Privacy Policy

1. Data Controller

CDS HOLDING SPA | HEAD QUARTER
VIA DELL’INDUSTRIA, 36 – 25030 ERBUSCO (BS) ITALY
TEL. +39 030 77 04 220
Tax code and VAT code no 02356570982

CORPORATE CAPITAL € 17.750.000,00.

REGISTERED WITH BRESCIA’S COMPANY REGISTRY UNDER NO.02356570982 – AND NO. 442975

Data controller’s email: reception@cds-group.com

2. Collected Data

Personal data provided by the users

Personal data provided by the users who send an e-mail to the Controller at the contact details identified in the “Contact us” section of the website include users’ personal and contact details (e.g. name, surname, e-mail address- the Identification Data).

Users are invited not to provide Identification Data unless essential for the purpose described in point 3 below. If the e-mail sent by the user contains data that is not relevant to the purpose set out in point 3 below, the Controller will refrain from using such information.

3. Purpose and legal of the processing

Follow up on users’ requests

The Identification Data shall be processed to follow up on requests that the users may send to the Controller at the addresses indicated on the website.

The processing of Identification Data for this purpose is necessary, on one hand, for the legitimate interest of the Controller to detect users in order to provide its services and to provide information about them. This interest of the Controller has been balanced with that of the users and is compatible with the reasonable expectation of the latter to receive replies to the requests forwarded to the Controller. On the other hand, it is necessary to carry out pre-contractual and contractual measures adopted at the user’s request, and, if necessary, to fulfil the related legal obligations.

In the event that the request sent by the users does not give rise to any pre-contractual or contractual relationship between the Controller and the user, it will in any case be possible for users, at any time, to object to such processing, by writing to the Controller, at the addresses indicated in point 6 below. In any case, any objection will not affect the lawfulness of the processing carried out until that moment by the Controller but will imply the duty of the Controller to erase all Identification Data and the impossibility of following up any pending requests.

The disclosure of the Identification Data for this purpose is made by the users on a voluntary basis and it is necessary: refusal to do so will make it impossible for the Controller to verify the request received, providing information to the user, as well as the impossibility of establishing a possible contractual relationship with the Controller.

4. Recipients of Identification Data

The Identification Data will be processed by employees and collaborators of the Controller or, if necessary, by employees of the company CDS Costruzioni S.p.A., which belongs to the same group and will process them as independent data controller, providing its own privacy policy regarding the processing of such data.

In no other case the Identification Data will be communicated to third parties, unless is necessary to comply with requests from the Judicial Authority, Public Security, or another Public Authority.

The complete list of recipients of the Identification is kept at the registered office of the Controller and can be consulted on request to be sent to the Controller, at the addresses indicated in point 6 below.

5. Modalities of processing and storage of Identification Data

The Controller will process the Identification Data with and without the use of electronic, computerized, or automated tools. Specific and adequate logical, organizational, and technical security measures have been implemented by the Controller to prevent the loss of the Identification Data, as well as any unlawful or unauthorized use of the same and unauthorized access.

The Identification Data will not be processed and stored by the Controller for a period of time longer than is strictly necessary to achieve the purposes for which it was collocated (see point 3 of this privacy policy) and, in particular, Identification Data are stored to respond to users’ requests, for a maximum period of 12 months after the last contact. If a contractual relationship is established between the user and the Controller, the Identification Data will be processed for the period identified in the privacy policy attached to the related contract.

The Identification Data will be kept for longer if is necessary to comply with obligations established by law or to ensure the judicial protection of the Controller’s rights.

6. User’s rights and contact details

The users, as data subject, have at any moment the rights to:

• Ask and obtain access to their Identification Data.
• Ask and obtain the cancellation or the restriction on the processing of the Identification Data.
• Ask and obtain the rectification and the update of Identification Data.
• Object to the processing of Identification Data, according to the procedure described in point 3 above, without affecting the lawfulness of the processing carried put before the objection.

In order to exercise the rights referred to in the points above is always possible to contact the Controller at the addresses indicated in point 1 above.

Furthermore, users may always lodge a complaint with the Data Protection Authority.