Privacy Policy INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to article 13 of the Regulation (EU) 2016/679

The below information is issued by Opinion Ciatti s.r.l. (hereinafter also referred to as “Opinion Ciatti” or “Data Controller”) pursuant to art. 13 of Regulation (EU) 2016/679 (“Regulation”) concerning the processing of personal data of the Users who visit or interact with the website (“Website”) or with the Data Controller’s social accounts, including, but not limited to, by filling out forms and banners etc.

For the purposes of art. 4.1 of the Regulation, “personal data” means any information relating to an identified or identifiable natural person (“Data Subject” or, for the purposes of this information, “User”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1. Data Controller

The Data Controller is Opinion Ciatti s.r.l., with registered office in via di Prato, 80 - 50041 Calenzano, Florence (Italy), VAT reg. no. and taxpayer’s code 05372720481. 

The Data Controller may be contacted:

  • by email at;

  • by fax to the number +39 055 88709237;

  • by mail, at the address Opinion Ciatti s.r.l., via di Prato, 80 - 50041 Calenzano, Florence (Italy).

2. Purposes and legal basis of processing 

Opinion Ciatti may process the User’s personal data for the following purposes.

  1. Request for information and materials by the User.

If the User asks Opinion Ciatti to receive specific information or materials (for example by interacting with the Website, through the social accounts, or by sending an email to the contact addresses, etc.), Opinion Ciatti will process the personal contact data (for example, name, surname, email address) provided to send email communications in order to respond to such request.

The legal basis is the processing necessary for performing a contract to which the Data Subject is a party (art. 6.1.b of the Regulation).

  1. Management of the User account and sales of products.

If the User intends to create an account on the Website and/or to purchase Opinion Ciatti’s products, Opinion Ciatti will process the data provided:

  1. to allow the signup and login to the Website;

  2. to execute and perform any contracts for the purchase of Opinion Ciatti’s products or services, including pre-contractual activities and after-sales services (e.g. warranty);

  3. for the administrative, commercial and logistical management of the relationship with the customer (e.g. management of contracts, orders, shipments, invoices, etc.);

  4. for compulsory fulfilments pursuant to tax and accounting laws or regulations;

  5. for the protection of Opinion Ciatti’s rights arising from the contract.

For the above mentioned purposes, common data such as name, surname, taxpayer’s code, place and date of birth, residence address, email address, social account references (in case of social login), telephone number, mobile phone number may be requested and processed, also based on the User’s request.

For the purposes described in points 1, 2 and 3 above, the legal basis is the processing necessary for performing a contract to which the Data Subject is a party (art 6.1.b of the Regulation). 

The processing carried out for the purpose referred to in point 4 is based on legal obligations to which Opinion Ciatti is subject (art. 6.1.c of the Regulation).

For the purpose stated in point 5, the processing is necessary to pursue the legitimate interest of Opinion Ciatti to protect its rights arising from the contract (art. 6.1.f of the Regulation).

  1. Marketing communications.

Subject to the optional and specific consent of the User, Opinion Ciatti will process the data provided for marketing purposes, i.e. to send the User newsletters, marketing, promotional and informative communications, advertising material, and direct marketing offers about Opinion Ciatti’s products, activities and events, product surveys to assess the customer satisfaction, etc.

The legal basis for this processing is represented by the Data Subject’s consent to receive communications for marketing purposes (art. 6.1.a of the Regulation), which may be revoked at any time.

Opinion Ciatti may also use the email address provided within the sale of a product or service for the direct sale of its products or services (direct marketing), without requiring the consent of the Data Subject and provided that the services are similar to those being sold. The Data Subject may refuse such use of their data, either initially or through a subsequent communication. The legal basis for such processing is the legitimate interest of the Data Controller (art. 6.1.f and Recital 47 of the Regulation; art. 130, paragraph 4 of Italian Legislative Decree 196/2003).

Marketing communications are transmitted by email, chat, Website banners or through Opinion Ciatti’s social accounts.

  1. Profiling.

Subject to the optional and specific consent of the Data Subject, Opinion Ciatti will process the User’s data for profiling purposes, i.e. to identify the User’s profile as a consumer and/or analyse their preferences, habits, consumption choices and interaction with Opinion Ciatti, education and occupational status, in order to be able to send them offers in line with the identified profile (so called targeted advertising).

The legal basis for this processing is represented by the consent of the Data Subject (art. 6.1.a of the Regulation).

3. Nature of data provision and consequences of refusal to provide data

The provision of personal data by the Data subject is compulsory to fulfil legal and/or contractual obligations.

Therefore, any refusal to provide the data requested for such purposes will make it objectively impossible to pursue the processing purposes set out in this information (paragraph 2 lett. A and B above), and therefore to respond to the User’s requests, to create and manage a personal account, to execute a contract and/or to comply with legal obligations.

However, the provision of data with a specific consent (paragraph 2, letters C and D above) is optional, as is optional the consent to the relevant processing. Any refusal to provide data or failure to consent to its processing for marketing and/or profiling purposes will not affect in any way any other contractual relationship between the Data Subject and Opinion Ciatti.

The User may unsubscribe from the mailing list at any time by clicking on the appropriate link in any communication for marketing purposes sent by Opinion Ciatti.

Additionally, the Data Subject may object, at any time, to the processing of their personal data for marketing and/or profiling purposes. In this case, the personal data collected exclusively for such purposes will no longer be processed.

4. Data retention period

The data voluntarily provided by the User through the Website will be kept by Opinion Ciatti for the time strictly necessary to achieve the purposes for which it is collected and processed.

The data processed for marketing and profiling purposes will be kept for a period of five years from the time it is collected unless during that period the Data Subject revokes their consent, unsubscribes from the mailing list or objects to the processing of data for marketing and/or profiling purposes.

The retention periods determined as above are valid unless a different and longer period is required by law or regulations.

5. Categories of subjects to whom the data may be disclosed (Recipients)

The data supplied by the User and collected by Opinion Ciatti for the purposes referred to in paragraph 2, letter A and B above may be disclosed to, and processed by, third parties belonging to the following categories: professionals, professional firms and/or companies that provide accounting, tax and fiscal services; banks and credit institutions; law firms; web agencies (such as LipsiaGROUP S.r.l.,  developer of the Website and responsible for its technical maintenance) and companies that offer web marketing, IT assistance, hosting and/or IT security services; professionals and consultants responsible for the protection of Opinion Ciatti’s rights arising from the contract; companies that carry out auditing and certification of financial statements; shippers, carriers, post offices, logistics companies; supervisory bodies.

The data processed for marketing and profiling purposes (see paragraph 2, letters C and D above) may also be disclosed to companies that offer marketing services, web analysis, and distribution of newsletters.

The data recipients belonging to the above mentioned categories will process data in their capacity as data processors designated by Opinion Ciatti pursuant to art. 28 of the Regulation, except for cases when the recipients act as joint data controllers or independent data controllers, by virtue of provisions of law or regulations.

The data may also be disclosed to, and processed by, persons authorised to process personal data under the direct authority of Opinion Ciatti (art. 29 of the Regulation), such as the employees of Opinion Ciatti.

Finally, the data may be disclosed to subjects to whom transmission is required by law or regulation or by public subjects within the performance of their institutional duties. These subjects usually act as joint data controllers or independent data controllers (by way of example, authorities and supervisory and control bodies and, in general subjects, whether public or private, entitled to request the data).

6. Data subject’s rights 

By contacting Opinion Ciatti, the Data Subject has the right to:

  • obtain confirmation as to whether or not personal data concerning them is being processed and, where that is the case, access the personal data and the information on processing listed in art. 15 of the Regulation;

  • obtain the rectification of inaccurate personal data concerning them without undue delay.  Considering the purposes of the processing, the Data Subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement;

  • obtain the erasure of personal data concerning them without undue delay;

  • obtain the restriction of processing where one of the circumstances provided for by art. 18 of the Regulation applies;

  • object to the processing of personal data at any time, on grounds relating to their particular situation or when the data is processed for direct marketing or profiling purposes or for any other circumstances provided for by art. 21 of the Regulation;

  • where the processing of personal data is based on the consent of the Data Subject or on a contract and is carried out by automated means, the Data Subject shall have the right to receive the personal data concerning them and provided to the Data Controller in a structured, commonly-used and machine-readable format. Furthermore, the Data Subject shall have the right to transmit such data to another data controller without hindrance from the Data Controller to which the personal data was provided (so called data portability).

If the Data Subject considers that the processing of personal data is in breach of the Regulation, without prejudice to any other administrative or judicial remedy, they have the right to lodge a complaint with a supervisory authority, specifically the Member State of their habitual residence, place of work or place of the alleged breach. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and outcome of the complaint, including the possibility of a judicial remedy.

7. Timing and procedures of reply in case of exercise of the data subject’s rights

The Data Controller provides the Data Subject with information about the actions taken concerning a request to exercise the rights as per articles from 15 to 22 of the Regulation and referred to in the specific paragraph above (“Data Subject’s rights”), without undue delay and at the latest within one month after receiving the request. This deadline may be extended by two further months if necessary, considering the complexity and number of requests. The Data Controller shall inform the Data Subject of this extension and the reasons for the delay within one month after receiving the request. If the Data Subject submits the request by electronic means, the information is provided, where possible, by electronic means, unless otherwise indicated by the Data Subject. 

8. Cookie policy

For information regarding the use and management of cookies via the Website, please read the cookie policy.

9. Navigation data

The IT systems and the software procedures necessary for the functioning of this Website acquire, during their regular operation, some personal data, the transmission of which is implied in the use of the Internet communication protocols and is not, therefore, made by the User on a voluntary basis. This data is not collected to be associated with identified Data Subjects, but by its very nature it could make it possible to identify Users through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by the Users who connect to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters related to the operating system and the IT environment of the User. This data is used only to obtain anonymous statistical information on the use of the Website and to check its correct operation and is deleted immediately after processing. The data could be used to ascertain any responsibility in case of hypothetical cybercrimes against the Website; other than in such event, currently the data on web contacts is not stored for more than seven days. 

10. Updates to the information on the processing of personal data

This information may be subject to changes and updates to make it simpler and easier to read and understand. Please visit this page periodically to review any changes.

Latest update: August, 27 2021