Privacy policy
Dear User,
Sofidel S.p.A. respects your privacy and protects your personal data.
Please find the policy on the protection of personal data (for brevity, referred to as the ‘Regulation’ or ‘GDPR’) below, drafted pursuant to Article 13 of European Regulation No. 679/2016, regarding the processing of any personal data that you provide when you browse our websites and/or use the services contained therein and/or participate in specific initiatives.
The general rules of data processing, the rules on cookies and how it is always possible for you to withdraw your consent to certain processing of your personal data are described below.
Your personal data will be processed by Sofidel in accordance with the principles of law and the Regulation.
Please note that processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1. DATA CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is Sofidel S.p.A., with registered office in Via G. Lazzareschi no. 23 – 55016 Porcari (LU), Italy (hereinafter, ‘Data Controller’ or ‘Sofidel’), who can be contacted at gdpr.holding@sofidel.com.
The Data Controller has appointed a Data Protection Officer (‘DPO’) who can be contacted at dpo.holding@sofidel.com.
2. CATEGORIES AND TYPES OF PERSONAL DATA PROCESSED
Through the use of Sofidel’s websites, including www.nicky.eu, www.nicky.ie, www.nickytissue.co.uk, www.nicky.us, www.cosynel.be, www.kittensoft.com, www.letrefle.fr, www.nalyspapier.com/be, www.softis.de, www.sopalin.fr, www.regina.eu, www.regina.uk.com, www.sofidelshop.com, www.hakle.de (hereinafter referred to as the ‘Sites’ for brevity), or through the participation in specific initiatives, the Controller may collect and process the following personal data:
a. Navigation data
We refer to all those parameters relating your operating system and the computer environment you are using, including IP address, location (country), computer domain names, URI (Uniform Resource Identifier) addresses of the resources requested on the Websites, time of the requests, method used to send requests to the server, size of the file obtained in response to a request, numerical code indicating the status of the response given by the server (successful, error, etc.), and so on. This information is collected by the Websites and enables them to operate correctly.
We inform you that this personal data is used by the Data Controller solely in order to obtain anonymous statistical information on use of the Websites, and to check that they function correctly and identify any malfunctions and/or abuses.
This personal data is deleted immediately after processing, unless it is necessary to identify those responsible in the event of suspected cybercrimes against the Websites or third parties.
b. Data voluntarily provided by the user
We refer to the personal data you voluntarily provide, such as the data you enter in the information collection forms on the Sites, the data you provide when participating in online and/or offline events and/or contests promoted by Sofidel, or when registering for Sofidel’s newsletter, such as your first name, last name, city and/or province of residence, email address and/or telephone number, as well as the personal data you may provide us with in requests for information sent to the email addresses of the Controller’s customer service department published on the Sites.
c. Data processed as a result of services rendered online
Without prejudice to any specific information that may be available in the various sections of the Websites, this document is also intended to cover the processing of the data you voluntarily provide in order to receive services provided online. For example, we refer to the registration service and access to your personal area, where your personal data such as personal details and contact details are processed.
d. Cookies
Click here for the cookie policy.
3. PURPOSE OF PROCESSING
Your personal data will be processed, if necessary with your consent, for the following purposes, where applicable:
a) allow you to navigate the Sites (including the management of security profiles) and to provide the services requested by you such as participation in prize competitions, the drawing of a prize as per the competition rules duly published by the Data Controller on the relevant site;
b) respond to requests submitted by you using the appropriate forms available on the Sites or through the customer service email addresses published on the Sites
c) with your consent, to send you promotional and marketing communications, including newsletters, promotional offers, commercial initiatives, advertising material, direct sales and market research, on the products and services of the Data Controller and/or Business Partners, as well as invitations to events and initiatives organised by the Data Controller or by companies in the Group, by automated means (SMS, mms, email, automated call systems without operator, use of social networks, push notifications, Whatsapp, fax) and otherwise (paper mail, telephone with operator)
d) with your consent, to analyse your purchasing choices and behavioural preferences, in order to better structure personalised communications and commercial proposals, to carry out general analyses for the purposes of strategic orientation and commercial intelligence and, in general, for profiling activities;
e) for evaluation and statistical monitoring purposes: this purpose implies an analysis of aggregate information that does not relate to identified or identifiable natural persons and which, therefore, does not constitute personal data and does not in any way allow the Data Controller to trace your identity;
f) to comply with any obligations provided for by applicable laws, regulations or Community legislation, or to comply with requests from the authorities;
g) in the event that it is necessary to ascertain, exercise or defend a right in court.
4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE PROCESSING
The legal basis for processing personal data for the purposes referred to in points a) and b) is Article 6(1)(b) of the Regulation, since the processing is necessary for the provision of the services you have requested. Providing your personal data for these purposes is optional, but failure to do so would make it impossible for you to access the services you have requested.
Processing for the marketing and profiling purposes described in (c) and (d) is based on your consent in accordance with Article 6(1)(a). Your consent can be withdrawn at any time. Providing your personal data for these purposes is therefore entirely optional and does not affect the use of other services offered by the Websites. If, in any event, you wish to object to the processing of your data for marketing or profiling purposes, you may do so at any time by contacting the Data Controller at the contact details indicated in the ‘Contact us’ section of this policy.
Lastly, it should be noted that, since the processing referred to in point (e) does not concern personal data, it does not fall within the scope of application of the legislation on the protection of personal data and may therefore be freely carried out by the Data Controller.
The purpose referred to under f) is a legitimate processing of personal data within the meaning of Article 6(1)(c) of the Regulation.
The processing carried out for the purposes referred to under g) is based on the legitimate interest of the Data Controller within the meaning of Article 6(1)(e) of the Regulation.
5. DATA PROCESSING METHODS
In relation to the aforementioned purposes and related legal bases, the processing of your personal data is performed by means of manual, computer and automated tools with logic strictly related to the purposes and in such a way as to ensure the security and confidentiality of the data, in addition to compliance with specific obligations under the law.
6. RECIPIENTS OF PERSONAL DATA
Your personal data may be shared, for the purposes indicated, with the following
recipients:
– Persons who typically act as Data Processors pursuant to Article 28 of the Regulations on behalf of the Data Controller, in particular: persons in charge of providing services (e.g. hosting providers or suppliers of e-mail platforms); persons authorised to perform technical maintenance (including maintenance of network equipment and electronic communication networks), etc. The full list of data processors is available by sending a written request to the Data Controller at the addresses indicated in the “Contacts” section of this policy.
– Persons authorised by the Data Controller to process personal data necessary to carry out activities strictly related to the provision of services, who have undertaken to maintain confidentiality or are under an appropriate legal obligation to do so.
– Persons, entities or authorities to whom it is mandatory to communicate your personal data under provisions of law or orders from the authorities.
Your data may be accessible to the other companies of the Sofidel Group for the same purposes as above and/or for administrative-accounting purposes pursuant to Article 6.1.f) and Recitals 47 and 48 of the Regulation.
It is understood that your personal data will not be disclosed to third parties for them to use for their own promotional purposes and will not be disseminated in any way.
7. TRANSFERS OF PERSONAL DATA
In general, your data will not be transferred outside the European Union.
If some of the third parties referred to in Section 6 above are located in countries outside the European Union, the transfer of your personal data to such parties will be carried out alternatively on the basis of:
the presence of adequacy decisions issued by the European Commission;
the prior conclusion between Sofidel and such entities of specific agreements containing appropriate safeguards and guarantees for the protection of your personal data (so-called ‘Standard Contractual Clauses’, as made available by the European Commission);
in the absence of the above, your consent, which will be expressly requested on that occasion and prior to the transfer, subject to prior information on the level of protection of your personal data in the country of destination of the data transfer.
Further information is available by sending a written request to the Data Controller at the addresses indicated in the ‘Contact’ section of this policy.
8. RETENTION OF PERSONAL DATA
The personal data processed for the purposes referred to in sections a) and b) will be kept for the time strictly necessary to achieve those purposes.
For the purposes referred to in sections c) and d), your personal data will instead be processed for the time strictly necessary to achieve the purposes for which they were collected, respecting the principle of minimisation referred to in Article 5(1)(c) of the GDPR and, in any case, until your consent is revoked or for a maximum period of 60 months from the collection. Upon withdrawal of consent, the data processed for the purposes of points c) and d) above will be permanently deleted or anonymised.
In general, the Data Controller reserves the right to retain your data for as long as necessary to comply with any legal obligation to which it is subject or to meet any defensive needs. This is without prejudice to the possibility for the Data Controller to retain your personal data for the period of time provided for and permitted by law to protect its interests (Art. 2947 of the Civil Code).
Further information on the data retention period and the criteria used to determine this period may be requested by sending a written request to the Data Controller at the addresses indicated in the ‘Contact’ section of this policy.
9. RIGHTS OF THE DATA SUBJECT
We hereby inform you that you are entitled to exercise the following rights in relation to the personal data that is the subject of this policy:
Right of access and rectification (article 15 and 16 of the EU Regulation);
Right to data deletion (Article 17 of the EU Regulation);
Right to restriction of processing (Article 18 of the EU Regulation);
Right to data portability (Article 20 of the EU Regulation);
Right to object (Article 21 of the EU Regulation);
Right to lodge a complaint with the Supervisory Authority (Data Protection Authority) (Article 77 of the EU Regulation);
Right to withdraw the consent given (Article 13 of the EU Regulation).
Furthermore, you may lodge a request to object to the processing of your personal data, stating the reasons for your objection.
We also inform you that you have the right to object at any time and without justification to the profiling and the sending of direct marketing via automated means (e.g. text message, multimedia message, email, automated call systems without operator, use of social networks, push notifications, WhatsApp, fax) and non-automated means (paper mail, telephone with operator). Moreover, with regard to direct marketing, this right may also be exercised in part, for example, in this case, by objecting only to the sending of promotional communications by automated means.
Requests should be addressed in writing to the Data Controller at the addresses indicated in the ‘Contact’ section of this policy.
In any event, you are always entitled to lodge a complaint with the competent supervisory authority (Italian Data Protection Authority), pursuant to Article 77 of the Regulation, if you believe that the processing of your data is contrary to the legislation in force, or to take legal action pursuant to Article 79 of the Regulation.
10. CHANGES
The Data Controller reserves the right to modify or simply update the content, in part or in full, also as a result of changes in the applicable legislation. The Data Controller therefore invites you to check this section regularly to stay informed about the latest and most updated version of the privacy policy and thus be kept always up to date on the data collected and how the Data Controller uses it.
11. CONTACTS
To exercise the above rights or for any other request, please write to the Data Controller at gdpr.holding@sofidel.com.
You can also contact the Data Protection Officer at the Data Controller’s head office at the above address and/or via e-mail at dpo.holding@sofidel.com.