DATA PROCESSING PURPOSES
Purchase of goods or services including all related activities (delivery of products, withdrawal of purchases, delivery of the product, installation, first start-up, warranty …)
Participation in any loyalty programs and/or recording of data in the Company’s CRM
Remote control of ATG products, prevention and resolution of malfunctions, further after-sales services
Monthly product consumption report (only if the product is connected to the Internet)
Analysis and clustering of customer types for business development purposes
Fulfilling obligations provided for by regulations and by applicable national and supranational legislation
Management of security and IT resources (backup, restore, logical access to any online account)
If necessary, in order to establish, exercise or defend the rights of the Data Controller in judicial proceedings
Out-of-court debt recovery
Purposes of direct marketing: for example, sending – by automated means of contact (such as SMS, MMS, e-mail, social networks, instant messaging apps) and traditional means (such as operator calls and traditional mail) – promotional and commercial communications relating to services/products offered by the Company or reporting corporate events, as well as measuring the degree of customer satisfaction, conducting market surveys and statistical analysis
Purpose of profiling: analysis of customer preferences, habits, behaviors, interests (…) in order to send personalized commercial communications / targeted promotional actions / offers and services adapted to customer needs / preferences (CRM metrics, Business Intelligence, warranty extension…)
LEGAL BASIS FOR PROCESSING DATA
Execution of the contract involving the data subject.
Legitimate interest (best business management)
Need to fulfill legal obligations
Execution of the contract involving the data subject.
Legitimate interest (judicial protection)
Legitimate interest (judicial protection)
Consent (optional and it can be withdrawn at any time).
Consent (optional and it can be withdrawn at any time).
Once the aforementioned retention period has lapsed the data will be destroyed or made anonymous.
DATA RETENTION PERIOD
Contractual term and, following expiry, for the ordinary limitation period of 10 years.
Term provided by law (10 years for administrative-accounting obligations).
Contractual term and, following expiry, for the ordinary limitation period of 10 years.
In case of litigation, for the entire duration of the same, until the time limit for appeal has expired.
Personal data and contact data: until revocation of consent
Detail of purchases: 24 months after collection of each data
Personal data and contact data: until revocation of consent
Detail of purchases: 24 months after collection of each data
Once the aforementioned retention period has lapsed the data will be destroyed or made anonymous.
DATA PROVISION
Data marked with an asterisk (*) in the data collection form must be provided to be able to provide the information requested; therefore, if this information is absent the Company will not be able to process the request.
DATA RECIPIENTS
The data may be processed by external parties operating as autonomous data controllers such as, by way of example, supervisory and control authorities and, in general, public or private parties entitled to request the data. The data may be communicated to public notaries and law firms as well
The data may also be processed, on behalf of the Company, by external parties designated as Processor, who are given adequate operating instructions. These subjects are essentially included i
a. companies offering email services; n the following
b. companies offering website maintenance services; categories: as to accountants.
c. companies offering support in carrying out market research.
d. companies and agencies in the field of event management and trade fairs
e. companies that offer services instrumental to the pursuit of the purposes set out in this information notice (media agencies, IT suppliers, freight
forwarders, softwarehouse & system integrators, e-commerce companies, consulting companies, etc.);
f. companies offering call center and customer care services;
g. information provider companies;
h. installers and service centers for installation and after sales services
i. other companies belonging to Ariston Group
SUBJECTS AUTHORIZED TO PROCESSING DATA
Data may be processed by employees in company departments who are responsible for carrying out the activities outlined above and have been authorized to process the data and have received suitable operating instructions.
PERSONAL DATA TRANSFERS OUTSIDE THE EU
The data may be transferred abroad to non-European countries whose level of data protection has been deemed appropriate by the European Commission pursuant to art. 45 of the GDPR. In case of transfer of personal data abroad to non-European countries whose level of data protection has not been deem appropriate by European Commission, will be applied Standard Clauses pursuant to European Commission Decision on February 5, 2010.
DATA SUBJECTS’ RIGHTS- COMPLAINT TO THE SUPERVISORY BODY
By contacting Ariston S.p.A. by mail address V.le Aristide Merloni n. 45, Fabriano (Italy), via e-mail sent to privacy.aristonthermo@aristonthermo.com, certified email aristonthermo@pec.aristonthermo.com, data subjects can ask the Company for access to personal data, or the correction or deletion of personal data, and also have the right to restrict processing of the data in the cases set out in article 18 of the GDPR, and object to processing in the case of legitimate interests of the controller.
Furthermore, in the case where processing is based on consent or a contract and carried out with automated tools, data subjects have the right to receive the personal data in a structured, commonly used and machine-readable format, and to transmit the data to another data controller without obstruction.
Data subjects have the right to withdraw consent at any time in relation to data processed for marketing purposes, and object to data being processed for these purposes. Data subjects have the possibility of stating a preference for being contacted for the aforementioned purposes through conventional methods and objecting to receiving communication through automatic methods only.
Data subjects have the right to lodge a complaint to the competent Supervisory Authority in the member state where they are resident or where they work, or the member state where the alleged breach took place.
DATA PROTECTION OFFICER (DPO)
Data Protection Officer (“DPO”) appointed by Data Controller pursuant to Art. 37 and following of the GDPR is Mr. Gabriele Faggioli.
It is possible to contact the Data Protection Officer (“DPO”) via e-mail at: DPO.AristonThermoGroup@aristonthermo.com