The Data Controller, pursuant to and for the purposes of articles 4 and 24 GDPR, is Cree Lighting Europe S.p.A in the person of its legal representative pro-tempore, with registered office in Via Sandro Pertini 122, 50019 Sesto F.no. (FI), Italy
Origin and type of data collected
Purposes and legal bases of processing
The data are processed for the following purposes:
The legal basis is the legitimate interest of the Data Controller (Article 6, letter f), GDPR).
The legal basis is the execution of contractual and pre-contractual measures adopted at the request of the customer (Article 6, letter b), GDPR) and the legitimate interest of the Data Controller (Article 6, letter f), GDPR) to be more efficient, to give information on the services offered, as well as to improve and develop new products and services.
The legal basis is the execution of contractual and pre-contractual measures adopted at the request of the customer (Article 6, letter b), GDPR) and the fulfillment of legal obligations of a fiscal, accounting, administrative nature (Article 6, letter c), GDPR).
The legal basis is Art. 130, paragraph 4 of Legislative Decree no. 196/2003 (soft spam).
The legal basis is the express consent given by the User (Article 6, letter a), GDPR).
The legal basis is the execution of pre-contractual measures adopted at the request of the data subject (Article 6, letter b), GDPR). The processing of any "particular" data is lawful on the basis of the Provision of the Supervisory Authority of 5 June 2019 which integrates and modifies the General Authorization no. 1/2016.
The legal basis is the fulfillment of legal obligations (Article 6(c) GDPR).
The provision of personal data
The mandatory or optional nature of the provision is specified from time to time – with reference to the individual information requested – by affixing a special symbol (*) to the mandatory information. Any refusal to communicate the data marked as mandatory makes it impossible for the Data Controller to execute the contract or provide the available services. The provision of additional data is, however, optional.
The processing of personal data is carried out by the Data Controller using paper, electronic or telematic methods, using internal personnel specifically authorized to process personal data. Appropriate security measures are adopted in order to minimize the risks of destruction or loss - even accidental - of data, unauthorized access or processing that is not permitted or does not comply with the purposes of collection.
The data are processed for the time necessary to perform the service requested by the User or in general until the purposes for which they were collected are achieved. Some data will be kept for longer periods of time, by virtue of obligations relating to fiscal-administrative-accounting obligations (eg 10 years pursuant to art. 2220 c.c.) With regard to marketing purposes, the retention period of purchase data is 10 years. The data relating to applications for our job positions are kept for a maximum of 24 months.
When the intended processing purposes are exhausted, the personal data will be deleted or permanently anonymized.
Communication of personal data
The User's personal data will not be disclosed to indeterminate subjects, however the data may be communicated to third parties, legal and / or natural persons, which provide the Data Controller with outsourced services of a technical and organizational nature, such as IT services, communication services, e-mail marketing services, logistics services, etc. The same will operate as data controllers, joint controllers or duly appointed data processors, in full compliance with the current legislation indicated above. They shall be provided only with the information necessary for the performance of their duties. The complete and updated list of data processors is available upon request.
Please note that the data may be made available to subjects who have the right to access them by virtue of legal provisions, within the limits and for the purposes set out in these rules, as well as to banks, credit institutions, credit recovery companies and insurance agencies.
Transfer of personal data
Any transfer of personal data to non-EU countries that may be necessary to follow up the contract in place with the User or to guarantee the services offered (think of the case of suppliers based in third countries) is performed in accordance with Articles. 44 et seq. of the GDPR, providing appropriate tools that guarantee adequate data protection guarantees.
Links to other Websites, platforms and social networks
This information is provided only for the creelighting-europe.com Website and not for other websites and social platforms accessible by the User through links and social buttons, particular buttons on the Website that depict the icons of social networks. For more information on the processing of data by these external parties, please refer to their respective privacy policies. In any case, it is recommended to disconnect from the respective services to ensure that the data processed on this Website is not linked to your social profile.
Rights of the data subject
At any time, pursuant to Articles. 15 et seq. of EU Regulation 679/2016, the User may exercise the following rights:
a) obtain confirmation as to whether or not processing is underway and access personal data;
b) obtain information about the origin of the data, the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and the expected retention period or the criteria used to determine it;
c) request the correction, limitation of processing or cancellation of data, provided that the cancellation is compatible with the legal obligations of tax and accounting conservation to which the Data Controller is bound;
d) oppose the processing;
e) request data portability, where possible;
f) withdraw consent, without prejudice to the lawfulness of the processing based on the consent given before the revocation;
g) lodge a complaint with the Supervisory Authority for the protection of personal data.
The exercise of rights, with the exception of letter g), may take place by sending a request to the e-mail address email@example.com
Please note that for revocation of consent to marketing and unsubscription from the contact lists, the User can alternatively click on the appropriate cancellation link in each communication received.
Updates and changes
This document was updated on 09/06/2023.