Privacy Documents
INFORMATION NOTICE REGARDING THE WEBSITE: https://www.elesa-ganter.com
ELESA S.p.A. and Otto Ganter GmbH & Co. KG pursuant to Articles 13 and 14 of Regulation 2016/679 (hereinafter "GDPR") provides hereunder some information relating to the processing of your personal data when you are using the website: https://www.elesa-ganter.com (hereinafter also the "Site")
1. Joint controllers and contact details of the Data Protection Officer (DPO)
ELESA S.p.A. Via L. Mancini 5, Milano, VAT Number 1686450154 e-mail privacy@elesa.com.
Otto Ganter GmbH & Co. KG Triberger Straße 3, 78120 Furtwangen, Germany, VAT Number DE141912543, phone: +49 7723/65070, email: info@ganternorm.com.
ELESA S.p.A. and Otto Ganter GmbH & Co. KG have entered a Joint Controller Agreement (hereinafter jointly referred to as "Joint Controllers") pursuant to Article 26 GDPR regulating their roles and mutual responsibilities arising from the processing of your personal data in connection with the use of the Site. In particular, both Joint Controllers are equally obliged to fulfil their duties to provide information and to ensure the exercise of data subjects’ rights. For this reason, you can contact both parties.
Moreover, Joint Controller Otto Ganter GmbH & Co. KG has appointed a DPO, that you can contact at the following e-mail address: gaulocher@dsb-bw.de.
2. Personal Data processed
Through the Site, Joint Controllers gather the following kind of data:
- Navigation data: The information systems and software procedures relied upon to operate the Site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. This category of data includes for example browsing data, such as IP address, name and domain of computers in use by the users connecting to the website, URI (Uniform Resource Identifier) address of requested resources, time of the request, method used for request submission to the server, response file dimension, numerical code of server response status (success, error, etc.) and any other parameter related the operating system and the computer environment of the user.
- Identity and Contact data: by way of example last name, first name, e-mail address, telephone number, login data (username and password);
- Location data: For providing you with more precise and useful services, Joint Controllers may ask you to enter your address or simply the country if you want to talk with a call center in order to ask for information.
Alternatively, and under your previous and explicit consent, your navigation program on Internet (“Browser”) may share with the Site an approximation of your geographic location through information on wireless access points close to you and on your device IP address.
In both cases, this optional use of personal data is extremely useful for providing you with even more useful Elesa+Ganter services. If you think that sharing your approximate location through your Browser is invasive, you may revoke your consent at any time by changing your Browser’s settings (or the settings of your operating system). To have more information we invite you to read the specific privacy notice of your Browser. - Cookies set on the Site as further described in the Cookie Policy
3. Data processing purposes, legal basis for processing data and data retention period
We collect and use your data for the following purposes:
3.1 “Registration” to the Site and creation of an account: Despite the browsing of the Site is free, it is possible to take advantage of some of the online services only after having logged into the customer area. The registration process consists in the completion of an online form in order to set off the log in credentials (username/e-mail and password). Legal basis: the need to execute a request of the data subject and to pursue contractual obligations. Please note that data marked with an asterisk (*) in the registration form must be provided in order to put in place and execute the contract; therefore, any refusal to provide such data will block the registration on the Site. A refusal to provide data makes these services impossible. |
Data retention period: 3.1 As long as the contractual relationship exists and, after termination, for the ordinary limitation period of 10 years. |
3.2 Legal obligations: Fulfillment of obligations or exercise of rights under national or EU law. Legal basis: the need for compliance with a legal obligation to which the controller is subject. Please note that data provision is mandatory to fulfill legal obligations. |
3.2 For the period required by the specific legal obligation set forth by the applicable law. |
3.3 Sending promotional newsletter: Sending of promotional communication and contents by e-mail. Personal data are voluntarily submitted by the user by inserting the e-mail address into the relevant form. Legal basis: Consent (which is optional and can be withdrawn at any time). Please note that providing an e-mail address is necessary for the requested service, therefore a refusal to provide this information means it will not be possible to send newsletters. |
3.3 Until you unsubscribe from the newsletter through the link at the bottom of every e-mail sent to you or until the consent is withdrawn. |
3.4 Sending catalogues: Sending of our catalogue to user who request it by inserting his/her data into the dedicated form. Legal basis: Execution of the contract involving the data subject. Please note that providing personal data is necessary for the requested service, therefore a refusal to provide this information means it will not be possible to send you our catalogues. |
3.4 For the duration of the service or until you request to be unsubscribed. |
3.5 If necessary, to ascertain, exercise and/or safeguard Joint Controllers’ rights in legal proceedings Personal data processed in order to provide our services may be retained for a longer period as it may be necessary to protect our interests against potential liability related to the provision of the services. Legal basis: Legitimate interest |
3.5 In case of judicial litigation, for its entire duration, up to the expiration of the terms for appeal. |
3.6 “Call me back”, “Contacts for information” and “Request technical drawings” services: Personal data provided by completing the form “Call me back”, “Contacts” or “Request technical drawings” will be processed to contact you or for answering to your requests for related services provided by Elesa+Ganter. Legal basis: the need to execute a request of the data subject. Please note that providing personal data is necessary for the service requested, therefore a refusal to provide this information means it will not be possible to contact you. |
3.6 The data will be processed for only the time strictly necessary to process the request and subsequently will be destroyed or made anonymous. |
3.7 Marketing: Sending business/promotional communication thought automatic contact methods (e.g. e-mail, SMS or MMS) and conventional methods (e.g. by post and telephone calls with operators) on Elesa+Ganter products/services and their partner (without transferring data), customer satisfaction surveys, market research and statistical analyses; Legal basis: your Consent, which is optional and can be withdrawn at any time. Data provisioning for this purpose is optional. |
3.7 Until revocation of the consent. |
3.8 Profiling marketing: Analysis of your purchasing preferences, habits, behaviors and interests through the use of cookies (browsing analysis, monitoring of selected products and virtual shopping cart) with aim of sending customized commercial communications/offers/services fitting your requirements. Legal basis: your consent, which is optional and can be withdrawn at any time. Data provisioning for this purpose is optional. |
3.8 Until revocation of the consent In any case, details of your preferences, habits, behavior and buying interests will be deleted every 12 months. |
3.9 Prevention of abuse/fraud Navigation data could be used to prevent and detect fraudulent activities or misuse of the Site (for potentially criminal purposes), for ascertaining responsibilities in the eventual case of cybercrimes against the Site, allowing Joint Controllers to defend themselves in subsequent legal proceedings that may arise Legal basis: Legitimate interest |
3.9 Data will be retained for as long as deemed strictly necessary to fulfil the purposes for which it was collected and until Joint Controllers have to keep it in order to defend themselves in subsequent legal proceedings that may arise, or communicate this data to Public Authorities, as may be requested. |
3.10 Site management Navigation data is not collected in order to relate it to identified data subjects, however it might allow user identification per se after being processed and matched with data held by third parties. Navigation data are used only to obtain anonymous statistical information on the usage of the Site and to check its correct working. Legal basis: Legitimate interest |
3.10 Data are deleted immediately after being processed. |
Once the aforementioned retention period has lapsed, data will be destroyed or made anonymous compatibly with technical erasure and backup procedures. |
4. Categories of recipients
Data may be communicated to parties operating as controllers, such as supervisory and regulatory authorities and, more generally, public or private entities, legally authorized to requests data.
Data may be as well processed, on Joint Controllers’ behalf, by external entities appointed as processors, who are provided with suitable operating instructions such as for example:
- hosting providers or e-mail platform/service providers;
- companies authorized to perform technical maintenance (including maintenance of network equipment and electronic communications networks);
- companies that provide management services of the Site;
- companies that provide management services of newsletters;
- companies that provide services requested by users (e.g. request technical drawings).
5. Subjects authorised to process personal data
Data may be processed by employees in Joint Controllers’ departments who are responsible for carrying out the activities outlined above and have been authorised to process the data and have received suitable operating instructions.
6. Your rights
By contacting Joint Controllers via e-mail to privacy@elesa-ganter.com, data subject can ask at any time to access his/her personal data, to erase data, to rectify inaccurate data, to integrate incomplete data, to restrict processing in the cases provided for by art. 18 GDPR, as well as to object to processing, for reasons related to his or her particular situation, in the cases of processing based on legitimate interest of the Joint Controllers.
The data subject has the right to object where personal data are processed for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
Furthermore, in the case where processing is based on consent or a contract and carried out with automated tools, data subjects have the right to receive the personal data in a structured, commonly used and machine-readable format, and to transmit the data to another data controller without obstruction.
You may always withdraw your consent at a later stage, without prejudice for the processing lawfully carried out before such withdrawal (e.g. for marketing and profiling purposes).
Data subjects have the right to lodge a complaint to the competent Supervisory Authority in the member state where they are resident or where they work, or the member state where the alleged breach took place.