MARELLI AFTERMARKET ITALY PRIVACY POLICY

Pursuant to Article 13 of the GDPR on the processing of personal data

Marelli Aftermarket Italy S.p.A., with registered office at Viale Aldo Borletti 61/63, Corbetta (MI), Italy (“Company”), is committed to protecting the personal data of users (“Users”) of this website (“Site”). In its capacity as data controller, and pursuant to Article 13 of Regulation (EU) No. 679/2016 (General Data Protection Regulation, “GDPR”), the Company provides Users with the following information on the processing of personal data.

This Privacy Policy is drafted in accordance with EU data protection legislation (GDPR) and applies to all Users accessing the Site worldwide.

This Privacy Policy does not apply to third-party websites that may be accessed through the Site.

If Users provide personal data on behalf of someone else, they must ensure in advance that the data subjects have read this Privacy Policy. The Company asks Users to help it keep personal data up to date by informing it of any relevant changes.

The Site uses cookies; our Cookie Policy is available here.

1. WHAT DATA MAY BE PROCESSES

Through the Site, the following categories of data relating to Users may be processed (hereinafter collectively referred to as “Personal Data”):

1. Personal Data provided to receive a specific service (e.g. name and contact details).

2. Browsing data (e.g. IP address, location – country –, information on the pages visited by Users within the website, access time, browsing time on each page, clickstream analysis). Although the Company does not use this information to directly identify Users, browsing data, even when anonymized trough IP address masking, are nonetheless considered by the GDPR as personal data since, in combined with other information, they could enable indirect identification.

3. Cookies (i.e. small text files that may be sent and stored on the User’s computer by visited websites, to then be retransmitted to those same websites when the User visits them again. Please refer to the Site’s Cookie Policy for details).

2. PURPOSES FOR WHICH PERSONAL DATA MAY BE PROCESSED

A) Operation of the Site, provision of Services and handling of User requests.
The Company will process Personal Data for the following purposes:

1. to fulfil a specific request from the User or provide the requested service via the Site (for example, responding to queries submitted through the contact form) (“Service”). For this purpose, the Company may use the contact details provided by the User (such as email, phone number or instant messaging services) to communicate through different channels, including follow-ups connected with handling the request. These communications are strictly limited to managing the request and do not involve sending commercial messages, unless the User has also given the consent referred to in point A.2.

2. to enable the Company to carry out customer satisfaction surveys (“Customer Satisfaction”), improve the User’s experience, collect information for market and business research and analysis, and, only if the User has expressly consented by selecting the option “I want to stay updated on the latest news”, to send promotional and periodic communications regarding the Company’s products and services (such as newsletters, commercial offers, event invitations) via automated tools such as email, SMS and instant messaging services (e.g. WhatsApp). Users may revoke their consent selectively for individual channels at any time.

Legal basis:
– for point 1: performance of a contract or pre-contractual measures (pursuant to Article 6(1)(b) GDPR). Provision of personal data is necessary; otherwise, the Company will be unable to handle Users’ requests;
– for point 2: consent (pursuant to Article 6(1)(a) GDPR).

B) Compliance with a legal obligation to which the Company is subject or with orders/requests from authorities authorised by law and/or supervisory and control bodies.

Legal basis: compliance with a legal obligation (pursuant to Article 6(1)(c) GDPR).
 

C) Defence of rights in judicial, administrative or extrajudicial proceedings.
The Company may process Personal Data to defend its rights or to take action or make claims against Users, Affiliates or third parties.

Legal basis: the Company’s legitimate interest in protecting its rights (pursuant to Article 6(1)(f) GDPR).

3.  HOW WE PROTECT PERSONAL DATA AND WHERE

The Company adopts appropriate security measures to ensure the protection, security, integrity and accessibility of Personal Data.
Personal Data, whether processed in paper, automated or electronic form, is stored on secure IT systems (or properly archived paper copies) or on those of our suppliers, in accordance with the Company’s security standards and policies (or equivalent standards for suppliers).

Personal Data is stored in Europe.
When the Company transfers Personal Data to countries outside the European Union (EU) or the European Economic Area (EEA) (“Third Countries”), it uses all suitable measures to ensure adequate protection of Personal Data, including the adoption of standard contractual clauses (SCCs) issued by the European Commission, possibly supplemented by additional technical/organisational/legal measures.

4.  HOW LONG WE RETAIN PERSONAL DATA

The Company retains Personal Data only for as long as necessary for the purposes for which it was collected or for any other related legitimate purpose.

In particular:
– Personal Data provided by Users via the Site (e.g. through the contact form) is retained for the time required to handle the requests received and, where consent has been given for marketing purposes, until the consent is withdrawn or in any case within the time limits set by applicable law and the competent authorities;
– Personal Data of Affiliates and business partners is retained for the entire duration of the contractual relationship and, thereafter, for a period of 10 years, in compliance with legal obligations and for the protection of the Company’s rights;
– Browsing data is retained for the time strictly necessary to obtain aggregated statistical information on the use of the Site and to ensure its proper functioning.

Once the above retention periods have expired, the data will be deleted or anonymised in a permanent and irreversible manner.

5.  LINKS TO THIRD-PARTY WEBSITES

Third-party websites accessible from the Site are under the responsibility of third parties. The Company declines all responsibility regarding the submission and/or processing of Personal Data to third-party websites.
This Privacy Policy refers exclusively to the processing of Personal Data carried out by the Company through the Site.

6.  WHO MAY ACCESS PERSONAL DATA

Authorised employees of the Company may access Users’ Personal Data, as well as external suppliers (including consultants), where necessary appointed as data processors pursuant to Article 28 GDPR.

Users may contact the Company using the details provided in the “Contacts” section to view the list of data processors and other parties with whom Personal Data is shared.

7.  DATA PROTECTION RIGHTS

Subject to the existence of the legal basis for the request, Users have the right to obtain from the Company:

• access to their Personal Data;
• erasure of their Personal Data;
• rectification of their Personal Data;
• restriction of the processing of their Personal Data;
• a copy of their Personal Data provided to the Company, in a structured, commonly used and machine-readable format (data portability), and the transmission of such data to another data controller.

In addition, Users have the right to object, in whole or in part, to the use of their Personal Data processed by the Company, under the conditions provided for by the GDPR, for example where the legal basis of the processing is the Company’s legitimate interest.

If Users exercise any of the rights above, it will be the Company’s responsibility to verify that they are entitled to exercise them, and a response will normally be provided within one month.

Users also have the right to lodge a complaint with a supervisory authority if they believe that the processing of their Personal Data violates the provisions of the GDPR.

8.  CONTACTS

The contact details of the Company, as data controller, are as follows:
Marelli Aftermarket Italy S.p.A., Viale Aldo Borletti 61/63, 20011 Corbetta (MI), Italy.

If Users have any questions regarding the processing of their Personal Data by the Company or wish to exercise the rights mentioned above, they may write an email to: Contact Privacy.

9. AMENDMENTS

The Company reserves the right to amend this Privacy Policy in whole or in part, or simply to update its content (e.g. following changes in applicable law). The Company will publish any updates on this Site.