In relation to the processing of the personal data provided, we inform you that:

DATA CONTROLLER

The Data Controller is Doteco S.p.A., with registered office in Mirandola (MO), Fraz. San Martino Spino, Via E. Mattei n. 30, PEC: doteco-spa@pec.it (hereinafter also referred to as the “Data Controller“).

TYPE OF DATA PROCESSED, PURPOSES AND LEGAL BASIS OF PROCESSING

The following personal data will be collected and processed: personal data of a common nature (name, surname, personal data, position within the company, contact data) referring to: customer and supplier companies/bodies and representatives/employees/collaborators/sub-contractors of customers/suppliers, eventually communicated by these, for: a) pre-contractual purposes and the execution of contractual relations; b) administrative/accounting/fiscal and legal obligations.

Hence, the legal basis of the data processing is: fulfilment of contractual obligations for the purposes referred to in letter a); legal obligations, for the purposes referred to in letter b).

COMMUNICATION OF DATA TO THIRD PARTIES – RECIPIENTS OF THE DATA

The Data Controller may communicate the processed data for the above-mentioned purposes to: i) persons in charge of data processing within the Data Controller; ii) external persons belonging to the following categories: external consultants and their appointees/service provider companies (transport and/or shipping companies)/banks, insurance companies and credit institutions/external companies that collaborate on marketing activities/ control bodies and organisations (customs); iii) other companies in PiovanGroup.

TRANSFER OF DATA TO THIRD COUNTRIES

The processed data may be transferred by the Data Controller to Third Countries. In this case, the transfer of data takes place in compliance with the regulations and guarantees applicable from time to time by the country of reference in accordance with Article 44 and subsequent of EU Reg. 2016/679.

PROCESSING METHODS, PERIOD AND DATA RETENTION CRITERIA

Data will be processed in printed or digital format. Data will be processed by the Data Controller for the period required for the execution of the afore-mentioned purposes, and at the end of these for a further period prescribed by law relating to the storage of contracts and administrative data and/or for defence in legal proceedings (ten years after the last use and/or event interrupting prescription).

PROVISION OF DATA

The provision of data is mandatory for the execution of contractual relations and for legal purposes. Failure to provide such data will make it impossible to fulfil the purposes listed above.

RIGHTS OF THE INTERESTED PARTY, REVOCATION OF CONSENT AND COMPLAINT TO THE CONTROL AUTHORITY

The data subject has the right at any time to request access to his/her personal data, to request rectification, deletion, limitation of the same, to oppose the processing and withdraw consent and to exercise the right to data portability whenever possible. In any case, the data subject has the right to revoke, at any time, any consent given to data processing, without prejudice to the lawfulness of processing based on the consent given before revocation.

In case of alleged violation, the data subject, having recourse to the conditions, also has the right to propose a complaint to a Data Supervision Authority in the EU member state where he/she resides habitually or in the EU state where he/she works or where the alleged violation occurred.

PROFILING AND AUTOMATED DECISION-MAKING PROCESSES

The processing is not carried out by automated decision-making processes (i.e. profiling).

CONTACTS AND REQUESTS

To know the complete list of external parties to whom the data are communicated, to have information regarding the transfer of data to non-EU countries, the mechanisms and protection of data transfer pursuant to Article 44 and subsequent of GDPR, to exercise the revocation of any consent given or to exercise your rights (access, rectification, cancellation, limitation, opposition, portability) please send a request to the following email: privacy.doteco@doteco.com.

Notice updated on 23/09/2024

This page illustrates how we manage the website in relation to the processing of personal data of the users who visit it.

DOTECO S.p.A. based in San Martino Spino (MO) in via Enrico Mattei 30 as the data controller in accordance with leg. decree 196/2003 and subsequent amendments – Personal data production code and EU Regulation 679/2016 applicable from 25 May 2018 – General Data Protection Measures (“GDPM”)

This Privacy Policy is intended only for the website WWW.DOTECO.COM, while it does not apply to other websites that may be visited via external links. It must be intended as a Policy provided pursuant to art. 13 of the Regulations applicable to those who interact with the Website. It complies with Recommendation no. 2/2001 concerning the minimum requirements for online data collection in the European Union, adopted on 17 May 2001 by the Article 29 Working Party.

Your personal data will be processed according on the principles of lawfulness, honesty, transparency, purpose limitation and retention, data minimisation, accuracy, integrity and confidentiality. Your personal data will therefore be processed in accordance with the legislative provisions of applicable Regulations and their confidentiality requirements.

DATA CONTROLLER
As defined earlier, the Data Controller of the Website is DOTECO S.p.A.
The data controller is at your service to provide you with any information concerning the processing of personal data, including the list of data processors.

THE PERSONAL DATA PROCESSED

Here is the personal data collected by the Website:

a. Navigation data
The computer-based systems of the Website collect some Personal Data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with you, but by its very nature it might, through processing and association with data held by third parties, allow for your identification.
These include the IP addresses or domain names of the devices used to connect to the Website, the addresses in the Uniform Resource Identifier (URI) of the requested resources, the time of the request, the method used to submit the request to the server, the file size obtained as a reply, the numerical code indicating the status of the reply provided by the server (success, error, etc.) and other parameters related to its operating system and IT environment.
The navigation data is collected anonymously and managed by Google Analytics.

b. Data provided voluntarily
Through the website, you can voluntarily provide personal data such as your name and the e-mail address to contact us. We will process this data in compliance with current legislation. Please see the specific information in the respective areas of the website.

c. Cookies and similar technologies
Via the website www.doteco.com, we collect personal data through cookies. Further information on the use of cookies and related technologies is available in the Cookie Policy.

PURPOSE, LEGISLATIVE BASIS AND MANDATORY OR OPTIONAL PROCESSING OF DATA

The Personal Data you provide through the Website will be processed by DOTECO S.p.A. for the following purposes:

a) reply to a specific request for information;
b) statistical analysis/research on aggregate or anonymous data, without the possibility of identifying the user, aimed at assessing the operation of the Website, measuring traffic and evaluating usability and interest;
c) purposes related to the fulfilment of a legal obligation the Data Controller is subject to.

The provision of your Personal Data for the above purposes is optional, but failure to do so might prevent us from replying to the request for contact or information.

RECIPIENTS
Your Personal Data will be processed by personnel appointed by the Data Controller or by third parties to whom technical services are assigned for the management of the website. In any case, the data will not be disclosed.

TRANSFERS
Your personal data is not transferred to recipients outside the European economic area.

STORAGE OF DATA
The personal data provided will be kept for the necessary period of time to comply with the request for information or as required by current regulations.

YOUR RIGHTS
You have the right, at any time, to obtain confirmation of the existence or non-existence of personal data and to know its content and origin, verify its accuracy or request its integration or update, or correction.
You have the right to request the cancellation, transformation into anonymous form or block of data processed in violation of the law, and to oppose yourself in any case, for legitimate reasons, to its processing.
Every effort will be made to make the features of this website as interoperable as possible with the automatic privacy control mechanisms available in some products used by users. Considering that the state of improvement of automatic control mechanisms does not make them currently free from errors and malfunctions, it is hereby specified that this document, published on this page, is the “Privacy Policy” of this website and will be subject to updates.

Last updated on:12/03/2018

In accordance with art. 13 Leg. D. 196/2003 and art. 13 and 14 EU Reg. 679/2016, we would like to inform you of the following if you send us your CV:

1. Data related to you is only collected for the purposes of setting up a database from which candidates are selected to recruit staff in future;

2. The data processing procedures concerning you can be summed up as follows: direct data collection through the designated link on our website or by sending an email to the address and subsequent archiving; entry of data reported in the form into a suitable and secure digital database; subsequent destruction of the paper form and cancellation of digital data within 2 years from receipt;

3. The provision of data by you is optional. Namely, please note that information regarding any disability you may have (to fulfil the obligations in law no. 68/99) falls under the processing of so-called sensitive data (as they may reveal the state of health).With reference to this data, authorisation no.1/2004 issued by the Personal data protection watchdog requires us inform you and ask for your consent;

5. If you refuse to provide the requested data, this shall not have any consequence;

6. The above data will not be disclosed and/or transmitted to anyone;

7. Within our company, only employees and collaborators appointed by us to process them may become aware of it, as well as structures that provide technical support on our behalf (legal services, corporate inspections, maintenance and/or repairs on IT equipment);

8. You are entitled to exercise the rights provided for by current legislation, namely: to know, at any time, which personal data related to you we have and how it is used; to have it updated, integrated, corrected or cancelled, blocked and oppose yourself to it processing; If you believe your rights have been violated, you have the right to contact the National Data Protection Authority.

9. The Data Controller is Doteco SPA, with registered office in via Enrico Mattei, 30 – Mirandola (MO), Tax Code and VAT no.: IT0221135064.

DOTECO SPA
Via E. Mattei 30
41037 – San Martino Spino (MO)
Italy

In compliance with art. 13 and 122 of Legislative Decree of 30 June 2003, as well as the General Measures of the Privacy watchdog of 8 May 2014, the data controller, Doteco S.p.A., informs the users of the website www.doteco.com about the type of cookies used by them and the purposes pursued with the information acquired, by also providing information to select/deselect individual cookies.

WHAT COOKIES ARE AND WHY THEY MIGHT BE USED
A “cookie” is a small text file created by some websites on the user’s computer when users access a particular website, with the purpose of storing and carrying information. Cookies are sent by a web server (which is the computer on which the visited website is running) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the computer of the user. They are then sent back to the website upon subsequent visits.
Some operations cannot be performed without the use of cookies, which, in some cases, are therefore technically necessary. In other cases, the website displayed uses cookies to make it easier for users to browse it or allow them to use services specifically requested.
Cookies may remain in the system even for long periods of time and may also contain a unique identification code. This allows the websites that use them to keep track of the user’s browsing activity within the website itself for statistical or advertising purposes, to create a customised user profile starting from the pages visited and show and/or send the user targeted adverts.

WHICH COOKIES ARE USED AND WHY

The website www.doteco.com uses different types of technical cookies, but not profiling ones.
In accordance with the instructions provided by the Watchdog in the General measures of 8 May 2014, the Data Controller reports the specific categories of cookies used, their purpose and the consequence deriving from deselecting them.

THIRD-PARTY COOKIES
There are third-party cookies operating on the website www.doteco.com, i.e. cookies created by a website other than the one the user is currently visiting.
Based on the measures of the privacy watchdog of 8 May 2014, the Data Controller is required to provide the updated link to the policies and consent forms of the third parties with which there are special agreements in place for the installation of cookies through its website.
The third-party cookies used are anonymous. These cookies anonymously collect and record information on the pages of each single website visited, but do not allow for the identification the visitor and are in no way associated with other information. This data is only used to track and examine the use of the website by users, compile statistics based on information collected anonymously and by using aggregate data.

Cookie
Google Analytics

_utmb: expires after 30 minutes of inactivity on the website
_utmc: expires when the browsing session ends
_utmt: lasts one day
_umtv: lasts one day
_utmz: lasts six months
SAPISID: expires after 2 years
SSID: expires after 2 years
SID: expires after 2 years
APISID: expires after 2 years
HSID: expires after 2 years
NID: expires after 6 months
1P_JAR: expires after 1 month
SIDCC: expires after 3 months
NID: expires after 5 months
CONSENT: expires after 9 years

These cookies are used to provide data and information to the administrator regarding the users of our website. This allows for the collection of information to develop the content of the website and make it easier to use for visitors. Some of these cookies expire at the end of the session, others may remain for a longer period of time and can provide us with information such as: how many unique users visited the website, the total number of users, their origin, the pages visited.

The information collected is completely anonymous.

To disable the cookies: LINK, Privacy Policy Google

Cookie ShareThis

_unam (lasts 1 year)

This first-party cookie is used by the ShareThis service and allows you to use the sharing buttons on each page of the website to share content on various social media such as Twitter, Facebook, etc. The “_unam” cookie monitors the web pages viewed, the browsing experience and the time spent on each page. The ShareThis service personally identifies you only if you registered separately with ShareThis and provided your consent.

Privacy Policy

PHP cookie

PHPSESSID

Cookie used by PHP to keep track of sessions (it contains a unique identifier for your session on the website). It expires when the browsing session ends

BP-ACTIVITY-OLDESTPAGE

Session cookie , it expires when the session ends

FACEBOOK

For sharing content on social media. The website features “Like” buttons and buttons to share content on Facebook

TWITTER

For sharing content on social media. The website features “Like” buttons and buttons to share content on Twitter

GOOGLE +

For sharing content on social media. The website features “Like” buttons and buttons to share content on Google +

doteco.com

_ga: expires after 1 day
_gid: expires after 2 days

Google Analytics session Cookie

_icl_current_language

_icl_current_language : expires after 2 days

Session cookie to detect the current language of site navigation.

DESELECTING AND ACTIVATING COOKIES
The operating modes as well as the options for restricting or blocking cookies can be carried out by changing the settings of your internet browser.
Microsoft Windows Explorer

http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies

Mozilla Firefox

http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies

Google Chrome

Apple Safari

http://www.apple.com/legal/privacy/

How to disable Flash cookies

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html

You can also visit the website www.aboutcookies.org for information about how to manage/delete cookies according to the type of browser used.
LAST UPDATED ON: 12/03/2018

DATA PROCESSING POLICY

FOR THE MANAGEMENT OF OFFENCE REPORTS

REGULATED BY THE PROCEDURE FOR REPORTING BREACHES

Reg. EU 2016/679 (GDPR)

1. Data Controller

The following are Joint Data Controllers:

• Piovan S.p.A., with registered office in Santa Maria di Sala (Venice), Via delle Industrie 16, e-mail: piovanspa@legalmail.it
• Aquatech S.r.l., with registered office in Santa Maria di Sala (Venice), Via delle Industrie 16, e-mail: aquatech@legalmail.it
• Energys S.r.l., with registered office in Santa Maria di Sala (Venice), Via delle Industrie 16, e-mail: energys@pec.net
• Penta S.r.l., with registered office in Poggio Renatico (Ferrara), Via Uccellino 75/77, e-mail: penta@penta.piovan.com
• Doteco S.p.A., with registered office in Mirandola (Modena), San Martino Spino, Via E. Mattei 30, e-mail: doteco-spa@pec.it
• FEA process & technological plants S.r.l., with registered office in Scarnafigi (Cuneo), Strada Saluzzo 49, e-mail: amministrazione@feaptpcert.it

(hereinafter, also referred to as “the Data Controllers” or “the Companies”).

This policy is provided in relation to the processing of personal data of whistleblowers, those reported, whistleblower facilitators and any other third parties involved or mentioned in the report (hereinafter, “Data Subjects“) used in the management of the reports of offences addressed to the Companies falling within the scope of the “Procedure for Reporting Breaches” – drawn up in compliance with the provisions of Italian Legislative Decree no. 24 of March 10, 2023, implementing Directive (EU) 2019/1937 on the protection of whistleblowers against breaches of EU and national law –  published on the group’s corporate website www.piovan.com.

2. Type of data processed

The following personal data are collected and processed: personal data of a common nature (e.g. personal data, contact data, etc.) of the whistleblower, the reported party, the facilitators of the report and any other third parties involved or mentioned that may be included in the report.

If mentioned in the report or, subsequently, acquired in the context of the management of the report and in the conduct of the related investigation, data may also be processed that reveal the racial or ethnic origin, political opinions, religious and/or philosophical convictions, union membership, as well as genetic data, biometric data, data related to health or sex life or sexual orientation of the Data Subjects and judicial data, related to crimes and criminal convictions.

The Data Subjects are (or may be): the author of the report (the whistleblower), the person (or persons) concerned by the report (the reported person/persons), the natural person who assists the whistleblower in the reporting process, operating within the same work context as the whistleblower and whose assistance is to be kept confidential (the whistleblower facilitator), and any other third parties involved or mentioned in the report that may be mentioned in the report or that may come to light in the course of the investigation following the report.

3. Source of personal data

The data are collected through the reports addressed to the Companies and, subsequently, during the investigation following the report. The data of the Data Subjects contained in the report are provided directly by the whistleblower.

As reported in the Procedure for Reporting Breaches, whistleblowers can be:

• employees, including holders of a part-time, full-time or intermittent, fixed term or open-ended employment relationship, sub-contracted, apprenticeship, accessory, or who perform occasional services;
• self-employed workers, including holders of work contracts, agency relationships, commercial representation and other collaborative relationships;
• workers or collaborators who provide goods or services or carry out works for the Companies;
• freelancers and consultants;
• volunteers and trainees, paid and unpaid;
• shareholders and persons with functions of administration, direction, control, supervision or representation, even if these functions have been exercised merely de facto (i.e. without formal investiture).

Reports can be nominative or anonymous.

To preserve the investigative purposes, in the cases envisaged by law, the person reported, pursuant to art. 14, sub. 5, lett. d), of the GDPR, may not be immediately made aware of the processing of their data by the Data Controllers, as long as there is a risk of compromising the possibility of effectively verifying the validity of the complaint or collecting the necessary evidence.

4. Purposes and legal basis for the Processing

The personal data of the Data Subjects are processed for the purposes related to the application of the Procedure for Reporting Breaches, prior to the management of reports of any breaches of national or European Union regulations that harm the public interest or the integrity of the Companies, as well as of relevant unlawful conduct pursuant to Italian Legislative Decree 231 of 8 June 2001, by anyone who has become aware of the aforementioned in the context of the employment or collaboration relationship with the Companies or, in any case, in the work context.

The adoption of the Procedure for Reporting of Breaches and the processing of personal data consequent to the receipt of the reports take place, therefore, on the basis of a legal obligation to which the Data Controllers are subject and/or their legitimate interest. In the event of the use of voice recording with related transcription, as well as in the event of disclosure of the identity of the whistleblower, the legal basis may exclusively be the consent of the Data Subject.

With regard to any processing of personal data subsequent to the closure of the investigation on the report, the legal basis is represented by the legitimate interest of the Data Controllers in the exercise of their rights and possibly for defense in court in all cases where it is necessary (e.g. reopening of legal proceedings, claims for compensation for damages related to the report), pursuant to art. 6, sub. 1, lett. f), and art. 9, sub. 2, lett. f), of the GDPR.

In the context of any disciplinary proceedings against the alleged perpetrator of the reported conduct, in the event that the allegation is well-founded and the identity of the whistleblower is indispensable for the defense of the person charged with the disciplinary offence or of the person in any event involved in the report, the identity of the whistleblower shall only be used in compliance with the legal basis of the whistleblower’s express consent, as requested from time to time.

5. Communication of data to third parties – Data recipients

The related data are processed by the Ethics Committee and/or by any company functions and/or external consultants, as better specified in the Procedure for Reporting Breaches.

The internal members of the Ethics Committee are authorized to process personal data, on the basis of a specific letter of appointment, indicating the confidentiality obligations that must be respected in the performance of the assigned function.

The external member of the Ethics Committee is appointed Data Processor pursuant to art. 28 of the GDPR.

The reports and the personal data of the Data Subjects, moreover, may be communicated to the subjects involved in the management of the report, as well as the consultants and external professionals of which the Company make use, in compliance with the provisions of the law on the protection of personal data.

The identity of the whistleblower and any other information from which such identity may be inferred, directly or indirectly, may not be disclosed, without the express consent of the same, to persons other than those indicated above.

The communication of the personal data of the Data Subjects to public bodies and public authorities (including administrative, judicial and public security authorities) is without prejudice, if the conditions are met or the communication is necessary to comply with an order of the authority itself or with a legal obligation.

The identity of the whistleblower cannot be revealed even in the context of the disciplinary procedures that may arise from the report, if the dispute of the disciplinary charge is based on separate and additional findings with respect to the report itself, even if consequent to the same. Where, instead, the disciplinary dispute is based, in whole or in part, on the report and knowledge of the identity of the whistleblower is indispensable for the accused’s defense, the report shall be usable for the purposes of disciplinary proceedings only if the whistleblower has expressly consented to the disclosure of their identity. In the latter case, the whistleblower will be notified in writing of the reasons for the disclosure of the confidential data; a similar communication will be provided to the whistleblower if the disclosure of their identity and the information from which it can be obtained, directly or indirectly, is also essential for the defense of any person involved.

The data are processed, as a Data Processor, pursuant to art. 28 of the GDPR, by the company that manages the Whistleblowing platform and guarantees the storage of the personal data processed in the cloud.

The Data Controllers, pursuant to articles 28 and 29 of the GDPR, provide the Data Processor with operational instructions to ensure the confidentiality and security of the processing of personal data, ensure compliance with applicable legislation and the protection of Data Subjects.

6. Processing methods, period and data retention criteria

The data will be processed mainly through computerized and/or automated tools within the Whistleblowing platform, with logic related to the purposes indicated above and, in any case, in such a way as to guarantee the security and confidentiality of the data.

The data will be processed for the time necessary to manage the specific whistleblowing and in any case no later than five years from the date of communication of the final outcome of the whistleblowing procedure (art. 14 of Italian Legislative Decree 24/2023).

7. Provision of data

The provision of the whistleblower’s data is mandatory in the “nominative report” (with confidential identity management). Any refusal to provide data in the “nominative report” makes it impossible to follow the procedure described in the Procedure for Reporting Breaches.

The provision of the whistleblower’s data is optional in the “anonymous report” (which does not require prior registration and identification). However, anonymous reporting will only be taken into consideration if adequately substantiated and referring to specific facts and situations.

8. Transfer of data to third countries

The data processed are not transferred by the Data Controllers to Third Countries. However, in the event of any transfer of data to Third Countries, the transfer itself will take place in compliance with the regulations in force from time to time regarding the transfer of data to Third Countries.

9. Profiling and automated decision-making processes

The processing is not carried out by automated decision-making processes (e.g. profiling).

10. Rights of the Data Subject, Withdrawal of Consent and Complaint to the Supervisory Authority

Except as set out in the following paragraph, Data Subjects may request from the Data Controllers access to the data concerning them, their rectification, integration or erasure, as well as the restriction of processing or any other right referred to in articles 15 to 22 of the GDPR, meeting the conditions, which must be highlighted in the request. The exercise of these rights may, however, be limited if there are legitimate interests prevailing over the interests, rights and freedoms of the Data Subject, also related to the establishment, exercise or defense of a right in court or to other legal obligations that the Data Controllers must fulfil or to any provisions of the Public Authorities or the Judicial Authority or the Police Bodies.

The person involved or the person mentioned in the report cannot exercise the rights that the GDPR grants to the Data Subjects with reference to their personal data processed in the context of the report (the right of access to personal data, the right to rectify them, the right to obtain their erasure or so-called right to be forgotten, the right to restriction of processing, the right to the portability of personal data and the right to object to processing). This is because the exercise of these rights could result in an effective and concrete prejudice to the protection of the confidentiality of the identity of the whistleblower. In such cases, therefore, the person reported or the person mentioned in the report is also excluded from the possibility, where they believe that the processing that concerns them breaches these rights, to contact the Data Controllers and, in the absence of a response from the latter, to lodge a complaint with the Supervisory Authority for the protection of personal data.

In cases other than that set out above, Data Subjects have the right to lodge a complaint with the Supervisory Authority for the protection of personal data in the event of illegitimate or unlawful processing of their data by the Data Controllers.

Where the processing is based on consent, the Data Subject has the right to revoke the consent given for the processing of the data at any time, without prejudicing the lawfulness of the processing based on the consent given prior to the revocation.

11. Contacts and requests

To find out about the internal privacy organization of each Data Controller and the activities of the Data Processors, to obtain further information on the transfer of data to non-EU countries, the mechanisms and protections for transferring data pursuant to art. 44 et seq. GDPR, to exercise the revocation of any consent given and/or to exercise your rights (access, rectification, cancellation, restriction, opposition, portability) you can send a request to the e-mail contact privacy.ethicscommittee@piovan.com or forward a request through the Whistleblowing platform.