Marelli Aftermarket Italy S.p.A. (ex Magneti Marelli After Market Parts And Services S.p.A.), with registered office in Viale Aldo Borletti 61/63, Corbetta (MI) - (“Company”), is committed to protecting the personal data of the users (“Users”) of this website (“Site”) and, as data controller, is required, pursuant to Article 13 of EU Regulation No. 679/2016 (General Data Protection Regulation, “GDPR”), to provide the Users with certain information regarding the processing of personal data.
This Privacy Notice does not apply to different websites (owned by other companies of Marelli Group or by third parties) which can be reached through the Site.
1. WHAT DATA CAN BE PROCESSED
Through the Site, the following categories of Users’ data (hereinafter jointly also “Personal Data”) can be processed:
1. Personal Data provided to receive a specific service (e.g. name and contact details);
2. browsing data (e.g. IP address, location - country -, information on pages visited by the user within the website, access time on the intranet, navigation time on each page, clickstream analysis. While the Company does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information or by using other information collected).
2. PURPOSES FOR WHICH PERSONAL DATA CAN BE PROCESSED
A) Operating the Site, providing the Service and promote awareness within the Company.
The Company will process Personal Data for the following purposes:
1. giving execution to a specific user request or provide the requested service ("Service");
2. allowing the Company to perform surveys on customers satisfaction ("Customer Satisfaction") Improvement of user experience, gathering of information for purposes of market and business research and analysis;
Legal Basis: performance of a contractual obligation or execution of pre-contractual measures (pursuant to Article 6, paragraph 1, letter b) of the GDPR). The provision of personal data is necessary; otherwise, the Company will not be able to operate the Site and to manage the Users requests.
With reference to the point n.2:
Legal Basis: consent (pursuant to Article 6, paragraph 1, letter a) of the GDPR).
B) Compliance with a legal obligation to which the Company is subject or with provisions/requests of authorities legitimized by law and/or by supervisory and control bodies.
The Company may process the Personal Data to comply with a legal obligation to which the Company is subject.
Legal Basis: compliance with a legal obligation (pursuant to Article 6, paragraph 1, letter c) of the GDPR). The provision of Personal Data for this purpose is necessary, otherwise the Company will not be able to comply with specific obligations.
C) Defence of rights during judicial, administrative or extra-judicial proceedings, and in the context of dispute arising in relation to the services/activities offered.
The Company may process Personal Data in order to defend its rights or to act or even to make claims against the Users or third parties.
Legal Basis: legitimate interest of the Company in protecting its rights (pursuant to Article 6, paragraph 1, letter f) of the GDPR). In this case, a new and specific provision of data is not required, since the Company will pursue this further purpose, where necessary, by processing the data collected for the aforementioned purposes, deemed compatible with this (also due to the context in which the data have been collected, the nature of the data and the adequate guarantees for their processing, as well as the link between the aforementioned purposes and this additional purpose).
3. HOW WE KEEP PERSONAL DATA SECURE AND WHERE
The Company takes appropriate security measures to ensure the protection, security, integrity and accessibility of the Personal Data. Personal Data, processed in hardcopy, by automated or electronic means, are held on our secure computer systems (or appropriately stored hard copies) or those of our suppliers, in accordance with our standards and security policies (or equivalent standards for our suppliers).
The Personal Data are stored in Europe.
When the Company transfers Personal the Data in countries that do not belong to the European Union (EU) or the European Economic Area (EEA) (“Third Countries”), it uses any appropriate measure to guarantee an adequate protection of the Personal Data including also the adoption of standard contractual clauses (SCC) issued by the EU Commission, possibly supplemented by additional technical/organizational/legal measures so that the safeguards contained in the transfer tool can ensure an essentially equivalent level of protection for Personal Data transferred in the Third Country.
The Users can write to the Company at any time to receive a copy of the safeguards adopted for the transfer.
4. HOW LONG WE RETAIN PERSONAL DATA
The Company retains Personal Data only for as long as it is necessary for the purposes for which they were collected or for any other related legitimate purpose. If the Personal Data are processed for two different purposes, we will keep such data until the purpose with the longer-term ceases.
In particular, we have a general retention period of 10 years from the time of initial collection for personal data that is processed for our invoicing and accounting purposes in relation to our sales, save for the circumstances in which national applicable law provide for different retention requirements.
Personal data relating to your purchases will be stored and processed by Company for marketing purpose as described above and profiling purposes for a period of 24 months for marketing purposes and 12 months for profiling purposes. When the Company no longer requires your personal data for the above-mentioned purposes, the Company will keep your personal data duly blocked and only for the period necessary for establishment, exercise and defense of legal claims. Once this period has elapsed, the data will be erased or made anonymous in a permanent and non-reversible way.
With particular reference to the judicial protection of our rights or in the event of requests by the authorities, Personal Data will be kept for the time required to process the requests or to pursue the protection of the rights involved.
5. LINK TO THIRD PARTY WEBSITES
Third party websites accessible from this Site are under the third-party responsibility. The Company declines all responsibility concerning requests and/or provision of Personal Data to third party’s websites. The Company declines all responsibility concerning requests and/or provision of Data to third party websites. This privacy notice refers only to the processing of Personal Data carried by the Company on the Site.
6. WITH WHOM WE MAY SHARE PERSONAL DATA
The Users’ Personal Data may be accessed by duly authorised employees of the Company, as well as by external suppliers (including consultants), appointed, if necessary, as data processors pursuant to Article 28 of the GDPR.
You can always contact us using the details provided in the “Contacts” section below, if you would like to see the list of data processors and other subjects with whom we share Personal Data.
7. PERSONAL DATA PROTECTION RIGHTS
Users, subject to the existence of the legal basis for the request, have the right to obtain from the Company:
• the access to and the rectification of Personal Data;
• the erasure of Personal Data;
• the rectification of Personal Data;
• the limitation of the processing of Personal Data;
• the copy of Personal Data provided to the Company, in a structured, commonly used and machine-readable format (portability) and the transmission of such personal data to another data controller.
In addition, Users have the right to object, in whole or in part, to the use of their personal data processed by the Company, under the conditions provided for by the GDPR, for example if the legal basis for processing is the legitimate interest.
In the event that the Users exercise any of the above-mentioned rights, it will be the responsibility of the Company to verify that the Users are entitled to exercise such rights, and a feedback will normally be provided within one month.
Users have the right to lodge a complaint with a supervisory authority if they consider that the processing of their personal data is in breach of the provisions of the GDPR.
The contact details of the Company, as data controller, are as follows: Marelli Aftermarket Italy S.p.A., Viale Aldo Borletti 61/63, 20129 Corbetta (MI).
If Users have any questions regarding the Company's processing of their Personal Data or wish to exercise the aforementioned rights, they may write an email to firstname.lastname@example.org.