Privacy Policy - CLP Plast - high quality FIPFG polyurethane gaskets

Title	Privacy Policy - Introduction
Description	This page describes how the site's privacy policy is managed with regard to the processing of personal data of users who consult it. This information is provided pursuant toArticle 13 of Regulation (EU) 2016/679 ("GDPR") and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 to those who interact with the web services of CLP PLAST di Daniele Lucchetta & C. s.n.c., accessible at clp-plast.com.
Transparency	This disclosure takes into account the Transparency Guidelines (WP260 rev.01) adopted by the Article 29 Working Party and endorsed by the European Data Protection Board (EDPB), as well as the data protection authority's guidance on information to data subjects and fairness of processing.
Professional use	Professional use of the site and commercial communications Those who use clp-plast.com for professional purposes are required to comply with applicable regulations, including the principles of the GDPR (lawfulness, fairness, transparency) and the rules of the Privacy Code regarding unsolicited communications. In particular,Article 130 of the Code regulates the sending of promotional communications through automated systems, e-mail, fax, SMS/MMS or operator calls: these activities generally require specific, free and informed consent, except as provided by law (e.g., limited cases of "soft spam" for already acquired customers, with the right to object at any time).
Phone Calls & RPOs	Commercial telephone calls and the Public Register of Oppositions (RPO) For telephone contacts for marketing purposes, the Public Register of Oppositions (RPO) applies, which allows the contracting party to object to the use of his or her fixed or mobile number (as well as listed mailing address) for promotional purposes. The RPO is governed by Presidential Decree 178/2010, as amended by Presidential Decree 26/2022, and applies to both operator calls and-in the areas provided-to automated calls. After enrollment in the RPO, only calls based on consents given after enrollment or made in the context of an ongoing (or recently terminated) contractual relationship are permitted, subject to clarification by the Garante. Operators must consult the Registry periodically and respect the data subject's right to object.
Number on site	Phone number posted on the site The mere publication of the telephone number on this website or other web pages does not constitute consent to receive calls for marketing purposes. Those who do not wish to be contacted for marketing purposes may register their number with the Public Register of Oppositions(www.registrodelleopposizioni.it) and exercise their rights to object and limit processing under Articles 21 and 18 GDPR at any time, including directly against the operator making the call.

Title	Data controller
Description	As a result of consulting this website, personal data relating to identified or identifiable natural persons may be processed, pursuant toArticle 4(1) GDPR. The processing is carried out in accordance with the principles of lawfulness, fairness and transparency set out in Articles 5 and 6 of Regulation (EU) 2016/679 ("GDPR") and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.
Holder Data	The Data Controller (art. 4(7) and 24 GDPR) is CLP PLAST di Daniele Lucchetta & C. s.n.c. Headquarters: Via Spinè, 17 - 31046 Oderzo (TV) - Italy Email: info@clp-plast.com If appointed, the contact information for the Data Protection Officer (DPO) will be provided in the full disclosure.

Title	Place, method of processing and communications
Place of processing	Processing related to the web services of this site takes place at the Data Controller's premises and, for infrastructural aspects, at the data centers of the hosting provider and/or IT service providers appointed as Data Processors pursuant to Article 28 GDPR.
Mode	The operations are handled by expressly authorized personnel (art. 29 GDPR) and, if necessary, by suppliers in charge of occasional maintenance or support activities, who are also bound by instructions and confidentiality agreements. Processing is carried out with technical and organizational measures suitable to ensure data security and integrity.
Communications	No data resulting from mere navigation of the site is disseminated. Data may be disclosed only to parties acting on behalf of the Data Controller as External Managers or to parties legitimated by legal obligation or order of the Authority. In the absence of these prerequisites, the data are not transferred or shared with third parties.
Use of data	Data provided for requested services (mailing lists, newsletters, responses) Personal data provided by users to request informational materials or to receive answers to questions are used exclusively for the purpose of providing the requested service or performance. Contact requests/answers to queries: legal basis Art. 6(1)(b) GDPR (pre-contractual measures/contract). Mailing list / newsletter: legal basis art. 6(1)(a) GDPR (consent). Subscription is optional and revocable at any time via the unsubscribe link or by contacting the Owner. Data processed for these purposes are not disclosed to third parties for autonomous marketing purposes. Any providers of mailing platforms are appointed as External Data Processors ex art. 28 GDPR.

Title	Browsing data and data provided voluntarily
Navigation data	The computer systems and software procedures that govern the operation of this site acquire, during normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its nature could, through processing and association with data held by third parties, allow the identification of users. This category includes, but is not limited to: IP address (possibly partially masked), domain or host name of the device used; URI notation addresses of the requested resources and path of the request; time of the request, method used, size of the response file; numeric code indicating the status of the server response (successful, error, etc.); parameters related to the user's operating system, browser and computing environment. Purpose and legal basis Aggregate statistics and monitoring of the proper functioning of the site; legal basis: legitimate interest of the Owner in security and improvement of the service (Art. 6(1)(f) GDPR). Security and abuse prevention (e.g., anomaly detection, attack prevention); legal basis: legitimate interest and, where applicable, legal obligation (Art. 6(1)(f)/(c) GDPR). Log data are processed in mainly aggregated/anonymized form for statistics and, where necessary, in personal form for security purposes. Indicative retention period: up to 12 months, unless further retention is necessary in case of security events or requests from the Authority. The data could be used to ascertain liability in case of hypothetical computer crimes against the site or third parties.
Data provided voluntarily	The optional, explicit and voluntary sending of emails to the addresses indicated on the site or the completion of contact forms involves the acquisition of the data provided by the user (e.g. sender's address, first and last name, company, contact details, content of the message and any attachments), necessary to respond to requests. Purpose and legal basis Handling of requests for information and assistance: legal basis Art. 6(1)(b) GDPR (pre-contractual measures/contract). Mailing list/newsletter subscription where available: legal basis art. 6(1)(a) GDPR (consent), freely revocable at any time. Data are used exclusively to fulfill the request or provide the requested service and are not disclosed to third parties for autonomous marketing purposes. Any suppliers (e.g., sending or hosting platforms) act as Data Processors under Art. 28 GDPR. For your protection, please do not send data belonging to special categories (art. 9 GDPR) or judicial data (art. 10) through non-dedicated channels; if necessary, they will be requested with appropriate guarantees.

Title	Cookies: what they are and how we manage them
Definitions	Cookies are small text files that websites send and store in the browser of the user's device. On the next visit, the browser sends this information back to the site that installed them or to the third party that recognizes them. We also use the term "cookies" to refer to similar technologies such as local storage, session storage, pixels, and web beacons. Flash/Local Shared Objects cookies are now obsolete technologies (Adobe Flash is discontinued) and are not used on this site.
Types	Technical/Necessary - Used to deliver the site and ensure security, load balancing, minimum preferences. Do not require consent. Preferences - Store choices (e.g., language). Require consent. Statistical - They measure site usage. Require consent, except configurations strictly comparable to technical cookies (IP masking, aggregate data, no combination with other vendor data). Marketing/Profiling - Track browsing to show personalized content/announcements or enable third-party widgets (maps, video, social). Require consent.
Legal Basis	Installation of non-technical cookies (preferences, statistical not equated to technical, marketing/profilation) is only done with user consent (art. 6(1)(a) GDPR). For technical cookies, the legal basis is legitimate interest and/or the need to provide the service (art. 6(1)(f)/(b) GDPR). Mere continued browsing or browser settings do not constitute valid consent. Consent is collected via banner/preference center and can be revoked at any time.
Consent management	When you first log in, a banner appears with Reject / Accept / Customize choices at the same level. No non-technical cookies are installed before consent(prior blocking). You can always change your choices via the "Manage Consent" link in the footer. Consent is recorded and resubmitted periodically or if treatments change.
Conservation	Session cookies are deleted when the browser is closed. Persistent cookies remain for a vendor-defined period (typically from a few days up to 12-24 months). The actual durations of individual cookies are shown in the cookie table in our Preferences Center/CMP.
Check	You can manage or delete cookies directly from your browser (e.g. total/partial blocking, history/cookie removal, exceptions per site). Blocking some cookies may affect the proper functioning of parts of the site. You can consult independent resources (e.g., allaboutcookies.org) for general information. Official instructions vary depending on the browser used.

Title	Google Analytics (GA4)
Supplier	Web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google acts as a data controller on behalf of the Data Controller. Any Google group companies may process the data as sub-processors.
How it works	Google Analytics 4 uses cookies and similar identifiers to collect statistical information about site usage (pages visited, events, navigation path, device and browser type, approximate geographic area, date/time). By default in GA4 IP addresses are not recorded or stored; geolocation is based on approximate information.
Legal basis & consent	The use of Google Analytics is only done with the user's consent via our banner/preference center. In the absence of consent, the service remains disabled (preemptive script blocking). You can change your choices at any time via the "Manage Consent" link in the footer.
Settings adopted	IP not archived (default behavior of GA4). Consent Mode active in the EU: tracking is adjusted to the status of consents. Google Signals and advertising features: disabled unless consent is specific to the "marketing" category. User-ID: not used, unless future implementations communicated in the policy. Data sharing with Google for benchmarking/assistance: disabled, unless documented technical need. The actual settings are consistent with the configuration of our CMP and the GA4 property.
Transfers	Data may also be processed outside the European Economic Area. In this case Google applies the Standard Contractual Clauses and additional measures. More information is available in Google's privacy policy and service documentation.
Conservation	Event-level data in GA4 are retained for a configurable period: routinely 14 months (or less, if set). Cookies used by Analytics have a vendor-defined lifetime; actual durations are shown in the cookie table in our Preferences Center/CMP.
Opt-out & rights	You can revoke/change consent at any time via "Manage Consent" (footer). You can install the browser opt-out add-on for Google Analytics: tools.google.com/dlpage/gaoptout. You can exercise your rights under Articles 15-22 GDPR by contacting the Controller at the contact details given in the notice.
Legal Notes	Earlier versions of this policy referred to "_anonymizeIp()" and Google Inc. (USA). Today we use Google Analytics 4; IP anonymization is handled by default by the service and the contact person for the EU is Google Ireland Limited. For more details see Google's privacy policy and the official Google Analytics documentation.

Title	Nature of provision of data
General principle	Except for navigation data necessary for the operation and security of the site, the user is free to provide the personal data requested in the forms on the site to contact us or request services/information. Failure to provide the required fields may result in theimpossibility of obtaining what has been requested.
Required fields	Mandatory: clearly marked (e.g., asterisk). They serve to identify the requester and properly handle the request. Optional: useful to customize the response/service; failure to fill in does not affect the submission of the request, but may limit its completeness.
Legal Basis	Requests via form/email: art. 6(1)(b) GDPR - execution of pre-contractual/contractual measures. Mailing list/newsletter subscription (if any): art. 6(1)(a) GDPR - consent, revocable at any time. Legal requirements (e.g., administrative documentation): art. 6(1)(c) GDPR. The purposes of security and site maintenance based on Art. 6(1)(f) GDPR (legitimate interest) remain unaffected.
Warnings	For your protection, avoid including data belonging to special categories (art. 9 GDPR) or judicial data (art. 10) in the forms unless explicitly requested and appropriate channels are used.

Title	Modes of processing and security
Method of treatment	Personal data are processed by automated and non-automated means, exclusively for the purposes for which they were collected, in accordance with the principles of lawfulness, fairness, transparency, minimization and limitation of storage (Articles 5-6 GDPR). The activities take place according to organizational procedures and logic strictly related to the stated purposes.
Security measures	Appropriate technical and organizational measures (art. 32 GDPR) are taken to prevent data loss, unlawful or incorrect use and unauthorized access. By way of example: Communication encryption(TLS/HTTPS) and platform hardening; Access management with authentication and principles of least privilege and role segregation; Logging and monitoring of relevant access/operations; backups and recovery procedures, with periodic testing; Updating and patching of systems, firewall/WAF and anti-malware protections; staff training and authorization, internal policies, and confidentiality; privacy by design & by default (Art. 25 GDPR) and data minimization.
Data subjects	Data may be processed on behalf of the Data Controller by expressly authorized personnel (Art. 29 GDPR) and by suppliers providing technical/operational services (e.g., hosting, maintenance, sending communications), appointed as Data Processors under Art. 28 GDPR and bound by written agreements and instructions.
Conservation & minimization	Data are retained for as long as strictly necessary to achieve the purposes for which they were collected and, thereafter, deleted or anonymized according to internal retention policies and applicable legal requirements.
Incident management	In the event of a personal databreach (data breach), there is an internal procedure for assessment and, if the conditions are met, notification to the Garante and, in the cases provided for, communication to the data subjects (Articles 33-34 GDPR).

Title	Rights of Data Subjects (GDPR)
What rights	Right of access (Art. 15): confirmation that processing is taking place or not, and copy of data. Rectification (Art. 16): correction of inaccurate data and supplementation of incomplete data. Deletion(right to be forgotten, Art. 17): removal of data in prescribed cases. Limitation (Art. 18): suspension of treatment when conditions are met. Portability (Art. 20): receipt of data in structured format and transmission to another owner. Opposition (Art. 21): (a) to processing based on legitimate interest; (b) at any time to direct marketing (including related profiling). Revocation of consent (Art. 7(3)): at any time, without affecting the previous lawfulness. Not be subjected to solely automated decisions (Art. 22), including profiling, where applicable. This section replaces historical references to Art. 7 Legislative Decree 196/2003 and reflects current GDPR regulations.
How to exercise them	You can exercise your rights by writing to the Holder: info@clp-plast.com. Please indicate which right you wish to exercise, a clear description of the request, and a contact address for a response; we may request information necessary to verify your identity. Response time (Art. 12(3)): within 1 month, extendable up to 2 months in case of particular complexity (we will inform you of the reason for referral). Gratuity (Art. 12(5)): applications are free of charge; a fee may be charged only in cases of manifestly unfounded or excessive applications.
Complaint & Protection	If you believe that the processing violates the regulations, you have the right to file a complaint with the Garante per la Protezione dei Dati Personali (art. 77) and to have recourse to judicial remedies (Articles 79-82 GDPR).
Notes	We currently do not adopt fully automated decision-making processes with legal effects on the data subject. If this changes in the future, this policy will be updated with the information required by Articles 13-14 GDPR.