PRIVACY POLICY – WEBSITE
Information document pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 (GDPR)
- Why this information?
- Personal data that can be processed
- Information about the processing of personal data carried out through social media platforms
- Specific information
- Cookies and other tracking systems. What are they? What are they for?
- 1. Who is the data controller? How can they be contacted?
- 2. Purpose of the processing, legal basis, data retention period, nature of the provision
- 3. To whom will personal data be disclosed? Data recipients
- 4. Will the data be transferred to non-EEA countries?
- 5. Is there an automated process?
- 6. What are your rights? How can you exercise them?
- 7. Changes to the policy
WHY THIS INFORMATION?
Pursuant to Regulation (EU) 2016/679 (hereinafter "GDPR"), this page describes how personal data is processed. This information is provided pursuant to Article 13 of the GDPR. The information is not to be considered valid for other third-party websites, which may be consulted via links on this website, for which no responsibility is assumed.
Personal data that can be processed
Personal data: any information relating to an identified or identifiable natural person ("data subject"); A natural person is considered identifiable if they can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30 GDPR).
Contractor/user data.
Browsing data: during normal operation, the IT systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment.
Data provided voluntarily: the optional, explicit and voluntary sending of messages to the contact addresses indicated on this website and/or the completion of data collection forms entails the subsequent acquisition of the sender's address, which is necessary to respond to requests, as well as any other personal data entered.
Information about the processing of personal data carried out through social media platforms
With regard to the processing of personal data carried out by the operators of the social media platforms used by the Data Controller, please refer to the information provided by them in their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of the dedicated social media platforms in order to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation.
Specific information
Specific information may be provided on the pages of the Website in relation to particular services or processing of the data provided.
COOKIES AND OTHER TRACKING SYSTEMS. WHAT ARE THEY? WHAT ARE THEY FOR?
For cookies and other tracking systems, please refer to the cookie policy in the footer of the website and at the following link: link .
1. WHO IS THE DATA CONTROLLER? HOW CAN THEY BE CONTACTED?
The Data Controller is Watts EMEA Holding B.V., with registered office in Kollergang 14 6961 LZ Eerbeek The Netherlands, in the person of its pro-tempore Legal Representative, who can be contacted for any information on e-mail: [email protected].
2. PURPOSE OF THE PROCESSING, LEGAL BASIS, DATA RETENTION PERIOD, NATURE OF THE PROVISION
| PURPOSE OF THE PROCESSING | LEGAL BASIS | DATA RETENTION PERIOD | NATURE OF THE PROVISION |
| Browsing this website. The data necessary for the use of web services is also processed for the purpose of: •obtaining statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.); •checking the correct functioning of the services offered. The data will be used to ascertain responsibility in the event of hypothetical computer crimes against the site. |
The processing is necessary for the pursuit of the legitimate interests of the Data Controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data do not prevail, taking into account the reasonable expectations of the data subject and the activities strictly necessary for the functioning of the site and navigation itself. (Art. 6, para. 1, letter f and C47 of the GDPR) Data subjects are guaranteed the possibility of obtaining, upon request, information on the balancing test carried out. |
Browsing data will be stored for the duration of the browsing session. In any case, it will not be stored for more than seven days (except where necessary for the investigation of crimes by the judicial authorities). | The provision of data is necessary for browsing the website. |
| Use of cookies and similar technologies. See the cookie policy in the footer of the website. |
For non-technical cookies and similar technologies, processing is based on consent to the processing of personal data (Art. 6(1)(a) and C42, C43 of the GDPR). Consent is given through the banner and cookie policy on the website. |
See the cookie policy in the footer of the website. | See the cookie policy in the footer of the website. |
In addition to browsing, personal data will be processed for:
| PURPOSE OF PROCESSING | LEGAL BASIS | DATA RETENTION PERIOD | NATURE OF THE PROVISION |
| A) CONTACTS, sending contact requests, information. Personal data will be processed to manage your contact requests and to get back to you. |
The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (C44). Art. 6(1)(b) of the GDPR. |
Maximum 12 months. | Provision is necessary. Failure to provide the necessary data will make it impossible to contact you and receive information. |
| B) DIRECT MARKETING, for sending advertising or direct sales material or for carrying out market research, commercial and promotional communications, newsletters, via automated means (e-mail) and traditional means (telephone). Communications may contain promotional activities and/or logos of companies belonging to the group. There will be no transfer of personal data. For a complete list of group companies and partners, interested parties can write to [email protected]. The Data Controller uses reporting systems to compare and, where necessary, improve the results of automated communications. Thanks to these reports, the Data Controller can find out, for example: the number of readers, openings, unique 'clickers' and 'clicks'; the devices and operating systems used to read the communication; details of individual users' activities; details of emails sent, delivered and undelivered, and forwarded. All this data is used for the purpose of comparing and, where necessary, improving the results of communications. |
The processing is based on consent to the processing of personal data (C42, C43). Art. 6(1)(a) of the GDPR. |
Until consent is revoked (or opt-out). | The provision of data is optional. Failure to provide the necessary data will make it impossible to receive direct marketing communications. |
| C) NON-AUTOMATED PROFILING: personal data will be entered into company databases/CRM systems/platforms for the purpose of carrying out analyses and assessments and dividing data subjects into homogeneous groups based on specific characteristics of the company's activities, in order to improve the management of services and send targeted promotional communications. | The processing is based on consent to the processing of personal data (C42, C43). Art. 6(1)(a) of the GDPR. |
Until consent is revoked and in any case for a maximum of 12 months. | Provision is optional. Failure to provide the necessary data will make it impossible to carry out analyses and send targeted communications. |
| D) MANAGEMENT OF YOUR REQUESTS and requests from other data subjects, pursuant to Articles 15 et seq. of the GDPR (rights of the data subject). | The processing is necessary to fulfil a legal obligation to which the Data Controller is subject (C45). Art. 6(1)(c) of the GDPR. |
5 years from the closure of the request, except in the event of disputes. | The provision of personal data is mandatory, as it is essential for the fulfilment of legal obligations. |
| E) STAFF SELECTION - WORK WITH US AREA: registration on the dedicated platform to apply for published job offers and for staff selection for open positions registration on the dedicated platform to apply for published job offers and for staff selection for open positions in the relevant Watts EU entity; carrying out personnel search and selection activities for the purpose of establishing an employment relationship, including for positions other than those for which the data subject has spontaneously applied; storage of personal data for future selection processes; management of applications in response to job offers published on our website; interviews and video interviews (processing of image/audio data). | The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (C44). Art. 6(1)(b) of the GDPR. |
For data contained in CVs: Maximum 24 months. In principle, data collected during the recruitment process will be deleted as soon as it becomes clear that no job offer will be made or that the offer will not be accepted by the candidate. For registration data on the application platform: Until unsubscribing and for the technical time necessary to disable the credentials. |
The provision of data is necessary. Failure to provide the necessary data will make it impossible to apply via the platform. |
| F) E-LEARNING AREA, to access the reserved area and use content dedicated to training | The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (C44). Art. 6(1)(b) of the GDPR. |
Until the termination of the contract and for the technical time necessary to disable the credentials. | The provision of data is mandatory. Failure to provide the necessary data will make it impossible to access the e-learning content. |
| G) SURVEY/CUSTOMER SATISFACTION/CUSTOMER CARE: for contacts (by telephone/email) to verify your level of satisfaction with the Data Controller's products, e-learning courses taken and for customer care | The processing is necessary for the pursuit of the legitimate interests of the Data Controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data do not prevail (C47-C50) Art. 6(1)(f) GDPR. |
Maximum 5 years | The provision of data is necessary. Refusal must be balanced against the legitimate interest of the Data Controller indicated in the purposes of this point. |
3. TO WHOM WILL PERSONAL DATA BE DISCLOSED? DATA RECIPIENTS
Personal data will be disclosed to subjects who will process the data as independent Data Controllers or Data Processors (Art. 28 GDPR) and processed by natural persons (Art. 29 GDPR) acting under the authority of the Data Controller and Data Processors on the basis of specific instructions provided regarding the purposes and methods of processing. The data will be disclosed to recipients belonging to the following categories:
Subjects who provide services for the website and communication networks, including e-mail, hosting and website management (including Group companies);
Subjects with whom the Data Controller has signed agreements and with prior consent, where required;
For direct marketing, subject to consent, to entities for the management of direct marketing activities such as communication and promotion agencies and marketing automation platform providers;
For the 'work with us' section, to parties for the management of recruitment activities;
Agents and parties who assist the Data Controller in commercial relations;
Consultants and freelancers;
Competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request.
The list of Data Processors pursuant to Article 28 is available by writing to [email protected] or to the other contact details indicated above.
4. WILL THE DATA BE TRANSFERRED TO NON-EEA COUNTRIES?
Personal data will be transferred to countries outside the EEA (parent company - United States) for website hosting, management, development and maintenance services.
Personal data will be transferred in accordance with Articles 44 et seq. of the GDPR, in particular:
- to entities that have provided adequate safeguards, with standard contractual clauses (SCC) of the European Commission (Art. 46, para. 2, letters c and d of the GDPR);
For further information on transfer safeguards, please write to [email protected]
5. IS THERE AN AUTOMATED PROCESS?
Personal data will be processed manually, electronically and automatically. Please note that no fully automated decision-making processes are carried out.
With regard to profiling, which may be carried out with the express consent of the data subject as indicated in the purposes above, this will be carried out by an operator who will process the data subject's profile and analyse their habits and consumption choices in order to improve the commercial offer and services of the Data Controller (non-automated profiling).
6. WHAT ARE YOUR RIGHTS? HOW CAN YOU EXERCISE THEM?
Data subjects may exercise their rights as set out in Articles 15 et seq. of the GDPR by contacting the Data Controller at the e-mail address: [email protected] or by writing to the above contacts.
The Data Controller guarantees data subjects the possibility to request, at any time, access to their personal data (Article 15), rectification (Article 16), erasure (Article 17) and restriction of processing (Article 18). The Data Controller shall communicate (Art. 19) to each of the recipients to whom the personal data have been transmitted any corrections, erasures or restrictions on processing that have been made. The Data Controller shall inform data subjects who so request of such recipients.
The Data Controller guarantees the right to portability (Art. 20) and, in the event of requests pursuant to Art. 20, shall provide the data subjects with the data in a structured, commonly used and machine-readable format.
Data subjects have the right to object (Art. 21), at any time, to the processing of data based on legitimate interest or on the performance of a task carried out in the public interest or in connection with the exercise of official authority vested in the Data Controller, by writing to the above contacts with the subject line 'objection'. In the event of exercising the right to object to processing based on legitimate interest, the Data Controller grants data subjects the possibility of obtaining, upon request, information on the balancing test carried out.
Data subjects have the right to withdraw their consent without prejudice to the lawfulness of processing based on consent given prior to withdrawal.
To stop receiving automated direct marketing communications (e-mails), data subjects are invited to send an e-mail to [email protected] with the subject line "cancellation from automated" (unsubscribe from automated communications) or to use our automatic unsubscribe systems provided for e-mails only (opt-out).
To stop receiving traditional direct marketing communications (telephone calls with an operator), interested parties are invited to write an email to [email protected] with the subject line "cancellation from traditional".
To stop receiving any marketing communications, interested parties are invited to write an email to [email protected] with the subject line "marketing cancellation".
Data subjects are free to withdraw their consent to (non-automated) profiling at any time by sending an email to [email protected] with the subject line "no profiling".
If data subjects believe that the processing of personal data by the Data Controller is in violation of the provisions of Regulation (EU) 2016/679, they are free to lodge a complaint with the national supervisory authority, in particular in the Member State where they habitually reside or work, or in the place where the alleged violation of the Regulation occurred, or to take appropriate legal action.
7. CHANGES TO THE POLICY
The Data Controller may change, modify, add or remove any part of this Privacy Policy. In order to facilitate the verification of any changes, the policy will contain an indication of the date of its update.
Date of update: 23 April 2025