Privacy Policy of www.shielder.com

Data Controller

Shielder S.p.A. Via Palestro 1/C 10064, Pinerolo (TO), ITALY p.iva 11435310013

Shielder S.p.A. has appointed Chino S.r.l. as the Data Protection Officer (DPO) responsible for personal data protection matters. The DPO can be contacted at any time for inquiries or concerns related to the processing of personal data by Shielder S.p.A. You can reach the DPO at the following e-mail address: dpo@shielder.it

Shielder S.p.A. (hereinafter, “Controller” or “Shielder”), as Data Controller, informs Users pursuant to Art. 13 of EU Regulation no. 2016/679 (hereinafter, “GDPR”) that their data will be processed in the following modalities and for the following purposes:

Types of Data collected

This Website collects a range of Personal Data to facilitate its services and interactions with Users. The types of Personal Data gathered include first name, last name, phone number, company name, address, country, county, email address, ZIP/Postal code, and city.

For a comprehensive understanding of how each type of Personal Data is collected, used, and processed, Users can find detailed information in the dedicated sections of this privacy policy or through specific explanation texts displayed before the Data collection process. This ensures that Users are fully informed about the data they are providing and how it will be used.

It is essential to note that the provision of Personal Data is voluntary, and Users have the freedom to decide whether or not to provide their information. However, in certain cases, providing specific Data may be necessary for the Website to deliver its services effectively. In such instances, failure to provide the required Data may limit or prevent the Website from fulfilling its intended purposes.

Users must also acknowledge their responsibility for any third-party Personal Data that they provide, publish, or share through this Website. In such cases, Users must ensure that they have obtained the necessary consent from the relevant third parties before providing their Data to the Controller. By doing so, Users confirm that they have the legal right to share this information and have obtained explicit consent from the third party involved.

Data Processing Modalities and Location

Processing Methods

Shielder will process Personal Data in compliance with the GDPR and more generally with Italian and European legislation on privacy and protection of personal data (the “Applicable Law”).

The processing of any Personal Data will adhere to the principles of legality, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

Shielder places significant emphasis on data security and employs appropriate technical and organizational measures to safeguard all collected data, as required by Art. 32 of the GDPR. These measures ensure an adequate level of protection against potential risks to the confidentiality, integrity, and availability of Personal Data. The implementation of these measures takes into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, are all taken into account when implementing these measures.

The processing of Data is carried out using computers and/or IT-enabled tools, following organizational procedures and methods directly related to the specified purposes. Besides the Controller, in certain cases, third-party providers may have access to the Data to either support the operation of this Website (administration, sales, legal, system administration) or provide other services (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies). These third-party providers are appointed, if necessary, as Data Processors/Subprocessors by the Controller. An updated list of these parties can be requested from the Controller at any time. Shielder has verified industry frameworks and security measures employed by third-party providers to protect against security threats, ensuring the compliance of third-party providers with data protection regulations and adequate guarantees for Data transfers outside the EU.

The Controller may process Personal Data of Users when any of the following conditions are met:

  • Consent: Processing may occur if Users have provided their explicit consent for one or more specific purposes. This consent must be freely given, specific, informed, and expressed through a clear affirmative action. Moreover, the conditions for consent outlined in Art. 7 of the GDPR must be fully respected. The GDPR mandates that Users receive comprehensible information about what they are consenting to, and they must actively opt in. Shielder never conditions the provision of its Services on unnecessary collection of Personal Data.
  • Performance of an Agreement: Processing may be necessary for the execution of a contract in which the User is a party, or for fulfilling any pre-contractual obligations thereof.
  • Compliance with Legal Obligations: Processing may be required to comply with a legal obligation that the Controller is subject to.
  • Protection of Vital Interests: Processing may be necessary to protect the vital interests of the User or another natural person.
  • Public Interest or Official Authority: Processing may be related to a task carried out in the public interest or in the exercise of official authority vested in the Controller.
  • Legitimate Interests: Processing may be necessary for pursuing the legitimate interests of the Controller or a third party, except when these interests are overridden by the User’s interests or fundamental rights and freedoms that demand the protection of personal data, particularly in cases where the User is a child.

In any situation, the Controller is willing to clarify the specific legal basis for the processing, especially regarding whether providing Personal Data is a statutory or contractual requirement, or an obligation necessary to enter into a contract. For any questions or concerns regarding the processing of personal data by Shielder, please contact our Data Protection Officer at dpo@shielder.it.

Location

The Data undergoes processing at the Controller’s operational offices and other locations where parties involved in the processing are situated.

Depending on the User’s location, Data transfers may involve transmitting the User’s Data to a country different from their own. For detailed information regarding the processing location of such transferred Data, Users can refer to the section containing specifics about the processing of Personal Data.

In general, Shielder refrains from transferring Data to countries outside the European Union and the European Economic Area (EEA). However, for specific processing purposes like backup or hosting, Data transfers outside the EU may be necessary. In such instances, Data transfers will exclusively occur to Data Processors/Subprocessors who have implemented appropriate safeguards as outlined in Arts. 44-50 of the GDPR. These safeguards may include adequacy decisions or the use of Standard Contractual Clauses (SCCs) to ensure the Data’s security and compliance with Applicable Law.

Users have the right to know the legal basis of Data transfers to countries outside the European Union or to any international organization governed by public international law or established by two or more countries (e.g., the United Nations). Users also have the right to be informed about the security measures taken by the Controller to protect their Data during the transfer. Shielder has verified that providers offer adequate guarantees relating to Data transfers outside the EU.

Should any such Data transfer occur, Users can gather additional information by referring to the relevant sections of this document or by directly communicating with the Controller using the contact details provided in the contact section.

Retention time

Personal Data will be processed and stored only for as long as it is necessary to fulfill the purpose for which it was collected. The retention period for Personal Data depends on the specific basis for collection.

Therefore:

  • Personal Data collected based on consent will be retained as long as the consent remains valid. Users have the right to withdraw their consent at any time.
  • Personal Data collected for the performance of a contract between the Controller and the User will be retained until the contract has been fully executed.
  • Personal Data collected for the Controller’s legitimate interests will be retained as long as necessary to achieve those specific purposes. Users can find detailed information about the legitimate interests pursued by the Controller in the relevant sections of this document or by contacting the Controller.

Under certain circumstances, the Controller may be permitted to retain Personal Data for a longer period if the User has provided explicit consent for such processing, as long as the consent remains valid and has not been withdrawn. Additionally, the Controller may be obliged to retain Personal Data for an extended period if required to do so to fulfill a legal obligation or comply with an order from an authority.

Once the designated retention period expires, the Controller will appropriately and securely delete all Personal Data within its possession. Consequently, after the retention period has lapsed, Users will not be able to enforce their rights to access, erasure, rectification, or data portability concerning that specific Personal Data. It is crucial for Users to be aware of these rights and make any necessary requests within the applicable retention period.

In situations where the Controller is legally obligated by the Applicable Law to retain certain Personal Data, the Controller will securely store the Data and implement reasonable measures to prevent any further processing. The technical and organizational measures implemented in accordance with Art. 32 of the GDPR will continue to apply to the retained Personal Data, ensuring its confidentiality, integrity, and availability.

The purposes of processing

The Data concerning the User is collected to allow the Controller to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity.

For specific information about the Personal Data used for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.

Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes, utilizing the subsequent services:

Contacting the User

Contact form (this Website)

When the User submits their Data through the contact form, they grant authorization to this Website to utilize the provided details in responding to various inquiries, such as information requests, proposals, collaborations, job applications, or any other type of request as indicated in the form’s header.

The processed Personal Data includes the User’s name, surname, company, email, phone number, and any additional data voluntarily disclosed by the User in their written message.

It is important to note that the User retains the right to withdraw their consent at any time. However, this withdrawal of consent will not affect the lawfulness of the processing that occurred based on the User’s consent before its withdrawal.

User Rights

Users possess certain rights regarding the processing of their Data by the Controller, as provided by Applicable Law. These rights include:

  • Withdraw their consent at any time. Users have the right to withdraw consent previously given to the processing of their Personal Data. Withdrawing consent should be as easy as giving consent.
  • Object to processing of their Data. Under specific circumstances set out in Art. 21 GDPR, the data subject has the right to object to processing that will oblige the controller to refrain from further processing of said individual’s Personal Data. Specific details on this right are provided in the dedicated section below.
  • Access their Data. Users have the right to request confirmation from the Controller whether their Personal Data is being processed and, if so, access to that Data and additional information about the processing.
  • Right to rectification. Users can request the rectification of inaccurate or incomplete Personal Data concerning them.
  • Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Controller will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Controller.
  • Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details about the right to object to processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Controller or for the purposes of the legitimate interests pursued by the Controller, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Controller is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to exercise these rights

To exercise their rights, Users can submit a request to the Controller using the contact details provided in the privacy policy. The Controller will respond to these requests without undue delay and in any event within 1 month of receipt of the request in line with Art. 12 Sec. 3 of the GDPR. The information period may be extended by two further months where necessary based on the complexity and number of requests received. In this case, the data subject must be informed of any such extension within 1 month of receipt, together with an indication of the reasons for the delay. Please note that certain conditions and exceptions may apply to these rights, and the Controller will inform Users accordingly when responding to their requests.

Additional information about Data collection and processing

The User’s Personal Data may be used for legal purposes by the Controller in Court or in the stages leading to possible legal action arising from improper use of this Website or the related Services. The User declares to be aware that the Controller may be required to reveal personal data upon request of public authorities.

Additional information about User’s Personal Data

In addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.

System logs and maintenance

For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System logs) use other Personal Data (such as the IP Address) for this purpose.

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Controller at any time. Please see the contact information at the beginning of this document.

How “Do Not Track” requests are handled

This Website does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

Changes to this privacy policy

The Controller reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Website and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to the Controller. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

Should the changes affect processing activities performed on the basis of the User’s consent, the Controller shall collect new consent from the User, where required.

Personal Data (or Data)

Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

Usage Data

Information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.

Processing

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

User

The individual using this Website who, unless otherwise specified, coincides with the Data Subject.

Data Subject

The natural person to whom the Personal Data refers.

Data Processor (or Data Supervisor)

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller (or Controller)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Controller of this Website.

This Website (or this Application)

The means by which the Personal Data of the User is collected and processed.

Service

The service provided by this Website as described in the relative terms (if available) and on this site/application.

European Union (or EU)

Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (“GDPR”).

This privacy policy relates solely to this Website, if not stated otherwise within this document.

Latest update: July 31, 2023