Website Data Protection Statement and Cookie Policy

This statement has been specifically drawn up for visitors to our website www.dunagroup.com.
This document replaces the document previously published. This Data Protection Statement complies with EU Directive 2009/136/EC, the Provision issued by the Italian Data Protection Authority of 8 May 2014 (Official Gazette no. 126 of 3 June 2014) and Regulation (EU) 2016/679 implemented on 25 May 2018.

---

DUNA-Corradini S.p.A.
Via Modena - Carpi, 388 - 41019 Soliera MO - Italia
c.f./p.iva IT01803960366
Registro imprese di Modena - REA MO-244242
Stock capital € 2,000,000 fully paid-up
PEC:

---

Data subjects: Users of the website www.dunagroup.com

DUNA CORRADINI SPA in its capacity as Data Controller of your personal data - pursuant to and in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 - hereby informs you that the above-mentioned legislation provides for the protection of persons and other data subjects regarding the processing of personal data and that such processing will be based on the principles of fairness, lawfulness, and transparency and will safeguard your privacy and rights.
The information and personal data provided by you or otherwise obtained when visiting the website shall be processed in accordance with current legislation, the above-mentioned legislation and any other privacy requirements provided therein.

Types of data subject to processing

Browsing Data

The IT systems and software procedures used to operate the website may acquire, during their normal activity, some personal data whose transmission is unavoidable when using Internet communication protocols. This information is not obtained in order to be linked with the data subjects identified, but because of its very nature it may help identify the Users through the processing and association of data obtained by third parties. This category of data includes the IP addresses or domain names of the computers used by the User connecting to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used when submitting the request to the server, the size of the file obtained in the reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the operating system and to the software being used by the User. This data is used for the sole purpose of extracting anonymous statistical information on the use of the website and to check that it is functioning correctly. The data may be used to establish who is responsible in the event of a hypothetical data breach that could damage the website.

Data freely provided by the User

The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the website involves the subsequent acquisition of the sender’s address, which is essential in order to respond to requests, as well as any other personal data included in the message.
Specific short versions of statement are gradually added or viewed on the pages of the website for the services requested and include a form for data collection.

Voluntary Data Provision

Except for the provisions specific to browsing data, the User is free to provide his/her personal data contained in the request form or otherwise indicated in correspondence to speed up the sending of information or other communications. Failure to provide this data may make it impossible to obtain the service requested. For the sake of completeness, please note that in some cases (not subject to ordinary website administration) the Authorities may request certain details and other information in accordance with the applicable legislation, for the purposes of monitoring the processing of personal data. In these cases we are obliged to comply.

Methods of processing:

The Data collected from the forms is processed mainly by electronic means. Your Personal Data will be processed through the activities indicated in Article 4(2) of the GDPR - with or without the use of automated means - and more specifically by: collecting, recording, organising, structuring, updating, storing, amending or changing, extracting and analysing, consulting, using, communicating by transmitting, comparing, interconnecting, restricting, erasing or removing data.
All data processing will be carried out in compliance with the procedures laid down in Articles 6, 32 of the GDPR and by adopting the minimum data security measures.
The processing related to web services is carried out at the Data Controller’s offices and at the offices of the duly appointed external provider who is responsible for external processing. The Cloud provider will ensure the data is stored in Europe.

Communication:

Your data will be processed within the company by the persons authorised and appointed by the Data Controller (for further details, please contact the Data Controller):
Your data may be transmitted to third parties, in particular to:

• the external provider
• companies that carry out ordinary and extraordinary website maintenance.

Disclosure:

Your data will not be disclosed in any other way

Personal Data storage period:

We hereby inform you that, in accordance with the principles of lawfulness, purpose limitation and data minimisation, pursuant to Article 5 of the GDPR, your personal data will be stored for a maximum period of 10 years.
With reference to browsing data we have set a period of time which is sufficient for the purposes for which that data is collected and processed. As previously indicated, the data is processed for the sole purpose of extracting anonymous statistical information on website use and to check that it is functioning correctly.
With reference to the data freely provided by the User through forms, the storage period is the time required to respond to the User’s requests (more details are included in the Data Protection Statement relating to the form).

COOKIES

In accordance with the provision of 8 May 2014 (Register of provisions no. 229) we hereby inform you that we do not use cookies to obtain the User's personal data

We do not use cookies to transmit personal data, nor do we use any so-called persistent cookies , in other words, systems that keep track of Users.

The use of so-called session cookies (which are not memorised permanently on the User's computer, and expire after the browser is closed) is strictly limited to transmitting session identifiers (consisting of random numbers generated by the server) necessary to enable safe and efficient website browsing.

The session cookies used on this website avoid resorting to other computer techniques that could potentially compromise the User's browsing privacy and do not allow the acquisition of data that identifies the User. There is a third-party cookie, Google tag manager, which is considered to be one of the essential tools by the Ghostery tracker and is particularly useful when placed in a search engine.

Cookie Analytics - Third party cookies

This website uses third-party cookies by “Google Analytics”, a statistical analysis service provided and managed by Google. The Google Analytics systems on www.dunagroup.com has been set up in order to reduce the identification power of cookies and the functions that allow for cross information by third parties have also been disabled. With these settings, this type of cookie is equivalent to a technical cookie.
Useful addresses if you wish to obtain more information about the Google Analytics privacy policy:

• http://www.google.com/analytics/terms/it.html
• http://www.google.com/privacypolicy.html

Analytical cookies are not necessary for the functioning of our website.

DATA PROTECTION STATEMENT APPLICATION

If you have any questions about this statement, please contact DUNA-Corradini Spa in the first instance, by sending an e-mail to privacy@dunagroup.com

CHANGES TO THIS DATA PROTECTION STATEMENT

DUNA-Corradini SPA reserves the right to update this Privacy Policy to adapt it to the supervening legislation, as well as taking into account any advice given by employees, customers, colleagues, and Users. In the event of any changes to this document the word ‘update’ will show at the bottom of the website page.

Rights of the Data Subject pursuant to Articles from 15 to 22 of Regulation (EU) 2016/679
In accordance with the provisions contained in Articles 15,16,17,18,19,20,21 and 22 of the GDPR, you have the right to exercise the rights contained therein and in particular,

1. the right to access your personal data;
2. the right to rectification or erasure of such data or restriction to the processing relating to it. In the event of a request to erase personal data, the Data Controller, taking into account the technology available and the cost of implementation, shall take reasonable steps, including technical measures, to inform the data controllers processing the personal data, that the data subject has requested the erasure of any links to, or copy or replication of those personal data;
3. the right to object to the processing;
4. the right to data portability;
5. the right to withdraw consent at any time without prejudice to the lawfulness of the processing based on consent given prior to the withdrawal;
6. the right to lodge a complaint with a supervisory authority.

---

Date of last update: 21/11/18