This Policy aims to describe the management methods of this website in regard to the processing of the personal data of the users/visitors consulting it, in accordance with European data protection legislation, EU Regulation 2016/679 - GDPR, and applicable national legislation and without prejudice to the amendments and adjustments as may prove necessary following European or national legislative interventions and/or provisions implemented by the Supervisory Authorities subsequent hereto.
In accordance with the GDPR and national privacy protection legislation, the company Cressi Sub S.p.A. intends to guarantee the privacy and security of the personal data of each visitor, in line with that prescribed by this policy.
Where not otherwise specified, this policy is also intended as a disclosure - in accordance with Art. 13 of EU Regulation 2016/679 - GDPR - made to all those interacting with the services offered by the website, accessible telematically from www.cressi.com, which is the home page of the company’s official website.
Please note that this disclosure is only made for the website www.cressi.com and does not also apply to other websites as may be consulted by the user via links.
When using this website, data may be collected on persons identified or identifiable.
The Controller of its processing is the company Cressi Sub S.p.A. with registered office at Via Gelasio Adamoli n. 501, Genoa, postcode 16165.
Subject of the processing
The website provides informative and sometimes interactive contents. When browsing the website, information may therefore be acquired on the visitor, as follows:
During normal operation, the computer systems and software procedures used to allow this website to function acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected for association with identified data subjects, but its nature may, through processing and association with data held by third parties, enable the users to be identified.
This category of data includes the IP addresses or domain names of the computers used by the users connecting to the website, the URI (Uniform Resource Identifier) addresses of the resources required, the time of the request, the method used to submit the request to the server, the dimension of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and computer environment of the user.
This data is used purely to obtain anonymous statistical information on the use of the website and to control that it is functioning correctly; it is deleted immediately after processing.
Data may be used to ascertain liability in the event of hypothetical computer crimes to the detriment of the website. Except in this case, at present, data on web contact is not held for more than seven days.
Data supplied voluntarily by the user
This is all personal data given freely by the website visitor, including, by way of example, name, surname, country, contact data (e-mail address, telephone number), data that enables registration with and/or access to a reserved area of the website, to request information about a given product or service by means of a form, to write to an e-mail address or telephone for direct contact with customer services and/or register in order to receive information and/or commercial communications (newsletters).
Cookies are small strings of text (generally made up of letters and numbers) that allow a website to recognize a specific device or browser; indeed, such text files are sent by a website to the browser used by the user for browsing and thereafter saved to the device (e.g. computer, tablet, smartphone, etc.) and re-transmitted back to the same website during the user’s next visit.
Personal data is mainly processed using electronic storage devices and procedures (e.g. DBs, CRM platforms, etc.) and/or manually, on paper, for the time strictly necessary to achieve the purpose for which the data was collected and as specified below.
Specific security measures are observed to prevent loss of data, unlawful or incorrect use and unauthorized access, in compliance with the principle of accountability envisaged by the GDPR.
Purpose of processing
Browsing data is processed in order to manage and maintain the website, obtain anonymous statistical information about website use, check that it is functioning correctly and prevent any fraudulent activity or activity that may damage the website.
Data supplied voluntarily by the user is processed for the following purposes:
a) to execute a contract to which the data subject is party, including product registration, or precontractual measures adopted on the request of said data subject and handle a request for contact/information made by the user;
b) to fulfill obligations laid down by laws, regulations, national and European Community legislation, orders and provisions by competent authorities;
c) to prevent fraudulent activity or activity that may be damaging to the website and exercise the rights of the Controller, such as, by way of example, the right to a defense in legal proceedings;
d) to allow for browsing of the website and the processing of data to carry out statistical analyses in anonymous and aggregated form;
e) to allow for registration with the website and the sending out of informative and/or commercial communications (newsletters) to the e-mail address supplied.
The legal basis for the processing of the personal data consists: for the purposes pursuant to letter a), of the execution of a contractual or precontractual requirement or a user request; for the purposes pursuant to letter b), of the fulfillment of a legal obligation; for the purposes pursuant to letters c) and d), of the pursuit of a legitimate interest of the Controller; and for the purposes pursuant to letter e), of the express consent of the data subject. The data subject may revoke the consent given at any time. In any case, revocation of consent will not prejudice the lawful nature of the processing carried out up to that point.
Recipients of the personal data
Personal data may be processed by staff employed by the Controller. More specifically, on the basis of the roles held and duties performed, some employees of the Controller have been authorized to process personal data within the limits of their purview and in compliance with instructions given them by the Controller.
Insofar as may be strictly necessary, data may also be disclosed to external subjects collaborating with the Controller, who are designated as data controllers, who, in order to process orders or other requests or provisions of services relative to the contract stipulated with the Controller, are required to supply goods and/or execute, by appointment of the Controller, provisions or services (e.g. professional firms and/or companies providing legal or tax consultancy, companies offering operation and maintenance services of corporate IT infrastructures, consultancy firms and those offering assistance to guarantee a better service to the user, IT companies). Finally, it may be disclosed to persons entitled to access such by virtue of provisions of laws, regulations or European Community legislation.
An updated list of controllers is available, on request, from the Controller’s offices.
Transfer of the personal data
The company does not transfer data to countries or international organizations outside the EU.
In order to carry out the activities, the data may be transferred to non-EU countries. If the transfer is made to countries with respect to which the European Commission has not made a decision of adequacy in accordance with Art. 45 of the GDPR, this will take place after taking additional measures as per Articles 46 and 47 of the GDPR or where derogations are in place as per Art. 49 of the GDPR.
Storage period and place of personal data processing
Browsing data is used purely to obtain anonymous statistical information on the use of the website and to control that it is functioning correctly; it is deleted immediately after processing. This data may be used to assess liability in the event of hypothetical cyber crimes to the detriment of the website; without prejudice to this event, at present, data on web contacts is not kept for more than seven days.
Data conferred voluntarily by the user in relation to the execution of the contract will be kept for 10 years from when the contract ends, without prejudice to any other hypotheses or disputes that may justify an extension to this time.
Data conferred by the user to manage a request for contact/information is kept for the length of time necessary to provide the service requested and thereafter deleted.
Data conferred by the user to receive informative and commercial communications is kept for 24 months, unless consent is renewed.
Processing connected with the web services of this website takes place at the Company’s office specified previously and is only carried out by technical staff of the office appointed to carry out the processing. If necessary, data connected with the newsletter service or website management may be processed by staff of the company that maintains the technological part of the website.
Nature of data conferral
Without prejudice to that specified for browsing data, the user is free to supply the personal data given on the forms present on the Cressi Sub S.p.A. website and in the sections made available to the user, such as “Contact us”, “Newsletter” and “Product registration”.
Failure to confer such may make it impossible to fulfill the request.
Rights of the data subject
The company informs you that, as data subject, if the limits set out by the law do not apply, including the limitations envisaged by Art. 2-undecies of Italian Legislative Decree no. 196/2003, as amended by Italian Legislative Decree no. 101/2018, the user/visitor has the right to:
a) request confirmation as to whether personal data is being processed or otherwise;
b) access their personal data, providing evidence of the purpose pursued by the Controller, the categories of data involved, the recipients to whom it may be disclosed, the applicable storage time, the existence of automated decision-making processes;
c) obtain without delay the correction of any inexact personal data regarding them and the related notification of all those to whom the data may have been transmitted;
d) obtain, in the cases envisaged, erasure of their personal data and related notification of all those to whom the data may have been transmitted;
e) obtain the restriction of processing, where envisaged;
f) object to personal data processing, where possible;
g) request and obtain the portability of the personal data in the cases established an in a structured form, commonly used and legible by an automatic device, also to transmit such data to another controller, within the limits of the material feasibility of the operation and the costs to be incurred;
h) make a complaint to the Data Protection Authority (Art. 77 GDPR);
i) bring a legal petition against a legally-binding decision made by the authority of the point above (Art. 78 GDPR);
j) bring a legal petition if considering that their rights have been violated following processing (Art. 79 GDPR).
Any request to exercise rights can be sent to the Controller at the above address or by e-mailing firstname.lastname@example.org
Amendments to the policy
This policy regulates the methods of processing of the personal data supplied by visitors when browsing the website. Any coming into force of new sector regulations and the constant examination and update of user services, may make it necessary to alter these methods. It is therefore possible that our policy may be changed over time and we would therefore ask the visitor to consult this page from time to time.
To this end, the policy document shows the date on which it was last updated.
Last updated February 2019