PRIVACY POLICY FOR THE WEBSITE:

http://www.tellurerota.com


Pursuant to Articles 13 and 14 of EU Regulation 2016/679 (hereinafter the “GDPR”), Tellure Rôta S.p.A. hereby provides you with information regarding the personal data processing operations carried out while you are visiting the website www.tellurerota.com. (hereinafter the “Website”).

LINKS TO THIRD-PARTY WEBSITES

This Website may include links to third-party websites, plug-ins and applications. Interaction with such connections (for example, by clicking on links) may allow third parties to collect or share information about you.

Tellure Rôta S.p.A. does not control such third-party websites and is in no way liable for the content of the privacy policies published on those websites.

We therefore recommend that you carefully read the privacy policies applicable to any other websites you visit upon leaving our Website.

  1. Data controller

The Data Controller is Tellure Rôta S.p.A. (hereinafter referred to as the “Data Controller” or “Tellure Rôta”), with registered offices at Via Quattro Passi 15 – 41043, Formigine (MO), Italy, VAT number IT00180900367. 

  1. Types of data processed

The Data Controller collects the following categories of personal data via the Website:

  • Browsing data: During their normal operation, the computer systems and software procedures used to operate the Website acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects but, by its nature, may allow users of the Website to be identified through processing and association with data held by the Company or by third parties. This category of personal data includes the IP addresses or domain names of the computers used by the users connecting to the Website, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.
  • Personal and contact data: name, surname, e-mail address, telephone number, address, user login credentials (username and password). In connection with the profile registration procedure, information such as Company, Position, Sector and Preferred Language will also be collected; when requesting a quotation or making a purchase, the user's VAT number and Tax number will also be collected.
  • Financial data: banking and payment card details.
  • Data relating to quotation requests and purchases: information relating to quotation requests (company, address, optional telephone number and selected products) or online purchases of products or services (in particular, delivery address, billing data and selected products). It is possible to use Tellure Rôta’s e-commerce platform either as a registered user or as a guest user for quotation requests or purchases.
  • Data relating to the user’s geographical location: In order to provide more accurate and useful services, the Data Controller may ask the data subject to enter an address and postal code for delivery of purchased products, or simply the country in which the data subject is located, for example when requesting contact with a call centre.

Alternatively, and only with the user’s prior explicit consent, the user’s internet browsing software (“Browser”) may share an approximate geographical location with the Website through information on nearby wireless access points and the device’s IP address.

In both cases, this optional use of personal data is a valuable tool for providing the user with more effective Tellure Rôta services. If you consider the sharing of your approximate location via your browser to be intrusive, you may revoke your consent at any time by changing your browser or operating system settings. For further information, please consult the privacy policy specific to your browser.

  • Data relating to education and professional experience: if the data subject decides to submit an application (for open positions or unsolicited applications), he or she will be required to attach a curriculum vitae in order to allow Tellure Rôta to assess whether the profile matches the relevant job description.
  • The Cookies present on the Website are described in detail in the Cookie Policy.

Further details on the processing of personal data are provided in the following section (for each specific processing purpose)

  1. Purpose of processing, legal basis and retention period

Tellure Rôta processes your personal data for the following purposes:

Purposes 

Retention period 

3.1 Website registration and account creation:

In order to use certain services offered on the Website, registration may be required. The registration process consists of completing an online form to create access credentials (username/e-mail address and password).

Legal basis: processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject’s request (Article 6, para. 1, letter b) of the GDPR).

It should be noted that the information marked with an asterisk (*) within the registration form must be provided in order for the contract to be executed; therefore, any refusal to provide such information will prevent registration on the Website. The provision of data not marked with an asterisk is purely optional; therefore, failure to provide such data, either in whole or in part, will not prevent registration.

Your data will be retained for the entire duration of the contract and, after termination, for the ordinary required retention period of 10 years.

3.2 Fulfilment of legal obligations:

Fulfilment of obligations or exercise of rights under national or EU law.

Legal basis: the processing is necessary to fulfil a legal obligation to which the data controller is subject (Art. 6, para. 1, letter c) of the GDPR).

This processing activity is mandatory for the Data Controller in order to comply with specific regulatory requirements.

For the period strictly necessary to fulfil the specific legal obligation under the applicable law.

3.3 Cart sharing service:

This service allows the user, who has added products to their shopping cart, to share it with another person, together with a specific message (created by the user).

Legal basis: it is necessary to process the data entered by the user sending the request to share the shopping cart (name and e-mail address, as well as the information contained in the shopping cart and the message) for the performance of a contract to which the user is a party or for pre-contractual measures taken at the user’s request (Art. 6, para. 1, letter b) of the GDPR).

The recipient’s data (i.e. the e-mail address entered by the sender) is processed on the basis of the consent provided by the sender pursuant to Art. 6, para. 1, letter a) of the GDPR.

The data will be retained for the time necessary to process the request and, in any case, for a maximum period of 3 years, without prejudice to the need to retain the data for a longer period to protect the Data Controller’s position in the event of a dispute or where required by law.

3.4 Sending of promotional newsletters: 

Sending of promotional communications and content by e-mail. Personal data is provided voluntarily by the user by entering their e-mail address in the newsletter subscription form.

Legal basis: consent, which is entirely optional and may be revoked at any time (Art. 6, para. 1, letter a) of the GDPR).

It should be noted that the collection of the e-mail address is necessary for the provision of the requested service, and refusal will therefore prevent the newsletter from being sent.

Until you unsubscribe from the newsletter service via the “unsubscribe” button at the bottom of each e-mail, or until you revoke your consent by other means. 

3.5 Online quotation request for/purchase of our products:

The collection of data (name, surname, e-mail address, billing and shipping address, telephone number and payment information) is required for the completion of quotation requests or purchases made through the Website, in particular to ensure the proper execution of quotations and order shipments (and related billing), as well as to send communications to the user regarding their quotation or transaction requests.

Legal basis: processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject’s request (Article 6, para. 1, letter b) of the GDPR).

The provision of the data is essential in order to carry out the service. Any refusal to provide the personal data will prevent the data subject from requesting a quotation or purchasing products online.

In particular, it is mandatory to provide the data marked with an asterisk (*) in the data collection form. Any refusal to provide such information will prevent the use of the service.

In the case of a quotation request: until the end of the quotation’s validity and, after its expiry, for the ordinary retention period of 10 years.

In the case of purchase: for the duration of the contractual relationship (including, for example, the time required to deliver the purchased goods) and, after termination, for the ordinary retention period of 10 years

3.6 If necessary, in order to ascertain, exercise and/or safeguard the Data Controller’s rights in and/or out of court:

Personal data processed for the purpose of providing our services may be retained for a longer period where this is necessary to protect the legitimate interests of the Data Controller in relation to potential liabilities arising from the provision of the services.

Legal basis: legitimate interest (Art. 6, para. 1, letter f) of the GDPR).

In the event of litigation, for its entire duration and until the expiry of the time limit for appeal.

3.7 “Request for technical drawings” service:

Personal data requested for information or technical drawing requests will be processed in order to contact you, respond to your information requests or provide a service.

Legal basis: processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject’s request (Article 6, para. 1, letter b) of the GDPR).
The provision of personal data is necessary for the performance of the requested service; refusal to provide such information will make it impossible to contact you.

 The data will only be processed for the time strictly necessary to handle the request and will subsequently be deleted or rendered anonymous. 

3.8 Marketing

Sending of commercial and promotional communications via automated contact tools (e.g. e-mail, SMS or MMS) and traditional methods (e.g. post or telephone calls with an operator) relating to the products and services of Tellure Rôta and its partners (without data transfer), as well as customer satisfaction, market research and statistical analysis surveys.

Legal basis: consent is optional and may be revoked at any time (Art. 6, para. 1, letter a) of the GDPR).

The provision of data for this purpose is optional.

Until consent is revoked.

3.9 Targeted marketing (profiling for marketing purposes):

Analysis of purchasing preferences, habits, behaviours and interests through evidence of the user’s previous quotation or purchase requests or through the use of cookies (browsing analysis, tracking of selected products and the virtual shopping cart), with the aim of sending commercial communications, offers and services tailored to the user’s needs.

Legal basis: consent is optional and may be revoked at any time (Art. 6, para. 1, letter a) of the GDPR).

The provision of data for this purpose is optional.

Until consent is revoked.

In any event, the details relating to your purchasing preferences, habits, behaviour and interests will be deleted every 12 months.

3.10 Handling of information or contact requests:

Personal data provided for any requests for information, for example by completing the “Request information” and “Would you like to be contacted?” forms, will be processed for the purpose of contacting the user or responding to their requests.

Legal basis: processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject’s request (Article 6, para. 1, letter b) of the GDPR).

It should be noted that the provision of personal data is necessary for the provision of the requested service; therefore, refusal to provide such information will make it impossible to contact you or respond to your requests.

The data will only be processed for the time strictly necessary to handle the request and will subsequently be deleted or rendered anonymous.

3.11 Prevention of abuse/fraud:

Browsing data may be used to prevent and detect fraudulent activities or misuse of the Website (including potentially criminal purposes) and to establish liability in the event of computer crimes against the Website, enabling the Data Controller to defend itself in court if necessary

Legal basis: legitimate interest (Art. 6, para. 1, letter f) of the GDPR).

The data will be retained for as long as is strictly necessary to fulfil the purposes for which it was collected and for as long as the Data Controller needs to retain it in order to defend itself in any subsequent legal disputes or to communicate such information to the public authorities, where required.

3.12 Website management:

While browsing data is not collected for the purpose of being associated with the data subjects' identities, identification may be possible through processing and matching with data held by third parties.

Browsing data is only used to obtain anonymous statistical information on the use of the Website and to verify its proper functionality.

Legal basis: legitimate interest (Art. 6, para. 1, letter f) of the GDPR).

The data are deleted immediately after being processed

Upon expiry of the aforementioned retention periods, the data will be deleted or anonymised, in accordance with technical deletion and backup procedures.

 

  1. Categories of recipients of personal data communications

Personal data may be communicated to authorised entities acting as independent data controllers, such as supervisory and regulatory authorities and, more generally, public or private entities legally authorised to request such data.

Data may also be processed, on behalf of the Data Controller, by external entities appointed as Data Processors, which are provided with appropriate operational instructions, such as:

  • hosting or service providers and e-mail platforms;
  • companies authorised to carry out technical maintenance (including maintenance of network equipment and electronic communication networks);
  • companies that provide Website management services;
  • companies that provide newsletter management services;
  • companies that provide services requested by users (e.g. requests for technical drawings);
  • Elesa S.p.A., which provides services to Tellure Rôta, in particular for website management and marketing activities.

 

  1. Persons authorised to process personal data

Personal data may be processed only by persons expressly authorised by Tellure Rôta and who have received specific instructions on the correct processing of personal data.

  1. Transfer of personal data to third countries

Some of the recipients mentioned in section 4 may be established in countries outside the European Economic Area (so-called third countries). Where such countries have been recognised as adequate by the European Commission, the Data Controller will transfer personal data on the basis of an adequacy decision adopted by the European Commission, such as, for example, the “Data Privacy Framework” for transfers to the United States. Where such countries have not been recognised as adequate by the European Commission, personal data will be transferred using one of the transfer mechanisms provided for in Chapter V of the GDPR, such as the standard contractual clauses adopted by the European Commission. For further information, please write to privacy@tellurerota.com.

  1. Rights of Data Subjects

By contacting the Data Controller by e-mail at privacy@tellurerota.com, data subjects may, at any time, request access to their personal data, deletion of data, rectification of inaccurate data, completion of incomplete data, and restriction of processing in the cases provided for by Art. 18 GDPR, as well as object to processing, on grounds relating to their particular situation, in cases where the processing is based on the legitimate interest of the Data Controller.

Data subjects have the right to object to the processing of personal data for direct marketing purposes, including profiling, insofar as it is related to such direct marketing.

In cases where the processing is based on consent or on a contract and is carried out by automated means, data subjects also have the right to receive their personal data in a structured, commonly used format and to transmit them to another data controller without hindrance from Tellure Rôta.

Data subjects may revoke their consent at any time, without prejudice to the lawfulness of the processing carried out prior to such revocation (e.g. for marketing and profiling purposes).

Data subjects have the right to lodge a complaint with the competent supervisory authority in the Member State in which they reside or work, or in the Member State where the alleged infringement occurred.

  1. Amendments to the privacy policy and related communications

We reserve the right to amend this privacy policy and will notify you by updating it directly on our Website. We therefore encourage you to review it periodically, particularly if you maintain an ongoing relationship with us. It is important that the personal data in our possession is accurate and up to date. We therefore invite you to inform us of any changes to such data.