Knoll International S.p.A. (“Knoll”) is aware of the importance of protecting the personal data and, in its quality of Data Controller, informs that personal data collected through navigation on the www.knolleuropeportraits.com website will be processed in compliance with European and Italian legislation. When using the services offered by the site (filling out contact forms, etc.) the user will receive specific information regarding the further processing of personal data made by Knoll.
Pursuant to Article 13 of Regulation (EU) no. 2016/679 (“Regulation”), Knoll provides the following information.
1. Types of data collected, purpose and legal basis of processing.
Navigation data. The computer systems and software procedures used to operate the www.knolleuropeportraits.com website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the users’ terminals that connect to the site, the MAC (Media Access Control) addresses, the addresses in the URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to forward the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and parameters related to the operating system and to the users’ computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site. The legal basis that legitimises the processing of personal data for this purpose is to be found in the hypothesis provided for by art. 6 par. 1, lett. b) of the Regulation, allowing the user to use the service requested. The same data may also be used to fulfil legal obligations or requests of the judicial Authority. The legal basis that legitimises the processing of personal data for this purpose is to be found in the hypothesis provided for by art. 6 par. 1, lett. c) of the Regulation, as the processing is necessary to fulfil a legal obligation to which the data controller is subject.
Data provided voluntarily by the user. Following the voluntary sending of e-mail messages to the e-mail addresses on the site, Knoll may process the sender’s e-mail address and the additional personal data contained in the message to respond to requests made by the user. The legal basis that legitimises the processing of personal data for this purpose is to be found in the hypothesis provided for by art. 6 par. 1, lett. b) of the Regulation, as to provide the requested service to the user. The same data may also be used to fulfil legal obligations or requests of the judicial Authority. The legal basis that legitimises the processing of personal data for this purpose is to be found in the hypothesis provided for by art. 6 par. 1, lett. c) of the Regulation, as the processing is necessary to fulfil a legal obligation to which the data controller is subject.
2. Data retention period.
Personal data collected and processed when browsing the www.knoll-int.com site will be kept for the entire period of service providing and in any case deleted or rendered anonymous within 7 days. Personal data sent voluntarily by users through the tools on the site will be deleted after providing the service requested or having responded to them and in any case within the maximum period of 6 months from the end of this activity, with the exception of those required to comply with fiscal, accounting and administrative regulations or to fulfil other legal obligations and to document the activities carried out.
3. Modalities for data processing.
The personal data will be collected, saved and processed with electronic tools and will be stored both electronically and on paper, organised in a database, and on any other type of appropriate support. Specific security measures are followed to prevent data loss, illicit or incorrect use and unauthorised access. The processing of personal data carried out by Knoll does not involve automated decision-making processes.
4. Providing data.
The provision of navigation data is necessary to grant the requested service (navigation on the site) and therefore mandatory to this purpose: the failure to communicate or provide personal data by the data subject will result in the impossibility for Knoll to allow navigation on the site www.knolleuropeportraits.com. The provision of data for further purposes is optional: failure to communicate or provide data, in such cases, will not affect the data subject, but may result in the inability to provide the user with the feedback required.
5. Entities to whom personal data may be disclose
Personal data may be disclosed to: subjects who are entitled and have the interest to access personal data by law or secondary or community legislation; Controller’s internal staff; companies, associations or professional offices that provide services and activities on behalf of the Controller as Data Processor for the fulfilment of legal obligations, as well as for every organisational and administrative need necessary to provide the services requested. The details of the Data Processors are listed in an updated list available at Knoll (to be requested at the addresses indicated in point 9). Personal data will not be disseminated.
6. Data transfer abroad or to international organisations.
Personal data gathered as a result of web-surfing and usage of the services in the website www.knolleuropeportraits.com could be stored in Knoll, Inc servers located in the United States. To this purpose, Knoll and Knoll, Inc adopted the standard contractual clauses according to art. 46, par. 1 (c) of the Regulation.
7. Link to sites or services of third parties.
This policy is provided only for the processing of personal data made through this site or the tools provided by the same, and not for other websites that may be consulted by the user through connection, whose managers operate as independent data controllers. Users are therefore invited to read their privacy policies carefully, before accessing the services of third parties.
8. Data subject’s rights.
In relation to the above-mentioned personal data processing, the data subject has the right to exercise at any time the rights provided by the Regulation, including, for example, to obtain the indication of: (i) data source; (ii) purposes and methods of processing; (iii) logic applied in case of processing carried out with the aid of electronic instruments; (iv) identifying details of the controller, of the processor, of the managers and the appointed representative.
Data subjects have the right to obtain: (i) access, updating, correction or integration of data; (ii) deletion, transformation into anonymous form or blocking of data processed in violation of the law; (iii) the limitation of data processing; (iv) copy of their data in standard format.
Data subjects are also entitled to object, in whole or in part:
– for legitimate reasons to the processing of data concerning them, even if pertinent to the purpose of the collection;
– to the processing of personal data concerning them carried out pursuant to art. 6 par. 1 of the Regulation, lett. e) (“processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”) or f) (“processing is necessary for the pursuit of the legitimate interest of the data controller or third parties”) including profiling on the basis of these provisions;
– to the processing of personal data concerning them for the dispatch of advertising or direct sales material or for the conduction of market research or commercial communication (direct marketing), including profiling in so far as it is connected to it.
Data subjects have, finally, the right to revoke their consent to processing, when this is based on the hypothesisby art. 6, par. 1, lett. a) (“the data subject has given consent to the processing of his or her personal data for one or more specific purposes“), or by art. 9, par. 2, lett. a) (“the data subject has explicitly consented to the processing of those personal data for one or more specified purposes”) of the Regulation, at any time without prejudice to the lawfulness of the treatment based on consent given prior to the revocation.
If the processing is in violation of the legislation in force, Data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State in which they normally reside, work or where the alleged violation has occurred. The Italian Supervisory Authority can be reached at the addresses on its website.
9. Data controller – Contact details.
The Data Controller is Knoll International S.p.A., Piazza Bertarelli 2, 20122 – Milano, Italy, in the person of the legal representative pro tempore. To exercise the rights listed above, the data subject may make a request using the e-mail account email@example.com.
Knoll retains the right to update this personal data processing policy.