Purpose of This Policy
This Policy provides information on how we collect and lawfully use your personal data collected when you access and use this website or respond to pages that invite you to supply personal data to us.
This website is not intended for children and we do not knowingly collect data relating to children.
Who Are We?
YKK ITALIA SPA, Via Pitagora, 1 – 20016 PERO (MI), Codice fiscale e partita IVA 02013860156 (“YKK”, “we“, “us” or “our“) is controller of this website responsible for your personal data.
We have appointed a person in charge (“PIC”) who is responsible for overseeing questions in relation to this Policy and data protection. If you have any questions about this Policy, including any requests to exercise your legal data protection rights, please contact the PIC using the details set out below.
Person in Charge (PIC) Contact Details
If you have any questions about this Policy or our privacy practices, please contact our PIC at:
Full name of legal entity: YKK ITALIA SPA
Email address: email@example.com
Postal address: Via Pitagora, 1 – 20016 PERO (MI), Codice fiscale e partita IVA 02013860156
You have the right to make a complaint at any time to al Garante per la Protezione dei Dati Personali, (https://www.garanteprivacy.it/), the Italian supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the authorities so please contact us in the first instance.
Changes to this Policy and Your Duty to inform us of Changes
We keep this Policy under regular review and updated versions will be uploaded from time to time.
It is important that personal data we hold about you is accurate and current. Please, therefore, keep us informed if your personal data changes during your relationship with us.
What Data do we Collect about You?
Personal data, or personal information, means any information about an individual from which that person can be identified. It doesn’t include data where the identity has been removed (anonymous data).
Via this website, we may collect, use, store and transfer different kinds of personal data about you including identity (e.g. name, age, date of birth), contact details (e.g. email, telephone number), technical information (e.g. IP address, browser plug-ins, operating system), usage data (e.g. data on how you use our website) and marketing/communications data (e.g. your preferences in receiving marketing from us).
We don’t collect ‘special categories’ of personal data (including details on race, religious beliefs, sex life, sexual orientation, political opinions, trade union membership, health, genetic data and criminal convictions).
How do we Collect your Personal Data, including Cookies?
We use different methods to collect data from and about you, including:
- Direct Interactions. You might give us your contact details by using this website or sending us a message. This includes requesting product materials, asking to be contacted or subscribing to notifications.
- Indirect Interactions. We may use technical methods to indirectly identify you via your IP address (cookies). See our Cookies Policy for more details. You can set your browser to refuse all or some cookies.
Generally, how do we Use your Personal Data?
Generally, we don’t rely on consent as a legal basis for processing your personal data via this website. We only use your personal data when the law allows us to (lawful basis) and for the purposes for which it is collected.
Mainly, we use your personal data where you provide it via the website or by message asking us to contact you. We might use your data to perform a contract with you or in advance of agreeing a contract with you, for our legitimate interests where your rights don’t override this, or to comply with legal obligations.
What Specific Purposes might we Use Your Personal Data for?
The main ways we may use your personal data, and the lawful bases we rely on to do so, are set out below:
|Purpose/ Activity||Type of Personal Data||Lawful Basis for Processing*|
|Correspondence with you when you provide us with your information.||Identity, contact details||Necessary for our legitimate interests (to respond to your contact with us)|
|Providing you product details, marketing, newsletters etc. where you have contacted us and not opted out||Identity, contact details, profile, marketing and communications||Performance of contract with you
Necessary for our legitimate interests (pre-contract communication/marketing)
|If you request, we may add you to a regular contact or mailing list and we may ask you to provide feedback||Identity, contact details, profile data, marketing/ communications||Necessary for our legitimate interests (to understand customers/ potential customers/ users better)|
|To enable you to complete surveys||Identity, contact details, profile data, marketing/ communications||Necessary for our legitimate interests (to understand customers/ potential customers/ users better, to develop them and to grow our business)|
|To administer and protect this website and our business (incl. data analysis, testing, maintenance, IT security)||Identity, usage data, contact details, technical||Necessary for our legitimate interests (for running our website and business, network security)
Necessary to comply with legal obligation
*Lawful Basis – Legitimate interests – managing our business, whilst balancing impact on you
– Performance of Contract – performing a contract/ pre-contract steps at your request
– Comply with legal obligation means meeting legal requirements (e.g. court orders)
How might we Use your Personal Data for Marketing?
We strive to provide you with choices regarding use of your personal data uses, particularly around marketing.
If you use this website or contact us via this website, we may use your personal data to form a view on what we think may interest you. This is how we decide communications that may be relevant to you (i.e. marketing).
You may, therefore, receive marketing communications from us or YKK Group Companies if you have requested anything from us via this website and you have not opted out of receiving marketing. We will not share your personal data with any third party marketing operators without obtaining your express opt-in consent in advance.
Opting Out of Marketing Communications
You can ask us to stop sending you marketing messages at any time (opt-out) by contacting us and requesting to opt-out or by clicking opt-out links on any such marketing communications.
What if we want to Change the Purpose we Use your Personal Data for?
Whilst we will only use your personal data for the purposes for which we collected it and in accordance with this Policy, we may from time to time lawfully use it without your knowledge or consent for another purpose where that purpose is compatible with the original purpose.
If, however, we need to use your personal data for a purpose unrelated to the purpose for which your personal data was originally collected, we will notify you and explain the legal basis which allows us to do so.
How might your Personal Data be Disclosed?
We may share your personal data with certain parties set out below for the purposes set out in the table under the heading Purposes for which we may Use Your Personal Data above:
- third party service providers acting as processors based who provide website, IT and system administration services;
- third party service providers such as marketing research company acting as processors with anonymising data as much as possible and
- third parties to whom parts of our business or assets (including this website) are sold, transferred or merged. If such a change happens to our business, then the new owners may use your personal data in the same way as set out in this Policy.
We require all third parties to respect the confidentiality and security of your personal data and to use it lawfully. We don’t allow our third-party service providers to use your personal data for their own purposes and only permit them to use your personal data for specified purposes in accordance with our instructions.
How is your Personal Data Protected if it is Transferred Internationally?
We may share your personal data within the YKK group of companies including to our Japanese parent company YKK Corporation, or where necessary to our third party service providers. This may involve transferring your data outside the European Economic Area (EEA). Whenever we make such a transfer, we ensure a similar degree of protection to it by implementing at least one of the following safeguards:
- only transferring to countries deemed to provide an adequate levels of protection for personal data by the European Commission (Adequacy Decision); or
- only transferring to entities that have entered a data transfer agreement with specific contract terms (SCCs) approved by the European Commission giving personal data the same protection as in the EU.
- Please contact us if you want further information on the specific mechanisms used by us when transferring your personal data out of the EEA.
How do we ensure your Personal Data is kept Secure?
We have put in place appropriate security measures to protect your personal data from unauthorised access or use and from being accidentally lost, altered or disclosed. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will we use your Personal Data for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
In some circumstances your Personal Data will be anonymised (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely.
What are Your Legal Rights?
In certain circumstances, you have rights under data protection laws relating to your personal data, including:
- ACCESS – you can request access to your personal data (data subject access request). This enables you to receive a copy of the personal data we hold about you
- CORRECTION – you can request correction of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected
- ERASURE (DELETION) – you can ask us to delete or remove your personal data from our records. We may not always be able to comply for specific legal reasons which will be notified to you, if applicable
- OBJECTION TO USE – you may object to us using your personal data where we are relying on a legitimate interest (or those of a third party) where you feel it impacts on your fundamental rights and freedoms
- RESTRICTION OF USE – you may request that we restrict our use of your personal data. This enables you to ask us to stop use of your personal data in the following scenarios:
- until the accuracy of the data is established
- where our use of the data is unlawful but you don’t want us to delete (erase) it
- where you need us to hold the data even if we no longer need it so you can take/defend legal action
- where you object to use of your data (above) but we may have legitimate reasons to continue using it
If you wish to exercise any of the rights above, please contact our PIC (details at the top of this Policy).
No Fee Usually Required to Exercise your Rights
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may refuse your request or charge a reasonable fee if your request is unfounded, repetitive or excessive.
What we May Need from You
We may need to specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights) is legitimate. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it could take longer if your request is complex or you have made a number of requests. In this case, we will notify you and keep you updated.