Privacy Policy & Cookies

INFORMATION ACT PURSUANT TO ART. 13 OF EU REGULATION N. 2016/679

ING. C. CORRADINI & C. S.r.l. (Tax code and VAT number: 01105520355) (hereinafter “CORRADINI”), in the person of its legal representative pro tempore, with registered office in Reggio Emilia, via D. Alighieri, 4, in its capacity as Data Controller pursuant to art. 4 n. 7) and 24 of EU Regulation n. 2016/679 (GDPR), informs you that, pursuant to art. 13 of the GDPR, your personal data described in art. 1 below will be processed for execution of the processing purposes described in art. 2 below. 

1. Category of personal data being processed.

1.1. CORRADINI collects and processes, in order to execution the processing purposes described in art. 2, your personal data ex art. 4 n. 1) of the GDPR cd. identifiers (e.g. name; surname; email address) requested within one or more specific forms on the website of CORRADINI www.corradini.it (hereinafter “Site”).

2. Purposes of processing and legal basis.

2.1. Your personal data are processed by CORRADINI for the following purposes:

Execution of your request for contact and/or further information, made by filling in the appropriate form on the Site.

In compliance with art. 13 paragraph 2) letter e) of the GDPR, CORRADINI informs you that failure to communicate (even partially) your personal data, unequivocally requested as compulsory within the specific form present on Site, may determine the impossibility for CORRADINI to correctly and fully execute the processing purpose as art. 2.1. letter a).

In this regard, CORRADINI specifies that the legal basis of the processing purpose referred in art. 2.1. letter a) is found in art. 6 paragraph 1) letter b) of the GDPR.

2.2. If necessary, your personal data will be processed by CORRADINI for the following purposes:

Performance of a contractual relationship or of a pre-contractual measure, including performance of the related legal obligations of various kinds.

In compliance with art. 13 paragraph 2) letter e) of the GDPR, CORRADINI informs you that failure to communicate your personal data, requested for this purpose, may result in the impossibility for CORRADINI to correctly and fully execute the processing purpose as art. 2.2. letter b).

In this regard, CORRADINI specifies that the legal basis of the processing purpose referred in art. 2.2. letter b) is found in art. 6 paragraph 1) letters b) and c) of the GDPR.

3. Retention period.

3.1. In compliance with art. 13 paragraph 2) letter a) of the GDPR, CORRADINI informs you of the following retention period, after which your personal data will be subject to deletion, destruction or anonymization: (i) for the fulfilment of the processing purpose mentioned in art. 2.1. letter a): n. 5 years, starting from the completion and complete execution of your request for contact and/or further information, a term that may be extended if necessary in order to comply with regulatory obligations (including those that have arisen) or to assert or defend a right, including in court; (ii) for the purpose of processing as art. 2.2. letter b): n. 10 years pursuant to art. 2946 of Italian Civil Code, starting from the final conclusion of the relevant contractual or pre-contractual relationship, a term that may be extended in order to comply with regulatory obligations (including those that have arisen) or to assert or defend a right, including in court.

4. Target audience.

4.1. In compliance with art. 13 paragraph 1) letter e) of the GDPR, CORRADINI informs you that your personal data may be communicated, if appropriate and necessary, to one or more recipients ex art. 4 n. 9) of the GDPR, generally identified by category as follows: (i) for the fulfilment of the processing purpose as art. 2.1. letter a): subjects authorised to the processing by CORRADINI; consultants or companies of various kinds that provide, however, services and/or performances (also professional) connected, even indirectly, to the fulfilment of the purpose in question (e.g.: IT companies); (ii) for the fulfilment of the processing purpose mentioned in art. 2.2. letter b): subjects authorized to the processing by CORRADINI; consultants or companies of various nature providing, however, services and/or performances (also professional) connected, also indirectly, to the fulfilment of the purpose in question (e.g. IT company; legal/fiscal consultant).  

5. Transfer.

5.1. CORRADINI informs you that your personal data are stored in automated, partially automated or non-automated archives belonging or indirectly traceable to CORRADINI and located within the European Economic Area (EEA).

6. Data subject’s rights.

6.1. In relation to the user’s personal data, CORRADINI informs that the relevant data subject pursuant to art. 4 n. 1) of the GDPR has the right to exercise the following rights which may be subject to the limitations provided for in art. 2 undecies and 2 duodecies of the Privacy Code: right of access pursuant to art. 15 of the GDPR: right to obtain confirmation as to whether or not personal data concerning the data subject are being processed, as well as the information referred in art. 15 of the GDPR (e.g. purpose of processing, storage period); right to rectification under art. 16 of the GDPR: right to correct, update or supplement personal data; right to erasure under art. 17 of the GDPR: right to obtain erasure or destruction or anonymisation of personal data, where, however, the conditions listed in the same article apply; right to restriction of processing under art. 18 of the GDPR: right to obtain the restriction of the processing of personal data in the cases governed by art. 18 of the GDPR; right to data portability under art. 20 of the GDPR: right to obtain the personal data provided to CORRADINI in a structured, commonly used and machine-readable format (and, where required, to transmit them directly to another Data Controller), where the specific conditions set out in that article are met (e.g. legal basis of consent and/or execution of a contract; personal data provided by the data subject); right to object under art. 21 of the GDPR: right to obtain the cessation, on a permanent basis, of a specific processing of personal data; right to lodge a complaint with the Privacy Guarantor under art. 77 of the GDPR: right to lodge a complaint where it is considered that the processing under analysis violates national and EU legislation on the protection of personal data. 

6.2. In addition to the rights described in art. 6.1. above, CORRADINI specifies that, in relation to the personal data of the data subject, there is, where possible and conferring, the right to exercise, on the one hand, the (sub)right provided for art. 19 of the GDPR (“The controller shall communicate to each of the recipients to whom the personal data have been transmitted any rectification or erasure or restriction of processing carried out pursuant to article 16, article 17(1) and article 18, unless this proves impossible or involves a disproportionate effort. The data controller shall inform the data subject of such recipients if the data subject so requests”), to be considered connected and related to the exercise of one or more of the rights regulated in articles 16, 17 and 18 of the GDPR; on the other hand, CORRADINI specifies that, in relation to the personal data of the data subject, there is, where possible and conferring, the right to exercise the right provided for in art. 22(1) of the GDPR (“The data subject shall have the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects concerning him or her or significantly affects him or her in a similar way”), subject to the exceptions provided for in paragraph 2 below.)

6.3. Pursuant to article 12 paragraph 1) of the GDPR, CORRADINI undertakes to provide the User with the communications referred in art. from 15 to 22 and 34 of the GDPR in a concise, transparent, intelligible, easily accessible and plain language form: such information shall be provided in writing or by other electronic means, or, at the User’s request, orally provided that the User’s identity is proven by other means.

6.4. In accordance with article 12 paragraph 3) of the GDPR, CORRADINI informs you that it undertakes to provide you with information regarding the action taken in respect of a request pursuant to art. from 15 to 22 of the GDPR without undue delay and, in any event, at the latest within one month of receipt of such request; this period may be extended by n. 2 months if necessary, taking into account the complexity and number of requests (in this case, the Controller undertakes to inform the user of such extension and the reasons for the delay, within one month of receipt of the request).

6.5. The user may exercise the above-described rights at any time (with the exception of the right under Art. 77 of the GDPR) by using the contact details set out in art. 7.

7. Contact details.

7.1. CORRADINI can be contacted at the following address: corradini.gdprprivacy@corradini.it

Reggio Emilia, 28.1.2022 (date of last update)

ING. C. CORRADINI & C. S.r.l.

(in the person of its legal representative pro tempore)

COOKIE POLICY

ING. C. CORRADINI & C. S.r.l., (Fiscal Code and VAT n.: 01105520355) (hereinafter “CORRADINI”), in the person of its legal representative pro tempore, with registered office in Reggio Emilia (RE), via D. Alighieri, 4, in its capacity as Data Controller pursuant to art. 4 n. 7) and 24 of EU Regulation n. 2016/679 (GDPR), illustrates below the cookie policy (“Policy”) referring to this website www.corradini.it (“Site”).

1. Legal framework.

1.1. The Policy is based on the following EU and/or national (first and/or second level) regulatory provisions: (i) Directive n. 2002/58/EC of 12.7.2012 (so-called ePrivacy Directive), as amended by Directive n. 2009/136/EC; (ii) art. 122 of the new Legislative Decree n. 196/2003 (Privacy Code), which has implemented, within the national legal system, the ePrivacy Directive; (iii) GDPR: articles 4 n. 11), 7, 12, 13, 25 and 95 (in addition, in particular, to Recitals n. 30, 32 and 173); (iv) Guidelines n. 5/2020 adopted on 4.5.2020 by the EDPB, replacing the Guidelines of 10.4.2018 signed by WP Art. 29; (v) Measure n. 231 of 10.6.2021 [web doc. n. 9677876] and n. 224 of 9.6.2022 [web doc. n. 9782890] (and relative press release dated 23.6.2022) signed by the Italian Data Protection Authority (Privacy Guarantor); (vi) Recommendation n. 2/2001 of the WP Art. 29; (vii) Opinion n. 2/2010 of the WP Art. 29; (viii) Opinion n. 4/2012 of the WP Art. 29; (ix) Guidelines n. 8/2020 of the EDPB.

2. Cookies and other tracking tools: definition and classification.

2.1. The “cookies“[1] are, as a rule, strings of text that a website (“publisher” or “first party”) visited by the user or a different website (“third party”) places and stores, directly (in the case of the first party website) or indirectly (through the latter, in the case of the third party website), in a terminal device available to the user: in this regard, the Privacy Guarantor has specified the fact that the information, encoded in cookies, may include both personal data under art. 4 n. 1) of the GDPR (e.g. IP address; user name; email address; unique identifier) and non-personal data pursuant to art. 3 n. 1) of EU Regulation n. 1807/2018 (e.g. language; type of device used).

Alongside (or in addition to) them, ‘other tracking tools‘ may exist (and therefore be used), which can be divided into ‘active’ (which have almost the same characteristics as cookies) and ‘passive’ (e.g. finger printing).

2.2. In addition to the above-mentioned intrinsic features, cookies (and other tracking tools) may have different characteristics in terms of time (and thus be considered “session”[2] or “permanent”,[3] depending on their duration), subjectively (depending on whether the publisher acts autonomously or on behalf of a “third party”) and, finally (but especially), depending on the purpose of the processing pursued, so that they can be divided into two different (big) categories:

1. 1. “technical“, used for the sole purpose of “carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the contracting party or user to provide such service” (Article 122(1) of the Privacy Code).
      In this regard, the Privacy Guarantor has highlighted, in Measure n. 231 of 10.6.2021 (in line with the previous provision on the subject of 2014), that the “analytics cookies“[4] may well be included within the scope of cookies (or other tracking tools) of a “technical” nature (and, therefore, can be used without the prior acquisition of consent from the person concerned), under certain conditions, aimed at precluding the possibility that it comes, through their use, the direct identification of the person concerned (single out)[5].
   2. profiling”/”marketing” (so-called “non-technical”), used to trace specific actions or behavioural patterns recurring in the use of the offered functionalities to specific, identified or identifiable subjects. non-technical), used to trace specific actions or behavioural patterns recurring in the use of the functions offered (patterns) to specific identified or identifiable subjects, in order to group the various profiles within homogeneous clusters of different sizes, so that the Data Controller can, among other things, also modulate the provision of the service in an increasingly personalised manner beyond what is strictly necessary for the provision of the service, as well as send targeted advertising messages (i.e., in line with the preferences expressed by the user when surfing the web).

3. Cookies installed on the Site.

3.1. Within the Site, the following types of cookies have been installed (or may be installed, subject to obtaining the specific consent of the user):

4. Browser settings.

4.1. CORRADINI highlights the possibility for the user to delete and block the operation of the cookies described in article 3 above at any time by using the specific setting features of the browser used: in this respect, CORRADINI adds that, if the user decides to disable the technical cookies referred to in article 2.2. point i), the quality and speed of the services and functionalities offered and made available by the Site may deteriorate.

You can find information on how to manage cookies with some of the most popular browsers by visiting the following web pages:

https://support.google.com/chrome/answer/95647?hl=it

https://support.mozilla.org/it/kb/Gestione%20dei%20cookie?redirectlocale=enUS&redirectslug=Cookies

https://support.microsoft.com/it-it/help/17442

https://support.microsoft.com/it-it/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy

https://support.apple.com/it-it/guide/safari/sfri11471/mac

https://support.apple.com/it-it/HT201265

https://help.opera.com/en/latest/security-and-privacy/#clearBrowsingData

5. Data subject’s rights.

5.1. In relation to the user’s personal data, CORRADINI informs that the relevant data subject pursuant to art. 4 n. 1) of the GDPR has the right to exercise the following rights which may be subject to the limitations provided for in art. 2 undecies and 2 duodecies of the Privacy Code: right of access pursuant to art. 15 of the GDPR: right to obtain confirmation as to whether or not personal data concerning the data subject are being processed, as well as the information referred in art. 15 of the GDPR (e.g. purpose of processing, storage period); right to rectification under art. 16 of the GDPR: right to correct, update or supplement personal data; right to erasure under art. 17 of the GDPR: right to obtain erasure or destruction or anonymisation of personal data, where, however, the conditions listed in the same article apply; right to restriction of processing under art. 18 of the GDPR: right to obtain the restriction of the processing of personal data in the cases governed by art. 18 of the GDPR; right to data portability under art. 20 of the GDPR: right to obtain the personal data provided to CORRADINI in a structured, commonly used and machine-readable format (and, where required, to transmit them directly to another Data Controller), where the specific conditions set out in that article are met (e.g. legal basis of consent and/or execution of a contract; personal data provided by the data subject); right to object under art. 21 of the GDPR: right to obtain the cessation, on a permanent basis, of a specific processing of personal data; right to lodge a complaint with the Privacy Guarantor under art. 77 of the GDPR: right to lodge a complaint where it is considered that the processing under analysis violates national and EU legislation on the protection of personal data. 

5.2. In addition to the rights described in art. 5.1. above, CORRADINI specifies that, in relation to the personal data of the data subject, there is, where possible and conferring, the right to exercise, on the one hand, the (sub)right provided for art. 19 of the GDPR (“The controller shall communicate to each of the recipients to whom the personal data have been transmitted any rectification or erasure or restriction of processing carried out pursuant to article 16, article 17(1) and article 18, unless this proves impossible or involves a disproportionate effort. The data controller shall inform the data subject of such recipients if the data subject so requests”), to be considered connected and related to the exercise of one or more of the rights regulated in articles 16, 17 and 18 of the GDPR; on the other hand, CORRADINI specifies that, in relation to the personal data of the data subject, there is, where possible and conferring, the right to exercise the right provided for in art. 22(1) of the GDPR (“The data subject shall have the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects concerning him or her or significantly affects him or her in a similar way”), subject to the exceptions provided for in paragraph 2 below.)

5.3. Pursuant to article 12 paragraph 1) of the GDPR, CORRADINI undertakes to provide the User with the communications referred in art. from 15 to 22 and 34 of the GDPR in a concise, transparent, intelligible, easily accessible and plain language form: such information shall be provided in writing or by other electronic means, or, at the User’s request, orally provided that the User’s identity is proven by other means.

5.4. In accordance with article 12 paragraph 3) of the GDPR, CORRADINI informs you that it undertakes to provide you with information regarding the action taken in respect of a request pursuant to art. from 15 to 22 of the GDPR without undue delay and, in any event, at the latest within one month of receipt of such request; this period may be extended by n. 2 months if necessary, taking into account the complexity and number of requests (in this case, the Controller undertakes to inform the user of such extension and the reasons for the delay, within one month of receipt of the request).

5.5. The user may exercise the above-described rights at any time (with the exception of the right under Art. 77 of the GDPR) by using the contact details set out in art. 6.

6. Contact details.

6.1. CORRADINI can be contacted at the following address: corradini.gdprprivacy@corradini.it  

7. Social plug-in.

7.1. In compliance with the EDPB Guidelines n. 8/2020, CORRADINI also specifies that it is a joint-controller ex art. 4 n. 7) and 26 of GDPR with some social media providers (e.g. Facebook; Linkedin), due to the installation, within the Site, of the relevant social plug-ins, easily viewable and usable on the Site.

Reggio Emilia (RE), 29.8.2022 (date of last update).

ING. C. CORRADINI & C. S.r.l.

(in the person of its legal representative pro tempore)

[1] See Recital (30) of the GDPR (“Natural persons may be associated with online identifiers produced by the devices, applications, tools and protocols used, such as IP addresses, temporary markers (cookies) or other identifiers, such as radio frequency identification tags. Such identifiers may leave traces which, in particular when combined with unique identifiers and other information received by the servers, can be used to create profiles of natural persons and identify them”), and Article 122(1) and (2) of the Privacy Code (“1. The storage of information in the terminal equipment of a contractor or user or access to information already stored is permitted only on condition that the contractor or user has given his consent after having been informed in a simplified manner. This shall not prevent any technical storage or access to information already stored if the sole purpose is the transmission of a communication over an electronic communications network or to the extent strictly necessary for the provider of an information society service explicitly requested by the contracting party or user to provide such a service. For the purposes of determining the simplified modalities referred to in the first sentence, the Guarantor shall also take into account the proposals put forward by the most representative associations at national level of the consumers and economic categories involved, also with a view to guaranteeing the use of methodologies ensuring the effective awareness of the contracting party or user. For the purposes of expressing the consent referred to in paragraph 1, specific configurations of computer programmes or devices may be used which are easy and clear for the contracting party or the user to use…”); see, also, p. 15) of Measure n. 231 of 10.6.2021 signed by the Privacy Guarantor: “…there is not yet, to date, a universally accepted system of semantic coding of cookies and other tracking tools that allows you to objectively distinguish, for example, the technical ones from the analitycs or from those of profiling, if not based on the information made by the owner in the privacy policy […] the hope that you come quickly to a general coding”.

[2] Cookies designed to collect and store data while a user accesses a website, and disappear once the user closes the relevant browsing session.

[3] Cookies that are designed to last for a fixed period of time (e.g. minutes; months; years).

[4] Analytical cookies are usually used to assess the effectiveness of an information society service provided by a publisher, for the design of a website or to help measure traffic (i.e. the number of visitors, including possibly broken down by geographic area, time of connection).

[5] See Provision n. 231 of 10.6.2021 signed by the Privacy Guarantor, p. 13/14: “The structure of the analytics cookie must then provide for the possibility that the same is referable not only to one, but to several devices, so as to create a reasonable uncertainty about the identity of the person who receives it. As a rule, this effect is achieved by masking appropriate portions of the IP address in the cookie. Taking into account the representation of IP addresses version 4 (IPv4) at 32 bits, which are usually represented and used as a sequence of four decimal numbers between 0 and 255 separated by a point, one of the measures that can be implemented in order to benefit from the exemption consists in masking at least the fourth component of the address, an option that introduces an uncertainty in the attribution of the cookie to a specific person equal to 1/256 (about 0.4%). Similar procedures should be adopted with reference to IP addresses version 6 (IPv6), which have a different structure and a much larger address space (being made up of binary numbers represented with 128 bits). The Guarantor also stresses the need for the use of analytics cookies to be limited solely to the production of aggregate statistics and that they be used in relation to a single site or a single mobile application, so as not to allow tracking of the navigation of the person using different applications or browsing different websites. Therefore, it is understood that third parties providing the web measurement service to the Publisher shall not combine the data, even if minimized in this manner, with other processing (customer files or statistics on visits to other websites, for example) or pass them on to other third parties, otherwise the risk of user identification would be unacceptably high, unless the production of statistics carried out by them with the minimized data involves several domains, websites or apps attributable to the same Publisher or business group. However, even in the absence of the adoption of the prescribed minimization measures, it is possible to consider lawful the use of statistical analyses relating to multiple domains, websites or apps attributable to the same owner, provided that the owner performs the statistical processing himself, without such analyses resulting in an activity which, going beyond the boundaries of a mere statistical count, actually takes on the characteristics of a processing aimed at making commercial decisions”.