PRIVACY POLICY FOR THE “MAPEI” APP
(Articles 13 and 14 of the EU Regulations 2016/679)

Mapei S.p.A., with registered offices at Via Cafiero 22, 20158 Milan, Italy (the “Company”) is the Data Controller, pursuant to Articles 4, n. 7) and 24 of the GDPR, of the processing of the personal data collected through the use of the “Mapei” app (the “App”).

Personal data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, even if not stored in a database, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

The Company therefore informs you, as Data Subject, that according to Articles 13 and 14 of the GDPR will process said data for the purposes indicated below, manually and / or with the support of IT or telematic means.

1. PROCESSED PERSONAL DATA

The use of the App does not require registration of the data subject. Therefore, processed data are limited to tracking (so-called “tracker”) and functioning data, as well as collected pictures, as described below:

  • Information relating to the mobile device on which the App is installed, Android or iOS operating system-related parameters (e.g., log files, that may contain date and time of access, browser, device information), the transmission of which is implicit for the normal functioning of the App.
  • Pictures of tile models taken in the use the App to, in order to visualize the tendential rendering of the Mapei products and to create and save projects. The iOS and Android systems will, as of the first use, request authorization for the App to access the device camera; collected pictures and saved projects will be stored exclusively on the device.

2. PURPOSES AND LEGAL BASIS OF THE DATA PROCESSING

The personal data collected by the Controller in the context of the use of the App are acquired and processed in compliance with GDPR provisions for the following purposes:

  • PROVISION OF SERVICES AND APP SECURITY: information on the device is collected to ensure correct functioning of the App and correct performance of the services offered through the App (legal basis: performance of a contract to which the data subject is a party) as well as to guarantee the IT and applicative security of the App, including fraud risk monitoring and prevention (legal basis: legitimate interest of the Controller);
  • CREATING PREVIEWS AND SAVING PROJECTS: upon acquisition of the data subject’s consent, the App may access the camera to take pictures of tiles that may be saved by the user as models or in the context of specific projects. Such function is accessorial to the provision of the services and optional; accordingly, it may be freely used by the data subject.
  • ASCERTAINMENT, EXERCISE OR PROTECTION OF RIGHTS OF THE CONTROLLER IN A JUDICIAL OR EXTRA-JUDICIAL PROCEEDING: in case of disputes relating to the APP, based on the legitimate interest of the Controller.

3. DATA STORAGE PERIOD

All personal data are collected and registered in a lawful and fair manner and for the purposes described above. Data are processed also with the help of IT systems and databases on terms which are consistent with said purposes in order to ensure their security and confidentiality.

The personal data will be stored in compliance with the principle of proportionality for no longer than is necessary for the purposes for which the personal data have been collected or subsequently processed.

In particular, the information necessary for the provision of the services will be stored for the period of use of the same services by the data subject; saved previews and projects will be stored until deleted by the user and the access to the camera allowed until revocation of the relevant authorization; data necessary for the ascertainment, exercise or protection of the Controller’s rights will be stored for the duration the judicial and /or extra-judicial proceeding and/or enforcement actions, until time limits for appeals have expired.

Once the above periods have expired, data will be destroyed or anonymized, subject to the cancellation and back-up technical procedures and accountability requirements of the Company.

4. MANDATORY OR OPTIONAL SUBMISSION OF DATA FOR PURSUING THE PURPOSES OF PROCESSING

The collection of the information on the device is necessary to ensure the correct functioning of the service offered by the App.

On the contrary, granting the App with access to the camera for the visualization of the tendential rendering of the Mapei products and the creation and/or saving of the projects is optional and based on the free choice of the user to use such additional function of the service. If the authorization is granted by the data subject, the App may not access the camera and it will not be possible to create previews or save projects, but it will be still possible to use the other functions of the App (in particular, the calculation of the materials necessary for the execution of specific projects).

In any case, to the extent the data subject has granted the authorization to have the App access the camera, such authorization may be revoked at any time through the settings of the device.

5. COMMUNICATION OF THE DATA

Data may be communicated to subjects acting as controllers such as, for example, authorities, supervisory bodies and, in general, public or private subjects entitled to request them.

Data may be processed by employees and collaborators of Mapei S.p.A. or companies of the Mapei Group as “persons in charge of the processing” (i.e., persons who, under the direct authority of the Controller or Processor, are authorised to process personal data, as provided for in Article 29 of the GDPR and Article 2 quaterdecies of the Legislative Decree 196/2003).

Data may also be processed by trusted companies providing Mapei or the Mapei Group companies with services instrumental to the above-indicated purposes. These companies are direct collaborators of Mapei S.p.A. or of the Mapei Group companies and are appointed as Data Processors. Their list is constantly updated and is available, upon request, by sending a communication to the above-mentioned address or an email to privacy@mapei.it

6. TRANSFER OF THE PERSONAL DATA TO NON-EEA THIRD COUNTRIES

There will be no transfer of data outside the EU.

7. DATA CONTROLLER AND DATA PROCESSORS

The Data Controller is:

Mapei S.p.A. with sole shareholder
Via C. Cafiero 22
20158, Milan
Italy

As mentioned above, data may also be processed by trusted companies that provide Mapei S.p.A. or the Mapei Group companies with services instrumental to the above-indicated purposes of processing. These companies are direct collaborators of Mapei S.p.A. or of the Mapei Group companies and are appointed as Data Processors. Their list is constantly updated and is available, upon request, by sending a communication to the above-mentioned address or an email to privacy@mapei.it.

8. RIGHTS OF THE DATA SUBJECT

Pursuant to Article 13, paragraph 2, letters (b) and (d), and Articles 15 to 22 of the GDPR, the data subject has the right to:

  1. request to the Company, as Controller, access to his/her persona data, their rectification and erasure, the limitation of the processing, or to object to their processing;
  2. receive the personal data in a structured, commonly used and machine-readable format (so-called portability of the data);
  3. lodge a complaint with the Italian Authority for the Protection of Personal Data, in accordance with the procedures and indications available on the official website of the Authority (www.garanteprivacy.it) or with the Authority of the member State in which he/she habitually resides or work or of the State in which the alleged infringement took place.

Any rectification, erasure or limitation of the processing made on request of the data subject – unless impossible or requiring an unreasonable effort – will be notified by the Company to those to whom the personal data have been communicated. The Company may communicate their names to the data subject, if so requested by the data subject.

The data subject may, at any time, revoke the authorization to have the App access the camera, in accordance with section 4 above.

The exercise of rights is not subject to any form of constraint and is free. To exercise the rights, the data subject may contact the Data Controller by sending a notice to the above-mentioned postal address or an e-mail to privacy@mapei.it.

For a concrete and prompt implementation of the data subject rights under Articles 15 to 21 of the GDPR, and in accordance with Article 12 of the GDPR, the Company has adopted appropriate measures to provide all required information and communications in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

The Company also undertakes to provide the information in writing or by other means and, when requested by the data subject, also orally, provided that the identity of the data subject is proven by other means. The Company shall also provide the data subject with information on the action taken on a request under Articles 15 to 21 of the GDPR. The Company shall provide the response without undue delay and, in any event, within a reasonable time, taking into account the complexity and number of the requests.

If the Company does not take action on the request of the data subject, the Company shall inform the data subject without delay of the reasons for not tasking action and on the possibility of lodging a complaint with the Italian Authority for the Protection of Personal Data, or the different competent Authority, and seeking a judicial remedy.

Keep in touch

Subscribe to our newsletter to get Mapei news