Owner of Personal Information:
Via Resistenza, 12 20068 – Peschiera Borromeo Mi Italy
- Purpose and accountability
- General information on data processing and legal basis
- Security safeguards
- Forwarding of data to third parties and third-party providers
- Processing of data within the course of customer relations, events and trade fairs
- Collection of access data (logfiles)
- Cookies & reach measurement
- Newsletter and commercial communication
- Integration of third-party services and content
- User rights
- Deletion of data
- Right to object
1 Purpose and accountability
1.2 Considering che data processiong, the following companies of the Cannon Group are operational in Italy and Europe:
- Afros SPA
- Artes Ingegneria SPA
- Bono Energia SPA
- Cannonergos SPA
- HispaCannon SA
- CannonFrance SAS
- Cannon Viking LTD
2 General information on data processing and legal basis
2.1 The personal data of the users processed in the context of our Service include inventory data (e. g., names and addresses of customers), contract data (e. g., services used, names of staff, payment information), usage data (e. g., the websites visited, interest in our products), Meta/communication data (device IDs, IP addresses, location data) and content data (e. g., entries in the contact form).
2.3 All the personal User data we collect is processed in accordance with the relevant data protection regulations. That means we only process User data where this is permitted by law. This applies, in particular, if data processing is required or prescribed by law in order to furnish our contractual services (e.g. to process orders) and provide online services, or if the User has provided their consent, or if it is for the purposes of our legitimate interests (i.e. our interest in analyzing, optimizing and running our Websites in a secure and commercially viable manner within the meaning of Art. 6 (1) f. of the General Data Protection Regulation (GDPR).
2.4 In regard to the processing of personal data on the basis of the General Data Protection Regulation (GDPR), please note that the legal basis for the data subject giving consent is Art. 6 (1) a. and Art. 7 GDPR, the legal basis for processing data in order to perform our contractual services and discharge our contractual obligations is Art. 6 (1) b. GDPR, the legal basis for processing data in order to comply with our legal obligations is Art. 6 (1) c. GDPR, and the legal basis for processing data for the purposes of our legitimate interests is Art. 6 (1) f. GDPR.
3 Security safeguards
3.1 We apply state-of-the-art organizational, contractual and technical security measures to ensure compliance with the provisions of data protection legislation and thereby to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
3.2 These security measures include, in particular, the encrypted transmission of data between your browser and our server.
4 Forwarding of data to third parties and third-party providers
4.1 Data is only forwarded to third parties to the extent permitted by law. We only forward User data to third parties if, for example, this is necessary in order to fulfil our contractual obligations towards the users or if we make use of third party services within the scope of our legitimate interests. Furthermore, data is transferred within the companies of our group of companies, in particular for the purpose of fulfilling administrative tasks, legal obligations or for reasons of business interests.
4.2 Insofar as we make use of third-party services to furnish our own services, we ensure appropriate legal safeguards are in place and take appropriate technical and organizational steps to ensure that personal data is protected in compliance with applicable statutory requirements.
5 Processing of data within the course of customer relations, events and trade fairs
5.1 We process inventory data (e. g., names and addresses as well as contact data of users) and contract data (e. g., services used, names of contact persons, payment information) of our customers, interested parties as well as attendees of trade fairs and events for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 (1) b. GDPR.
5.2 Furthermore, we process the data of our customers and attendees (e. g., the visited websites of our online offer, interest and attendance at our events, as well as in the use of products and orders) on the basis of our legitimate interests in advertising and market research purposes in accordance with Art. 6 (1) f. GDPR, in order to offer customers and attendees services based on their previous contractual interests or the events they have attended, to make events pleasant and secure or to analyze the development of our business operations. Furthermore, we process the data insofar as we are legally required to do so, e. g. due to commercial and tax obligations, in accordance with Art. 6 (1) c. GDPR, are obligated.
5.3 If a user gets in touch with us via the contact form or by email, we process the User’s details in order to respond to and deal with the query or request. The User’s details may be stored in our customer relationship management (CRM) system or a comparable enquiry system.
5.4 If a user gets in touch with us via the careers form, it’s necessary to read all the notice and request of consent defined in the apply form for new job positions.
6 Collection of access data (logfiles)
6.1 For the purposes of our legitimate interests, we collect data every time the server on which the service is located is accessed. This data is collected in the form of server log files. These access logs include the name of the webpage and/or file accessed by the User, the date and time of access, the amount of data transferred, notification of successful retrieval, details of the web browser used (including the version), the User’s operating system, the referrer URL (of the previous page linking to our website), the IP address and the requesting provider.
7 Cookies & reach measurement
8 Newsletter and commercial communication
8.1 With the following declarations we would like to inform our users about the contents of our newsletters as well as other types of business e-mails and electronic mail (short “newsletter”) as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you declare your agreement with the reception and the described procedures. The legal basis of your consent is Art. 6 (1) a, Art. 7 GDPR.
8.2 Contents of the newsletter: We send out newsletters, e-mails and other electronic notifications with advertising information (hereinafter referred to as “newsletters”) only with the consent of the recipients or a legal permission. Insofar as the contents of a newsletter registration are specifically described in detail, they are decisive for the user’s consent. In general, our newsletters contain information on the Cannon Group and its products and brands HispaCannon, Cannon France, Cannon Viking, Cannon Deutschland, Cannon Bono Energia, Cannon Artes, Cannon Afros and Cannon Ergos ( EU Group companies: https://www.cannon.com/worldwide), e. g. invitations to events and trade fairs at which Cannon Group or its brands are represented.
8.4 Opt-in and logging: The registration for our newsletter is done in a so-called double opt-in procedure. This means that users will receive an e-mail after the registration, in which users will be asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The subscriptions to the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes saving the logon and confirmation time as well as the IP address. The changes to your data stored by the shipping company are also logged.
8.5 Furthermore, the newsletter service provider can, according to his own information, use this data in a pseudonymized form, i. e. without being directly associated with a user, for the optimization or improvement of his own services, e. g. for the technical optimization of the sending and presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, the newsletter service provider does not use the data of our newsletter recipients to contact them himself or to pass the data on to third parties.
8.6 Registration data: To subscribe to the newsletter, please fill in the mandatory fields marked with an asterisk (*) and complete the optional information. We use this information on the one hand for the individual addressing of our newsletter subscribers, and on the other hand to make the content of the newsletters more interesting according to their industry and location and, for example, to send news only in relation to a region or an event.
8.7 Statistical survey and analysis – The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file, which is retrieved from the mail order company’s server when the newsletter is opened. In the course of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used for the technical improvement of the services based on the technical data or target groups and their reading behavior based on the retrieval locations (which can be determined by means of the IP address) or access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked and when. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention to monitor individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.
8.8 The newsletter is sent on the basis of the consent of the recipients in accordance with Art. 6 (1) lit. a, Art. 7 GDPR. The statistical surveys and analyses are conducted on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f of the GDPR. We are interested in using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of our users. The registration procedure is recorded in accordance with Art. 6 (1)(c). GDPR on the basis of a legal obligation to prove the consent of the newsletter recipients (e.g. in accordance with Art. 7 (1) GDPR). In addition, for reasons of legal certainty, we also ask the newsletter recipients to consent to the analyses described above and to save the registration data.
8.9 Cancellation/Revocation – Newsletter recipients can cancel the receipt of our newsletter at any time, i.e. revoke their consent. At the same time, your consent to the statistical analyses expires. A separate revocation of the statistical evaluation is unfortunately not possible, in this case the entire newsletter subscription must be cancelled. Newsletter recipients will find a link to unsubscribe from the newsletter at the end of each newsletter. By unsubscribing from the newsletter, the personal data will be insofar deleted, unless their storage is legally required or justified, and their processing in this case is limited to these exceptional purposes only.
9 Integration of third-party services and content
9.1 For the purposes of our legitimate interests (i.e. our interest in analyzing, optimizing and running our Websites in a commercially viable manner within the meaning of Art. 6 (1) f. of the GDPR), we use third-party content and service delivery services on our Websites in order to incorporate content and services such as videos and fonts, for example (hereinafter jointly referred to as “content”). The third-party provider of this content always requires the User’s IP address in order to send the content to the browser of the respective User. In other words, the IP address is required to display this content. We endeavor only to use such content where the respective provider uses the IP address exclusively to deliver said content. Third-party providers may additionally use “pixel tags” (invisible image files, also known as web beacons) for statistical or marketing purposes. Pixel tags can be used to analyze information such as the number of visitors accessing the pages of this website. The pseudonymized information may additionally be stored on User devices in the form of cookies. This information includes technical information on the browser and operating system, referring websites, time spent on the website, and further details on how Users make use of our Websites, plus it can also be combined with comparable information from other sources.
9.2 The list below provides an overview of third-party providers and their content as well as links to their privacy policies, which contain further information on data processing and opt-out mechanisms, some of which have already been discussed here:
9.3 The links/buttons to social networks and platforms (“social media”) used within our online offer do not establish direct contact between social networks and users. Their function corresponds to that of a regular online link.
10 User rights
10.1 Users have the right to obtain information free of charge on the personal data we have collected about them. In addition, Users have the right to correct any inaccurate data, restrict the processing of their personal data or delete it, and, where applicable, assert their right to data portability. Users also have the right to submit a complaint to the relevant supervisory authorities if they suspect that data has been processed unlawfully.
10.2 Users can also withdraw any consent they may have given. Such a revocation of consent shall have future effect only.
10.3 Users can assert the execution of their rights sending an email to firstname.lastname@example.org
11 Deletion of data
11.1 The data stored by us is deleted once it is no longer required for the designated purpose and provided that we have no statutory obligation to retain said data. In the event User data is not deleted because it is required for other purposes permitted by law, then its processing shall be restricted accordingly, i.e. the data shall be blocked and no longer processed for other purposes. This applies, for example to User data that must be retained due to commercial or tax requirements.
11.2 Users can assert the execution of their rights sending an email to email@example.com
12 Right to object
Users can choose to opt out of the future processing of their personal data at any time in accordance with statutory provisions. This right to object applies in particular to the processing of data for the purposes of direct advertising. Users can assert the execution of their rights sending an email to firstname.lastname@example.org