Privacy Policy

 

 

This Privacy Policy is provided pursuant to art. 13 of European Regulation 679/2016 (the GDPR) and applies exclusively to all data collected via the website, itech.eu. This Privacy Policy is subject to updates which shall be published on the website in a timely manner. This Privacy Policy and the Cookie Policy establish the basis on which a Data Subject’s personal data will be processed.

 

Controller (in terms of processing personal data) 

The Controller of the personal data collected via this website is ITECH AG, Riedstrasse 1, CH-6343 Rotkreuz, email: info@itech.eu

 

Personal Data

The term, Personal Data, is understood to mean any information concerning an identified or identifiable natural person (a Data Subject). An identifiable natural person is someone who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, data relating to a location or address, an online identifier, one or more characteristic features of their physical identity. 

 

Categories of Personal Data processed

Among the Personal Data processed by this website, autonomously or through third parties, is General Data such as: Cookies, usage data, contact data including name, email address, telephone number; personal data including city, personal preferences, as well as preferences in terms of marketing and cookies. 

 

Methods by which Personal Data is processed

Personal Data provided or acquired shall be processed on the basis of the principles of correctness, lawfulness, transparency and safeguarding confidentiality pursuant to current regulations. The Controller will process the Personal Data of users by adopting appropriate security measures aimed at preventing unauthorised access, disclosure, modification and destruction of such Personal Data. Processing will be done using electronic and/or telematic means, with organisational methods and logic strictly related to the purposes indicated and for which such data was collected. 

 

Purposes for which Personal Data is processed and the legal basis for such processing 

Personal Data may be collected autonomously by the Controller or through third parties. In this case, the information systems and software procedures used to operate this website will acquire certain Personal Data concerning users as well as other data of a technical/IT nature (for example, the user’s IP address, the type of browser used, the user’s operating system, the domain name and the website addresses from which the user enters the website and to which the user exits, etc.), the transmission of which is inherent to the normal operation of the internet. This data may only be processed for the sole purpose of obtaining anonymous statistical information on the use of the website and/or to check that the website is operating properly, and the data will be deleted as soon as it is processed.
Any data that a Data Subject decides to provide voluntarily shall be processed in compliance with the conditions of lawfulness pursuant to art. 6 of the GDPR and shall be processed in order to allow the website to provide its services, as well as for the purposes indicated below. Data will be stored for the time required to fulfil these purposes.

Data will be processed:

 

1) To respond to requests and to provide information 
Data will be processed by parties duly authorised and trained for the purpose in order to reply to, or to follow up on, any specific request addressed to the Controller made by a Data Subject, through emails or any other communication means, such as by telephone, regarding communications relating to the Services and/or the Products made available by the Manufacturing Company for which the Controller is an authorised distributor/dealer.
Legal basis: this type of processing is optional and is based on the Data Subject’s consent. However, providing data will be necessary in order to be able to fulfil the indicated purpose.
Data storage period: until the Data Subject withdraws their consent.

2) To fulfil pre-contractual information obligations and other necessary requirements
Data will be processed in order to reply to, or to follow up on, any specific request addressed to the Controller made by a Data Subject, through emails or by completing the Contact Form, or any other communication means, such as, for example, by telephone, regarding communications of an informative nature and/or regarding requests for information about purchasing the Controller’s Services/Products. 
Legal basis: this type of processing is optional and is based on the Data Subject’s consent. However, providing data will be necessary in order to be able to fulfil the indicated purpose.
Data storage period: until the Data Subject withdraws their consent.

3) To fulfil any legal obligations
Data will be processed in order to fulfil any type of obligation envisaged and required by current laws, regulations, related legislation, commercial uses and tax/accounting matters, including for the purposes established by law to combat money laundering, specifically Italian Legislative Decree no. 231/2007, as amended. 
Legal basis: this type of processing is necessary in order to fulfil a legal obligation to which the Controller is subject.
Data storage period: 10 (ten) years or as otherwise required by law.

4) To send newsletters 
Data will be processed in order to send communications and material of a promotional, commercial or advertising nature, or information regarding the Controller’s initiatives or events, through a newsletter.
Legal basis: this type of processing is based on the Data Subject’s informed and freely expressed consent pursuant to art. 6, para. 1, lett. A of the GDPR.
Data storage period: until the Data Subject withdraws their consent using the appropriate means found in the footer of each newsletter or by sending a suitable request to the Controller.

5) To obtain statistics
Data will be processed to perform statistical analysis on data which has been aggregated and rendered anonymous. The aim is to analyse how Data Subjects behave in order to improve the Products and Services made available by the Controller as well as to meet the expectations of Data Subjects.
Legal basis: this type of process is based on the Data Subject’s informed and freely expressed consent.
Data storage period: until the Data Subject withdraws their consent.

6) To send soft spam
Data will be processed in order to allow the Controller to email commercial and promotional communications to the Data Subject. These communications shall concern Products and/or Services similar to those Products/Services being sold without the need for the Data Subject’s prior, express consent, as provided for by art. 130, para. 4 of the Italian Privacy Code, as amended by Italian Legislative Decree no.101 of 2018, and provided that the Data Subject does not exercise their right to object to such processing.
Legal basis: this type of processing is based on the Controller’s legitimate interests pursuant to art. 6, lett. f and Recital no. 47 of the GDPR.
Data storage period: until the Data Subject objects.

7) To create user profiles
Data will be processed to analyse and assess the interests and habits, consumer choices of Data Subjects, including the creation of profiles, in order to be able to send customised information and promotional material to Data Subjects concerning the Services/Products offered by the Controller. 
Legal basis: this type of processing is based on the Data Subject’s informed and freely expressed consent pursuant to art. 6, para. 1, lett. A of the GDPR.
Data storage period: until the Data Subject withdraws their consent.

8) To communicate data to third parties
Data will be communicated to the Suppliers of the products, who will process data as independent Controllers. Third parties take on the role of Product Suppliers, for which the Controller is a distributor/dealer. The complete and updated list of such third parties may be requested from the Controller at any time. In any case, Data Subjects may exercise all their rights, pursuant to articles 15-22 of European Regulation 679/2016, with regard to such Third-Party Assignees.
Legal basis: this type of processing is based on the Data Subject’s informed and freely expressed consent pursuant to art. 6, para. 1, lett. A of the GDPR.
Data storage period: until the Data Subject withdraws their consent.

9) To recruit personnel
Data will be processed in order for the General Manager, duly appointed by the Controller, to reply to, or to follow up on, specific and unsolicited job applications and/or applications for a specific job opening posted on the LinkedIn social network and addressed to the Controller by the Data Subject.
Legal basis: this type of processing is optional and is based on the Data Subject’s consent. However, providing data will be necessary in order to be able to fulfil the indicated purpose.
Data storage period: until the Data Subject withdraws their consent.

 

Communicating data

In addition to the Controller, in certain cases, the following may have access to a Data Subject’s Personal Data:
a) categories of specifically trained personnel involved in the organisation and management of the website (administrative, sales, marketing and legal personnel and system administrators); 
b) companies belonging to the Group and located in various European countries;
c) Product Suppliers linked to the distributor/dealer by a specific distribution contract; 
d) external parties (such as third-party providers of technical services, hosting providers, IT companies, communication agencies) also appointed as Processors (in terms of processing personal data) by the Controller pursuant to art. 28 of the GDPR. The updated list of Processors, where appointed, may be requested from the Controller at any time; 
e) public or private entities who can access Personal Data in compliance with legal obligations; 
f) parties who perform ancillary or instrumental tasks with regard to the Controller’s business;

 

Processing times

As expressly provided for by art. 5, para. 1, lett. e of the GDPR, Personal Data will be stored for the time necessary to process it with regard to fulfilling a request made by a Data Subject or as required by the Purpose for which such data was collected and as described herein.
At the end of this storage period, Personal Data will be deleted and, therefore, a Data Subject’s rights to access, deletion, rectification and data portability can no longer be exercised. 

 

Cookies

This website uses cookies. Cookies are small text files which can be used by websites to make the user experience more efficient and to customise content and advertisements, to provide social network functions and to analyse traffic. Cookie Policy

 

The place where processing is done and transferring data overseas 

Data will be processed at the Controller’s operational headquarters. For further information, contact the Controller. Data may be processed by natural persons and/or legal persons operating on behalf of the Controller by virtue of specific and binding contractual obligations. These parties may be based in an EU Member State or outside the EU. In the case in which Personal Data is transferred outside the EEA, the Controller will adopt every suitable contractual measure to ensure such data is adequately protected.

 

Exercising the Data Subject’s rights

Data Subjects have the right to exercise their options as provided for by articles 7, 15-22 of European Regulation 679/2016.  Specifically, Data Subjects have the right to withdraw their consent at any time and, following a simple request to the Controller, may request access to the Personal Data that concerns them, to receive the Personal Data provided to the Controller and, where possible, to have this data sent to another Controller without undue hindrance (so-called data portability), to have such data updated, to restrict processing of such data, to have such data rectified and to have any data processed in breach of regulations deleted. Data Subjects also have the right, for legitimate reasons, to object to the processing of the Personal Data that concerns them and to object to processing for the purpose of sending advertising material and for direct sales and market research purposes. Data Subjects may lodge a complaint with a competent Supervisory Authority or choose to take legal action. Data Subjects may exercise their rights by emailing the Controller at: info@itech.eu

 

Tools used to process Personal Data  

 

CONTACT FORM 
Data Subjects, by providing their data via the Contact Form, consent to this data being used to respond to their requests for information, as well as for any other purpose indicated at the top of the form. Data Subjects must select the area which interests them in order to be contacted by the Controller’s sales personnel who will also be able to provide a quote, send a brochure or general information. This contact will be entered in the Controller’s database in order to monitor the quote and the potential purchase, and to advise the Data Subject of any offline events. 
Personal Data collected via the Contact Form: email, first name, last name, telephone number

EMAIL ADDRESS MANAGEMENT 
These services allow a database to be managed which contains email contacts, telephone contacts, or any other type of contact, used to communicate with a Data Subject. These services could also allow data to be collected relating to the date and time a message was viewed by a Data Subject, as well as when a Data Subject interacts with a message, such as information about clicks on links embedded in messages.

Newsletters
By signing up to receive the newsletter, a Data Subject’s email address is automatically added to a list of contacts to whom email messages containing information - including information of a sales or promotional nature - relating to this website might be sent. The Data Subject’s email address could also be added to this list as a result of their registration on this site or after having made a purchase. Data Subjects may unsubscribe from the newsletter at any time by clicking the specific button or link found within each email. After having clicked the unsubscribe button or link, the Data Subject’s data will be deleted immediately from the software used for email marketing. Personal Data collected: email address and name. This website uses the newsletter service provided by: 

SECURITY MEASURES ADOPTED  
This website, in order to ensure Personal Data is kept secure when entered, is covered by an SSL certificate and uses the HTTPS protocol. By using this protocol, the transactions and data which are transmitted through websites are done with the greatest level of security and the contents of communications cannot be read or manipulated in any way whatsoever by third parties.

reCAPTCHA
This website uses reCAPTCHA which is a service subject to the policy on privacy and to the terms and conditions issued by Google.

STATISTICS 
Statistical services allow just the Controller to monitor and analyse traffic data and the services are used to keep track of user behaviour. This website uses the following services:

Google Analytics (Google Ireland Limited)
Google Analytics is an analysis service provided by Google Ireland Limited. Google uses the Personal Data collected for the purposes of tracking and analysing the use of this website, compiling reports and sharing them with other services developed by Google. Google could use the Personal Data to contextualise and customise advertisements in its advertising network. Google may also transfer this information to third parties where required by law or where these third parties process such information on behalf of Google. The IP address anonymisation function is enabled on this site. The IP address sent by the browser for purposes related to Google Analytics will not be incorporated into any other data already held by Google. 
The browser add-on to disable Google Analytics is made available by Google at the following link: Google Analytics Opt-out Browser Add-on Download Page. Personal Data collected: cookies and usage data. The place where processing is done: Ireland - Privacy Policy 

INTERACTION WITH SOCIAL NETWORKS 
These services allow interaction with social networks directly from the pages of this website. The interactions and the information acquired by this website are, in any case, subject to the privacy settings selected by the Data Subject with regard to each social network. In the case in which an interaction service with a social network has been installed, it is possible that, even if a user does not use it, this service could collect traffic data relating to the pages on which it is installed. 

LinkedIn (LinkedIn Ireland Unlimited Company)
The LinkedIn buttons are interaction services with the social network known as LinkedIn, provided by the LinkedIn Corporation. Personal Data collected: cookies and usage data. The place where processing is done: Ireland - Privacy Policy 

REMARKETING AND RETARGETING 
These services allow this website to communicate, optimise and deliver advertisements based on how this website has been used previously by the Data Subject. This ability is done by tracking usage data and with the use of cookies. This website uses the following services:

Google ADS 
Google ADS is a service provided by Google Ireland Limited. It connects this website to Google’s advertising network. This website makes use of the Google Analytics Remarketing functions combined with the Google ADS ability to adapt to various different devices. This functionality makes it possible to link target groups for promotional campaigns created by the Google Analytics Marketing function, with the Google ADS adaptability to various different devices. This allows advertisements based on the Data Subject’s personal interests to be delivered. These personal interests are identified by analysing the Data Subject’s behaviour on the internet, both on mobile devices and any other internet-connected device. Targeting and Remarketing functions can be permanently disabled by disabling the “customised ads” function in each user’s Google account. To do this, use this link: https://www.google.com/settings/ads/onweb/ Personal Data collected: cookies and usage data. The place where processing is done: Ireland - Privacy Policy 

LinkedIn Insight Tag (LinkedIn Ireland Unlimited Company) 
This website uses a script called the “LinkedIn Insight Tag”. The LinkedIn Insight Tag adds a cookie to user’s browser each time they visit this website. Thanks to this tool, the Controller can record when a LinkedIn member takes a certain action on the website (such as booking a service or leaving an email). This tool is used to collect statistical data which allows the effectiveness of paid advertising to be measured. Thanks to the LinkedIn Insight Tag, the actions people take on the website can be understood. The data collected is used to: ensure advertisements are shown to the right people; create groups of people to target advertisements; leverage other advertising tools available on the platform selected to deliver advertisements. This website uses the LinkedIn Insight Tag to carry out remarketing activities and retargeting activities; thanks to these activities, cookies that the Data Subject leaves on the website are used, without, however, identifying the Data Subject. Personal Data collected: cookies and usage data. The place where processing is done: Ireland - Privacy Policy 

CONTENT ON EXTERNAL PLATFORMS 
These services allow content hosted on external platforms to be viewed directly from the pages of this website and allow users to interact with such content.
In the case in which an interaction service of this type has been installed, it is possible that, even if a user does not use it, this service could collect traffic data relating to the pages on which it is installed.
This website uses 

Google Maps 
Google Maps is a map visualisation service managed by Google. It allows this website to integrate such content within its pages. Personal Data collected: cookies and usage data. The place where processing is done: Ireland - Privacy Policy 

Google My Business (Google Ireland Limited)
Google My Business is a business promotion service offered by Google Ireland Limited.  Personal Data collected: cookies and usage data. The place where processing is done: Ireland - Privacy Policy 

Changes to this Privacy Policy
The Controller reserves the right to make changes to this Privacy Policy at any time. Users will be notified of changes on this page. You are, therefore, invited to review this page frequently, taking note of the date at the bottom which indicates when the page was last updated. In the event that you do not accept the changes made to this Privacy Policy, you must stop using this website and you may ask the Controller to delete your Personal Data. Unless otherwise specified, this Privacy Policy shall continue to be applicable to the Personal Data collected up to that moment. The Controller is not responsible for updating all the links found in this Privacy Policy. Therefore, should any link fail to work and/or not be updated, users recognise and hereby accept that they must always refer to the document and/or the section of those internet sites referred to by such a link.

 

Privacy Policy updated July 2023