PRIVACY POLICY FOR THE WEBSITE WWW.CRYOLAB.IT

In force since 24.05.2018

Reasons behind the policy/Your privacy is important for us

This Privacy Policy contains important information about your personal data collected when you visit this website www.cryolab.it (the “Website) as a [registered] user or non-registered user (the ’“User”) in order to be able to view and/or use the services [or products] offered on the Website (the “Services”).

In particular, our company, CryoLab Srl, a member of the SOL Group, with its registered office situated at Via Montpellier,  1 - 00133 Rome, VAT no. 11750711001, R.E.A. (Economic and Administrative Register) of ROME entry no. RM-1325428, in its capacity as Data Controller (the “Company” or the “Data Controller”), hereby informs you, in accordance with the current personal data protection legislation (the “Privacy Law”), including the Regulation (EU) 2016/679 (the “GDPR”), that it will process the data of its users with the methods and for the purposes described below.

The terms of this Privacy Policy apply exclusively to the Website and not to other websites belonging to the Data Controller or third parties accessed by the User via any links present on the Website. If the User accesses other websites, he/she should read the information about the personal data processing applicable to the website visited.

Acceptance

By visiting the Website, using its Services or interacting with the Company, the User confirms that he/she has read and understood this Privacy Policy and accepts that the Company will collect, use, file, transmit and disseminate the personal data collected through the Website in compliance with this Privacy Policy and the Privacy Law. [Except in the case in which it is already registered,] the Company could ask the User to give his/her consent (for example, by ticking a box), or if it considers it appropriate to safeguard his/her rights, that is, when this is laid down in the current legislation.

If he/she does not accept the conditions set forth in this Privacy Policy, the User should avoid visiting this Website, [not create an account (as defined herein)] and not use this Website in any other way or send his/her personal data, that is, avoid giving his/her consent, when this option is offered in accordance with the Privacy Law.

The Data Controller reserves the right to make changes to this Privacy Policy at any time by communicating them to the Users on this page. You should thus consult this page often, taking the date of the last change indicated as a reference. If the changes made to this Privacy Policy are not accepted, the User must stop using this Website and can ask the Data Controller to remove his/her personal data. Unless otherwise specified, the previous Privacy Policy will continue to be applied to the personal data collected up to that point.

This Privacy Policy contains important information on the following:

  1. TYPE OF DATA PROCESSED BY THE COMPANY THROUGH THE WEBSITE
  2. LEGAL BASIS AND PURPOSES OF PROCESSING
  3. NATURE OF DATA PROVISION
  4. DATA PROCESSING AND PROCESSING METHODS
  5. ACCESS TO PERSONAL DATA
  6. COMMUNICATION OF PERSONAL DATA
  7. TRANSFER OF PERSONAL DATA OUTSIDE THE EU
  8. YOUR RIGHTS
  9. EXERCISING YOUR RIGHTS AND FILING A COMPLAINT WITH THE DATA PROTECTION AUTHORITY
  10. DATA CONTROLLER, DATA PROCESSOR AND PERSONAL DATA PROTECTION OFFICER

Type of data processed by the company through the Website

In accordance with the Privacy Law, the Data Controller processes the following personal data you provided (your “Personal Data”) while browsing the Website [or while registering on the Reserved Area]:

common identification data (such as, but not only: first name, last name, email address, etc.).

Data obtained while a User is browsing the Website:
the IT systems, cookie technology and software procedures used for the operation of the Website acquire some data that are transmitted during use of the Web. This information is not collected to be associated with identified data subjects but, due to its very nature, could result in the browsing Users being identified, if processed and associated with data held by third parties.

This category of data includes, for example, the IP addresses and domain names of the computers used by the Users connecting to the website, the pages visited by the Users on it, the domain names and website addresses from which the User accessed the Website (by referral), the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the Web server, the size of the file obtained in response, the numeric code indicating the status of the reply given by the Web server, and other parameters concerning the type of browser (e.g., Internet Explorer, Google Chrome, Firefox), the operating system (e.g., Windows) and the IT system used by the User.

These data are collected using first party proprietary technical cookies [and third party analytical cookies]. For further details on browsing data, Users should consult the Cookie Policy of the Website.

Personal data provided by Users when registering on the Website
Most pages and contents of the Website can be accessed and consulted by the User without having to register and/or be identified.

If he/she so wishes, the User can register on an area of the Website (the “Reserved Area”) reserved for use by some categories of persons – such as (“Registered Users”), so that they can access the offer of some Services and establish trade relationships with the Company and/or take pre-contractual measures. To consult the terms and conditions of use of the Website and the Reserved Area, please read the “Conditions of Use” of the Website, available at the following link: www.cryolab.it/terms-conditions.htm.

The User assumes responsibility for the truthfulness of the personal data provided, published or shared via this Website, and guarantees that he/she has the right to communicate or disseminate them, thus releasing the Data Controller from all liability towards third parties.

Legal grounds and purpose of personal data processing

The processing of your data collected through the Website has your consent as its legal grounds.

2.1 We also wish to inform you that your personal data will be processed without your prior consent, in accordance with art. 6 GDPR, for the following purposes (the “Purposes”):

to carry out maintenance and the technical support necessary to ensure correct operation of the Website and the services associated with it;

to improve the quality and structure of the Website, and to create new Services, functions and/or characteristics;

to enable the Data Controller to provide its Services;

to allow the Company to exercise its rights in Court and for litigation management;

to fulfil legal and/or regulatory obligations;

to collaborate with public authorities, to prevent and suppress illegal acts, including disciplinary action;

to pursue statistical and historical purposes.

2.2 The data provided by the Registered User will be processed without his/her prior consent in accordance with art. 6 letter b) GDPR, for the following purposes:

to allow the Registered User to access the Reserved Area of the Website and to create and maintain his/her user profile (“Account”);

to use the services offered by the company to Registered Users and to fulfil their consequent pre-contractual and contractual, legal, accounting and fiscal obligations, and to effectively manage trade relations with the company.

2.3 The data provided by the Registered User could be processed having obtained his/her consent in accordance with art. 6 letter a) GDPR, for the following purposes:

to allow the Registered User to receive by email communications on products, projects and/or Services proposed by the Company and/or newsletters, or other advertising, informative or promotional material.

[The Users with whom the Company has conducted contractual relations are informed that the Company can send them communications on services and products similar to those included in previous relations, in compliance with all the applicable legal provisions and guidelines, unless they dissent in accordance with art. 21, paragraph 2 GDPR.]

Nature of Data Provision

The User is obliged to provide his/her personal data for the service purposes as set forth in par. 2.1 and 2.2 of this Privacy Policy. If he/she fails to do so, he/she will not be able to use the services offered by the Company through the Website.

The User is not obliged to provide his/her personal data for the marketing purposes set forth in par. 2.3 of this Privacy Policy. If he/she refuses to provide the details requested, the User will not receive any marketing communications on products, projects and/or services proposed by the Data Controller.  In any case, the User will be able to use the services set forth in paragraphs 2.1 and 2.2 of the previous paragraph.

Data Processing and Processing Methods

We also inform you that the processing of your personal data, in accordance with art. 4 GDPR, will consist of the following activities (the “Processing”): collection, recording, organisation, structuring, preservation, adaptation or modification, extraction, consultation, use, communication through transmission, any other form of provision, comparison or interconnection, restriction, erasure or destruction of the data.

We also inform you that your Personal Data:

will be processed in compliance with the principles of lawfulness, fairness and transparency;

will be collected for the legitimate purposes indicated above;

will be adequate, relevant and restricted as far as necessary with respect to the purposes for which they are processed;

will be preserved in a form that allows your identification for a period of time no longer than the achievement of the purposes for which they are processed and, in any case, no more than 1 year after their collection for the Purposes set forth in paragraphs 2.1 and 2.2, and no more than 1 year after their collection for the marketing purposes set forth in paragraph 2.3 of this Privacy Policy;

will be processed in such a way as to guarantee an adequate degree of protection against the risk of destruction, loss, modification, dissemination or unauthorised access using technical and organisational security measures.

The processing of your personal data can be performed with the support of printed media, automated, computerised or data communications devices, with organisational methods and rationale closely related to the Purposes indicated.

The Data Controller uses the most adequate technological and security measures (electronic, computerised, physical, organisational and procedural) to guarantee the security and confidentiality of the data processed. These measures include the maintenance of a secure data preservation and use system based on cryptography and intrusion detection, besides prevention and protection software.

The User acknowledges, however, that the communication of personal data via websites presents risks associated with the dissemination of such data, and that no system is totally secure, tamper-proof or intrusion-proof by third parties.

Access to Personal Data

Without prejudice to the communications made in fulfilment of legal and/or regulatory obligations, your Personal Data can be made accessible, for the Purposes, to:

employees and/or collaborators of our main or local offices, duly authorised by the Data Controller, in their capacity as authorised data processors and/or system administrators.

Communication of Personal Data

Without the express consent of the User (in accordance with art. 6 letters b) and c) of the GDPR), the Data Controller can communicate the User’s data for the service purposes indicated in par. 2.1, letters. d) and f) to supervisory and/or control bodies, Judicial Authorities and all other entities to which their communication is obligatory by law to achieve the aforesaid Purposes, in their capacity as autonomous data processors.

The Users’ data will not be disclosed to the public or unspecified parties.

In addition to the Data Controller, in some cases, the Personal Data could be accessed and processed, in Italy and abroad, for the purposes indicated above by categories of third parties involved in the organisation of the Data Controller or of the website – and any data processors duly appointed by the Data Controller – such as, for example:

third party technical service providers;
couriers and mail services;
hosting providers;
computer companies;
professionals and consultants (in legal, commercial, administrative, fiscal, tax, town planning, environmental, quality and safety issues, and issues concerning the Group’s budget certification and listing on the Stock Exchange, etc.) commissioned tasks that require knowledge of the User’s personal data;
communication agencies;
credit companies;
insurance companies;
Italian and foreign companies belonging to the SOL Group (for management, statistical and data consolidation needs).
 

Transfer of the data outside the EU

Your personal data will not be transferred to any third party other than those indicated in this policy.

Your Personal Data may be communicated abroad exclusively for the purposes specified above.

Your Personal Data will be transferred to countries outside the EU exclusively within the terms and with the guarantees laid down in the Privacy Law and within the limits suitable to ensure optimum management of the service.

Your Rights

We inform you that, in your capacity as a data subject, in accordance with the law, you will have the right to revoke your consent at any time, and you will be able to exercise your rights (“Your Rights”) at any time:

the so-called “right to access” your Personal Data indicated in art. 15 GDPR, and to be more precise: to obtain confirmation of the existence of Personal Data that concern you, even if not yet recorded, and their communication in intelligible form, and to obtain the following information:

the purposes and methods of the processing of your Personal Data (including the existence of an automated decision-making process, including the profiling indicated in art. 22, par. 1 and 4 GDPR and, at least in such cases, significant information on the rationale used, and the importance and expected consequences of this processing for the data subject), the categories of your processed Personal Data, the source of your Personal Data, the retention period of your Personal Data (where possible), or the criteria adopted to determine this period;

the ID data of the Data Controller, the managers and the representatives designated in accordance with art. 5, par. 2; e) GDPR and, in general, all the subjects and categories of subjects to whom your Personal Data have been or will be communicated in Italy, in particular if they are recipients in third countries or international organisations (and, in this case, you also have the right to be informed of the existence of adequate guarantees in accordance with article 46 GDPR on data transfer);

the existence of your right, in your capacity as a data subject, to ask the Data Controller to rectify, delete or restrict the processing of your Personal Data, or to object to such processing;

the right to file a complaint with the Data Protection Authority (the “Authority”);

the so-called “right to rectify” indicated in art. 16 GDPR: the right to request rectification or, where appropriate, integration of your Personal Data;

the so-called “right to erasure” (or “right to be forgotten”) indicated in art. 17 GDPR: the right to request deletion, transformation into anonymous form or blocking of any data processed in violation of the law, including those that do not have to be preserved for the purposes for which your data was collected or subsequently processed;

the so-called “right to restrict processing” indicated in art. 18 GDPR: the right to obtain from the Data Controller the restriction of processing in some cases indicated in accordance with the Privacy Law;

the right to ask the Data Controller, in accordance with art. 19 GDPR, for an indication of the recipients to whom it has notified any rectifications, deletions or restrictions of processing (carried out in accordance with articles 16, 17 and 18 GDPR, in fulfilment of the notification obligation, except when this is not possible or entails a disproportionate effort);

the so-called “right to data portability” indicated in art. 20 GDPR: the right to receive (or send directly to another Data Controller) your Personal Data in a structured, commonly used format that can be read by an automatic device;

the so-called “right to object” indicated in art. 20 GDPR: the right to object to all or part of the processing:

for legitimate reasons to the processing of your Personal Data, relevant to the purpose of data collection;

to the processing of your Personal Data, for the transmission of advertising or direct sales material or for the conduct of market surveys or marketing communications.

In the cases listed above, where necessary, the Data Controller will inform the third parties to which your Personal Data are communicated about your decision to exercise your rights, except in specific cases (e.g., when this obligation is impossible or entails the manifestly disproportionate use of means with respect to the right protected).

Exercising your rights and filing a complaint with the Data Protection Authority

You will be allowed to exercise your rights at any time using the following methods:

by sending a registered letter with a return receipt to the Data Controller’s address at Via Montpellier, 1 - 00133 Rome;

by sending an email to info@cryolab.solgroup.com;

by telephone to +39 039 2109770.

We also inform you that, in accordance with the Privacy Law, you have the right to file a complaint with the Data Protection Authority. To file the complaint you will be able to use the method that you consider to be the most suitable, by delivering the complaint by hand to the Authority’s offices (at the address indicated below) or by sending:

a registered letter with return receipt to “Garante per la protezione dei dati personali”, Piazza di Monte Citorio, 121 - 00186 Rome;

an email to the address: garante@gpdp.it, or protocollo@pec.gpdp.it;

a fax to the number: 06-696773785.

For more information, visit the Authority’s Web page http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.

Data Controller, Data Processor and Personal Data Protection Officer


The Data Controller is the company CryoLab Srl, with registered office situated at Via Montpellier, 1  - 00133 Rome, VAT no. 11750711001, and Tax ID 11750711001, R.E.A. (Economic and Administrative Register) of ROME entry no. RM-1325428.

The Data Processor is the company SOL S.p.A., with registered office situated at via Gerolamo Borgazzi, 27 - 20900 Monza, VAT no. 00771260965 and Tax ID 00771260965. R.E.A. (Economic and Administrative Register) of Monza and Brianza entry no. 991655. The up-to-date list of any other Data Processors (to whom your Personal Data are communicated and duly appointed through a written deed), is available for free consultation at the company’s registered office.

The SOL Group has appointed a group DPO organisation based at Via G. Borgazzi, 27  (MB-Italy) at the registered office of the Group leader SOL SPA. The data of the Members of the Organisation are available for free consultation at the registered office. The DPO organisation can be contacted by e-mail at : organismodpo@solgroup.com.