparency, adequacy, protection of confidentiality and rights, etc.), for purposes relating to the relationship established with the Data Controller.

Processing type and method

Given the above purposes, the processing of data supplied to the Data Controller will include activities that are necessary for the proper execution of the commercial agreement, such as, inter alia: the management, organisation, storage and insertion in the database and CRM, consultation, archiving, processing for administrative-accounting purposes, the production of anonymous statistics, the use, destruction and rectification of data processed following the data subject’s notification.
Providing your data is optional. However, failure to provide same may prevent the execution of the obligations arising from the contract between the parties. Therefore, in the case of pursuing the commercial relationship, the processing of any personal data supplied (also in the name, on behalf and in the interest of employees and/or consultants, collaborators and agents) shall in any case be deemed authorised pursuant to art. 6, para. 1 b) of the GDPR.
Data will be processed in paper form and/or electronically by parties specially authorised to do so.

Retention period

Data processed for accounting and/or administrative purposes will be stored for 10 years.

Legal basis

The legal basis for pursuing the main relationship between the parties is the contract (under art. 6, paragraph 1(b) of the GDPR).

Scope of communication and dissemination

Processing includes communication of data to members of the Data Controller’s organisational structure, i.e. to its consultants entrusted with managing the business, in order to fulfil the established trade relationship. Moreover, it should be noted that the data collected and subsequently processed will be communicated and hence made available to the DPO for accounting and/or administrative purposes and in any case to related parties in order to ensure the correct execution of the existing contract.
The data collected will not be disseminated.

Transferral of personal data

Processing will include the use of data supplied both within and outside the EU, but only in the countries set forth in artt. 45 and 46 of the GDPR.

Special categories of personal data

The Data Controller reminds the data subject that the personal data requested and supplied does not fall under the categories of personal data listed in artt. 9 and 10 of the GDPR.

Existence of automated decision-making, including profiling

The Data Controller does not process data on the basis of automated decision-making processes or for profiling purposes.

Rights of the data subjects and limitations

The Data Controller informs you that you have the rights set forth in art. 13, para. 2 of the GDPR and all the rights set forth in artt. 15 to 22 of the GDPR, and therefore:

  • The right of access to personal data and to related information as listed under art. 15 of the European Regulation;
  • The right to correct or delete the data supplied, or request limitation of data processing;
  • The right to object to data processing;
  • The right to data portability;
  • The right to revoke your consent at any time without affecting the lawfulness of data processing on the basis of consent given prior to revocation, if processing is based on article 6, para. 1 a), or art. 9, para. 2 a) of the GDPR;
  • The right not to be subject to a decision based solely on automated processing which has legal effects or which similarly significantly affects you.
 
The exercising of rights
 

To exercise the rights listed above, simply e-mail the DPO at privacy@assocalzaturifici.it, stating the wording: “Exercising of rights under the GDPR” in the subject line and specifying the right that you wish to exercise in the body of the email, along with your name, surname and the email address where you wish to receive a reply from Anci Servizi s.r.l. a socio unico. Once your request has been processed, the Data Controller will send its feedback in the terms set forth in art. 12, point 3, of the GDPR.

It is our right to refuse to fulfil your cancellation request for one of the following reasons:

  • To exercise the right to freedom of expression and information;
  • To fulfil legal obligations or carry out an assignment in the public interest or exercise an official authority;
  • For reasons of public health in the public interest;
  • For storage, research or statistical purposes;
  • To exercise or defend a legal right.
 
Complaints
 
The data subject is also entitled to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or with the Data Protection Authority of the EU State in which the data subject habitually resides or works, or of the place where the alleged infringement occurred in relation to processing you deem to be non-compliant (on this point, we recommend checking the relevant procedure on the website of the competent Authority; for Italy: https://www.garanteprivacy.it/).
 
Further processing
 
Pursuant to the provisions in art 13 paragraph 3 GDPR, the Data Controller hereby also informs you that, should it wish to process personal data for a purpose other than that for which it was collected, you will be provided in advance with information on this new purpose and all other pertinent information, and, if applicable, the Data Controller will seek your prior consent.
 
For more informations
For more information on the processing of personal data by the Data Controller, please read the privacy policy found in the website footer or contact the DPO.
 
Information for data subjects who provide their data by informal means, through e-mails or business card
 

First of all, thank you for spontaneously supplying your personal data to stay in touch with A.N.C.I. Servizi s.r.l. a socio unico, CIMAC B.U. We hereby inform you that the data supplied will be processed in accordance with European Regulation 2016/679 (“GDPR”) and with the national legislation in force (“Data Protection Code” – i.e. Italian Legislative Decree 196/03 as amended by Italian Legislative Decree 101/2018).
The Data Controller, pursuant to art. 4 and 24 of the GDPR, is Anci Servizi S.r.l. a Socio Unico, with registered offices in Milan, Via Alberto Riva Villasanta 3, with CIMAC B.U. in Vigevano, Via Aguzzafame 60/B. To contact the Data Controller, simply send an e-mail to: info@cimac.it or call either +39.0381.84722 or +39.02.438291. The Data Controller has appointed its own Data Protection Officer (hereinafter the DPO), Atty. Laura Marretta, who can be contacted at the telephone numbers listed above or at the e-mail address: privacy@assocalzaturifici.it.

As required by art. 12 of the GDPR, the Data Controller has adopted this Privacy Policy to provide the data subject with the information set forth in art. 13 of the GDPR and the communications set forth in artt. 15 to 22 of the GDPR. Therefore, in relation to the above, the Controller hereby informs you that the personal data supplied – not belonging to the special categories of personal data listed in article 9 of the GDPR – concerning the data subject himself/herself (including if operating as an individual undertaking, small business person or professional) or his/her employees, agents, representatives or collaborators (the “Data”), shall be processed in accordance with the GDPR and the Data Protection Code and in accordance with the principles relating to the processing of personal data described in article 5 of the GDPR (i.e. the principles of fairness, relevance, transparency, adequacy, protection of confidentiality and rights, etc.). Data is processed, in line with the principles of lawfulness provided for under art. 6 of the GDPR, for purposes relating to the relationship established with the Data Controller; therefore, data processing is legally justified, as required by art. 13 c) of the GDPR, by the purposes for which the relationship is established with the Data Controller namely, in this case, the supply of your data to stay in touch with the Data Controller (art. 4, paragraph 11 GDPR – consent through a clear affirmative action).

In the light of this purpose, data processing will include, inter alia, managing, organising, using in the EU or outside the EU (countries falling within art. 45 and 46 GDPR), storing, creating databases, consulting, recording, notifying future initiatives, processing, modifying, light marketing (against which an objection can be raised at any time through the “unsubscribe” button in the footer of the emails you will be sent or by emailing the DPO), anonymous statistics, destroying or amending processed data at the data subject’s request, communicating data to the members of the Data Controller’s organisational structure or to its consultants in the course of its regular business management.
Data may be processed both in paper form and/or electronically, only by parties specifically authorised to do so. The Data Controller does not process data based only on automated decision-making processes or for profiling purposes.
The Data Controller reminds you that the data was spontaneously provided in line with your express intention to stay in touch with us.
The data will be stored for the amount of time necessary to fulfil the purpose the data was collected for.
The Data Controller also informs you that the following rights are guaranteed under art. 13, para. 2, of the GDPR:

  • The right of access to personal data and to related information as listed under art. 15 of the GDPR;
  • The right to correct or delete the data supplied, or request restriction of data processing;
  • The right to object to data processing;
  • The right to data portability;
  • The right to revoke your consent at any time without affecting the lawfulness of data processing on the basis of consent given prior to revocation, if processing is based on article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a);
  • The possibility of lodging a complaint with a controlling authority.

To exercise the rights listed above or obtain more information in this respect, simply email privacy@assocalzaturifici.it, stating the wording “Exercising of rights under the GDPR” in the subject line and specifying the right that you wish to exercise in the body of the email, along with your name, surname and the email address where you wish to receive the reply from the Data Controller. Once your request has been processed, the Data Controller will send its feedback in the terms set forth in article 12(3), of the GDPR.

Should the Controller intend to process personal data for a purpose other than that for which it was collected, the data subject will be provided in advance with information on this new purpose and all other pertinent information, and the Controller will seek his or her prior consent.

Processing candidates’ personal data

In compliance with current privacy regulations, the candidate who spontaneously sends his CV will receive suitable information on personal data processing at the time of the first contact that follows receipt of the CV spontaneously sent by the candidate. During the hiring process, the employer may examine candidates’ “social profiles” where the latter do not have private purposes. Data acquired from these profiles will be collected and subsequently processed only to the extent in which such collection is required and relevant to performance of the job for which the application is submitted; therefore, data collected during the hiring process shall be erased as soon as it is clear that no job offer will be made or that the offer made will not be accepted by the candidate. During the internship period, A.N.C.I. Servizi S.r.l. B.U. Cimac reserves the right to monitor the interns’ “social profiles” on a non-generalised basis.