PRIVACY POLICY

INFORMATION ON THE PROCESSIONG OF PERSONAL DATA

DATA CONTROLLER

Pianoforte Holding Spa, with registered office in Milano, Corso Magenta 74, cap 20123, VAT Number 07232440961, registered to the “Registro delle Imprese” of Milano MI-1945213 (hereinafter also referred to as "Company" or “Data Controller”).

1 – PROCESSING PURPOSES

1.1 – Contractual purposes: to view the web pages and to use the services ("Services") of the Company offered through the website www.gocarpisa.com ("Site").

1.2 – Marketing purposes: sending, with automated methods of contact (such as SMS, MMS and e-mail) and traditional (such as phone calls with operator and traditional mail), newsletters, promotional and commercial communications relating to services / products offered by the Company o reporting of corporate events, as well as carrying out market studies and statistical analyzes.

1.3 –Profiling purposes: analysis of your preferences, habits, behaviors or interests in order to send you personalized commercial communications.

1.4 – Obligations of the law: fulfill the obligations established by regulations and applicable national and supranational legislation.

1.5 – Sending newsletters: if requested by registration with this service.

1.6 – Rights of the Data Controller: if necessary, to ascertain, exercise or defend the rights of the Data Controller in court.

1.7 – Site Operations: the computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified, but by their very nature could, through processing and association with data held by the Company or third parties, allow users to be identified on the Site.

2 – LEGAL BASIS OF DATA PROCESSING

2.1 - Contractual Purpose: execution of a contract of which you are a part, such as use the Company's Services through the Site.

2.2 - Marketing and profiling purposes: consent (optional and revocable at any time).

2.3 – Legal obligations: need to comply with legal obligations.

2.4 - Sending newsletters: execution of a contract of which you are a part, or the subscription to the newsletter.

3 – DATA RETENTION OF PERSONAL DATA

3.1 - Contractual Purposes, Legal obligations and Sending of newsletters: for the entire duration of the contract and, after the termination, for 10 years.

3.2 - Purpose of marketing and profiling: until the withdraw of consent for these purposes.

3.3 – Site Operations: for the duration of the browsing session on the Site.

Once the above storage terms have expired, your personal data will be destroyed, deleted or made anonymous, consistent with the technical cancellation and backup procedures.

4.1 - PERSONAL DATA PROCESSED FOR CONTRACTUAL PURPOSE - OBLIGATIONS OF LAW - RIGHTS OF THE DATA CONTROLLER - RECEIVED CREDITS

Anagraphic data, contact data

4.2 - PERSONAL DATA PROCESSED FOR MARKETING AND PROFILING PURPOSES

Anagraphic data, contact details, data collected through the Site, for example from cookies installed by the Site.

4.3 - PERSONAL DATA PROCESSED FOR SENDING NEWSLETTER

Name and Surname, E-mail.

4.4 - PERSONAL DATA PROCESSED FOR THE FUNCTIONING OF THE SITE

The IP addresses or domain names of the computers used by users connecting to the Site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (good order, error, etc.), other parameters related to the operating system and the user's computer environment, information relating to user behavior on the Site, to the pages that have been visited or searched, in order to select and make specific announcements to the user of the Site and the data relating to the browsing behavior held on the Site using, for example, using cookies.

5 – BINDING OF DATA PROCESSING

The provision of personal data referred to in point 4.1 for the purposes referred to in paragraph 1.1 is mandatory. The refusal to provide the aforementioned personal data does not allow, therefore, the possibility of using the services of the Site and of the Company.

The provision of personal data referred to in point 4.2 for the purposes referred to in points 1.2 and 1.3 is optional and subject to your consent.

Some personal data referred to in point 4.4 are strictly necessary for the operation of the Site, others are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing. In the processing of personal data that can directly or indirectly identify your person, we try to respect a principle of strict necessity. For this reason, we have configured the Site in such a way that the use of personal data is kept to a minimum and in order to limit the processing of personal data that allow identifying it only in case of need or at the request of the authorities and police (as, for example, for data relating to traffic and your stay on the Site or to your IP address) or for ascertaining responsibility in the event of hypothetical computer crimes against the Site.

6 - DATA RECIPIENTS

The data may be processed by external subjects operating as autonomous holders such as, for example, authorities and supervisory and control bodies and in general subjects, public or private, entitled to request data.

The data may also be processed, on behalf of the Company, by external parties designated as Data Processors, who are given appropriate operating instructions. These subjects are essentially included in the following categories:

a. companies that manage functions of the Site;

b. companies that offer e-mail sending services;

c. companies that offer support in carrying out market studies;

d. companies that offer customer care services.

7 – SUBJECTS AUTHORIZED TO DATA PROCESSING

Your data may be processed by employees of the Company's corporate functions appointed for the pursuit of the aforementioned purposes, who have been expressly authorized to process and who have received adequate operating instructions.

The data referred to in point 4.4 collected during navigation of the Site will be processed by employees, collaborators of the Company or external subjects, as persons in charge of data processing, who perform technical and organizational tasks on the Site.

A complete and updated list of Data Processors and Sub Data Processors appointed by the Company can be obtained by writing an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it.

8 – YOUR RIGHTS AS DATA SUBJECT - COMPLAINTS TO THE DATA PROTECTION AUTHORITY

By contacting the Company by e-mail at This email address is being protected from spambots. You need JavaScript enabled to view it. you can ask the Company for access to data concerning them, their deletion, correction of inaccurate data, the integration of incomplete data, the limitation of processing in the cases provided for by art. 18 of the GDPR, as well as the opposition to the processing in the case of legitimate interest of the Company.

Furthermore, in the event that the processing is based on consent or contract and is carried out using automated tools, you have the right to receive your personal data in a structured, commonly used and automatically readable form, as well as, if technically feasible, to transmit them to another holder without impediments.

You have the right to revoke the consent given at any time for marketing and / or profiling purposes, as well as to object to the processing of data for marketing purposes, including profiling related to direct marketing. It remains the possibility that he prefers to be contacted for the aforementioned purpose exclusively through traditional methods, to express his opposition only to the receipt of communications through automated methods.

You have the right to lodge a complaint with the competent Data Protection Authority in the Member State where you normally reside or work or of the State in which the alleged violation has occurred.

9 – DATA SECURITY

Your personal data will be processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected and in compliance with the principle of necessity and proportionality, avoiding the processing of personal data when operations can be performed through the use of data anonymous or by other means.

We have adopted specific security measures to prevent the loss of personal data, illicit or incorrect use and unauthorized access, but please do not forget that it is essential for the security of your data that your device is equipped with tools such as antivirus constantly updated and that the provider providing the Internet connection guarantees the secure transmission of data through firewalls, anti-spam filters and similar safeguards.

© 2018 GO Carpisa. Kuvera spa P. IVA 07563710636. All Rights Reserved