Privacy Policy pursuant to Article 13 of Regulation (EU) 2016/679 and Article 13 of the UK General Data Protection Regulation
Dear User,
Immergas S.p.A. manufactures and markets thermo-domestic appliances (hereinafter referred to as “Appliances” or “Appliance”) and, upon request, supplies with the Appliance an application that allows you to take advantage of specific functions relating to the management of the Appliance (hereinafter referred to as the “APP”). To enable you to access and use the services offered by the APP, our Company needs to process some of your personal data for the purposes specified below. In this regard, pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter the “GDPR”) and to Article 13 of the UK General Data Protection Regulation (hereinafter ‘UK GDPR’), we are providing you with appropriate information regarding the processing of your personal data.
1. WHO IS THE DATA CONTROLLER
The Data Controller of your personal data is the company Immergas S.p.A. with registered office in Brescello – Via Cisa Ligure, 95 – 42041 Reggio Emilia, (ITALY), C.F. / P. IVA number 00932830359 (hereinafter the “DATA CONTROLLER” or “IMMERGAS”).
2. WHAT PERSONAL DATA IS PROCESSED
The DATA CONTROLLER may process the following types of personal data concerning you (hereinafter collectively the “PERSONAL DATA”) that are strictly relevant, necessary and functional for the pursuit of the purposes indicated in point 3 below:
2.1 your identification data (such as – for example – name, surname, country, serial number of the Appliance etc.);
2.2 your contact data (telephone number, e-mail address);
2.3 other data: geographical coordinates of the Appliance, name of its Wi-Fi Internet connection;
2.4 connection data: such information may include, but is not limited to, your account, the operating system of the device used to access the APP, or details about the Internet service provider, mobile network, IP address;
2.5 proximity data: the data that allow you to verify the proximity of your mobile device to the Appliance.
3. WHAT ARE THE PURPOSES OF PROCESSING THIS DATA
The DATA CONTROLLER may process your PERSONAL DATA in order to execute a contract to which you are a party and/or contractual measures taken at your request and in particular to make available, through the use of the APP, the following features and services
3.1 Autonomous and remote adjustment of the Appliance.
3.2 Enabling an authorized Technical Service Centre to remotely adjust the Appliance. This service is activated only following specific authorization from the user, who can revoke the authorization at any time by accessing the appropriate permissions section of the APP.
3.3 Viewing the operating status and/or any anomalies of the system via the APP.
3.4 Use of the “Away” proximity service. The service records – at periodic intervals – the proximity/closeness status of the user’s mobile device to the Appliance, and provides the ability to automatically adjust and set the thermal comfort of the Appliance. The service is activated following specific authorization from the user, through the selection of the “Activate” option when first using the Away feature. The user can any time activate or deactivate the Away service by accessing the appropriate location permissions section of their mobile device.
The DATA CONTROLLER may also process your PERSONAL DATA to exercise and defend its rights in judicial and/or administrative proceedings.
4. LAWFULNESS OF PROCESSING
Within the limits of the purposes referred to in point 3 above, consent to the processing of PERSONAL DATA is not required insofar as the processing is necessary for the performance of a contract or the execution of pre-contractual measures taken at the request of the data subject and the pursuit of a legitimate interest of the DATA CONTROLLER.
5. NATURE OF THE PROVISION OF DATA AND CONSEQUENCE OF REFUSAL
The processing of PERSONAL DATA is necessary for the complete and correct functioning of the APP, therefore, failure to provide and/or incorrect provision of such data makes it impossible for the user to use – in whole or in part – the functionalities of the APP and, for the DATA CONTROLLER, to duly implement the contractual agreements made with the user.
6. HOW YOUR PERSONAL DATA WILL BE PROCESSED
6.1 The processing of PERSONAL DATA may involve all the operations indicated in the art. 4, paragraph 2 of the GDPR. In any case, the principles applicable to data processing set forth in Article 5 of the GDPR itself will be respected. The processing of PERSONAL DATA will be carried both manually and with the aid of IT tools. PERSONAL DATA may be stored in paper and electronic archives.
6.2 The processing of PERSONAL DATA will be carried out in a manner that guarantees their security and confidentiality, through the adoption of appropriate measures to prevent their alteration, deletion, destruction, unauthorized access or processing that is not permitted or does not conform with the purposes of the collection.
6.3 PERSONAL DATA will not be processed by the DATA CONTROLLER through automated system or decision-making systems or processes, including profiling, where profiling is defined as any form of automated processing of personal data aimed at analysing or predicting certain personal aspects including, but not limited to, aspects concerning professional performance, economic situation, personal preferences, interests or behaviour.
7. TO WHOM YOUR PERSONAL DATA MAY BE DISCLOSED AND WHO MAY BECOME AWARE OF THEM
7.1 Within the organizational structure of the DATA CONTROLLER, may have access to PERSONAL DATA, within the limits and in the manner set forth in their respective assignments and exclusively for the pursuit of the purposes above indicated, the subjects expressly authorized by the DATA CONTROLLER.
7.2 The processing of PERSONAL DATA may be entrusted by the DATA CONTROLLER to third parties who carry out on behalf of the DATA CONTROLLER specific activities related to the purposes set out in point 3 who, due to their experience capacity and reliability, guarantee full compliance with the current provisions on data processing and protection, including the security profile and who will be, in this case, appointed as Data Processors.
7.3 PERSONAL DATA may also be communicated to third parties, public or private, operating as autonomous Data Controllers, exclusively when entitled to request the data.
8. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION
Your PERSONAL DATA will not be subject to transfer by the DATA CONTROLLER to third countries or to international organizations outside the European Union if the safeguard mechanisms provided for in CHAPTER V, articles 44 et seq. of the GDPR have not been adopted or are not in force.
9. RETENTION PERIOD OF PERSONAL DATA
The PERSONAL DATA will be kept until the purposes set out in point 3 have been fulfilled. Once the aforementioned purposes have been exhausted, the DATA CONTROLLER will delete the PERSONAL DATA.
There is also an automatic cancellation mechanism after two years of non-use of the account by the user. One month before the cancellation, the user will be notified by e-mail of the impending cancellation and will be able to avoid it by using his account.
10. CONTACT DETAILS OF THE DATA CONTROLLER AND OF THE DATA CONTROLLER’S REPRESENTATIVE
In relation to the Data processing operations described in this Policy, the user, as Data Subject, may, under the conditions provided for in the GDPR and in the UK GDPR, exercise the rights set out below by contacting the DATA CONTROLLER:
- by registered mail with return receipt: Immergas S.p.A., Via Cisa Ligure, 95 – 42041 Brescello (Reggio Emilia), ITALY
- by e-mail: privacy@immergas.com
- by certified e-mail: immergas@legalmail.it
or, at his/her choice, by contacting the Representative designated by the DATA CONTROLLER pursuant to Article 27 of the UK GDPR, Alpha Therm LTD, trading as Alpha Heating Innovation, organized and existing under the laws of the country of England, having its offices at Nepicar House, London Road, Wrotham Heat, TN157RS Kent, UK, by e-mail: dataprotection@alpha-innovation.co.uk.
11. DATA SUBJECT’S RIGHTS
art. 15 Right of access: the data subject has the right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning him/her are being processed and, if so, to obtain access to Personal Data. At the request of the data subject, the Data Controller shall provide the data subject with a copy of the personal data undergoing processing.
art. 16 Right to rectification: the data subject has the right to obtain from the Data Controller, without undue delay, the rectification of inaccurate personal data concerning him/her and, therefore, the integration of incomplete Personal Data.
art. 17 Right to erasure (so-called “Right to be forgotten”): the data subject has the right to obtain the erasure of Personal Data. A concerning him/her without undue delay, and the Data Controller has the obligation to erase without undue the Personal Data for the reasons and within the limits of the provisions of the art. 17 of the GDPR.
art. 18 Right to limitation of processing: the data subject has the right to obtain from the Data Controller a limitation of the processing of his or her data in the cases provided for in Article 18 of the GDPR
art. 19 Obligation to notify in the event of rectification or erasure of PERSONAL DATA or restriction of processing: in case of exercise of the right to rectification, erasure and restriction, the Data Controller shall notify each of the recipients to whom the Personal data have been transmitted of any rectification or erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. The Data Controller communicates the data subject of such recipients if the data subject so requests.
art. 20 Right to data portability: the data subject has the right to receive, in a structured format, commonly used and machine-readable format, Personal Data concerning him/her that has been provided to the Data Controller and has the right to transmit such data to another data controller without hindrance from the data controller to whom he or she has provided the data if the processing is based on consent or on a contract or if the processing is carried out by automated means.
art. 21 Right to object: the data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of Personal Data concerning him or her. In this case, the Data Controller shall refrain from further processing the Personal Data, unless he demonstrates the existence of compelling legitimate reasons for processing that override the interests, rights and freedoms of the data subject or for the establishment, the exercise or defense of legal claims.
art. 22 Automated decision-making relating to natural persons, including profiling: the data subject has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects on his person.
The exercise of your rights, as a data subject, is free of charge. However, in the case of requests that are manifestly unfounded or excessive, including because they are repetitive, the DATA CONTROLLER may charge you a reasonable fee, in light of the administrative costs incurred in handling your request, or deny satisfaction of your request.
We also inform you that, as a data subject, you have the right to lodge a complaint with the Supervisory Authority if you believe that your personal data have been processed in violation of the data protection regulations.