Shielder S.p.A. Via Palestro 1/C 10064, Pinerolo (TO), ITALY p.iva 11435310013
Shielder S.p.A. has appointed Chino S.r.l. as the Data Protection Officer (DPO) responsible for personal data protection matters. The DPO can be contacted at any time for inquiries or concerns related to the processing of personal data by Shielder S.p.A. You can reach the DPO at the following e-mail address: dpo@shielder.it
Shielder S.p.A. (hereinafter, “Controller” or “Shielder”), as Data Controller, informs Users pursuant to Art. 13 of EU Regulation no. 2016/679 (hereinafter, “GDPR”) that their data will be processed in the following modalities and for the following purposes:
This Website collects a range of Personal Data to facilitate its services and interactions with Users. The types of Personal Data gathered include first name, last name, phone number, company name, address, country, county, email address, ZIP/Postal code, and city.
For a comprehensive understanding of how each type of Personal Data is collected, used, and processed, Users can find detailed information in the dedicated sections of this privacy policy or through specific explanation texts displayed before the Data collection process. This ensures that Users are fully informed about the data they are providing and how it will be used.
It is essential to note that the provision of Personal Data is voluntary, and Users have the freedom to decide whether or not to provide their information. However, in certain cases, providing specific Data may be necessary for the Website to deliver its services effectively. In such instances, failure to provide the required Data may limit or prevent the Website from fulfilling its intended purposes.
Users must also acknowledge their responsibility for any third-party Personal Data that they provide, publish, or share through this Website. In such cases, Users must ensure that they have obtained the necessary consent from the relevant third parties before providing their Data to the Controller. By doing so, Users confirm that they have the legal right to share this information and have obtained explicit consent from the third party involved.
Shielder will process Personal Data in compliance with the GDPR and more generally with Italian and European legislation on privacy and protection of personal data (the “Applicable Law”).
The processing of any Personal Data will adhere to the principles of legality, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.
Shielder places significant emphasis on data security and employs appropriate technical and organizational measures to safeguard all collected data, as required by Art. 32 of the GDPR. These measures ensure an adequate level of protection against potential risks to the confidentiality, integrity, and availability of Personal Data. The implementation of these measures takes into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, are all taken into account when implementing these measures.
The processing of Data is carried out using computers and/or IT-enabled tools, following organizational procedures and methods directly related to the specified purposes. Besides the Controller, in certain cases, third-party providers may have access to the Data to either support the operation of this Website (administration, sales, legal, system administration) or provide other services (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies). These third-party providers are appointed, if necessary, as Data Processors/Subprocessors by the Controller. An updated list of these parties can be requested from the Controller at any time. Shielder has verified industry frameworks and security measures employed by third-party providers to protect against security threats, ensuring the compliance of third-party providers with data protection regulations and adequate guarantees for Data transfers outside the EU.
The Controller may process Personal Data of Users when any of the following conditions are met:
In any situation, the Controller is willing to clarify the specific legal basis for the processing, especially regarding whether providing Personal Data is a statutory or contractual requirement, or an obligation necessary to enter into a contract. For any questions or concerns regarding the processing of personal data by Shielder, please contact our Data Protection Officer at dpo@shielder.it.
The Data undergoes processing at the Controller’s operational offices and other locations where parties involved in the processing are situated.
Depending on the User’s location, Data transfers may involve transmitting the User’s Data to a country different from their own. For detailed information regarding the processing location of such transferred Data, Users can refer to the section containing specifics about the processing of Personal Data.
In general, Shielder refrains from transferring Data to countries outside the European Union and the European Economic Area (EEA). However, for specific processing purposes like backup or hosting, Data transfers outside the EU may be necessary. In such instances, Data transfers will exclusively occur to Data Processors/Subprocessors who have implemented appropriate safeguards as outlined in Arts. 44-50 of the GDPR. These safeguards may include adequacy decisions or the use of Standard Contractual Clauses (SCCs) to ensure the Data’s security and compliance with Applicable Law.
Users have the right to know the legal basis of Data transfers to countries outside the European Union or to any international organization governed by public international law or established by two or more countries (e.g., the United Nations). Users also have the right to be informed about the security measures taken by the Controller to protect their Data during the transfer. Shielder has verified that providers offer adequate guarantees relating to Data transfers outside the EU.
Should any such Data transfer occur, Users can gather additional information by referring to the relevant sections of this document or by directly communicating with the Controller using the contact details provided in the contact section.
Personal Data will be processed and stored only for as long as it is necessary to fulfill the purpose for which it was collected. The retention period for Personal Data depends on the specific basis for collection.
Therefore:
Under certain circumstances, the Controller may be permitted to retain Personal Data for a longer period if the User has provided explicit consent for such processing, as long as the consent remains valid and has not been withdrawn. Additionally, the Controller may be obliged to retain Personal Data for an extended period if required to do so to fulfill a legal obligation or comply with an order from an authority.
Once the designated retention period expires, the Controller will appropriately and securely delete all Personal Data within its possession. Consequently, after the retention period has lapsed, Users will not be able to enforce their rights to access, erasure, rectification, or data portability concerning that specific Personal Data. It is crucial for Users to be aware of these rights and make any necessary requests within the applicable retention period.
In situations where the Controller is legally obligated by the Applicable Law to retain certain Personal Data, the Controller will securely store the Data and implement reasonable measures to prevent any further processing. The technical and organizational measures implemented in accordance with Art. 32 of the GDPR will continue to apply to the retained Personal Data, ensuring its confidentiality, integrity, and availability.
The Data concerning the User is collected to allow the Controller to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity.
For specific information about the Personal Data used for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.
Personal Data is collected for the following purposes, utilizing the subsequent services:
When the User submits their Data through the contact form, they grant authorization to this Website to utilize the provided details in responding to various inquiries, such as information requests, proposals, collaborations, job applications, or any other type of request as indicated in the form’s header.
The processed Personal Data includes the User’s name, surname, company, email, phone number, and any additional data voluntarily disclosed by the User in their written message.
It is important to note that the User retains the right to withdraw their consent at any time. However, this withdrawal of consent will not affect the lawfulness of the processing that occurred based on the User’s consent before its withdrawal.
Users possess certain rights regarding the processing of their Data by the Controller, as provided by Applicable Law. These rights include:
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Controller or for the purposes of the legitimate interests pursued by the Controller, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Controller is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
To exercise their rights, Users can submit a request to the Controller using the contact details provided in the privacy policy. The Controller will respond to these requests without undue delay and in any event within 1 month of receipt of the request in line with Art. 12 Sec. 3 of the GDPR. The information period may be extended by two further months where necessary based on the complexity and number of requests received. In this case, the data subject must be informed of any such extension within 1 month of receipt, together with an indication of the reasons for the delay. Please note that certain conditions and exceptions may apply to these rights, and the Controller will inform Users accordingly when responding to their requests.
The User’s Personal Data may be used for legal purposes by the Controller in Court or in the stages leading to possible legal action arising from improper use of this Website or the related Services. The User declares to be aware that the Controller may be required to reveal personal data upon request of public authorities.
In addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.
For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System logs) use other Personal Data (such as the IP Address) for this purpose.
More details concerning the collection or processing of Personal Data may be requested from the Controller at any time. Please see the contact information at the beginning of this document.
This Website does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
The Controller reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Website and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to the Controller. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Should the changes affect processing activities performed on the basis of the User’s consent, the Controller shall collect new consent from the User, where required.
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The individual using this Website who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Controller of this Website.
The means by which the Personal Data of the User is collected and processed.
The service provided by this Website as described in the relative terms (if available) and on this site/application.
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (“GDPR”).
This privacy policy relates solely to this Website, if not stated otherwise within this document.
Latest update: July 31, 2023