Privacy Policy for www.gvfimpianti.eu

Last Updated: May 10, 2025

GVF Impianti Srl ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website www.gvfimpianti.eu (the "Site"), including any other media form, media channel, mobile website, or mobile application related or connected thereto. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

1. Data Controller

The Data Controller for personal data collected through this Site is:

GVF Impianti Srl
Via Milano 6/a, 42048 Rubiera (RE), Italy
VAT ID: IT01923020356
Email: info@gvfimpianti.it
PEC: gvf@pec.gvfimpianti.it

2. Types of Data Collected

We may collect personal information from you in a variety of ways. The types of Personal Data that this Site collects, by itself or through third parties, include:

Data provided voluntarily by the user:
- Contact Information: such as your name, email address, telephone number, company name, and any other information you provide when you fill out contact forms, subscribe to our newsletter, request a quote, or otherwise communicate with us.
Usage Data (Navigation Data):
- Information our servers automatically collect when you access the Site, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site. This information is primarily needed to maintain the security and operation of our Site, and for our internal analytics and reporting purposes.
Cookies and Similar Technologies: We use cookies and similar tracking technologies to track the activity on our Site and hold certain information. For further information, please see our Cookie Policy.

Failure to provide certain Personal Data may make it impossible for this Site to provide its services.

3. Purposes and Legal Basis for Processing

We process your Personal Data for the following purposes and based on the following legal bases as per the General Data Protection Regulation (GDPR):

To provide and maintain our Site:
- Purpose: To allow navigation of the Site, ensure its correct functioning, and for security purposes.
- Legal Basis: Legitimate interest of the Controller (Art. 6(1)(f) GDPR) to ensure the functionality and security of the Site. For strictly necessary technical cookies, the legal basis can also be the necessity to perform a service explicitly requested (Art. 6(1)(b) GDPR).
To respond to your inquiries, requests, and provide support:
- Purpose: To manage and respond to requests for information, quotes, technical support, or any other type of inquiry submitted through contact forms or other communication channels.
- Legal Basis: Performance of pre-contractual measures taken at your request or performance of a contract to which you are a party (Art. 6(1)(b) GDPR).
For sending newsletters and marketing communications:
- Purpose: To send you newsletters, information about our products, services, events, and other marketing communications that may be of interest to you.
- Legal Basis: Your explicit consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time. Where permitted by law (e.g., "soft spam" for existing customers), we may rely on legitimate interest (Art. 6(1)(f) GDPR), always providing an easy way to opt-out.
For statistical analysis and Site improvement:
- Purpose: To perform statistical analyses on aggregated or anonymized data to understand how users interact with the Site, to monitor and analyze usage and trends, and to improve the Site's functionality and user experience.
- Legal Basis: Legitimate interest of the Controller (Art. 6(1)(f) GDPR) when data is properly anonymized or aggregated such that individuals are not identifiable. If personal data is used for detailed analytics that could identify individuals, consent (Art. 6(1)(a) GDPR) may be required.
To comply with legal obligations:
- Purpose: To fulfill any legal obligation to which the Controller is subject (e.g., responding to requests from public authorities).
- Legal Basis: Compliance with a legal obligation (Art. 6(1)(c) GDPR).
To protect our rights and interests:
- Purpose: To establish, exercise or defend legal claims.
- Legal Basis: Legitimate interest of the Controller (Art. 6(1)(f) GDPR).

4. Data Retention Period

Personal Data shall be processed and stored for as long as required by the purpose for which it has been collected and in compliance with applicable laws.

Data collected for purposes related to the performance of a contract between the Controller and the User shall be retained until such contract has been fully performed, and thereafter for the period required by applicable law (e.g., 10 years for civil, accounting, and tax records).
Data collected for the purposes of the Controller’s legitimate interests shall be retained as long as needed to fulfill such purposes.
Data processed based on User consent (e.g., for marketing) will be retained until such consent is withdrawn by the User.
Navigation data is generally kept for short periods, except when it must be retained for longer to investigate security incidents or comply with legal obligations.

Once the retention period expires, Personal Data shall be deleted or anonymized. Therefore, after the expiration of the retention period, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced.

5. Data Sharing and Disclosure (Recipients of Personal Data)

Your Personal Data may be disclosed to the following categories of recipients for the purposes outlined in this policy:

Our employees and collaborators: Authorized personnel who need access to the data to perform their duties.
Service Providers (Data Processors): Third-party companies that provide services on our behalf, such as website hosting, data analysis, email delivery, customer service, marketing assistance, and IT support. These providers are contractually bound to protect your data and may only use it for the purposes for which we disclose it to them. A list of Data Processors can be requested from the Controller.
Public and Governmental Authorities: Where required by law or to respond to valid legal processes (e.g., court orders, subpoenas).
Legal and Professional Advisors: Such as lawyers, auditors, and insurers, when necessary in the course of the professional services that they render to us.

Your data will not be disseminated to unspecified recipients.

6. Transfer of Data Outside the European Union (EU) / European Economic Area (EEA)

Your personal data is primarily processed within the EU/EEA.

If we transfer your Personal Data to service providers located outside the EU/EEA, we will ensure that such transfers are carried out in compliance with applicable data protection laws. This means we will ensure an adequate level of protection for your Personal Data, for example, by relying on:

An adequacy decision by the European Commission for the recipient country.
Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional safeguards where necessary.
Other suitable safeguards as permitted by the GDPR.

[You should verify if any of your service providers (e.g., for analytics, email marketing, cloud hosting) are outside the EU/EEA and specify the safeguards in place.]

7. Your Rights as a Data Subject

Under the GDPR (Articles 15-22), you, as a data subject, have the following rights regarding your personal data:

Right of Access: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and related information.
Right to Rectification: You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay.
Right to Erasure ('Right to be Forgotten'): You have the right to obtain the erasure of personal data concerning you without undue delay under certain conditions.
Right to Restriction of Processing: You have the right to obtain restriction of processing under certain conditions.
Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from us, under certain conditions.
Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests (Art. 6(1)(f) GDPR), including profiling. You also have the absolute right to object to processing for direct marketing purposes.
Right to Withdraw Consent: Where the processing is based on your consent (Art. 6(1)(a) or Art. 9(2)(a) GDPR), you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. For Italy, the supervisory authority is the Garante per la Protezione dei Dati Personali (www.gpdp.it).

You can exercise your rights by sending a written request to the Data Controller at the contact details provided in Section 1. We will respond to your request in accordance with applicable data protection laws.

8. Security of Your Information

We use appropriate administrative, technical, and physical security measures to help protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures are regularly reviewed and updated. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that no security measures are perfect or impenetrable, and no method of data transmission over the Internet can be guaranteed against any interception or other type of misuse.

9. Children's Privacy

Our Site is not intended for use by children under the age of 16 (or a different age as stipulated by local law), and we do not knowingly collect personal data from children under this age. If we become aware that we have collected personal data from a child under this age without verification of parental consent, we will take steps to delete that information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. The updated version will be indicated by an updated "Last Updated" date at the top of this Privacy Policy, and the updated version will be effective as soon as it is accessible. We encourage you to review this Privacy Policy frequently to stay informed of how we are protecting your information.

11. Contact Us

If you have questions, comments, or concerns about this Privacy Policy or our data handling practices, please contact us:

GVF Impianti Srl
Via Milano 6/a, 42048 Rubiera (RE), Italy
Email: info@gvfimpianti.it
PEC: gvf@pec.gvfimpianti.it
Phone: +39 0522 627572

This Privacy Policy should be reviewed by a qualified legal professional to ensure its full compliance with the GDPR and any other applicable national data protection laws and regulations specific to your company's operations and data processing activities.