Privacy Policy

WEBSITE PRIVACY POLICY STATEMENT

PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679 CONCERNING THE PROTECTION AND PROCESSING OF PERSONAL DATA (GDPR)

1. IDENTITY OF THE DATA CONTROLLER

The Data Controller is Marazzi Group S.r.l. a Socio Unico, with registered office at Viale Regina Pacis 39, 41049 Sassuolo (Modena) Italy, in the person of its current legal representative (the "Data Controller" or "Marazzi").

To exercise your rights, or for any information concerning them and/or this Privacy Policy Statement, you may contact the Data Controller at: privacy@marazzigroup.com tel. +39 0536 860800.

The Data Controller has appointed a Data Protection Officer (“DPO”), whom you can contact to exercise your rights, as listed in point 7 below, as well as to receive any information concerning them and/or this Policy Statement, by writing to: dpo@marazzigroup.com.

2. PURPOSES AND LEGAL BASIS OF THE PROCESSING AND STORAGE PERIOD

Marazzi will process personal data concerning you, contributed by you directly or collected during browsing of the www.ragnousa.com website (the “Site”), for the following purposes.

2.1. BROWSING THE WEBSITE

As users browse this Site, the IT systems and software procedures which operate it acquire some personal data the transmission of which is implicit in the use of Internet communications protocols, such as the IP addresses or domain names of the PCs and terminals used by users, as well as the URI/URL (Uniform Resource Identifiers/Locators) of the requested resources, the time of the request, the size of the file obtained and other parameters concerning the operating system environment of the user, in order to:

1. enable you to access and use the Site
2. obtain statistical information concerning the use of the services (most visited pages, number of visitors by time band or per day, geographical area of origin, etc.)
3. check that the services offered are operating correctly

The legal basis for the processing of your data for the purposes referred to in points 1, 2 and 3 is the fulfilment of your request, pursuant to Article 6, first comma, subsection b) of the GDPR; if you were to refuse to contribute these data, you would be unable to use the Site.

Browsing data are stored for the times specified in the cookie policy available on the site.

2.2. RESPONSE TO REQUEST FOR INFORMATION

The “Contact us” section of the Website and the “Store locator”, contain a specific form via which you may voluntarily contribute some of your ordinary personal data in order to request the information you require. If you decide to make use of this service, the Data Controller will process your personal data only in order to respond to your request for information. 

The legal basis for the processing of your data for this purpose is the fulfilment of your request, pursuant to article 6, first comma, subsection b) of the GDPR.

The contribution of your personal data for the above purpose is optional. However, if you decide not to contribute your personal data, you will be unable to obtain the information you need.  

For this purpose, the personal data contributed through the website will be stored for the time necessary for the fulfilment of the request.

2.3. DISPATCH OF NEWSLETTERS

By compiling the form in the specific "newsletter" section on the Website, or by flagging the box provided in, "Contact us" section, you may contribute your ordinary personal data (name, surname, email address, professional title, address) in order to subscribe to the Marazzi newsletter and be regularly updated with news of initiatives, activities and projects organised by Marazzi.

The newsletter will be sent to the email address which you provided, in order to fulfil your request.

The contribution of your personal data for the above purposes is optional. However, in the event of refusal to contribute the data, the Data Controller will be unable to fulfil your request to subscribe to the newsletter or to keep you up to date with the latest news from Marazzi.

The legal basis for the processing of your data for this purpose is the fulfilment of your request, pursuant to Article 6, first comma, point b) of the GDPR; therefore, your consent is not necessary to authorise the processing. However, on receipt of any email, you may easily object to the sending of further newsletters by using the “If you are not interested in receiving our newsletter please click here” link or by application to the Data Controller at the contacts provided in point 1 above.

Your personal data will be processed until you decide to cancel your subscription to the Newsletter service.

2.4. MARKETING PURPOSES

Further to the contribution of your personal data for information purposes, (point 2.2), or for subscription to the newsletter (point 2.3), the Data Controller assumes that you are potentially interested in being informed about Marazzi's activities, initiatives and products.

Therefore, given these circumstances, the Data Controller intends to use your personal data (name, surname, telephone number and email address) to send you marketing communications referring to Marazzi's initiatives and products, and invitations to events it has organised. These communications may be sent by traditional means (such as telephone calls) and/or by automated means (such as email, telefax, prerecorded telephone calls, SMS, MMS, instant messaging, etc.).

The processing of your personal data for marketing purposes will require the issue of your specific consent (on the legal basis provided by article 6, first comma, subsection a) of the GDPR), to be given by ticking the box offered to you when the data are contributed. On the other hand, the sending of marketing communications does not require your consent when it takes place using the personal data (e.g. email address) which you contributed during activities relating to the sale of similar products offered by the Data Controller, or if you are acting, as the contact for a legal person, in the context of business relations with the Data Controller; in these circumstances, the processing of your personal data is considered to be based on the prevalent legitimate interest of the Data Controller.

However, on receipt of any email, you may easily object to the sending of further communications by Marazzi, by using the “If you are not interested in receiving our newsletter please click here” in all e-marketing communications, or by contacting the Data Controller at the addresses provided in point 1 above.

Your personal data will be processed for this marketing purpose until you decide to withdraw your consent or to object to the processing, by contacting the Data Controller using the contacts provided in point 1 of this Privacy Policy Statement.

Participation in marketing initiatives is optional and your refusal will have no consequences with regard to the other purposes for which data are processed, as referred to in this Privacy Policy Statement, but it will prevent Marazzi from keeping you up to date with any further initiatives or events and about its projects and/or products.

2.5. COOKIES AND OTHER TRACKING SYSTEMS

This Site uses cookies; for further information kindly refer to our Cookie Policy at https://www.ragnousa.com.

3. PROCEDURES FOR THE PROCESSING OF YOUR PERSONAL DATA

Your personal data will be processed, in compliance with the provisions of the GDPR, by paper, IT and telematic means, for the stated purposes, and in all cases by procedures which guarantee an appropriate level of security and confidentiality, in accordance with the provisions of Article 32 of the GDPR.

The processing of personal data signifies their collection, recording, organisation, storage, treatment, adaptation, alteration, sorting, retrieval, alignment, use, combination, freezing, disclosure, dissemination, erasure or destruction, or the combination of two or more of the aforesaid operations, also via automated tools for the storage, management and transmission of the data, with the aid of measures which guarantee their security and confidentiality.

3.1 USE OF SOCIAL MEDIA

Marazzi may also provide links to other social media platforms which lead to servers installed by individuals or organisations over which it has no control. Marazzi does not provide any representation, or accept any responsibility, with regard to the accuracy or any other aspect of the information available on the sites concerned. A link to a third-party site shall not be construed as an approval, on the part of Marazzi or of the third party concerned, of the products and services of the said third party or of others. Marazzi does not issue declarations or guarantees concerning the use and storage of the user’s data on third-party sites. Users are urged to examine the privacy policy statements of third-party sites connected to our websites with care, in order to obtain a complete view of the possible use of their personal data.

4. RECIPIENTS OF YOUR PERSONAL DATA, AND PARTIES WHO MAY GAIN KNOWLEDGE OF THEM

For the pursuance of the purposes described in point 2 above, the personal data processed will be known to Marazzi's employees, contract staff and associates working in the capacity of authorised data users. 

Moreover, for the pursuance of the purposes described in point 2 above, your personal data may be processed by third parties belonging, for example, to the following categories:

• parties which supply services for the management of the IT system, including server hosting and backup services;
• technical assistance service providers;
• other service providers; 
• supervisory and controlling authorities and bodies, and public or private bodies in general with a public interest function;
• other companies belonging to the same group of companies as Marazzi, or linked to Marazzi, or Mowhawk Industries.

In some cases, the entities in the aforesaid categories operate in complete independence as separate data controllers, while in other cases they operate as Data Processors specifically appointed by the Data Controller in accordance with article 28 of the GDPR.

Your consent is not required for the disclosure of your data to entities in the above categories operating in the capacity of independent data controllers, since it is based on the prevalent legitimate interest of the Data Controller, as the said disclosure is necessary for the pursuance of the purposes set out in point 2 above.

The complete, updated list of the entities to which your personal data may be disclosed can be requested from the Data Controller using the contacts provided in point 1 of the Privacy Policy Statement. 

5. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION

For technical and organisational purposes, your data may be transferred to non-European Union member states: this transfer is, in any case, lawful since it is covered by adequacy decisions issued by the European Commission and/or standard data protection clauses based on the models adopted by the European Commission pursuant to art. 46 of the GDPR.

You may request a copy of the safeguards adopted for data transfer outside the EU, and information concerning the places where the data have been made available, by sending a specific request to the Data Controller at the email address privacy@marazzigroup.com.

6. YOUR RIGHTS AS DATA SUBJECT

With regard to the data processing described in this Privacy Policy Statement, as data subject, on the conditions set forth by the GDPR, you may exercise the rights provided by articles 15 - 21 of the GDPR, in particular: 

• right of access - article 15 GDPR: right to obtain confirmation of whether or not personal data concerning you are being processed and, if this is the case, to obtain access to your personal data - including a copy of them - and communication, amongst other things, of the following information:
  1. purposes of the processing
  2. categories of personal data processed
  3. recipients or categories of recipients to whom they have been or will be disclosed
  4. data storage period or the criteria used
  5. rights of the data subject (rectification, erasure of personal data, restriction of processing and right to object to processing)
  6. right to lodge a complaint with the supervisory authority
  7. right to receive information on the origin of personal data if they have not been collected from the data subject 
  8. the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the envisaged consequences of such processing for the data subject
• right to rectification- article 16 GDPR: right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data; 
• right to erasure (right to be forgotten) - article 17 GDPR: right to obtain, without undue delay, the erasure of personal data concerning you, when:
  1. the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. you have withdrawn consent and where there is no other legal ground for the processing;
  3. you have successfully objected to the processing of the personal data;
  4. the data have been unlawfully processed,
  5. the data have to be erased for compliance with a legal obligation;
  6. the personal data have been collected in relation to the offer of information society services referred to in article 8, comma 1 of the GDPR.

The right to erasure does not apply to the extent to which the processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or for the establishment, exercise or defence of legal claims.

• right to restriction of processing - article 18 GDPR: right to obtain restriction of the processing, when:
  1. the accuracy of the personal data is contested by the data subject;
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead 
  3. the data subject needs the personal data for the verification, exercise or defence of a right during judicial proceedings;
  4. the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject. 
• right to data portability - article 20 GDPR: right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance, if the processing is based on consent and is carried out by automated means. In addition, the right to have your personal data transmitted directly by the Data Controller to the other controller, where technically feasible.
• right to object - article 21 GDPR: right to object to the processing of personal data concerning you, unless there are legitimate grounds for the Data Controller to continue the processing; 
• right to lodge a complaint with the Italian Data Protection Authority- Garante per la protezione dei dati personali, Piazza Venezia no. 11, 00187, Rome (Italy).

The above rights may be exercised in relation to the Data Controller using the contacts provided in point 1 above. The Data Controller shall examine your request and shall inform you, without undue delay and in all cases within no more than one month of its receipt, concerning the action taken with regard to your request.

The exercise of your rights as data subject is free of charge in accordance with article 12 of the GDPR. However, in the event of requests which are manifestly unfounded or excessive, in particular because of their repetitive character, the Data Controller may charge you a reasonable fee taking into account the administrative costs of dealing with your request, or refuse to act on the request. 

Please also note that the Data Controller may request further information necessary to confirm the identity of the data subject.

ADDITIONAL NOTICE FOR CALIFORNIA RESIDENTS

If you are a California resident, the following provisions apply to our processing of any information that identifies, relates to, describes, is capable of being associated with you, your device, or your household (“California personal information”). 
 

1. California Personal Information We Collect

We set forth the personal information we collect in our privacy policy.  This information may contain the following categories of California personal information collected in the last 12 months:

1. Identifiers such as a name, postal address, online identifier, unique personal or device identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers.                            
2. Personal information described in Cal. Civ. Code Section 1798.80(e) (California Customer Records statute). This means any information that identifies, relates to, describes, or is capable of being associated with a particular individual, including, the “identifiers” listed in the preceding bullet point A.
3. Commercial information, including (1) records of products or services purchased from us, (2) information on actions taken on our sites, including information about our products or services you considered via our sites or otherwise, (3) username, password, or other account information used to gain access to our online services; or (4) information about preferences and behavior that we collect on our sites or purchase from third parties in order to target consumers for digital advertisements or to personalize content we deliver on our sites; or (5) or other purchasing or consuming histories or tendencies.
4. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with our sites, applications, or advertisements. This includes (1) logs of your visits to and use of our sites; (2) data collected by automated means like cookies, web beacons, and similar technologies; (3) data about online activity we may receive from third parties; and (4) connection information associated with calls, text messages, and other communications with you.
5. Geolocation data – If you use our mobile app, the app may ask for permission to use your location. If you consent, we may collect geolocation data. You can turn off our ability to collect location information in your mobile device settings at any time.
6. Audio information from calls you place to customer service which may be recorded, and electronic information in the form of Internet or other electronic network activity information as described above may also be collected.
7. Inferences drawn from the information listed in points (A) through (F) above, as well as any other information described in the above section titled “Information Collection,” in order to create a profile about a consumer reflecting the consumer’s preferences or characteristics.

We obtain the above categories of personal information from a variety of sources, and the sources from which we collect personal information include: (a) individuals with whom we or our service providers or business partners interact; (b) the devices used to access our sites, emails, or any content we make available; (c) emails, phone calls, or other communications between you and us; and (d) third party partners and others consistent with our privacy policy.
 

2. How We Use California Personal Information

We use the personal information we collect for our operational purposes, which may include the following business purposes:

1. Audits and reporting relating to particular transactions and interactions, including online interactions, you may have with us or others on our behalf;
2. Detecting and protecting against security incidents, and malicious, deceptive, fraudulent or illegal activity, and prosecuting the same;
3. Debugging to identify and repair errors in our systems;
4. Short-term, transient use including contextual customization of ads;
5. Providing services on our behalf or on behalf of others, including maintaining or servicing accounts, providing customer service, fulfilling transactions, verifying identity information, processing payments, and other services;
6. Conducting internal research to develop and demonstrate technology; and
7. Conducting activity to verify, enhance, and maintain the quality or safety of services or devices which we may own, control, or provide, or to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for us, or controlled by us.

We may also use the information we collect for our own or our service providers’ other operational purposes, purposes for which we provide you additional notice, or for purposes compatible with the context in which personal information was collected.
 

3. Disclosure of California Personal Information

Within the last 12 months, we have disclosed the categories of personal information identified in the above categories (A)-(G) for our business purposes. 
 

4. California Privacy Rights

If you are a California resident, you may have certain rights related to your personal information. You may exercise these rights free of charge except as otherwise provided under applicable law.

• Right to Know and Access Rights. You may request that we disclose to you:
  • the categories of personal information we have collected about you;
  • the categories of sources from which the personal information is collected;
  • our business or commercial purpose for collecting or selling personal information;
  • the categories of third parties with whom we share personal information; and
  • the specific pieces of information we have collected about you.
• Deletion Rights. You have the right to request that we delete personal information about you which we have collected from you.

Subject to applicable law, we may not discriminate against you because of your exercise of any of the above rights, or any other rights under the California Consumer Privacy Act, including by (a) denying you goods or services; (b) charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; or (c) providing you a different level or quality of goods or services.

As required or permitted under applicable law, please note that we may take steps to verify your identity before granting you access to information or acting on your request to exercise your rights. We may limit our response to your exercise of the above rights as permitted under applicable law.

To exercise any of these rights, contact us as set forth in our privacy policy.

Marazzi Group S.r.l. a socio unico
(Data Controller)

Last update 04.02.2021