Privacy  Information Notice

(pursuant to art. 13 of European Regulation no. 2016/679)

 

B&B Italia S.p.A., with registered office in Via Durini 14 - 20122 Milan, Tax code and VAT number 07122350965, (hereinafter "B&B"), as Data Controller, pursuant to and in accordance with art. 13 EU Regulation no. 2016/679 (hereinafter "GDPR"), informs you, in your capacity as the  Data Subject (as defined in art. 4 of the GDPR), that your personal data (hereinafter “Personal Data” or “Data”) will be processed in full compliance with current legislation on the protection of Personal Data and with the implementation of all security, technical and organisational measures deemed appropriate for the protection of the aforementioned Data.

 

1. Data processed:

The Data processed are the following Data related to you: name, surname, email address, domicile/residence address, telephone number, profession, behaviour Data, purchase choices/preferences, company to which you belong. To better understand the above, please note that Personal Data are defined by current European legislation as "any information relating to an identified or identifiable natural person (‘Data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location Data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person".

 

2. Processing:

The processing of your Data is carried out by means of the operations specified in art. 4 no. 2) of the GDPR and specifically, by way of example: collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

3. Purposes and Legal Basis of the Processing:

Your Data will be processed for the following purposes:

a. Without your express consent (art. 6 of the GDPR) - because the processing in question is necessary to be able to respond to your express request - for the following Purposes:

(i) to fulfil the requests for information you have made.

(ii) To allow and manage your Registration on the Website, as well as the performance of the activities provided to you by virtue of your Registration  on the Website.

b. Only with your informed, specific and separate consent (art. 130 of the Legislative Decree n. 163/2003 as amended by the Legislative Decree n. 101/2018, hereinafter   “Privacy Code” and art. 6 and 7 of the GDPR) - because the processing in question requires Your Consent - for the following Purposes:

(i) to profile  activities, like the analysis of habits and consumption choices mainly dealing with: the Data entered during the registration phase, purchase Data, the Data you supplied during surveys and market research.

(ii) To send informative and promotional communications, also of a commercial nature, newsletters, advertising material and/or offers for products and services, even personalised, and perform statistical and/or market studies and research both with traditional methods of contact (mail, telephone call with operator) and automated methods (email, fax, text message, multimedia message, call without operator) from Italy or from abroad (even from countries not belonging to the European Community) by B&B.

(iii) To send informative and promotional communications, also of a commercial nature, newsletters, advertising material and/or offers for products and services, even personalised, and perform statistical and/or market studies and research both with traditional methods of contact (mail, telephone call with operator) and automated methods (email, fax, text message, multimedia message, call without operator) from Italy or from abroad (even from countries not belonging to the European Union) by parent companies, subsidiaries and/or affiliates  companies, as well by entities contractually linked to B&B that manage the distribution and sale of B&B products and services (including any B&B distributors).

 

4. Data provided and consequences of refusal:

The provision of Data for the purposes referred to in letter a., point (i) of article 3) above, while optional  is necessary to be able to correctly fulfil your requests, and therefore the lack of consent will preclude the possibility of providing you with an adequate response.

The provision of Data for the purposes referred to in letter a., point (ii) of article 3) above, while optional  is necessary to be able to correctly fulfil your request for registration on the Website,  and therefore the lack of consent will preclude the possibility for you to properly complete the procedure of Registering on the Website.

Providing your Data and consent to their processing for the purposes referred to in letter b), points (i), (ii) and (iii) of art. 3 above,  is optional. However, your refusal and/or providing incorrect and/or incomplete information could prevent the development of profiles, the analysis of your preferences and also prevent the development of so-called marketing activities including market and statistical studies and research.

If you give your consent you have the right to withdraw it at any time. We remind you that the withdrawal of consent, pursuant to and by effect of art. 7 of the GDPR, does not prejudice the lawfulness of the processing based on the consent you gave before withdrawal.

 

5. Method of Processing

The processing of your Personal Data will be carried out by means of suitable electronic and/or online tools with logic strictly related to the aforementioned purposes and, in any case, in such a way as to guarantee the security and confidentiality of the Data. Except as otherwise established in the Website's Cookie Policy, B&B informs the Data Subjects that no type of automated decision-making process will be used, "automated decision-making" being understood to mean as specified in art. 22 of the GDPR "a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her".

 

6. Data storage:

The Data will be stored at/through Server/Cloud System located in UE territory.

Your Personal Data and contact details will be used and stored for the purposes referred to in art. 3) above for a period not exceeding 5 (five) years unless  a different period provided by the applicable law in  the relevant field as well as   in case of  litigation (e.g. lawsuit). Your purchasing Data will be used and stored for the purposes referred to in art. 3) above for a period not exceeding 2 (two) years.

In order to guarantee the updating and correctness of the Data as well as any consent you may have expressed, B&B will send you a communication every 12 months in order to remind you  the methods and contacts – as specified in articles 11), 12) and 13) below - with which you can manage your registration.

At the expiration of the storage period the Data will be erased and eliminated from any paper and/or digital support in a secure manner and in full compliance with the  Data Protection regulations in force from time to time, or will be made anonymous by B&B for the sole purpose of carrying out statistical and/or historical analysis, therefore without any possibility for B&B and/or third parties to identify the Data Subjects.

 

7. Security Measures:

 We care about protecting your information. We therefore commit to taking all reasonable measures to protect any Personal Data that we have stored against misuse, loss or unauthorised access. To this purpose, we have implemented a series  of specific technical and organisational measures. Measures are included to deal with any suspected Data breaches.

 

8. Parties authorised to process Data:

For the proper execution of the Processing referred to in this Privacy Information Notice, your Data will be accessible to:

a. Employees of B&B Italia S.p.A., expressly authorised by the Data Controller and  adequately educated  by the Data Controller  to perform the processing  in question.

b. Suppliers of B&B Italia S.p.A. that provide services connected to and necessary for the aforementioned purposes, like, in particular, the following companies:  Develon Digital S.r.l., which on behalf of B&B Italia S.p.A. provides:  Services for the management, maintenance and hosting of the Website; MailUp S.p.a.,  which sends information and commercial communications on behalf of B&B Italia S.p.A.; AXIS communications S.r.l., which  provides hosting services for a section of the Website reserved for Dealers and the management of invitations and participation in B&B Events on behalf of B&B Italia S.p.A. These Suppliers operate under specific agreements for the processing of Data, stipulated with B&B Italia Spa pursuant to and for the purposes of  art. 28 of the GDPR. A list of such third parties is always available at the registered office of the Data Controller.

c. The Consultants of B&B Italia Spa who provide assistance regarding legal, tax, accounting and organisational aspects. These Consultants operate under specific agreements for the processing of Data, stipulated with B&B Italia Spa pursuant to and for the purposes of art. 28 of the GDPR. A list of such third parties is always available at the registered office of the Data Controller.

d. Parent companies, subsidiaries, investee and/or affiliated companies as well as entities contractually linked to B&B that manage the distribution and sale of B&B products and services (including any B&B distributors) for the purposes described in letter b), point (iii) of art. 3 above.

 

9. Disclosure and Dissemination of the Data:

The Data Controller can disclose your Data to Supervisory Bodies and/or to Judicial Authorities as well as to all other parties to whom the disclosure is mandatory by law for the accomplishment of said purposes. Your Data will not be disseminated and/or disclosed in any other way.

 

10. Data transfer:

The management and storage of Personal Data will be carried out on/through Server/Cloud System located in UE territory, belonging to the Data Controller and/or appointed third-party companies and duly designated as External Data Processors. In any case, it is understood that a subsequent and possible transfer of Data outside the European Union will take place in accordance with the applicable legal provisions - including articles 44, 45 and 46 of the GDPR - as well as with the adequacy decisions adopted by the European Commission and also, if necessary and in the absence of adequacy decisions, stipulating agreements that guarantee an adequate level of protection and/or implementing the standard contractual clauses provided by the European Commission. In detail,  in case of any subsequent transfer of Data in the United States, it will take place towards to those companies that have joined the so-called "Privacy Shield", in compliance with the decision of the European Commission that recognised the Agreement entitled "EU-US Privacy Shield" as having an appropriate level of protection of Personal Data transferred from the European Union to organisations resident in the United States that self-certify in the system and the subsequent Authorisation to transfer Data abroad through the agreement called "EU-US Privacy Shield" adopted by the Italian Data Protection Authority on 27 October 2016.

 

11. Rights of the Data Subject:

In your quality as a Data Subject, you are entitled to the rights set forth in art. 13 et seq. of the GDPR. Precisely, your rights include:

a. Pursuant to and for the purposes of art. 15 and art. 77 of the GDPR, the right to lodge a complaint with a competent authority.

b. Pursuant to and for the purposes of art. 15 of the GDPR, the right of access to information related to the processing of the Data, including: the purposes for the processing; the categories of Personal Data processed;  the envisaged period for wich the Personal Data will be stored or if not possible the criteria used to determine  that period ; the recipients or categories to whom  the Data were or will be disclosed; any transfer of Data to third countries; if the Data were not collected from the Data subject, the information available about the origin of the Data; the existence of an automated decision-making process, the logic applied to the segmentation of users for profiling activities and the significance and  envisaged  consequences of such processing for the Data subject.

c. Pursuant to and for the purposes of art. 16 of the GDPR, the right to obtain the rectification of inaccurate Data and the completion of incomplete Data.

d. Pursuant to and for the purposes of art. 17 of the GDPR, the right to request erasure and to obtain it in certain circumstances, including: the Data are  no longer  necessary  in relation to   the purposes for which they were collected; Personal Data have been unlawfully processed; Personal Data must be  erased as a consequence of a legal obligation established by the law of the European Union or the Member States   to  the Data Controller is subject ; the Data subject has withdrawn consent. This right will not be possible if the Data are necessary for the management of complaints.

e. Pursuant to and for the purposes of art. 18 of the GDPR, the right to obtain the restriction of processing in certaincircumstances , including: the Personal Data available to B&B are inaccurate; the Data subject does not agree with the use of his/her Data but opposes their erasure and therefore requires a restriction of their use; B&B no longer needs to keep the Data but the Data subject needs them for future complaints. In the event of a request for restriction, the Data will be processed only for certain reasons other than storage, including: complaints by the interested party; consent expressed by the interested party; protection of the rights of other natural or legal persons or for reasons of public interest at the level of the European Union or of a certain Member State.

f. Pursuant to and for the purposes of art. 20 of the GDPR, the right to receive their Data in a structured format that is commonly used and legible and to transmit them to another Data controller in the cases provided for by the aforementioned law.

g. Pursuant to and for the purposes of art. 21 of the GDPR, the right to object - at any time and for reasons related to his/her particular situation - to the processing of Personal Data, including the processing of Data for profiling and direct marketing purposes. In this case B&B shall no longer process the Personal Data  unless for specific exceptions provided by the aforementioned  law.

 

12. Data Controller:

The Data Controller is B&B Italia S.p.A. with registered office in Via Durini 14 - 20122 Milan, Tax code and VAT number 07122350965.

 

13. How to exercise your rights:

To exercise the rights referred to in art. 11) above, you can write to the Data Controller at the following addresses:  B&B Italia S.p.A. - Strada Provinciale Novedratese 32, N.15 -  22062 Novedrate (CO);  email: privacy@bebitalia.com;  Fax: 031 791 531.

 

14. Changes to this Privacy Information Notice:

This Information Privacy Notice may be subject to change. We therefore suggest you regularly check this Privacy Information Notice  and refer to the latest version.

In the event that you do not accept the changes that have been made, at any time you can cancel your registration on the Website or modify and/or withdraw your previously given consents by writing to the contacts as mentioned above.

 

 

Last update: 17 September 2018