The companies, Zelo21 s.r.l. (VAT No. 03560330130) and Alpac S.r.l. (VAT No. 03078220138), both located in Rovello Porro (CO) at Via Petrarca 1, as joint Data Controllers in charge of data processing (hereinafter the “Joint Controllers”) of the website https://www.zelo21.com (hereinafter the “Website”), inform visitors of the Website (hereinafter the “Data Subjects”) about the General Data Protection Regulation (GDPR), pursuant to Art. 13 of European Regulation No. 2016/679.
The Joint Controllers are aware of the importance of processing Data Subjects’ personal data, hence they indicate which and how data are processed. By browsing the Website or indicating the willingness to use the services provided by the same, Data Subjects declare that they have read and accepted this policy (hereinafter “Policy”), thus granting their consent to the processing of their personal data by the Joint Controllers.
For any information, queries or requests relating to this Policy, the Data Controllers provide the Data Subjects with the following email address:
Data Subjects have the following rights:
Data Subjects may exercise their rights by writing to the email address indicated above.
The Joint Controllers would like Data Subjects to exercise their rights without incurring any costs. However, to do so the Joint Controllers may require specific information to follow up on the Data Subjects’ enquiries in relation to their rights.
Enquiries are usually dealt with within 30 days from receiving them. However, if this deadline cannot be met (e.g. due to a high volume of requests or complexity of the response) it will be the Joint Controllers’ responsibility to inform the Data Subjects and keep them updated on the developments.
The personal data provided to the Joint Controllers by both the Data Subjects and third parties, are processed to fulfil the Data Subjects’ contact requests (hereinafter the “Services”) received through the Website.
a) Data provided directly by the Data Subjects
|Personal data category||Types of data|
|Identification and contact data||Name, surname, email address, residence/domicile address, telephone number, tax code/VAT number|
|Technical data||IP Address|
|Payment details||IBAN and bank details|
|Behavioural data||Information regarding the Data Subjects’ behaviour and interests based on their online activity|
|Online presence data||Links to personal, public and social media pages, personal websites and other material concerning Data Subjects|
b) Data collected from third parties
The Joint Controllers do not collect personal data from third parties other than the Data Subjects.
Due to various purposes, Joint Controllers may collect, use and share aggregated data, such as statistical or demographic data.
Aggregated data may come from personal data given by the Data Subjects, but they are not considered as personal data since, as specified by the GDPR, they allow neither the direct nor the indirect identification of the Data Subjects. However, if the Joint Controllers combine or connect aggregated data with the Data Subjects’ personal data so that they can directly or indirectly identify the latter, the Joint Controllers will process the combined data in accordance with the privacy notice.
The Joint Controllers do not process any Data Subjects’ special data (special data means data relating to ethnic or racial origin, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, genetic, biometric and health data), as well as data relating to criminal convictions and crimes.
The Joint Controllers process personal data for the purposes indicated in the table below.
The GDPR requires that Joint Controllers have a legal basis to carry out the processing of each personal data.
The Joint Controllers may process Data Subjects’ personal data after their consent, and use these as the legal basis for the processing. Consent may be withdrawn at any time. However, the processing carried out until consent is withdrawn shall not be affected.
The summary table below, highlights the purposes and their description:
|Delivering, maintaining and updating the Services and the Website||Through the Website, Data Subjects may request to be contacted, to receive information, schedules or number of activities carried out by the Joint Controllers.|
|Providing support to Data Subjects||Resolving technical issues encountered by the Data Subjects while browsing, providing the latter with assistance or requested support, as well as improving the Services and the Website.|
|Newsletters||The Joint Controllers may send Data Subjects updates to inform them on the development of their business, as well as agreements with business partners and participation in events.|
|Making sure that the Data Controllers’ activity complies with legal, regulatory and protection obligations||The Joint Controllers may process Data Subjects’ Personal Data in order to conform to legislative and regulatory obligations, as well as to comply with the provisions of the judicial and administrative authorities.
The Joint Controllers may also process the data to protect their rights and interests. These include judicial protection or due diligence in the evaluation of corporate structure changes.
If data are essential to provide the Services, the Joint Controllers shall not be able to provide them and support Data Subjects with their requests. In this case, the Joint Controllers may request an integration to the personal data or delete the Data Subjects’ personal data, stopping Services from being provided.
Data Subjects’ personal data might be communicated to third parties instead of the Joint Controllers, as better indicated in the table below:
|Recipients||Purpose of the communication|
|Providers||The Joint Controllers’ providers support them in the provision of Services with, but not limited to, development of the Website, hosting, maintenance, backup, virtual infrastructure.|
|Business Partners||The Joint Controllers may communicate the data to business partners who help them with the development of their Products and planning of fairs and other events in which they participate.|
|External consultants||In the event of legal obligations or obligations relating to a relationship established with the Data Subjects, the Joint Controllers might communicate personal data to external consultants. These include accountants and lawyers.|
|Judicial authorities and proceedings||The Joint Controllers might communicate the Data Subjects’ personal data to state and/or administrative and/or judicial authorities if this is mandatory under the law, regulations or provisions of the authorities or to defend their own rights and/or interests.|
Data Subjects’ personal data will not be disseminated.
The Joint Controllers shall retain the Data Subjects’ personal data for a time necessary to achieve the purposes described above, unless the former request their cancellation in advance.
However, the law may assent a longer period of time for the retention of personal data.
Joint Controllers keep personal data in paper files stored at the headquarters, as well as on computer archives located within the European Union, but also outside it – if these are essential to the pursuit of the purposes indicated in letter a). In the latter case, the Joint Controllers ensure that companies established outside the European Union, process personal data with the utmost confidentiality in compliance with adequacy decisions adopted by the European Commission, any Privacy Shield or, if necessary, entering into agreements that guarantee an adequate level of protection.
The Joint Controllers process the Data Subjects’ personal data by adopting appropriate security measures aimed at preventing unauthorised access, disclosure, modification and destruction.
The processing of data is carried out through telematic procedures, electronic means and, alternatively, on paper by specially authorised internal personnel as well as external managers (if appointed), depending on the contractual agreements in place.
The processing can also be carried out through the use of automated means.
Joint Controllers are aware that the processing of data relating to minors is a sensitive matter. It is noted that Services are not intended for minors under the age of 14, hence the Joint Controllers do not voluntarily process these data. In this sense, Data Subjects under the age of 14 should not request any Service.
The Joint Controllers encourage parents or those responsible for minors under the age of 14 to check that they do not request Services and, in any case, to warn them not to disclose their personal data through the Website.
If the Joint Controllers become aware that some personal data belong to minors under the age of 14, they will make sure to delete them.
The Joint Controllers inform Data Subjects that this Policy applies exclusively to the Website. However, the Data Subjects are recommended to verify the information present on other websites before disclosing their personal data.
The Joint Controllers take no responsibility for personal data disclosed by Data Subjects on other websites.
Joint Controllers reserve the right to amend this Policy at any time. In case of changes, the Joint Controllers will upload the new policy on this page and the Data Subjects shall check the changes carried out on the Policy: Data Subjects will be able to review the Policy history by checking the date.
By continuing to use the Website following the changes to the Policy, the Data Subjects accept the new conditions and consent to the processing of data as modified.