1. Data Controller
Wonder S.p.A., with registered office in via Boschetto, 10, 26100 Cremona, Tax Code and VAT no. 00106500192, hereinafter referred to as "Data Controller", guarantees compliance with the regulations on the protection of personal data by providing the following information on the processing of data pursuant to Art. 13, EU Regulation 2016/679 (General Data Protection Regulation – GDPR) and subsequent amendments.
2. Data processed, purposes and legal bases of the processing
2.1. Data generated by access to the site
During their normal operation, the computer systems and software procedures used to operate this website acquire certain personal data in an automated way, the transmission of which is implicit in the use of internet communication protocols.
The information collected could include the following:
- domain names;
- Internet Protocol (IP) address;
- operating system used;
- type of browser and device parameters utilised to connect to the Website;
- the web page that referred the origin and exit of the visitor (referral).
The information listed here is processed automatically and collected in an exclusively aggregated form in order to verify the correct functioning of the Website, and for security reasons.
The legal basis for data processing is the legitimate interest of the Data Controller.
2.2. Data recorded for security purposes
As a security measure (anti-spam filters, firewalls, and virus detection), the data automatically stored may also include personal data such as the IP address. Such data may be used to block attempts to hack the Website or other users, or any other harmful or illegal activity, and is handled according to the laws governing data usage and storage. These data are never used for the identification or profiling of the user, but only for the purpose of protecting the Website and its users.
The legal basis for data processing is the legitimate interest of the Data Controller.
2.3. Data submitted voluntarily by users
The personal data provided by the user through the form are collected and processed for the following purposes:
- for carrying out customer relationship activities based on contractual and/or pre-contractual agreements;
- for administrative purposes and for the fulfilment of legal obligations such as those of accounting, tax, or to comply with requests from the judicial authority;
- for the occasional sending of emails relating to products already purchased or similar to them (so-called “soft-spam”);
- in the case of sending a Curriculum Vitae, exclusively for selection purposes.
The legal basis for the data processing:
- with respect to the purposes referred to in point 2.3 letters a, b and d is the performance of a contract to which the Data Subject is party or the performance of pre-contractual measures adopted at the request of the Data Subject;
- with respect to the purposes referred to in point 2.3 letter c is the legitimate interest of the Data Controller.
2.4. Data collected through the "contact" and "submit your application" forms
For complete information, please note that when sending communications, the Data Controller uses the Joomla Fox Contact plugin, which blocks unwanted mailings and records all mailings and attempts to send them in a log file.
The collection of such data is functional to the use of the platform and is an integral part of the functionality of the system for sending messages.
The legal basis for such data processing:
- with respect to the purposes referred to in point 2.3 letter c is the legitimate interest of the Data Controller;
- with respect to the purposes referred to in point 2.3 letter d is the execution of pre-contractual measures adopted at the request of the Data Subject.
3. Nature of data provision
Apart from what has been specified for navigation data and for data collected through the contact form, the provision of data:
- with respect to the purposes referred to in point 2.3 letters a, b and d is optional, but any refusal will make it impossible for the Data Controller to implement the contractual or pre-contractual commitments undertaken;
- with respect to the purposes referred to in point 2.3 letter c is also optional but any refusal will make it impossible for the Data Controller to send emails relating to products already purchased or similar.
4. Places and methods of data processing and retention times
The data collected by this Website is processed at the headquarters of the Data Controller and at the web hosting datacenter regularly indicated as Data Processor.
The data collected will be processed by electronic or automated, computerized and telematic means, or by manual processing with logic strictly related to the purposes for which the personal data were collected and, in any case, in order to ensure the security of the same.
The data are kept for the time strictly necessary to manage the purposes for which the data are processed ("Conservation limitation principle", Art. 5, EU Regulation 2016/679) or in compliance with the deadlines provided for by current regulations and legal obligations.
Periodic verification of the obsolescence of stored data is performed in relation to the purposes for which it was collected.
The data collected by navigation, used for security purposes, are stored for 5 years.
In any case, the Data Controller practices rules that prevent the retention of data for an indefinite period of time and therefore limits the retention time in compliance with the principle of minimising data processing.
5. Subjects authorised to process data, data processors and communication of data
The processing of the collected data is carried out by internal personnel of the Data Controller for this purpose identified and authorised for the processing according to specific instructions given in compliance with current legislation.
The data collected, within the limits pertinent to the processing purposes indicated and if necessary or instrumental to the execution of the same purposes, may be processed by third parties appointed as External Data Processors, or, as the case may be, communicated to them as independent Data Controllers, namely:
- companies belonging to our corporate group for the purposes set out in point 2.3 letters a, b and e;
- people, companies, associations or professional firms that provide assistance and advice to our Company, for the purposes set out in point 2.3 letter b and e;
- companies, organizations, associations that provide services related and instrumental to the execution of the above-mentioned purposes (analysis and market research service, credit card payment management, maintenance of computer systems).
The data collected may be provided in case of legitimate request, only in the cases provided for by law, by the Judicial Authority.
Your personal data will in no case and for no reason whatsoever be disclosed.
The Data Processors and Persons in Charge of the processing in office are identified in the Privacy Document, which is updated on a regular basis.
6. Transfer of Data to Non-EU Countries
The data collected may also be transferred abroad, even outside the European Union in the forms and ways provided for by current legislation, ensuring, in any case, an adequate level of protection.
This Website may share some of the data collected with services located outside the European Union. This Website may share some of the data collected with services located outside the European Union. The transfer is authorised on the basis of specific decisions of the European Union and the Italian Data Protection Authority, in particular Decision 1250/2016 (Privacy Shield – here the information page of the Italian Data Protection Authority), for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
You can find information about data usage and GDPR compliance at the following links:
- Google (including YouTube) here;
- Facebook here;
- LinkedIn here and here;
- Google Analytics here and here.
7. Rights of the Data Subject
In relation to the Personal Data communicated, the Data Subject has the right to exercise the following rights:
- (Art. 7.3 EU Regulation 679/2016 – GDPR) withdrawal of consent;
- (Art. 15 EU Regulation 679/2016 – GDPR) access and request a copy;
- (Art. 16 EU Regulation 679/2016 – GDPR) request correction;
- (Art. 17 EU Regulation 679/2016 – GDPR) request cancellation ("right to be forgotten");
- (Art. 18 EU Regulation 679/2016 – GDPR) obtain the limitation of processing;
- (Art. 20 EU Regulation 679/2016 – GDPR) receive them in a structured, commonly used and machine-readable format for the purpose of exercising the right to portability;
- (Art. 21 EU Regulation 679/2016 – GDPR) oppose the processing.
Requests relating to the exercise of the user's rights will be processed without undue delay and, in any case, within one month of the request; only in cases of particular complexity and according to the number of requests may this period be extended by a further 2 (two) months.
Last updated: June 1st, 2020