EN-Datenschutz – Crotti-Group

Privacy policy

PRIVACY POLICY FOR WEBSITE USERS 30/04/2025
Dear User, We would like to inform you that the “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (GDPR) considers personal data protection a fundamental right. Pursuant to Article 13 of the GDPR, we inform you that:

1. CATEGORIES OF DATA PROCESSED
CCAG CROTTI SRL will process the following personal data: • Identification and contact details (name, email, phone); • Data necessary for order management (shipping/billing address, purchase details); • Technical browsing data collected automatically via the site (e.g., IP, cookies, logs); • Any data for marketing purposes (with prior consent).

2. SOURCE OF DATA
Personal data is collected directly from the data subject via the website or direct communication.

3. DATA CONTROLLER
CCAG CROTTI SRL – Corso Italia 21, 24040 Osio Sopra (BG), Italy Tel. +39 035 500212 – Email: ccagcrotti.srl@legalmail.it

4. PURPOSES AND LEGAL BASIS OF PROCESSING
Purpose
Legal Basis
Order, payment, shipment, customer service management
Contract performance (Art. 6.1.b GDPR)
Legal obligations (fiscal, accounting, legal)
Legal obligation (Art. 6.1.c GDPR)
Anonymous statistics and site security
Legitimate interest (Art. 6.1.f GDPR)
Sending newsletters and promotions
Explicit consent (Art. 6.1.a GDPR)

5. DATA RECIPIENTS
Data may be disclosed to: • Companies within the C.C.A.G. CROTTI group, including foreign entities, for management, logistics, or administration needs; • External service providers for IT, payment, logistics, and communication (e.g., newsletters, hosting, e-commerce), bound by GDPR-compliant contracts; • Entities authorized by law. Data will not be publicly disclosed.

6. TRANSFER OF DATA TO THIRD COUNTRIES
Some data may be processed by providers located in third countries (e.g., USA) for hosting, newsletters, analytics, or online payments. In such cases: • Transfers occur only to parties providing adequate guarantees (e.g., adherence to the EU-US Data Privacy Framework); • Or through Standard Contractual Clauses approved by the European Commission. The Data Controller ensures an adequate level of protection in all cases.

7. DATA RETENTION PERIOD
• Contractual and accounting data: retained for 10 years. • Technical data: retained as stated in the cookie policy. • Marketing data: until consent is withdrawn. Data relevance is periodically reviewed.
8. DATA SUBJECT RIGHTS
The data subject has the right to: • Access, rectify, delete personal data; • Restrict or object to processing; • Obtain data portability; • Withdraw consent at any time, without affecting the lawfulness of processing based on consent prior to withdrawal; • Lodge a complaint with the Data Protection Authority. Requests must be sent to the Data Controller using the contacts listed in point 3.

9. MANDATORY NATURE OF DATA PROVISION
Providing data is necessary for the stated purposes. Failure to provide data may result in the inability to fulfill contracts or provide services. Data provision for promotional purposes is optional.

10. METHODS OF DATA PROCESSING
Data is processed by electronic and paper means, lawfully, fairly, and transparently. Appropriate technical and organizational measures are implemented to ensure data security, in compliance with Article 5.1.f of the GDPR.

Indoor

Outdoor

Assemblies

Modular systems

Industrial brushes

Sealing brushes in datacenters

Stenter brushes