We consider your privacy to be of fundamental importance and always tries to ensure that your personal data is processed with respect for fundamental rights and freedoms, and your dignity, with particular reference to confidentiality, personal identity and the right to protection of personal data.
1. Data Controllers
2. Data Processed
4. Processing Purposes and Legal Basis
5. Nature of Supplying Data and Consequences of Refusal
6. Processing Methods
7. Data Storage
8. Security Measures
9. Persons Authorised to Process Data
10. Data Communication and Dissemination
11. Data Transfer
12. Rights of the Data Subject
13. Methods to Exercise Rights
- 1. Data Controllers
B&B Italia S.p.A. (a Company with registered office at Via Durini No. 14 - 20122 Milan and administrative office at Strada Provinciale 32, No. 15 - 22060 Novedrate (Como), Tax Code and VAT No. IT 07122350965, subject to the control and coordination of Design Holding S.p.A., hereinafter, also, “B&B”), in its capacity as Data Controller, informs you, in your capacity as Data Subject, that your personal data (hereinafter “Personal Data” or simply “Data”) will be processed in full compliance with current legislation on personal data protection and with the implementation of all the security, technical and organisational measures deemed appropriate for the protection of said Data.
Apart from B&B Italia S.p.A., your Data, with your consent where necessary, may also be processed by the other companies that are part of the same corporate group “Design Holding Group”. Each of these companies will act as Joint Data Controller. The Companies of the Group have entered into a Joint Controllership Agreement, pursuant to Article 26 GDPR.
Under the abovementioned Agreement, your personal data, with your consent, can be disclosed and shared between the Companies of the Group (i.e. Joint Controllers) for federated marketing and profiling purposes, as better specified in the art. 4 that follows. The content of the Joint Controllership Agreement is available by clicking here.An up-to-date list of the Companies that are part of the Design Holding Group is available by clicking here.
- 2. Data Processed
The Data covered under this policy is the following Data related to you, which you yourself can directly communicate to us via the Forms on our Website: name, surname, personal email address, work email address, personal telephone number, work telephone number, job and sector, name of company/business/organisation for which you work, address of domicile/residence, head office of company/business/organisation for which you work.
For the purpose of providing a better understanding of the above, please be reminded that Personal Data is defined under current European law as “any information relating to an identified or identifiable natural person ("data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
- 3. Processing
Your Data is processed by means of a series of operations and, precisely, purely by way of example, through: collection, registration, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure and destruction.
- 4. Processing Purposes and Legal Basis
Your Data will be processed for the following purposes:
a. subject to your consent, to send information and promotional notices, including of a commercial nature, newsletters, advertising material and/or offers about the products and services of the Design Holding Group and completion of statistical and/or market surveys and research, using both traditional methods (paper mail, operator assisted calls) and automated methods (email, fax, SMS, MMS, calls without an operator), from Italy or abroad (including from countries that do not belong to the European Community), by the companies operating in the field of furnishing, design and lighting and which are part of the Design Holding Group to which B&B Italia S.p.A. also belongs (including, the group’s parent company, Design Holding S.p.A., and the subsidiary and/or investee and/or affiliated companies of the same, pursuant to the provisions of Art. 2359 of the Italian Civil Code, which include by way of example: Arc Linea Arredamenti S.p.A., FLOS S.p.A., Louis Poulsen A/S). In this case your Data will be processed by the Companies of the Design Holding Group as Joint Data Controller. Please see Clause 1 for a complete list of the Companies and to access the contents of the Joint Data Controllership Agreement.
b. subject to your consent, to carry out profiling activities aimed at creating targeted marketing campaigns, exclusively related to DH Group’s products, by the companies operating in the field of furnishing, design and lighting and which are part of the Design Holding Group to which B&B Italia S.p.A. also belongs (including, the group’s parent company, Design Holding S.p.A., and the subsidiary and/or investee and/or affiliated companies of the same, pursuant to the provisions of Art. 2359 of the Italian Civil Code, which include by way of example: Arc Linea Arredamenti S.p.A., FLOS S.p.A., Louis Poulsen A/S).
- 5. Nature of Supplying Data and Consequences of Refusal
The nature of supplying your Data and the consequences of failure to supply the same are explained below, in relation to the purposes pursued as listed under Clause 4 above:
· Supplying the Data and the associated consent to processing of the same for the purposes set out under letter a. and letter b. of Clause 4 is optional. However, your refusal and/or supply of inaccurate and/or incomplete information could prevent the possibility of contacting you by the Companies of the Design Holding Group to provide you with all the information, commercial notices and promotions including therein the completion of statistical and/or market studies and research. Where consent is granted, you are entitled to revoke it at any moment. Please be reminded that revoking consent shall not prejudice the legality of the processing based on the consent you gave before revocation.
- 6. Processing Methods
Your Personal Data will be processed using suitable electronic and/or paper-based methods for reasons strictly connected to the purposes cited above and, in any event, in a manner that guarantees the security and confidentiality of the Data itself. B&B informs Data Subjects that no form of automated decision-making process will be used, with “automated decision-making process” meaning “a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her”.
- 7. Data Storage
The Data will be stored on/by means of servers/cloud systems located within the European Union and also by means of paper-based methods.
The time-scales for storing your Data in relation to the purposes pursued and as listed under the preceding Clause 4 are detailed below:
Upon expiry of the storage period, the Data will be deleted and eliminated from all paper-based and/or computerised supports using secure methods and in full compliance with the legislation applicable at the time to the field of Personal Data protection, otherwise it will be made anonymous by B&B solely in order to perform statistical and/or historical analyses, therefore without any possibility for B&B and/or third parties to identify the Data Subjects concerned.
- 8. Security Measures
We care about protecting your information. Therefore, we endeavour to adopt all appropriate and reasonable measures to protect the personal information stored by us against improper use, loss or unauthorised access. For this reason, we have implemented a series of specific technical and organisational measures. Measures are included to handle any suspected Data breach.
- 9. Persons Authorised to Process Data
In order to perform the processing covered under this Policy, the following persons will have access to your Data:
a. The employees and collaborators of B&B Italia S.p.A. and/or the Joint Controllers who have received prior authorisation and instruction to perform the processing and who have received adequate operational instructions in this context.
b. B&B Italia S.p.A. as well as the Joint Controllers use service providers and data processors which operate on our behalf. Such services may, for example, comprise server hosting and system maintenance, analysis, email service, etc. These business partners may be given access to data to the extent necessary in order for them to provide their services and solutions. Such business partners will be contractually obliged to treat all data as strictly confidential and will thereby not have permission to use data for purposes other than those which are covered within their contractual relationship with B&B Italia S.p.A. and/or the Joint Controllers, and we check that our business partners comply with their obligations. These suppliers operate in virtue of specific Data processing agreements signed with B&B Italia S.p.A. A list of these third parties is always available at the Data Controller’s head office.
c. Consultants of B&B Italia S.p.A. and/or the Joint Controllers, who provide assistance with regard to legal, tax, accounting and organisational matters. These consultants act as Data Processing Contractors in virtue of specific data processing agreements signed with B&B Italia S.p.A. pursuant to the provisions of Art. 28 of the GDPR. A list of these third parties is always available at the Data Controller’s head office.
d. Third parties such as judicial and/or administrative authorities, law enforcement agencies where necessary for the exercise or protection of rights of B&B Italia and/or the Joint Controllers, where applicable, the Joint Controllers as well as to comply with statutory obligations.
- 10. Data Communication and Dissemination
The Data Controller is entitled to share your Data with supervisory bodies and/or judicial authorities, as well as with all other subjects in relation to which dissemination is mandatory by law for the performance of the purposes cited. Your Data will not otherwise be disseminated and/or shared.
- 11. Data Transfer
Personal Data will be managed and stored on/by means of servers/cloud systems located within the European Union, which belong to the Data Controller and/or to third party companies assigned and duly appointed as External Data Processing Contractors. In any event, it shall remain understood that a subsequent and possible transfer of the Data outside the European Union will be carried out in accordance with the applicable legal provisions and the decisions regarding adequacy adopted by the European Commission and also, if necessary and in the absence of decisions on adequacy, by concluding agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.
- 12. Rights of the Data Subject
In your capacity as Data Subject, you are entitled to exercise a series of rights in relation to the processing of Personal Data pertaining to you. A list of these rights is given below, however, for any further details, you may contact us via the methods indicated under Clause 13.
Your specific rights are:
The right to objection: this right enables you to object to us processing your Personal Data for one of the following four reasons: (i) for our legitimate interests; (ii) to perform a task in the public interest or to exercise an official permit; (iii) to send you direct marketing material; (iv) for scientific, historical, research or statistical purposes.
The right to revoke consent: where we obtained your consent to processing the Personal Data for specific activities, you may revoke said consent at any time with the consequent termination by us of the activity to which you had previously consented, unless we believe there is another reason that justifies continuation of the data processing for that purpose. In this case, we will inform you of the situation.
Requests for access to personal data: you are entitled at any time to request that we tell you which items of your Data we have in our possession and to ask that we amend, update or delete it. In this case, we could ask to verify your identity and obtain more information on your request. In providing you with access to the data we hold, we will not charge you anything, unless your request is “clearly unfounded or excessive”. Should you request further copies of this information, we may charge you a modest amount for administrative expenses, where permitted by law. Where the law permits it, we may refuse your request. If we refuse your request, we will always tell you our reasons.
The right to deletion: you are entitled to request the deletion of the Personal Data under certain circumstances. In general, the right to request deletion and to obtain it depends on the existence of certain reasons, including: data that is unnecessary in relation to the purposes for which it was collected; Personal Data that was processed unlawfully; Personal Data that must be deleted due to a legal obligation established by the law of the European Union or its Member States and which is applicable to the Data Controller; the Data Subject revoked consent. This right cannot be exercised in cases where the Data is necessary for managing complaints.
The right to limitation of processing: you are entitled to request that processing of Personal Data be limited under certain circumstances. This means that we will be able to continue only storing the Data and we will not be able to perform further processing activities until: (i) one of the circumstances listed below is resolved; (ii) you provide consent, or (iii) further processing for the institution, exercise or defence of legal rights, protection of the rights of another data subject or for reasons of notable public interest for the EU or one of its Member States is necessary. The circumstances in which you are entitled to request the limitation of the processing of the Personal Data are:
· in the event that you dispute the accuracy of the Personal Data we are processing. In this case, the processing will be limited for the period in which the accuracy of the Data is being checked;
· in the event that you object to the processing of your Personal Data for our legitimate interests. In this case, you may request that your Data is limited while we verify the reasons for its processing;
· in the event that the data processing is unlawful, but you prefer to limit it instead of cancelling it; and
· in the event that we no longer need to process your Personal Data, but you still request it to institute, exercise or defend legal rights.
If we shared the Personal Data with third parties, we will inform them of the limitation to processing, unless that is impossible or involves disproportionate effort. We will certainly contact you before removing any limitations to the processing of the Personal Data.
The right to data portability: if you so wish, you are entitled to transfer the Personal Data from one data controller to another. To enable you to complete this operation, we will give you your Data in a common, machine-readable and password-protected format, so that you can transfer it to a different online platform. The right to data portability is applicable to: (i) Personal Data processed by us automatically (or rather, without any human intervention); (ii) Personal Data supplied by you; and (iii) Personal Data processed by us on the basis of your consent or to fulfil a contract.
- 13. Methods to Exercise Rights
To exercise the rights set out under the preceding Clause 12, you can write to the Data Controller at the following addresses: B&B Italia S.p.A. - Strada Provinciale Novedratese 32, No. 15, 22062 – Novedrate (Como); email: email@example.com .