Privacy Policy

Latest update 13/12/2021

 

PRIVACY POLICY according to ARTICLE 13 of the GENERAL DATA PROTECTION REGULATION UE 2016/679

for the users of this web-site

 

For us, data protection is an important issue, so we would like to inform you about the way in which your data is processed and the rights you can exercise under the current data protection legislation, in particular the EU Regulation 2016/679 (hereinafter also referred to as "GDPR").

 

  1. Data Controller

BRITA Italia Manufacturing S.r.l.

Registered site: Via Seprio, n. 8, 20149 – Milano (MI)

Operational site: Via Carducci, n. 22, 21010 – Arsago Seprio (VA)

E-mail: it60_privacy@brita.net

Telephone number: +39 340 8250224

 

  1. Purposes based on the data subject’s consent (pursuant of article 6.1 (a) of the GDPR)

Personal data may be processed for certain purposes for which the data subject has given his/her consent.

a) Answer requests or questions sent through the contacts listed on the website to receive information on our products and services and to receive estimations and to ask for assistance on our products.

 

The personal data’s conservation period for the above-mentioned purpose is:

For purposes under a: until the fulfilment of the request or question.

 

  1. Categories of personal data processed by the Controller

The data processed by the Controller are exclusively "personal data" (pursuant to article 4.1 of GDPR).

More in detail, the Controller collects, and process personal data provided by data subjects which could be, by way of example only, but certainly not exhaustive:

  • Identification data (such as name, surname, etc.);
  • Contact data (address, e-mail, IP address, phone numbers and similar data);
  • Data relating to the provided services.

 

  1. Recipients or categories of recipients of personal data (pursuant to article 13.1 (e) of the GDPR) *

In relation to the mentioned purpose, the Data Controller can communicate your personal data to:

  • Internal offices and to authorized personnel;
  • Control and supervisory bodies;
  • Companies which are part of the Controller’s Group;
  • Companies and professionals which offer IT related services, like electronic processing of data, software management, website management and of IT consultancy;
  • The company which is managing the website;
  • Hosting providers.

 

*The complete and updated list of the Controllers, Processors and Recipients (pursuant of art. 4.9 of the GDPR) is available at the Controller’s office.

 

  1. Recipients or categories of recipients of the personal (pursuant of art. 13 paragraph 1(f) of the GDPR) e data transfer outside the EU

The Controller does not intend to transfer your personal data to Countries which are not member of the EU or the SEE for the above-mentioned purpose.

 

  1. The Data Subject’s rights

The data subject can exercise the following rights, in relation to personal data mentioned in this privacy policy, as stated by the GDPR:

 

  • Right of access by the data subject [art. 15 of EU Regulation] (possibility to be informed on the treatments carried out on his personal data and, if necessary, receive a copy of them);
  • Right to rectification [art. 16 of EU Regulation] (data subject has the right to rectify incorrect data concerning him);
  • Right to erasure without unjustified delay (“right to be forgotten”) [art. 17 of EU Regulation] (data subject has the right to delete his personal data);
  • Right to restriction of processing, as provided by article 18 of EU Regulation, among the other cases, in case of illicit processing or contestation of the accuracy of personal data by the data subject [art. 18 of EU Regulation];
  • Right to data portability [art.20 of EU Regulation], (data subject has the right to receive the personal data concerning him/her, which he/she or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as provided by the same article);
  • Right to object to processing [art. 21 of EU Regulation] (the data subject has the right to object processing of personal data as provided by article 21 of EU Regulation);
  • Right to not be subject to automated individual decision-making [art. 22 of EU Regulation] (The data subject shall have the right not to be subject to a decision based solely on automated processing).

 

Regarding those purposes which require consent, the data subject can revoke his/her consent at any time, and it will affect processing from the moment of revocation, safe for conservation periods established by law. Generally, revocation of consent affects only future processing.

The above-mentioned rights can be exercised as established by the GDPR by sending an e-mail to it60_privacy@brita.net.

BRITA GmbH, in compliance with art. 19 of the GDPR, when it is possible, communicate to the recipients, to which personal data has been transferred, any corrections, cancellations or limitation of processing as requested by the data subject.

To receive a faster response to your requests based upon the exercise of your above-mentioned rights, they can be sent to the Controller at the e-mail address listed in section 1 of this policy.

 

  1. Right to lodge a complaint (art. 13 paragraph 2 (d) of the GDPR)

If the data subject considers that his/her right has been compromised, he/she has the right to lodge a complaint to the supervisory authority (or Data protection Supervisor), according to the methods indicated by the same authority.

If you are Italian you can refer to the following link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524 or by lodging a complaint to the Italian Authority for the Protection of Personal Data

 

  1. Potential consequences of failure to provide personal data and natura of the providing of data (art. 13 paragraph 2 (e) of the GDPR)

    8.1  In case of processing personal data based upon consent

We inform you that the above-mentioned purposes have as lawful base the consent, and that in relation to such purposes, the data subject can revoke his/her consent at any time, and that the revocation’s effects will affect only from the time of revocation, safe for conservation periods established by law. Generally, the revocation of consent will only affect future processings. Thus, the processing which has been performed before the consent’s revocation will not be affected and will maintain its lawfulness.

The complete or partial lack of consent will not guarantee the complete performing of services, in relation to the individual purposes for which it will be negated.

 

Please note that with reference to the request for information, while consent to the processing of personal data remains free and optional, it is necessary to process the request. Therefore, the sending of the request or equivalent manifestation of will should be considered as the granting of consent, which will always be revocable with the consequences described above.

 

 

 

When data is no longer needed, it will be deleted. If its deletion is impossible or only possible with a disproportionate effort due to a particular storage method, the data cannot be processed and must be stored in inaccessible areas.

 

  1. Presence of an automated decision-making process (included profiling activity)

The use of a purely automated decision-making processes as detailed by Article 22 of the GDPR is currently excluded. Should it be decided in the future to establish such processes on a case-by-case basis, the data subject will be notified separately if this is required by law or if this information notice is updated.

  1. Methods of data processing

Personal data will be processed both in analog and electronic format and inserted in the applicable data bases (clients, potential clients, etc.), which can be consulted and processed by the operators and processors designated by the Data Controller who will be able to carry out the consultation, use, handling, comparison and any other appropriate operation, direct or automatic, respecting the legal requirements necessary to guarantee the confidentiality and the security of the data, as well as their accuracy, updating, and their relevancy to the declared purposes.    

 

Processing of personal data for web surfing purposes

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.

Among the information that can be collected we have the IP addresses, the type of browser or the operating system used, the addresses in notation URI (uniform resource identifier), the domain name and the addresses of the websites from which the access or exit (referring / exit pages), the time at which the request was made to the server, the method used and information on the response obtained, further information on the user's navigation on the site (see also the related section to cookies) and other parameters relating to the operating system and the user's computer environment.

These same data could also be used to identify and ascertain responsibilities in case of any computer crimes against the website.

 

 

Notice concerning children under 14 years old

Children under 14 cannot provide personal data BRITA Italia Manufacturing S.r.l. will not be in any way responsible for any collection of personal data, as well as false statements, provided by the minor, and in any case, if you notice its use, the Controller will facilitate the right of access and cancellation forwarded by the legal guardian or by those who exercise parental authority.

 

The Data Subject’s rights

The data subject, in relation to the personal data mentioned in this privacy policy, has the power to exercise the rights mentioned in the GDPR as below listed:

 

  • Right of access by the data subject [art. 15 of the GDPR]: the data subject has the right to obtain from the Data Controller confirmation that his personal data is being processed and, in this case, access to the information expressly provided for in the aforementioned article, including the purpose of the processing, the categories of data and recipients, the retention period, the existence of the right of cancellation, correction or limitation, the right to propose a complaint, all the available information on the origin of the data, the exemplary and non-exhaustive any existence of an automated decision-making process pursuant to art. 22 of the Regulations, as well as a copy of their personal data.
  • Right to rectification [art. 16 of the GDPR]: the data subject has the right to obtain from the data controller the correction and / or integration of the incorrect personal data concerning him, without unjustified delay;
  • Right to erasure (‘right to be forgotten’) [art. 17 of the GDPR]: the data subject has the right to cancel his / her personal data without unjustified delay, if one of the reasons expressly provided by the aforementioned article exists, including as an example and not exhaustive the need for treatment with respect to the purpose, revocation of the consent on which the treatment is based, opposition to the treatment in case it is based on non-prevailing legitimate interest, unlawful data processing, deletion due to legal obligations, data of minors treated in the absence of the conditions of applicability expected by art. 8 of the Regulations;
  • Right to restriction of processing [art. 18 of the GDPR]: in the cases provided by art. 18, including the unlawful processing, the contestation of the accuracy of the data, the opposition of the interested party and the loss of the need for treatment by the data controller, the information provided by the data subject must be processed only for storage unless the consent of him and the other cases expressly provided by the aforementioned article;
  • Right to data portability [art. 20 of the EU Regulation]: the data subject, in cases where the processing is based on consent and contract and is performed by automated means, he may request to receive personal data in a structured format, commonly used and readable by automatic device, and he has the right to transmit them to another Data Controller;
  • Right to object [art. 21 of the GDPR]: the data subject has the right to object to the processing of his / her personal data, in the event that the processing is based on a non-prevailing legitimate interest or is carried out for direct marketing purposes;
  • Right not to be subject to a decision based solely on automated processing [art. 22 of the GDPR]: the data subject has the right to be not subjected to a decision, including profiling, based solely on automated processing (for example carried out exclusively through electronic tools or computer programs).

 

The description given above does not replace the text of the articles cited here which are referred to and that you can read exhaustively and fully below.

 

 

Changes and updates

This privacy policy reports the date of its last update in the header.

BRITA GmbH may change or update this privacy policy also due to future changes and or amendments of laws.