(pursuant to art. 13 of European Regulation no. 2016/679)
B&B Italia S.p.A., with registered office in Via Durini 14 - 20122 Milan, Tax code and VAT number 07122350965, (hereinafter "B&B"), as Data Controller, pursuant to and in accordance with art. 13 EU Regulation no. 2016/679 (hereinafter "GDPR"), informs you, in your capacity as the Data Subject (as defined in art. 4 of the GDPR), that your personal data (hereinafter “Personal Data” or “Data”) will be processed in full compliance with current legislation on the protection of Personal Data and with the implementation of all security, technical and organisational measures deemed appropriate for the protection of the aforementioned Data.
1. Data processed:
The Data processed are the following Data related to you: name, surname, email address, domicile/residence address, telephone number, profession, behaviour Data, purchase choices/preferences, company to which you belong. To better understand the above, please note that Personal Data are defined by current European legislation as "any information relating to an identified or identifiable natural person (‘Data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location Data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person".
The processing of your Data is carried out by means of the operations specified in art. 4 no. 2) of the GDPR and specifically, by way of example: collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. Purposes and Legal Basis of the Processing:
Your Data will be processed for the following purposes:
a. Without your express consent (art. 6 of the GDPR) - because the processing in question is necessary to be able to respond to your express request - for the following Purposes:
(i) to fulfil the requests for information you have made.
(ii) To allow and manage your Registration on the Website, as well as the performance of the activities provided to you by virtue of your Registration on the Website.
b. Only with your informed, specific and separate consent (art. 130 of the Legislative Decree n. 163/2003 as amended by the Legislative Decree n. 101/2018, hereinafter “Privacy Code” and art. 6 and 7 of the GDPR) - because the processing in question requires Your Consent - for the following Purposes:
(i) to profile activities, like the analysis of habits and consumption choices mainly dealing with: the Data entered during the registration phase, purchase Data, the Data you supplied during surveys and market research.
(ii) To send informative and promotional communications, also of a commercial nature, newsletters, advertising material and/or offers for products and services, even personalised, and perform statistical and/or market studies and research both with traditional methods of contact (mail, telephone call with operator) and automated methods (email, fax, text message, multimedia message, call without operator) from Italy or from abroad (even from countries not belonging to the European Community) by B&B.
(iii) To send informative and promotional communications, also of a commercial nature, newsletters, advertising material and/or offers for products and services, even personalised, and perform statistical and/or market studies and research both with traditional methods of contact (mail, telephone call with operator) and automated methods (email, fax, text message, multimedia message, call without operator) from Italy or from abroad (even from countries not belonging to the European Union) by parent companies, subsidiaries and/or affiliates companies, as well by entities contractually linked to B&B that manage the distribution and sale of B&B products and services (including any B&B distributors).
4. Data provided and consequences of refusal:
The provision of Data for the purposes referred to in letter a., point (i) of article 3) above, while optional is necessary to be able to correctly fulfil your requests, and therefore the lack of consent will preclude the possibility of providing you with an adequate response.
The provision of Data for the purposes referred to in letter a., point (ii) of article 3) above, while optional is necessary to be able to correctly fulfil your request for registration on the Website, and therefore the lack of consent will preclude the possibility for you to properly complete the procedure of Registering on the Website.
Providing your Data and consent to their processing for the purposes referred to in letter b), points (i), (ii) and (iii) of art. 3 above, is optional. However, your refusal and/or providing incorrect and/or incomplete information could prevent the development of profiles, the analysis of your preferences and also prevent the development of so-called marketing activities including market and statistical studies and research.
If you give your consent you have the right to withdraw it at any time. We remind you that the withdrawal of consent, pursuant to and by effect of art. 7 of the GDPR, does not prejudice the lawfulness of the processing based on the consent you gave before withdrawal.
5. Method of Processing
6. Data storage:
The Data will be stored at/through Server/Cloud System located in UE territory.
Your Personal Data and contact details will be used and stored for the purposes referred to in art. 3) above for a period not exceeding 5 (five) years unless a different period provided by the applicable law in the relevant field as well as in case of litigation (e.g. lawsuit). Your purchasing Data will be used and stored for the purposes referred to in art. 3) above for a period not exceeding 2 (two) years.
In order to guarantee the updating and correctness of the Data as well as any consent you may have expressed, B&B will send you a communication every 12 months in order to remind you the methods and contacts – as specified in articles 11), 12) and 13) below - with which you can manage your registration.
At the expiration of the storage period the Data will be erased and eliminated from any paper and/or digital support in a secure manner and in full compliance with the Data Protection regulations in force from time to time, or will be made anonymous by B&B for the sole purpose of carrying out statistical and/or historical analysis, therefore without any possibility for B&B and/or third parties to identify the Data Subjects.
7. Security Measures:
We care about protecting your information. We therefore commit to taking all reasonable measures to protect any Personal Data that we have stored against misuse, loss or unauthorised access. To this purpose, we have implemented a series of specific technical and organisational measures. Measures are included to deal with any suspected Data breaches.
8. Parties authorised to process Data:
For the proper execution of the Processing referred to in this Privacy Information Notice, your Data will be accessible to:
a. Employees of B&B Italia S.p.A., expressly authorised by the Data Controller and adequately educated by the Data Controller to perform the processing in question.
b. Suppliers of B&B Italia S.p.A. that provide services connected to and necessary for the aforementioned purposes, like, in particular, the following companies: Develon Digital S.r.l., which on behalf of B&B Italia S.p.A. provides: Services for the management, maintenance and hosting of the Website; MailUp S.p.a., which sends information and commercial communications on behalf of B&B Italia S.p.A.; AXIS communications S.r.l., which provides hosting services for a section of the Website reserved for Dealers and the management of invitations and participation in B&B Events on behalf of B&B Italia S.p.A. These Suppliers operate under specific agreements for the processing of Data, stipulated with B&B Italia Spa pursuant to and for the purposes of art. 28 of the GDPR. A list of such third parties is always available at the registered office of the Data Controller.
c. The Consultants of B&B Italia Spa who provide assistance regarding legal, tax, accounting and organisational aspects. These Consultants operate under specific agreements for the processing of Data, stipulated with B&B Italia Spa pursuant to and for the purposes of art. 28 of the GDPR. A list of such third parties is always available at the registered office of the Data Controller.
d. Parent companies, subsidiaries, investee and/or affiliated companies as well as entities contractually linked to B&B that manage the distribution and sale of B&B products and services (including any B&B distributors) for the purposes described in letter b), point (iii) of art. 3 above.
9. Disclosure and Dissemination of the Data:
The Data Controller can disclose your Data to Supervisory Bodies and/or to Judicial Authorities as well as to all other parties to whom the disclosure is mandatory by law for the accomplishment of said purposes. Your Data will not be disseminated and/or disclosed in any other way.
10. Data transfer:
The management and storage of Personal Data will be carried out on/through Server/Cloud System located in UE territory, belonging to the Data Controller and/or appointed third-party companies and duly designated as External Data Processors. In any case, it is understood that a subsequent and possible transfer of Data outside the European Union will take place in accordance with the applicable legal provisions - including articles 44, 45 and 46 of the GDPR - as well as with the adequacy decisions adopted by the European Commission and also, if necessary and in the absence of adequacy decisions, stipulating agreements that guarantee an adequate level of protection and/or implementing the standard contractual clauses provided by the European Commission. In detail, in case of any subsequent transfer of Data in the United States, it will take place towards to those companies that have joined the so-called "Privacy Shield", in compliance with the decision of the European Commission that recognised the Agreement entitled "EU-US Privacy Shield" as having an appropriate level of protection of Personal Data transferred from the European Union to organisations resident in the United States that self-certify in the system and the subsequent Authorisation to transfer Data abroad through the agreement called "EU-US Privacy Shield" adopted by the Italian Data Protection Authority on 27 October 2016.
11. Rights of the Data Subject:
In your quality as a Data Subject, you are entitled to the rights set forth in art. 13 et seq. of the GDPR. Precisely, your rights include:
a. Pursuant to and for the purposes of art. 15 and art. 77 of the GDPR, the right to lodge a complaint with a competent authority.
b. Pursuant to and for the purposes of art. 15 of the GDPR, the right of access to information related to the processing of the Data, including: the purposes for the processing; the categories of Personal Data processed; the envisaged period for wich the Personal Data will be stored or if not possible the criteria used to determine that period ; the recipients or categories to whom the Data were or will be disclosed; any transfer of Data to third countries; if the Data were not collected from the Data subject, the information available about the origin of the Data; the existence of an automated decision-making process, the logic applied to the segmentation of users for profiling activities and the significance and envisaged consequences of such processing for the Data subject.
c. Pursuant to and for the purposes of art. 16 of the GDPR, the right to obtain the rectification of inaccurate Data and the completion of incomplete Data.
d. Pursuant to and for the purposes of art. 17 of the GDPR, the right to request erasure and to obtain it in certain circumstances, including: the Data are no longer necessary in relation to the purposes for which they were collected; Personal Data have been unlawfully processed; Personal Data must be erased as a consequence of a legal obligation established by the law of the European Union or the Member States to the Data Controller is subject ; the Data subject has withdrawn consent. This right will not be possible if the Data are necessary for the management of complaints.
e. Pursuant to and for the purposes of art. 18 of the GDPR, the right to obtain the restriction of processing in certaincircumstances , including: the Personal Data available to B&B are inaccurate; the Data subject does not agree with the use of his/her Data but opposes their erasure and therefore requires a restriction of their use; B&B no longer needs to keep the Data but the Data subject needs them for future complaints. In the event of a request for restriction, the Data will be processed only for certain reasons other than storage, including: complaints by the interested party; consent expressed by the interested party; protection of the rights of other natural or legal persons or for reasons of public interest at the level of the European Union or of a certain Member State.
f. Pursuant to and for the purposes of art. 20 of the GDPR, the right to receive their Data in a structured format that is commonly used and legible and to transmit them to another Data controller in the cases provided for by the aforementioned law.
g. Pursuant to and for the purposes of art. 21 of the GDPR, the right to object - at any time and for reasons related to his/her particular situation - to the processing of Personal Data, including the processing of Data for profiling and direct marketing purposes. In this case B&B shall no longer process the Personal Data unless for specific exceptions provided by the aforementioned law.
12. Data Controller:
The Data Controller is B&B Italia S.p.A. with registered office in Via Durini 14 - 20122 Milan, Tax code and VAT number 07122350965.
13. How to exercise your rights:
To exercise the rights referred to in art. 11) above, you can write to the Data Controller at the following addresses: B&B Italia S.p.A. - Strada Provinciale Novedratese 32, N.15 - 22062 Novedrate (CO); email: firstname.lastname@example.org; Fax: 031 791 531.
14. Changes to this Privacy Information Notice:
This Information Privacy Notice may be subject to change. We therefore suggest you regularly check this Privacy Information Notice and refer to the latest version.
In the event that you do not accept the changes that have been made, at any time you can cancel your registration on the Website or modify and/or withdraw your previously given consents by writing to the contacts as mentioned above.
Last update: 17 September 2018