Privacy policy for the sales network, resellers, installers and technical partners
The companies URMET S.p.A., Urmet TLC S.p.A., Simon Urmet S.r.l., Urmet ATE S.r.l., Aprimatic S.r.l. and GLT S.r.l. are part of a group of companies belonging to the same shareholding structure and offering complementary and often integrated products and services.
Within this group of companies, URMET S.p.A. provides various services to the other companies in the areas of HR, ICT, marketing and sales.
In particular, since the aforementioned companies work with the same network of dealers and installers of door phone products, video door phones, video recording, alarm systems, building automation and automation, as well as the same technical partners, i.e. parties that promote, advise, recommend, install, perform maintenance, repair, replacement of our products, they operate as Joint Data Controllers for the processing carried out to pursue the following commercial and technical purposes:
- Provision of support services to dealers and installers
- Management of the commercial relationship with dealers and installers
- Sending of useful information and technical and regulatory updates
- Offer of professional updating and support initiatives
- Reminding or notification of deadlines and obligations
- Invitation to seminars, meetings, conferences
- Sending of catalogues and other product presentation materials
- Sending of technical and informative materials and updates
- Admission to technical and added-value services
- Information on technical refresher courses and professional training initiatives
- Admission to seminars, courses, professional training sessions
- Offer of new products and services
- Preparation of documentation for participation in tenders etc.
- Performance of aggregate surveys
Therefore, if you are a dealer or installer and you contact any of the Joint Data Controllers mentioned above, some personal data may be requested. For this reason we provide you with the following information:
Identity of the Joint Data Controllers
The Joint Controllers of the personal data of the data subjects are:
Urmet S.p.A., in the person of its legal representative pro tempore, based in Via Bologna 188/C - Turin, Italy;
Urmet TLC S.p.A., in the person of its legal representative pro tempore, based in Via Bologna 188/C - Turin, Italy;
Simon Urmet S.r.l., in the person of its legal representative pro tempore, based in Via Bologna 188/C - Turin, Italy;
Urmet ATE S.r.l., in the person of its legal representative pro tempore, based in Via Pola 30, 36040 Torri di Quartesolo - Vicenza, Italy;
Aprimatic S.r.l., in the person of its legal representative pro tempore, based in Via Emilia 147, 40064 Ozzano dell'Emilia, Italy;
GLT S.r.l., in the person of its legal representative pro tempore, based in Via Bologna 152, 10154 Turin, Italy.
Contact details of the DPO - Data Protection Officer
The Joint Data Controller Urmet S.p.A. appointed the Data Protection Officer, which can be reached at the headquarters of the Joint Data Controller or contacted by email at the address dpo@urmet.it.
Source of the data and types of data collected
a) The Joint Data Controllers collect personal data provided on a voluntary basis by the user when registering on the website of any of the Joint Data Controllers or when making a transaction via the website, in addition to other personal data associated with the processing of orders. These personal data include: Title, full name, company name, VAT number (if applicable), email address, username and password, shipping and billing addresses (including postal code, city and country), telephone and fax numbers, type and quantity of products ordered, order date, order fulfilment status, date and time of delivery, order value, currency, payment information, return requests or offers to the user and the following information provided on a voluntary basis by the user: how he/she learned about the website, company information, number of employees and, for company customers, the company's founding date (hereinafter "transaction data").
b) The Joint Data Controllers also collect data on the use of the website by the user, like IP address, the products viewed, and if the user arrived at the website via a referral page or a link in a promotional email or advertising on another website that redirects to a website of a Joint Data Controller. The Joint Data Controllers can also collect information on the referring page and on promotional emails or targeted advertisements together with the user's IP address to analyse the effectiveness of marketing operations (hereinafter "usage data").
Purposes of the processing
Personal data are processed by the Joint Data Controllers as follows:
1) Transaction data will be used to process orders, manage payments, communicate with the user about the order, manage product returns, customer service requests and collect the products. They will also be used to acquire pre-contractual data and information; exchange information for the fulfilment of the contractual relationship, including pre and post contractual activities; make requests or respond to requests received; manage accounting and tax obligations.
2) Transaction data will also be used to send the data subject personalised messages or invitations to review the products; data on use, in the case of registered customers, will be used together with transaction data (with the exception of payment information) to show customised products on the website based on the interests expressed by the user.
3) If the user requests the sending of marketing communications and the newsletter, his/her transaction data and data on the use of the website will be analysed by the Joint Data Controllers to send personalised commercial communications based on the preferences expressed.
4) Finally, data will be used to manage and control risks to prevent possible fraud, insolvency or default; prevent and manage possible litigation; take legal action as needed.
Legal basis for the processing
The legal basis for the processing is as follows:
- For the processing specified in point 1), the processing is necessary for the fulfilment of a contract the data subject is a party to or for the adoption of pre-contractual measures implemented at his/her request.
- For the processing specified in point 2), the data subject has given his/her consent to the processing of his/her personal data for one or more specific purposes.
- For the processing specified in point 3), fulfilment of pre-contractual measures implemented at the request of the data subject and the legitimate interest of the data controller (the maximisation of the effectiveness of communications).
- For the processing specified in point 4), the processing is necessary for the pursuit of the legitimate interest of the data controller (protection and prevention of fraud and insolvency).
Data recipients
The personal data processed by the Joint Data Controllers are not disseminated or are not made known to indeterminate parties in any form, including being made available or for viewing. On the other hand, they may be disclosed to workers who work for the Joint Data Controllers or parties authorised to process the data under the authority of the data controller. In this regard, Urmet S.p.A. appointed third-party service providers for the operation of the website, like hosting service providers, marketing and website service providers, IT maintenance providers, shipping and VAT verification services, as well as service providers that allow the integration of other functions into the website that the user can use at his/her discretion, like chat tools or the product review function. These service providers, designated as Data Processors, are provided with only the personal data they need to provide the corresponding services and are not allowed to use or disclose the personal data of the data subjects for other purposes without the prior authorisation of the data subject.
If the data subject asks to receive marketing communications and the newsletter of one of the Joint Data Controllers, his/her name, email address and other data on transactions and use will be shared so that his/her interests can be analysed and commercial communications personalised according to the preferences expressed.
The data on the user's transactions are shared to manage the pick-up of products and so that the Joint Data Controllers can contact the user in this case.
They can also be disclosed to the extent strictly necessary to persons who for the purpose of processing your requests must provide goods or perform tasks or services on behalf of the Joint Data Controllers. Finally, they may be disclosed to persons entitled to access them by virtue of provisions of law, regulations and European Community legislation.
More specifically, depending on their roles and duties, workers have been authorised to process your personal data within the limits of their responsibilities and in accordance with the instructions given to them by the Joint Data Controllers.
External parties operating under the authority of the Joint Data Controllers have also been appropriately authorised on the basis of the type of service provided, the processing performed and the nature of the data processed.
External parties to whom the Joint Data Controllers have entrusted the processing of personal data have been designated as Data Processors.
Data transfer
Under no circumstances do the Joint Data Controllers transfer your personal data to third countries or to international organisations.
However, they reserve the right to use cloud services, in which case the service providers will be selected from those that provide adequate guarantees, as required by art. 46 GDPR 679/16.
Data retention
The Joint Data Controllers retain and process your personal data for the time necessary to fulfil the purposes specified. Subsequently, personal data will be stored and no longer processed for the time established by the current provisions on civil and fiscal matters.
Rights of the Data Subject
With reference to articles 15 - right of access, 16 - right to rectification, 17 - right to erasure, 18 - right to restriction of processing, 20 - right to data portability, 21 - right to object, 22 - right to oppose an automated decision-making process of GDPR 679/16, you can exercise your rights by writing to the Joint Data Controller Urmet S.p.A. at the address above or by email to the address dpo@urmet.it, specifying the subject of the request, the right that you intend to exercise and attaching a photocopy of an identity document attesting to the legitimacy of the request.
The Data Controller underscores that each data subject can exercise the right to object in the forms and manners envisaged by art. 21 GDPR.
Further information on the rights of the data subject is provided at the end of this section.
Withdrawal of consent
With reference to art. 7 of GDPR 679/16, at any time the data subject can withdraw any consent given.
However, some of the processing activities referred to in this privacy policy (points 1) and 4)) are lawful and permissible, even without consent, as they are necessary for the fulfilment of a contract the data subject is a party to, or for the fulfilment of his/her requests or to pursue the legitimate interests of the data controller.
Withdrawal of consent, where applicable, may restrict or compromise the means of interaction and communication of the customer or user with one or more Joint Data Controllers.
Lodging a complaint
The data subject has the right to lodge a complaint with the supervisory authority of his/her country of residence.
Refusal to provide data
Data subjects cannot refuse to give the Joint Data Controllers the personal data necessary to comply with the legal provisions regulating commercial transactions and taxation.
The provision of further personal data may be necessary to improve the quality and efficiency of the transaction.
Consequently, the refusal to provide the data required by law will prevent the fulfilment of orders. The additional data specified in point a) of the paragraph "Source of the data and types of data collected" are provided on a voluntary basis. However, if the data subject decides not to provide the requested data, one or more Joint Data Controllers may not be able to provide the services, allow the transaction to be completed via the website or process the order.
The data specified in point b) are provided voluntarily by the data subject, and should he/she decide not to provide such data the supply of the products and services will not be compromised.
Automated decision-making processes
Under no circumstances do the Joint Data Controllers carry out processing consisting of automated decision-making processes on your data.