WEBSITE PRIVACY POLICY STATEMENT

1. IDENTITY OF THE DATA CONTROLLER

The Data Controller is Emilceramica S.r.l. a Socio Unico, with registered office at Via Ghiarola Nuova 29, 41042 Fiorano Modenese (Modena) Italy, in the person of its current legal representative (“Data Controller” or “Emilceramica”).

To exercise your rights, or for any information concerning them and/or this Privacy Policy Statement, you may contact the Data Controller at: privacy@emilceramicagroup.it tel.+39 0536 835111. The Data Controller has appointed a Data Protection Officer (“DPO”), whom you can contact to exercise your rights, as listed in point 7 below, as well as to receive any information concerning them and/or this Policy Statement, by writing to: dpo@emilceramicagroup.it.

2. PURPOSES AND LEGAL BASIS OF THE PROCESSING AND STORAGE PERIOD Emilceramica will process personal data concerning you, contributed by you directly or collected during browsing of the www.emilgroupawards.com website (the “Site”), for the following purposes.

2.1. BROWSING THE WEBSITE

As users browse this Site, the IT systems and software procedures which operate it acquire some personal data the transmission of which is implicit in the use of Internet communications protocols, such as the IP addresses or domain names of the PCs and terminals used by users, as well as the URI/URL (Uniform Resource Identifiers/Locators) of the requested resources, the time of the request, the size of the file obtained in response, the numerical code specifying the state of the response provided by the server (positive outcome, error, etc..) and other parameters concerning the operating system and the IT environment of the user, in order to:

1. enable you to access and use the Site
2. obtain statistical information concerning the use of the services
3. check that the services offered are operating correctly

The legal basis for the processing of your data for the purposes referred to in points 1, 2 and 3 is the fulfilment of your request, pursuant to Article 6, first comma, subsection b) of the GDPR; if you were to refuse to contribute these data, you would be unable to use the Site. Browsing data are stored for the times specified in the cookie policy available on the site.

2.2. COOKIES AND OTHER TRACKING SYSTEMS

This Site uses cookies; for further information kindly refer to our Cookie Policy at https://www.emilgroupawards.com/en/cookie-policy/

3. PROCEDURES FOR THE PROCESSING OF YOUR PERSONAL DATA

Your personal data will be processed, in compliance with the provisions of the GDPR, by paper, IT and telematic means, for the stated purposes, and in all cases by procedures which guarantee an appropriate level of security and confidentiality, in accordance with the provisions of Article 32 of the GDPR. The processing of personal data signifies their collection, recording, organisation, storage, treatment, adaptation, alteration, sorting, retrieval, alignment, use, combination, freezing, disclosure, dissemination, erasure or destruction, or the combination of two or more of the aforesaid operations, also via automated tools for the storage, management and transmission of the data, with the aid of measures which guarantee their security and confidentiality.

3.1 USE OF SOCIAL MEDIA Emilceramica may also provide links to other social media platforms which lead to servers installed by individuals or organisations over which it has no control. Emilceramica does not provide any representation, or accept any responsibility, with regard to the accuracy or any other aspect of the information available on the sites concerned. A link to a third-party site shall not be construed as an approval, on the part of Emilceramica or of the third party concerned, of the products and services of the said third party or of others. Emilceramica does not issue declarations or guarantees concerning the use and storage of the user’s data on third-party sites. Users are urged to examine the privacy policy statements of third-party sites connected to our websites with care, in order to obtain a complete view of the possible use of their personal data.

4. RECIPIENTS OF YOUR PERSONAL DATA, AND PARTIES WHO MAY GAIN KNOWLEDGE OF THEM For the pursuance of the purposes described in point 2 above, the personal data processed will be known to Emilceramica’s employees, contract staff and associates working in the capacity of authorised data users. Moreover, for the pursuance of the purposes described in point 2 above, your personal data may be processed by third parties belonging, for example, to the following categories:

• parties which supply services for the management of the IT system, including server hosting and backup services;
• technical assistance service providers;
• other service providers;
• other companies belonging to the same group of companies as Emilceramica, or linked to Emilceramica, or Mowhawk Industries.

In some cases, the entities in the aforesaid categories operate in complete independence as separate data controllers, while in other cases they operate as Data Processors specifically appointed by the Data Controller in accordance with article 28 of the GDPR. Your consent is not required for the disclosure of your data to entities in the above categories operating in the capacity of independent data controllers, since it is based on the prevalent legitimate interest of the Data Controller, as the said disclosure is necessary for the pursuance of the purposes set out in point 2 above. The complete, updated list of the entities to which your personal data may be disclosed can be requested from the Data Controller using the contacts provided in point 1 of the Privacy Policy Statement.

5. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION

For technical and organisational purposes, your data may be transferred to non-European Union member states: this transfer is, in any case, lawful since it is covered by adequacy decisions issued by the European Commission and/or standard data protection clauses based on the models adopted by the European Commission pursuant to art. 46 of the GDPR. You may request a copy of the safeguards adopted for data transfer outside the EU, and information concerning the places where the data have been made available, by sending a specific request to the Data Controller at the email address privacy@emilceramicagroup.it.

6. YOUR RIGHTS AS DATA SUBJECT

With regard to the data processing described in this Privacy Policy Statement, as data subject, on the conditions set forth by the GDPR, you may exercise the rights provided by articles 15 – 21 of the GDPR, in particular:

• right of access – article 15 GDPR: right to obtain confirmation of whether or not personal data concerning you are being processed and, if this is the case, to obtain access to your personal data – including a copy of them – and communication, amongst other things, of the following information:

1. purposes of the processing
2. categories of personal data processed
3. recipients or categories of recipients to whom they have been or will be disclosed
4. data storage period or the criteria used
5. rights of the data subject (rectification, erasure of personal data, restriction of processing and right to object to processing)
6. right to lodge a complaint with the supervisory authority
7. right to receive information on the origin of personal data if they have not been collected from the data subject
8. the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the envisaged consequences of such processing for the data subject

• right to rectification – article 16 GDPR: right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data;
• right to erasure (right to be forgotten) – article 17 GDPR: right to obtain, without undue delay, the erasure of personal data concerning you, when:

1. the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2. you have withdrawn consent and where there is no other legal ground for the processing;
3. you have successfully objected to the processing of the personal data;
4. the data have been unlawfully processed;
5. the data have to be erased for compliance with a legal obligation;
6. the personal data have been collected in relation to the offer of information society services referred to in article 8, comma 1 of the GDPR.

The right to erasure does not apply to the extent to which the processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or for the establishment, exercise or defence of legal claims.

• right to restriction of processing – article 18 GDPR: right to obtain restriction of the processing, when:

1. the accuracy of the personal data is contested by the data subject;
2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
3. the data subject needs the personal data for the verification, exercise or defence of a right during judicial proceedings;
4. the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

• right to data portability– article 20 GDPR: right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance, if the processing is based on consent and is carried out by automated means. In addition, the right to have your personal data transmitted directly by the Data Controller to the other controller, where technically feasible.
• right to object – article 21 GDPR: right to object to the processing of personal data concerning you, unless there are legitimate grounds for the Data Controller to continue the processing;
• right to lodge a complaint with the Italian Data Protection Supervisory Authority – Garante per la protezione dei dati personali, Piazza di Montecitorio n. 121, 00186, Rome (Italy).

The above rights may be exercised in relation to the Data Controller using the contacts provided in point 1 above. The Data Controller shall examine your request and shall inform you, without undue delay and in all cases within no more than one month of its receipt, concerning the action taken with regard to your request.

The exercise of your rights as data subject is free of charge in accordance with article 12 of the GDPR. However, in the event of requests which are manifestly unfounded or excessive, in particular because of their repetitive character, the Data Controller may charge you a reasonable fee taking into account the administrative costs of dealing with your request, or refuse to act on the request.

Please also note that the Data Controller may request further information necessary to confirm the identity of the data subject.

Emilceramica S.r.l. a socio unico (Data Controller)

Last update 04.04.2022