The Data Controller is the Company BFT S.p.A. with registered office at Via Lago di Vico, 44, Schio (Vicenza), Italy (hereinafter “Bft” or the “Company”).
DATA PROTECTION OFFICER (DPO)
The Somfy group which the Company is a part of has identified a Data Protection Officer pursuant to Article 37 of the Regulation that can be contacted at the following email address: firstname.lastname@example.org
TYPES OF DATA PROCESSED
The personal data covered by the processing refers to information provided by the user at the time of access and/or when registering on the BFT website or when requesting to benefit from certain services (name and surname; personal contact details (e-mail, landline and/or mobile number); address; User name and login password).
During the normal course of operations, the IT systems and software procedures designated for the functioning of this website acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is collected not to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or names of computer domains used by users who connect to the site, URI (Uniform Resource Identifier) notation addresses of requested resources, the time of request, the method used to make the request to the server, the size of the file obtained in answer, the numerical code indicating the state of the data answer from the server (successful, error, etc.) and other parameters regarding the operating system and the user’s IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site.
Data provided voluntarily by the user
Optional, explicit and voluntary dispatch of an e-mail to addresses indicated on this website and the compilation of specifically prepared forms, lead to the subsequent acquisition of the e-mail address and any other personal data entered in the electronic message, as well as data on the sender/user, required to answer the requests or satisfy the service
Specific concise privacy policies will be provided for special services.
COOKIES (if only session cookies are used)
IT techniques are not used to directly acquire the user’s personal identification data.
Cookies are not used to convey personal information, nor are there any persistent cookies of any kind (i.e. user tracking systems).
The use of session cookies (that are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to transmitting session identification data (consisting of casual numbers generated by the server) required to safely and efficiently browse the site.
The session cookies used on this site avoid reverting to other IT techniques potentially detrimental for users’ browsing privacy and do not allow for the acquisition of the user’s personal identification data.
The user needs to change his or her browser settings to disable the cookies installed. Note that in this case, the Site or some of its functions may not work properly. The procedure to be followed depends on the browser used. For detailed instructions, please click on one of the following links:
• Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies
• Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie?redirectlocale=enUS&redirectslug=Cookies
• Google Chrome: https://support.google.com/chrome/answer/95647?hl=it
• Opera: help.opera.com/en/latest/web-preferences/
• Safari: http://support.apple.com/kb/PH5042
• Safari iOS (iPhone, iPad, iPod touch): http://support.apple.com/kb/HT1677?viewlocale=it_IT
If the browser you use is not listed here, you can obtain information on how to proceed from the site www.aboutcookies.org or click “Help” on your browser.
PURPOSES OF THE PROCESSING
The user’s personal data, freely communicated and acquired in relation to the Company’s activities, will be legally and correctly processed for the following purposes:
A. the data will be gathered and used exclusively for purposes directly linked and key to the registration and activation of one’s account and to provide the services offered by the Company;
B. the data will be gathered and used exclusively for purposes directly linked and key to the registration of the subscription to “BfT Informa” and to provide the services offered by the Company;
C. if the data is entered into the “Request information” section found on the internet site, the personal data will be gathered and used exclusively to satisfy and handle the relative requests for information made by the user;
E. only if the user grants specific and separate consent and until the revocation thereof (Article 7 of the Regulation) will personal data will be processed - through the use both of automated contact systems like e-mail, MMS (multimedia messaging service) or SMS (short message service) and calls without the intervention of an operator and through traditional means such as by post or through calls with the intervention of an operator - for the sending of commercial offers relating to and/or connected with the Company’s products and/or services and for the sending of publicity material relating to said products or services or commercial communications or newsletters or for the sending of market research including for the purposes of gauging user satisfaction (“marketing purposes”);
F. only based on specific and clear consent given by the user and until it is withdrawn (Article 7 Regulations), the data can be used for profiling, including therein market research and dispatching of surveys or questionnaires regarding user satisfaction in relation to Company products and/or services. With the profiling consent, the Company will carry out analyses or processing aimed at identifying usage preferences of the products and/or services offered in order to improve them and bring them more into line with the user’s needs - both by grouping the data into even categories and by elaborating individual profiles - and will use the data to carry out marketing profiling work with automated IT and traditional methods as foreseen in point E.
G. Soft Spam: The e-mail address provided by the user when purchasing a product or service, may be used by Bft to send e-mail communications concerning the direct sale of products or services similar to those purchased by the user (without the need for express or prior consent from the user, i.e. ‘soft spamming’), on condition that the user does not exercise his/her right to oppose this in the ways better described below.
LEGAL GROUNDS FOR PROCESSING
The legal grounds for processing based on the purposes set out in points A., B., C. and D. is the implementation of pre-contractual and contractual measures, pursuant to Article 6 sect. 1 par. b) of the Regulation.
The legal grounds for processing based on the purposes set out in points E. and F. given above is the user’s freely granted consent pursuant to Article 6 sect. 1 par. a) of the Regulation.
The legal grounds for processing based on the purposes set out in points G. given above is the legitimate interest of the Company, pursuant to Article 6 sect. 1 par. f) of the Regulation.
At any time, the user can oppose the processing as per point G. as well as revoke his/her consent to data processing as per points E. and F. after having given his/her consent:
• by using the specific link at the bottom of the page of any advertising e-mail sent by Bft;
• by changing his/her preferences on the website under the section “Myaccount” - “Marketingcommunications” and/or “Profiling”.
The personal data is handled with automated tools for the exact time and purpose required for which it was gathered. Specific safety measures have been adopted to prevent loss of data, illegal or incorrect usage and unauthorised access.
NATURE OF DATA CONFERRAL
With the exception of what is specified for browsing data, the user is free to provide his/her personal data in the request forms or provide them for the purpose of obtaining a specific service, to request information material or other communications. Failure to provide personal data can, however, make it impossible to follow up on the user’s requests.
Providing data for the purposes as per points E. and F. is optional. Refusing consent for the purposes of points E. and F. will have no consequences on the provision of services, as is the also the case with the exercising of the right to oppose the processing of one’s data, i.e. ‘soft spamming’ as per point G.
COMMUNICATION AND DISTRIBUTION OF DATA
Outside of these situations, the data will not be communicated, except where necessary to fulfil requests from the Judicial Authorities or Public Safety Body. The data gathered shall not be distributed under any conditions.
TRANSFER OF DATA OUTSIDE THE EU
Data shall not be transferred outside the EU. Where necessary, data may be communicated to other Bft Group companies or to companies within the Somfy Group, of which Bft forms part (hereafter, the “Group”), including with registered offices in non-EU countries. The Group has adopted appropriate safeguards for the transfer of your data, by drafting specific “Binding company rules” in compliance with the Regulation, which you may consult by submitting a simple request to the e-mail address email@example.com. Moreover, the personal data provided may be subject to transfer abroad for the provision of certain services by the suppliers of Bft. The Company shall ensure that the transfer of data to third countries will take place in compliance with the provisions of Articles 44 et seq. of the Regulation. Therefore, all the necessary safeguards will be adopted to ensure the most total protection of personal data, with such transfer based on a) decisions of the adequacy of recipient third countries expressed by the European Commission; b) adequate guarantees expressed by the third-party recipient pursuant to Article 46 of the Regulation, including the standard contractual clauses stipulated by the European Commission.
DATA STORAGE PERIOD
The processing of personal data in reference to the purposes as per points A. and B. will last for the time needed to implement the requested services, plus a legally foreseen additional period in compliance with the current civil, financial and tax-related requirements.
The processing of personal data in reference to the purposes as per point C. shall be valid for 18 months starting from the date when the data is received after being entered in the “Request information” section found on this website http://www.bft-automation.com, or from the last update communicated to us by the user.
The processing of personal data in reference to the purposes as per point D. shall be valid for 24 months starting from the date of the response letter/e-mail received.
The processing of personal data in reference to the purposes as per point E. shall be valid for 24 months starting from the date when consent is given, unless withdrawn by the user.
The processing of personal data in reference to the purposes as per point F. shall be valid for 12 months starting from the date when consent is given, unless withdrawn by the user.
The processing of personal data in reference to the purposes as per point G. shall continue until the user exercises his/her right to object.
At the end of this period of data processing, the latter shall be deleted or rendered permanently anonymous.
RIGHTS OF THE DATA SUBJECTS
Specific rights are granted under the Regulation to the person to whom the personal data refers. In particular, the user, where there are the conditions and obviously where s/he does not revert to the hypothesis of a waiver of the rights granted under the Regulation (Article 23 of the Regulation), has the right to
• obtain confirmation that their personal data is being processed or not and if that is the case, obtain access to their own personal data and its communication (Article 15 of the Regulation);
• have any incorrect personal data that concerns them amended as well as the integration of any incomplete personal data, even by providing a supplementary declaration (Article 16 of the Regulation);
• withdraw their consent, where placed at the bottom of the processed data, and have their personal data deleted without unjustifiable delay, where justifiable to do so (Article 17 of the Regulation);
• impose a restriction on the processing of their data (Article 18 of the Regulation);
• receive their personal data in a structured format, for everyday use that can be read from an automatic device as well as transmit them to another data controller (Article 20 of the Regulation);
• oppose, at any time, the processing of their personal data (Article 21 of the Regulation);
• submit a complaint to the governing authorities.
Articles from 15 to 23 of the EU Regulation can be consulted at this link: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679
In the case of a registered user, the above-mentioned rights can be exercised
• by accessing his/her “Client Area” on the website where it will be possible to follow up on the above-mentioned rights.
• in the case of a non-registered user, by sending a simple request to the e-mail address firstname.lastname@example.org.
• in the case of the sending of a CV through the section “Work with us”, by writing to one of the following addresses: (i) e-mail to: recruiting-IT@somfy.com; (ii) post to: Recruitment Department, Personal Data Management, BFT Spa, Schio (VI), Via Lago di Vico 44, 36015 (Italia).