Privacy policy

Dear Customer,
in compliance with the obligations established by the EU Privacy Regulation EU / 2016/679 (GDPR) and by the Legislative Decree 196
of June 30, 2003 (Code regarding the protection of personal data) we hereby intend to inform you
that G.P.R. Italia srl, with registered office in Via Vecchia Chimica, 1820070 Riozzo of Cerro al Lambro (MI) – ITALY, VAT no.
11011800155, as Owner, will process the personal data concerning you and that there are
been or may come to us, from you or from other subjects conferred / communicated in the course of the relationship with ours
The processing of data, freely conferred by you or otherwise collected, will be carried out in compliance with the
privacy rules in force; based on principles of correctness, lawfulness and transparency and carried out in compliance
of the principles of relevance, completeness and not excess.
The data will be collected and recorded only for the purposes referred to in point 1) and will be kept for these purposes for
a period not exceeding 1 year from their collection.
Therefore, according to the provisions of article 13) of the European Privacy Regulation EU / 2016/679 (GDPR) e
of Legislative Decree 196/03, we inform you that:

1. The information you provide will be used for the following purposes:
a) For the regular performance of the following institutional activities and / or foreseen by the corporate purpose:
b) For requirements relating to the stipulation of contracts and assignments, to the relative execution, to the following ones
changes or variations and for any obligation foreseen for the fulfillment of the same.
c) For operational, organizational, management, fiscal, financial, insurance and accounting needs
relating to the contractual and / or pre-contractual relationship established.
d) To fulfill any type of obligation required by laws, regulations or community legislation.
e) For the registration, management and storage of logs of any access to the Company’s Website, to
Company Information System and to corporate offices.
f) For monitoring needs of the products / services delivery methods, of the performance of the
relations with suppliers and the analysis and management of risks related to the contractual relationship.
g) For traditional marketing activities such as: sending brochures, catalogs and documentation
commercial and / or technical with paper mail and phone calls with operator (subject to the acquisition of yours
explicit consent).
h) For marketing activities with automated or assimilated tools such as: Fax, E-mail, SMS, MMS, Instant
Messaging, Chat and phone calls without an operator (subject to your explicit consent);
l) For online marketing activities, web marketing and web advertising (subject to your own acquisition
explicit consent).
m) For profiling and / or management of automated decision-making processes (subject to the acquisition of
Your explicit consent).
In this case, you have the right not to be subjected to a decision based solely on treatment
automated and therefore may at any time request and obtain human intervention by the
Data Controller, expressing your opinion and challenging the final decision taken. There
we also inform you that the automated process will be based on a specific calculation algorithm, which
will allow you to make the following decisions that may have legal effects on your person:

2. The treatment will be carried out in a manner:
o Fully automated
The treatment may consist of the following
o Collection, registration, organization e
o Consultation and use;
o Processing, modification;
or selection, extraction, comparison;
o Interconnection;
o Transmission and communication;
or dissemination;
o cancellation and destruction;
or block and limitation.
The treatment will be carried out both with the use of paper supports and with the help of electronic instruments,
IT and telematics suitable to guarantee the security and confidentiality of the data in compliance with what
established by art. 32) of the European Regulation Privacy EU / 2016/679 (GDPR) and by Article 31) of the Legislative Decree 196/03 in
subject of “appropriate security measures” and by Article 33) of Legislative Decree 196/03 concerning “minimum measures of
In any case, all measures will always be taken in the processing operations
technical, IT, organizational, logistical and procedural security, as provided for in Annex B of the
Legislative Decree 196/03, in order to guarantee the minimum level of data protection required by law. The
the aforementioned methods, applied for the treatment, will guarantee access to the data only to the subjects
specified in points 4) and 5).

3. The provision of data
or mandatory and does not require your consent to achieve purposes related to obligations
required by Community laws, regulations or laws;
or indispensable and does not require your consent for all personal data that are essential for a correct
establishment, management and continuation of the commercial and / or contractual relationship;
or indispensable and does not require your consent to safeguard the vital interests of a person
or indispensable and does not require your consent to perform tasks of public interest or
exercise of public powers of which we have been invested;
or indispensable and does not require your consent for the pursuit of the following legitimate
corporate or third-party interests;
or optional and requires your explicit consent for all personal data collected for non-purpose
directly and / or indirectly connected to contractual, pre-contractual, legal obligations of
safeguarding vital interests, carrying out public tasks, exercising public authority or
pursuit of legitimate interests.
Any refusal, even if legitimate, to provide all or part of the aforementioned data could compromise
the regular performance of the relationship with our structure and in particular, for the personal data defined above
as mandatory and indispensable, it could make it impossible for us to carry out the
normal performance of business operations and the regular supply of the requested products / services.

4. The subjects or the categories of subjects that can come to know the data or to which they can be
communicated the data are the following:
or Legal Representative of the Owner of
Treatment: in the name
of the pro-tempore administrator;
Personal data may also be disseminated, but only in aggregate, anonymous form and for statistical purposes.
5. If the processing could also involve personal data that fall within the category of “sensitive” data
(ie data suitable to reveal racial and ethnic origin, religious, philosophical or other beliefs
gender, political opinions, adherence to political parties, trade unions, associations or organizations
religious, philosophical, political or trade union, as well as personal data capable of revealing the state of health and life
sexual data) or “judiciary” (that is to say, data suitable to disclose judicial records,
of registry of administrative sanctions dependent on crime and related pending charges or quality
of defendant or suspect) the treatment will be carried out within the limits indicated by the General Authorizations
of the Privacy Guarantor, according to the procedures provided for by Legislative Decree 196/03 and for the strictly necessary purposes
to the regular performance of the business, of the operations related to the supply of products / services and
to fulfill contractual and / or legal / regulation obligations.
In this case the subjects or the categories of subjects that can come to knowledge of the sensitive data or to which
the following data can be communicated:
o Legal Representative of the Data Controller: in the name of the pro-tempore administrator;
o Processors:
o Management;
o Administration and finance;

6. Personal data may also be communicated to public bodies, police forces or other subjects
Public and private, but exclusively for the purpose of fulfilling legal, regulatory or regulatory obligations
The data in question will not be communicated to other subjects other than those provided in this information notice e
the data suitable to reveal the state of health of the interested party will in any case not be disseminated.

7. The processed data may be processed and transferred, for the purposes referred to in point 1) and in the manner of
referred to in point 2), also to subjects referred to in points 4) and 5) allocated in the countries present in the territory of the Union
Based on one of the following assumptions:
o Adequacy Decision of the European Commission;
o Adequate Privacy guarantees;
o Authorization of the Privacy Authority.

8. Legal basis of the processing
The Owner processes Personal Data relating to the User if one of the following conditions exists:
or the User has given consent for one or more specific purposes; Note: in some orders the Owner can be
authorized to process Personal Data without the consent of the User or another of the bases
legal entities specified below, until the User objects (“opt-out”) to such processing. This is not
however applicable if the processing of Personal Data is regulated by European legislation on the subject of
protection of Personal Data;
or processing is necessary for the execution of a contract with the User and / or for the execution of measures
or processing is necessary to fulfill a legal obligation to which the Owner is subject;
or processing is necessary for the performance of a task in the public interest or for the exercise of public authority
of which the Holder is invested;
or processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties.

9. In any case you can always request at any time
o Legal Representative of the Data Controller in the name of the pro-tempore administrator or al
Copy of your personal data, information about the location where your personal data is processed and a
list updated with the identification details of all Data Processors and Directors
of System authorized to the treatment of Your data.

10. At any time, you can freely revoke the consent given, without any charge or prejudice to the
lawfulness of the treatments carried out up to that point, and to exercise the following rights of the interested party in
vis-à-vis the Data Controller as established by the EU Privacy Regulation UE / 2016/679 e
by Legislative Decree 196/03:
o Access;
o Rectification;
o Cancellation;
o Limitation;
o Opposition;
o Portability;
Claim to the Privacy Guarantor.