Corman S.p.A. firmly believes that transparency is the basis of the relationship with its customers and users. For this reason, it intends to apply utmost clarity on how personal data is used
The following describes the management procedures of the website as regards the processing of personal data of users who visit it.
This is a policy which is also provided pursuant to Art. 13 of Regulation (EU) 2017/679 “Protection of individuals with regard to the processing of personal data and the free movement of such data” (in short GDPR) to those who interact with the web services of
Corman S.p.A., accessible electronically from the following address https://cottony.it/.
The policy is also based on Recommendation no. 2/2001 that the European Authorities for the protection of personal data, meeting in the Group established by Art. 29 of Directive No. 95/46/EC, adopted on 17 May 2001, in order to identify a number of minimum requirements for the collection of personal data online and, in particular, the procedures, timing and nature of the information which Data Controllers are required to provide to users when the latter connect to web pages, regardless of the purposes of said connection.
- Data Controller
The Data Controller is Corman S.p.A., with registered office in Via Liguria, 3 – 20084 Lacchiarella (MI).
- Place of processing of personal data and data processors
Processing operations connected with the web services of this website take place at the Company’s registered office in Via Liguria 3 – 20084 Lacchiarella (MI) and are carried out only by technical personnel of the Department in charge of processing pursuant to Art. 29 of the GDPR.
For the various specific services, the related data is processed by specialised companies, appointed as Data Processors pursuant to Art. 28 of the GDPR.
The complete list of Data Processors can be requested at email@example.com.
- Types of data processed
During normal operation, computer systems and software procedures that serve to keep the website operational collect certain personal information, whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified data subjects, but given its nature it could allow for identifying users when processed and associated with data kept by others. This category includes IP addresses or the domain names of computers used by users who connect to the site, addresses in URI (Uniform Resource Identifier) notation of requested
resources, the time the request is made, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the response status
from the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on site usage as well as to verify its proper operation; they are deleted immediately after processing. Personal information could be used for verifying responsibility in case of computer crimes committed at the expense of the site.
Data provided by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this website entails subsequent acquisition of the email address of the sender, which is necessary in order to respond to requests, as well as any other personal data included in the message.
- Purposes and legal grounds for data processing
Without prejudice to that specified for browsing data in the previous paragraph, personal data provided by Users through the Website is processed for the following purposes:
a) allow the performance of operations strictly connected and instrumental to the management of relations with Users, such as – but not limited to – the reply to questions received with the contact form, management of the CV (curriculum vitae) for personnel selection purposes and other relevant information sent by the User;
b) allow proper execution of the contractual obligations of the Company vis-a-vis Users and customers and vice versa, as well as the consequent accounting and fiscal obligations;
c) allow fulfilment of the obligations provided for by laws, regulations and EU legislation, or provisions issued by authorities empowered to do so by law and by supervisory and control bodies;
d) purposes necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
e) purposes of statistical research/analysis on aggregated or anonymous data, without therefore being able to identify the User, aimed at measuring the functioning of the Website and its operational functions, including the resolution of any technical
The legal basis for processing the personal data for the purposes referred to in point a) is the provision of a service or the response to a request, which does not require the User’s consent, in accordance with applicable legislation.
With regard to purpose b), processing is necessary for execution of the contract in place with the Company, the purpose referred to in point c) has as its legal basis the fulfilment of legal obligations while the purpose referred to in point d) is the pursuit of a legitimate interest of the Company.
The purpose referred to in point e) does not involve the processing of personal data.
- Processing methods and retention periods
Personal data is processed using automated electronic means and devices only for the period of time that is strictly necessary to achieve the purposes for which such data was gathered.
Specific security measures are used to prevent the loss or unlawful or incorrect use of the data, as well as its unauthorised access.
- Rights of Data Subjects
Those to whom the personal data refers have the right at any time to obtain confirmation of the existence or otherwise of such data and to know its content and origin, verify its accuracy or request its integration, update or rectification (Art. 15 et seq. of the GDPR).
According to said Article, they have the right to request the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, as well as to object to
its processing for legitimate reasons.
Requests should be sent by e-mail to the following address: firstname.lastname@example.org.
This policy Rev.00 was issued on 1/09/2020 and is effective as from 1/10/2020.