Who are we and what do we do with your personal data?

The company COLMEF S.R.L., with registered office in GUBBIO (PG), ZONA IND.LE PONTE D'ASSI, VAT number 00635770548, hereinafter referred to as the Data Controller, protects the confidentiality of your personal data and guarantees them the necessary protection against any event that may put them at risk of violation.

To this end, the Data Controller implements policies and practices concerning the collection and use of personal data and the exercise of your rights under the applicable legislation. The Data Controller takes care to update the policies and practices adopted for the protection of personal data whenever necessary and in any case in the event of regulatory and organisational changes that may affect the processing of your personal data.

What data and what does the Controller collect them for?
The Data Controller collects and/or receives information about you of different types:
  • Browsing data;

  • Data provided by the user

  • Cookies and other tracking systems;

  • Browsing data such as your IP address and the pages you visit are collected automatically while you are browsing this site; they are used by the Data Controller for the management of the site itself and for its security. The Data Controller processes, including through its suppliers, your personal, computer or traffic data collected or obtained in the case of services displayed on the website to the extent strictly necessary and proportionate to ensure the security and capacity of a network or servers connected to it to resist, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.

    For these purposes, the Data Controller provides procedures for the management of personal data breaches (data breach).

    The data communicated by the user by filling in forms on the site entail the acquisition of the sender's contact data necessary to reply, as well as all the personal data included in the communication. Specific information will be published on the pages of the Data Controller's sites set up for data collection (Forms).

    The method of use of Cookies is described in the Cookies Policy.

    Social buttons
    On the Owner's sites there are special "buttons" (called "social buttons/widgets") that depict the icons of social networks (e.g. Facebook, Instagram, Linkedin). These buttons allow users who are browsing the sites to interact with a 'click' directly with the social networks and other websites depicted therein. In this case, the social network and other websites acquire data relating to the user's visit, while the Data Controller will not share any navigation information or user data acquired through its site with social networks and other websites accessible through social buttons/widgets.

    What happens if you do not provide your data?
    Browsing data are automatically collected when accessing the site. Visiting the site without releasing your navigation data is not possible. With regard to cookies, we invite you to read the consequences of deselecting individual cookies, as set out in the cookie policy. Finally, with regard to the data communicated directly by the user through the contact forms, please refer to the information released within the forms themselves.

    How and Where
    Your personal data will be processed within the European Union by means of computerised/manual tools for which we have implemented appropriate security measures and with the help of our employees who are duly authorised and trained for this purpose. In any event, it is understood that the Data Controller may move the servers outside the EU if necessary. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in compliance with the applicable legal provisions, e.g. by adopting the standard contractual clauses provided for by the European Commission which ensure an adequate level of protection of personal data also outside the EU.

    How long
    The Data Controller processes data relating to site access logs for a maximum of 7 days. With regard to data relating to cookies, please refer to the Cookies Policy. With regard to the data communicated directly by the user through the contact forms, it is possible to learn about the storage times by consulting the information released within the forms themselves.

    What are your rights?
    Basically, you can, at any time and free of charge and without any particular charges or formalities for your request:
  • obtain confirmation of the processing carried out by the Controller;

  • access your personal data and know their origin (when the data are not obtained from you directly), the purposes and aims of the processing, the data of the persons to whom they are communicated, the period of storage of your data or the criteria for determining this period;

  • update or rectify your personal data so that they are always exact and accurate;

  • delete your personal data from the databases and/or archives, including backup archives, of the Controller in the event, among others, that they are no longer necessary for the purposes of processing or if this is assumed to be unlawful, and provided that the conditions provided for by law are met; and in any case if processing is not justified by another equally legitimate reason;

  • limit the processing of your personal data in certain circumstances, e.g. where you have contested its accuracy, for the period necessary for the Controller to verify its accuracy. You must also be informed, at an appropriate time, when the period of suspension has expired or the reason for the restriction on processing has ceased to exist and the restriction has been revoked;

  • obtain your personal data, if received or processed by the Data Controller with your consent and/or if they are processed on the basis of a contract and by automated means, in electronic format also for the purpose of transmitting them to another data controller.

  • The Controller shall do so without delay and, in any event, no later than one month after receipt of your request. The deadline may be extended by two months if necessary, taking into account the complexity and number of requests received by the Controller. In such cases, the Controller will inform you of the reasons for the extension within one month of receipt of your request.

  • For any further information or to send your request, please contact the Data Controller at the following address privacy@colmef.com.

    How and when can you object to the processing of your personal data?
    For reasons relating to your particular situation, you may object at any time to the processing of your personal data if it is based on legitimate interest, by sending your request to the Data Controller at the address privacy@colmef.com. You are entitled to the deletion of your personal data unless there is a legitimate reason overriding the one that gave rise to your request.

    Who can you complain to?
    Without prejudice to any other administrative or judicial action, you may lodge a complaint with the data protection authority, unless you reside or work in another Member State. In the latter case, or in the case where the breach of data protection law occurs in another EU country, the competence to receive and hear the complaint shall lie with the supervisory authorities established there.

    You will be notified of any updates to this policy in a timely manner and by appropriate means, and you will be notified of any updates if we process your data for purposes other than those set out in this policy.