PRIVACY POLICY

Pursuant to the Legislative Decree of 30 June 2003, no. 196 and following edits (hereinafter "Privacy Code") and the European Regulation no. 2016/679 (hereinafter "Privacy Regulation"), WP Lavori in corso S.r.l. intends to inform you about the loyalty program "WP Club" on the use of personal data collected.

1. DATA CONTROLLER, DATA PROCESSORS AND DATA PROTECTION OFFICER.

The Data Controller of the processing of personal data is WP Lavori in corso S.r.l. (VAT IT02370420370), with registered office in 40129 Bologna, Via dell'Arcoveggio no. 59/5, e-mail

privacy@wplavori.com (hereinafter the "Data Controller").

The updated list of designated Data Processors may be provided upon request by interested parties and/or Users.

The identification data of the Data Protection Officer at the end of the appointment will be announced by publication on the web site.

2. THE PERSONAL DATA YOU PROVIDE US WITH: FOR WHICH PURPOSE WE PROCESS IT.

We need your data to allow you, through joining the WP Club, to activate the loyalty program and send you the related promotions and discounts dedicated to you.

Your data is processed for the following purposes:

• to carry out activities of "basic loyalty" related to the registration to the WP Club, which cannot be exercised anonymously. Such activities are necessary for the attribution of advantages inherent to its use, including the use and recognition of promotions, the offer and the sending of prizes, the participation in points collections and promotional events reserved to loyal customers, etc.;
• to update you, subject to your express consent, on all our promotional and direct marketing initiatives, also by sending advertising and / or promotional material, using automated tools and / or traditional methods of contact, foer example e-mails, text messages, mms, instant multimedia messaging applications (hereinafter "Marketing");
• to perform, subject to your express consent, customer profiling activities based on the purchase choices and the information provided optionally at registration to the loyalty program, in order to create personalized promotions based on your profile (hereinafter "Profiling Activity").

The data supplied by you will be processed mainly with IT tools under the authority of the Data Controller by persons specifically appointed, authorized and instructed to process such data in accordance with Article 2-quaterdecies of the Privacy Code and Articles 28 and 29 of the Privacy Regulation. We inform you that appropriate security measures are observed among others pursuant to Articles 5 and 32 of the Privacy Regulations to prevent the loss of data, illicit or incorrect use and unauthorized access.

3. NATURE OF THE PROVISION OF DATA AND THE LEGAL BASIS OF THE PROCESSING.

Please be informed that for the purposes referred to in point (i) of the previous Article 2, the provision of your personal data is mandatory because in absence you cannot sign up and activate the WP Club, benefit of the advantages related to it, including the use and recognition of promotions, the offer and sending of prizes, participation in points collections and promotional events reserved to loyal customers, etc.

On the contrary, the provision of your personal data is not mandatory but optional for the purposes referred to in points (ii) and (iii) of the previous Article 2. Failure to provide data for the purposes indicated above will not allow us to carry out marketing activities and profiling activities. To this, you can freely decide whether or not to give your consent also for these purposes and without this inhibiting the possibility of using the services offered through the WP Club.

With reference to the purposes referred to in point (i) of the previous Article 2, the legal basis of the processing is, in fact, the execution of the services provided through the WP Club (pursuant to Article 6, paragraph 1, letter b of the Privacy Regulation); instead, with reference to the purposes referred to in points (ii) and (iii) of the previous Article 2, the legal basis of the processing is your freely expressed consent (pursuant to Article 6, paragraph 1, letter a of the Privacy Regulations).

4. TO WHOM AND IN WHICH CASES WE CAN TRANSMIT YOUR DATA.

Within the EU, in full compliance with the provisions of the Privacy Code and the Privacy Rules, your data may be communicated to the following subjects:

• the public entities and/or authorities, when it is required by law or upon their request;
• the structures, individuals and external companies used by the Data Controller for the performance of instrumental and/or ancillary activities in the management of the WP Club or the provision of the services and benefits connected to it, including suppliers of software solutions, web applications and storage services also provided through cloud computing systems (all data will be stored on servers located in the territory of the European Community);
• the structures, individuals and external companies used by the Data Controller for instrumental and/or ancillary activities to provide Marketing and/or Profiling activities, where you have expressly agreed to such purposes of treatment;
• in case of your express consent, for specific marketing purposes, to the partner companies, of which the Data Controller is a member;
• external consultants, unless designated in writing as Data Processors.

5. YOUR RIGHTS

It remains that, in any case and at any time, you can request the Data Controller to exercise the access rights of your personal data, as required by Article 15 of the Privacy Regulation, and the rights provided for in Articles 16, 17, 18, 21 of the Privacy Regulation regarding rectification, cancellation, limitation of treatment and the right to object, in the manner established by Article 12 of the Privacy Regulation.

6. DURATION OF THE TREATMENT

Subject to legal obligations, personal data will be kept for the duration of your participation in the WP Club.

In any case, the data relating to the details of purchases with reference to identifiable customers may be retained for profiling and marketing purposes for a period not exceeding, respectively, 12 and 24 months from their registration, without prejudice of the actual transformation into anonymous form which does not allow, not even indirectly or by connecting other databases, to identify you.

In the event of any pickup, disabling due to non-use within a specified period of time, expiry or return of the card, a term of retention of personal data must be identified for exclusive administrative purposes (and not for profiling or marketing), not exceeding a quarter (without prejudice to any specific legal obligations regarding the conservation of accounting documentation).

The data necessary for the provision of Marketing services will be processed in an "OPT-OUT" management model, that is, or until receipt of the explicit declaration of the person concerned to disable the aforementioned services.

7. SECURITY MEASURES 

Your data is processed in compliance with the applicable law and using appropriate security measures in compliance with the legislation in force, among others pursuant to Articles 5 and 32 of the Privacy Regulations.

In this regard, we confirm, among other things, the adoption of appropriate security measures to prevent unauthorized access, theft, disclosure, modification or unauthorized destruction of your data.

8. CHANGES TO THE PRIVACY POLICY

The Data Controller reserves the right to make changes to this Privacy Policy: in this case, you will be promptly informed through its publication.