Valid as of 24/05/2018
Reasons for providing the Information/Your privacy is important to us
Our Company CryoLab Srl, which is part of the SOL Group, with registered offices at Roma, Via Montpellier, n. 1, CAP 00133, and VAT Code 11750711001, registered in the Company Register of Roma under No. RM-1325428, in its capacity as data controller (the “Company” or the “Data Controller”), informs you, pursuant to the applicable data protection laws (the “Privacy Laws”), including Regulation (EU) 2016/0679 (“GDPR”), that it will process its Users’ data in the manners and for the purposes detailed below.
1. TYPE OF DATA PROCESSED BY THE COMPANY THROUGH THE WEBSITE
2. LEGAL GROUNDS AND PURPOSES OF PROCESSING
3. MANDATORY OR OPTIONAL PROVISION OF PERSONAL DATA
4. PROCESSING OF PERSONAL DATA AND METHODS OF PROCESSING
5. ACCESS TO PERSONAL DATA
6. COMMUNICATION OF PERSONAL DATA
7. TRANSFER OF PERSONAL DATA OUTSIDE THE EU
8. YOUR RIGHTS
9. EXERCISING YOUR RIGHTS AND LODGING A COMPLAINT WITH THE PRIVACY SUPERVISORY AUTHORITY
10. DATA CONTROLLER, DATA PROCESSOR AND DATA PROTECTION OFFICER
1.Type of data processed by the Company through the Website
Under the Privacy laws, the Data Controller processes the following personal data your provide (your “Personal Data”) when you navigate the Website [when you register in the Reserved Area]:
general identification data (such as, by way of example and not limitation, name, surname, e-mail address, etc.);
Data obtained when a User navigates the Website
The computer systems, cookie technology, and software procedures used for the running of the Website acquire, over the course of their normal operation, certain data which transmission is implicit to the use of the Internet. This information is not collected to be associated to identified data subjects; however, the nature of said data might, through processing and associations with data held by third parties, allow the identification of the Users who navigate a website.
This category of data include, by way of example, IP addresses or domain names of the computers used by the Users connecting to the Website, the pages viewed by Users within the Website, the domain names and the Internet addresses from which Users have accessed the Website (through referrals), the URL (Uniform Resource Identifiers) of the queries made, the time of queries, the method used to submit a query to a web server, the size of the file obtained in reply, the numeric code indicating the status of the reply from the web server, and the other parameters on the type of browser used (e.g., Internet Explorer, Google Chrome, Firefox), the operating system (e.g., Windows), and the User’s computer environment.
[Personal Data provided by Users when registering with the Website
Most of the pages and content of the Website can be accessed and viewed by Users without requiring their registration and/or identification.
Users may, if they wish, register in an area of the Website (the “Reserved Area”) strictly reserved to certain categories of users - such as (the “Registered Users”), in order to access offers of certain Services and enter into agreements with the Company and/or take certain pre-contractual steps. The terms and conditions for using the Website and the Reserved Area are found in the “Conditions of Use” section in the Website, available at the following link: www.cryolab.it/terms-conditions.htm..
Users are responsible for the truthfulness of the personal data declared, published, or shared through this Website, and guarantee they have the right to communicate or diffuse them, holding the Data Controller harmless from any third-party liability.
2.Legal Grounds and Purposes for the Processing of Personal Data
The legal ground for the Processing of your Personal Data, collected through the Website, is your consent.
2.1 We wish to also inform you that your Personal Data shall be processed without your consent, under Article 6 of the GDPR, for the following purposes (the “Purposes”):
provide the maintenance and technical assistance required to ensure the proper operation of the Website and the services connected thereto;
improve the quality and the structure of the Website, and create new Website Services, functionalities, and/or characteristics;
allow the Data Controller to provide its Services;
allow the Company to exercise its rights in legal proceedings and to handle litigation;
comply with obligations of law and/or regulation;
the collaboration with the public authorities, and the prevention and suppression of unlawful acts, including by way of disciplinary measures;
for statistical and historical purposes, if any.
2.2 The data provided by the Registered User shall be processed, without the prior consent of the latter under Article 6, letter b) of the GDPR, for the following purposes:
to enable the Registered User to access the Reserved Area of the Website and to create and maintain a user account (“Account”);
to access the services offered by the Company to Registered Users and comply with any pre-contractual and contractual, legal, accounting, and tax obligations deriving therefrom, and to ensure an effective management of the business relations with the Company.
2.3 The data provided by the Registered User may be processed, with the prior consent of the latter under Article 6, letter a) of the GDPR, for the following purposes:
to allow the dispatch to the Register User of communications via e-mail on products, initiatives and/or Services offered by the Company, and or of newsletters or other advertisement, information, or promotional material.
[Please note that the Users with whom the Company has entered into any agreements may receive communications from the Company regarding services and products similar to those provided under the above agreements, in compliance with all the provisions of law and guidelines applicable, unless such Users should object to the above, under Article 21, paragraph 2 of the GDPR]
3.Provision of Personal Data
The provision of data by Users is mandatory for the purposes of the service as per points 2.1 and 2.2 herein. Where Users should refuse to provide said data, the Company may be unable to provide the Services offered through the Website.
The provision of the data by Users is optional for the commercial purposes as per point 2.3 above. Where Users should refuse to provide said data, they will not receive any commercial communications on products, initiatives and/or services offered by the Data Controller. However, they may still access the services under points 2.1 and 2.2 above.
4.Processing of Personal Data and Methods of Processing
We inform you also that the processing of your Personal Data may, under Article 4 of the GDPR, consist in the following activities (the “Processing”): collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission or otherwise making available, alignment, interconnection, restriction, erasure, or destruction of the Personal Data.
We also inform you that your Personal Data:
shall be processed in line with the principles of lawfulness, fairness, and transparency;
shall be collected for the legitimate Purposes indicated above;
shall be adequate, relevant, and limited to what is necessary for the Purposes for which they are processed;
shall be stored, in a form that enables your identification, for a period of time not exceeding the attainment of the Purposes for which they are processed, and, in any case, not exceeding 1 year of their collection for the Purposes under point 2.1 and 2.2, and not exceeding 1 year of their collection for the commercial purposes under point 2.3 herein.
shall be processed in a manner such as to ensure adequate security from the risk of destruction, loss, modification, distribution, or unauthorised access, by implementing technical and organisational security measures;
Your Personal Data may be processed through the use of paper media, automated, computer, or telecommunication tools, with organisational means and a logic strictly connected to the Purposes indicated above.
The Data Controller uses the most appropriate technological and security measures (electronic, computer, physical, organisational, and procedural) to ensure the security and confidentiality of the data processes. Such measures include maintaining a secure system for storing and using data, based on encryption, detection of intrusions, and prevention and protection software.
Users, however, acknowledge that the very communication of personal data via Internet sites presents risks connected to the disclosure of such data, and that no system is completely secure or immune from tampering and/or intrusions by third parties.
5.Access to Personal Data
Without prejudice to the communications carried out in compliance of the obligations of law and/or regulation, your Personal Data may be made accessible, for the Purposes, to:
Employees and/or collaborators in our headquarters or territorial offices, duly authorised by the Data Controller, in their capacity as persons authorised to process Personal Data and/or system administrators.
6.Communication of Personal Data
Without the express consent of the User (under Article 6, letters b) and c) of the GDPR), the Data Controller may communicate the User’s data for the Purposes of the service as per points 2.1, letters d) and f), to supervisory and/or control bodies, judicial Authorities and any other entities to whom the Data Controller is under legal obligation to disclose such data for the performance of the above Purposes, in their capacity as autonomous data controllers.
The Users’ data shall not be disclosed to the public or to unknown parties.
In addition to the Data Controller, in certain cases the Personal Data may be accessed or processed, in Italy and abroad, for the above Purposes, by categories of third-parties involved in the organisation of the Data Controller or the Website - who, if required, are appointed as Processors by the Data Controller - including, by way of example,
providers of third-party technical services;
couriers and postal services;
information technology companies;
experts or consultants (on legal, commercial, administrative, fiscal, tax, city planning, environmental, and quality and security matters, and on issues pertaining to financial statement certifications, the Group’s listing in the Stock Exchange, etc.) who have been assigned tasks for which the knowledge of the Users’ Personal Data is required;
Italian or foreign companies within the SOL Group (for management, statistical, or data consolidation needs).
7.Data Transfer outside the EU
Your Personal Data shall not be transferred to recipients other than those indicated in this document.
Your Personal Data may be communicated abroad exclusively for the Purposes.
Your Personal Data may be transferred to non-EU Countries exclusively within the terms and with the guarantees provided for in the Privacy Laws and within the limitations of what is useful to best manage the service.
We wish you to know that, in your capacity as data subject, you have the legal right to revoke your consent to the processing of your personal data at any time. Furthermore, you may, at any time, exercise the following rights (“Your Rights”):
the “right of access” to your Personal Data as per Article 15 of the GDPR, and namely: obtain confirmation on the existence of Personal Data that concern you, including when not yet recorded, and obtain the communication thereof in intelligible form, and obtain the following information:
the purposes and methods of Processing of your Personal Data (including the existence of an automated decision-making process, including profiling as per Article 22, paragraphs 1 and 4 of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject), the categories of your Personal Data processed, the origin of your Personal Data, the period of retention of your Personal Data (where possible) or the criteria used to determine such period;
the identification details of the data controller, the processors, and the supervisor appointed under Article 5, paragraph 2, e) of the GDPR and in general of all the parties or categories of parties to whom your Personal Data have been or shall be communicated within the territory of Italy, and in particular whether or not there are third-Country recipients or international organisations involved (and, in such case, you shall also have the right to be informed on the existence of adequate guarantees under Article 46 of the GDPR with respect to the transfer of Personal Data);
the existence of your right, as Data Subject, to request from the data controller rectification or restriction of processing of personal data concerning you, or to object to such processing;
the right to lodge a complaint with the Privacy Supervisory Authority for the protection of your Personal Data (the “Privacy Supervisory Authority”);
the “right to rectification” as per Article 16 of the GDPR: the right to request the rectification or, where in your interest, to obtain completion of your Personal Data;
the “right to erasure”(right to be forgotten) as per Article 17 of the GDPR: the right to obtain the erasure, anonymisation, or blocking of data processed in violation of the law, including data which storage is not required with respect to the purposes for which your Data was collected or subsequently processed;
the “right to restriction of processing” as per Article 18 of the GDPR: the right to obtain restriction of processing in some of the cases provided for in the Privacy Law;
the right to request the Data Controller, under Article 19 of the GDPR, indication of the recipients to whom the Data Controller has disclosed any rectifications or cancellations or restrictions of processing (carried out under Articles 16, 17, and 18 of the GDPR, in compliance with the notification obligation, unless this proves impossible or involves a disproportionate effort);
the “right to data portability” as per Article 20 of the GDPR: the right to receive your Data (or transmit those Data to another controller) in a structured, commonly used and machine-readable format;
the “right to object” as per Article 21 of the GDPR: the right to object, in whole or in part,
on legitimate grounds, to the processing of your Personal Data, including where pertinent to the purpose for which they were collected;
to the processing of your Personal Data for the purpose of sending advertisement material or direct sale or to perform market surveys or for the purpose of marketing communication.
In the cases above, where necessary, the Data Controller shall inform the third parties to whom your Personal Data have been communicated of the exercise of your rights, except for specific cases (e.g., when such obligation proves to be impossible or involves a use of means that is manifestly disproportionate to the right being protected).
You may exercise your rights at any time in the following manners:
by sending a registered letter with proof of receipt to the address of the Data Controller at Via Montpellier 1, 00133 Roma;
by sending an e-mail to email@example.com
by calling the number +39 039 2109770..
We wish to inform you that under the Privacy Laws you have the right to lodge a complaint to the Italian Privacy Supervisory Authority. To lodge such complaint, you may either hand the complaint in person to the offices of the Privacy Supervisory Authority (at the address indicated below) or send:
a registered letter with proof of receipt addressed to “Garante per la protezione dei dati personali”, Piazza di Monte Citorio, 121, 00186 Rome, Italy;
an e-mail to: firstname.lastname@example.org, or email@example.com;
a fax to: (+39) 06-696773785.
For more information, please visit the web page of the Italian Privacy Supervisory Authority's [Garante] http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.
10.Data Controller, Data Processor and Data Protection Officer
The Data Controller is CryoLab Srl with registered offices at _Via Montpellier n. 1, CAP 00133, and VAT Code 11750711001 registered with the Company Register of Roma under No. RM-1325428.
The Processor is SOL S.p.A with registered offices at via Gerolamo Borgazzi 27, CAP 20900, and VAT Code 00771260965 registered with the Company Register of Monza e Brianza under No. 991655. An updated list of any additional data Processors (to whom your Personal Data are disclosed, and who are duly appointed in writing), is available at the Company’s registered offices..
The SOL Group exercised its right to appoint a DPO Body at Group level, with headquarters at Via G. Borgazzi, 27 (MB-Italy) within the registered offices of the Parent Company, SOL SPA. The data of the Members of the Body are available at said headquarters. The DPO Body can be contacted via email at firstname.lastname@example.org.