PRIVACY POLICY
(pursuant to Article 13 of Regulation (EU) 2016/679)
Dear Customer,
pursuant to Article 13 of EU Regulation 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to personal data processing and on the free movement of such data (General Data Protection Regulation, hereinafter the "GDPR" or the "Regulation"), we hereby inform you that the personal data that you provide as a user (hereinafter the "User" or the "Data Subject") to Same Deutz-Fahr Italia S.p.A. (hereinafter also the "Company") will be processed by the latter as Data Controller in accordance with the provisions referred to above and in compliance with the confidentiality obligations underpinning our company's activities. We would like to inform you in particular of the following:
- Data relating to the Controller
The Data Controller is Same Deutz-Fahr Italia S.p.A. with registered office at Viale F. Cassani, 15 – 24047 Treviglio (Bergamo).
- Types of data processed and purposes of processing
2.1. Types of data processed
a) Personal details and other data: first name, surname, town or city, email address, date of birth, profile picture, password, public data taken from the social networks used to log-in;
b) Browsing data and other information: by this we mean some additional information about the User that does not contain any identifying data, or that in any case does not reveal the identity of the users, including browsing data of which the transmission is inherent in the use of Internet communication protocols. Examples include – if the mySAME and myDEUTZ-FAHR apps are used – the browser and operating system, time spent using the app, and web pages visited using a link in the app;
c) Location data: data related to the user's location using the information provided by the smartphone's GPS. The exchange of such information can only be enabled with the consent of the user.
2.2. Purpose of the processing
The data collected will be processed for the following purposes:
a) Managing your registration request in the SDF Store market place and the mySAME and myDEUTZ-FAHR apps, creating your profile and giving you access to your services.
b) Receiving and managing your orders, providing the products and services you buy, processing payments and generally carrying out the obligations under sales contracts or pre-contractual activities.
c) Communicating with you about the state of your orders and the products and services you buy, giving you more information on them if needed.
d) Giving post-sales support under applicable regulations and/or based on contractual agreements.
e) Managing any disputes.
f) Fulfilling any accounting or tax obligations and generally any obligations under applicable law.
g) Sending you commercial information on products and services like those you buy, at the email address you use to buy them. We remind you that you can opt out of receiving this communication at any time, by emailing privacy@sdfgroup.com.
For the above purposes, the fields in the form must be completed. Without this information it will not be possible to proceed with your registration and you will therefore be unable to access the services offered.
In addition, but only with your express consent given by clicking on the appropriate box at the bottom of the registration form:
h) Sending commercial information through automatic newsletters to the email you give, push notifications and the app.
i) Sending commercial communication on products, services and other promotion or marketing activity personalised on the basis of your tastes, interests and purchases.
Remember that you can always revoke your consent to the use of your data for this purpose by writing to the Data Controller at privacy@sdfgroup.com. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The personal data collected will be processed by personnel authorized by the Data Controller in accordance with Article 29 of the GDPR. Processing of the Data for said purposes will take place using computer and manual methods, based on logical criteria compatible with and instrumental to the purposes for which the data was collected, in compliance with the rules of confidentiality and security provided for by law and by internal company regulations.
- Legal grounds for processing
For the purposes in paragraph 2.2 above, the legal basis for processing the personal data you provide is:
- Letters a), b), c), d) and e): the need for the Data Controller to properly carry out the contract it is party to with regard to use of the SDF Store market place and app for buying goods and services (article 6, paragraph 1, letter b) of the GDPR);
- Letter f): the need for the Data Controller to fulfil legal obligations to which it is subject (article 6, paragraph 1, letter c) of the GDPR);
- Letter g): legitimate interest on the Data Controller's part (article 130, paragraph 4 of Legislative Decree 196/03);
- Letters h) and i): your consent, if given (article 6, paragraph 1, letter a) of the GDPR).
- Other data collection tools
The app uses Firebase Analytics, a web analysis service owned by Google Inc. (hereinafter “Google”), that analyses user behaviour. The information collected about your use is generally transmitted to and stored by Google departments in the United States of America.
In order to identify the individual user anonymously in the app, Google assigns an anonymous and unique code to the user (known as a token) which cannot be in any way connected by Google or by the Data Controller or Data Processor to the physical identity of the user. This information may be used by Google for the purpose of analysing your use of the app, collecting information about your activities and providing other services to the data controller related to your use of the app.
Google guarantees that under no circumstances will it associate the user's token with other data held by Google.
With regard to the SDF Store market place, further data may be acquired once cookies are installed on your browser. To get more information on the cookies used on the site, please refer to the privacy and cookies policy on the website.
- Scope of communication of personal data
The Data Controller may communicate and transfer your data to third parties in the performance of activities relating to the purposes referred to above, meaning that such third parties are authorised to process the data in question, as they are responsible for carrying out or providing specific services that are strictly necessary for the performance of the contractual relationship. Personal data can be shared with the IT company that, as Data Controller, only manages the app or website in the ambits of technical access and electronic storage and maintenance of data.
The complete list of data processors who process personal data on behalf of the Data Controller is available at the request of the Data Subject.
The data gathered may be sent to parties other than the Data Controller that publish their products in the SDF Store market place. If buying those products or requesting information on them, your data will perforce be sent to those parties, who will act as independent Data Controllers to which this information does not apply.
The app contains links to third-party sites. We hereby inform you that the Data Controller has no control over cookies or other monitoring technologies on such websites where this policy does not apply. The Data Controller is therefore not responsible for any legal offences that may occur through the use of such sites. For these reasons, the Data Controller declines all responsibility for any damage that may be suffered by the User while browsing these sites.
- Transfer of personal data to non-EU countries
Except as specified in paragraph 4 Other data collection tools above, personal data collected by this app and referred to in paragraph 2.2 will be mainly processed within the EU. However, transfer of data to non-EU countries cannot be ruled out in the event of necessities linked to specific services carried out by the Data Controller or requests from the Data Subject. With regard to data transferred to non-EU countries, the Data Controller oversees that the requirements in chapter 5 of the GDPR are respected.
- Storage period
The data collected will be retained in full for the entire period of the execution of the contract; subsequently, the Data will be retained for a period of ten years in order to comply with legal obligations including the obligations under article 2220 of the Italian Civil Code. Any further retention of the Data or part thereof may be decided by the Controller to assert or defend its rights in any place and in particular in court. In the absence of consent, data will be conserved until it is revoked or until the service stops being provided by the Data Controller, unless the data needs to be stored for specific purposes (i.e. handling disputes).
- Rights of the Data Subject
With regard to your personal data you are hereby informed that you may exercise your rights under article 15 et seq. of EU regulation 2016/679, as set out below: right to access right to rectification right to erasure or "right to be forgotten" right to restriction of processing right to receive notification regarding rectification or erasure of personal data or restriction of processing right to data portability right to object to processing
To exercise your rights pursuant to the legislation on the protection of personal data, or if you would like more information, to make a suggestion or to file a complaint or dispute regarding our privacy policy or the way in which our Company processes personal data, you can contact the Data Controller by writing to SAME DEUTZ-FAHR Italia S.p.A., with registered office at Viale Francesco Cassani, 14 - 24047 Treviglio (Bergamo), Italy, or by emailing privacy@sdfgroup.com.
- Right of complaint
If you believe that the processing of your personal data through this app is in violation of the provisions of the GDPR, you have the right to file a complaint with the Supervisory Authority for the Protection of Personal Data (article 77 of the GDPR) or, alternatively, to bring proceedings before the appropriate court (article 79 of the GDPR).