Data Protection Policy

The protection of Your Personal Data matters to us.

We undertake to process Your Personal Data lawfully, fairly and in a transparent manner.

Take Your time to read this Data Protection Policy.

 

DATA PROTECTION POLICY

PURSUANT TO ART. 13 OF REGULATION (EU) NO. 2016/679

Pursuant to article 13 of Regulation (EU) no. 2016/679 (hereinafter, the “GDPR”) and Legislative Decree no. 196/2003 as subsequently amended by Legislative Decree no. 101/2018 (hereinafter, the “Privacy Code”), Daikin Applied Europe S.p.A., (hereinafter, “DAE” or the “Controller”), a company belonging to the Daikin Group, hereby informs You on the processing of personal data collected from You (hereinafter, “User” or “You”) through the website www.daikiniaq.com.

1. Definitions

Data Controller or Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Data Processor or Processor: means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller;

Data Subject: means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Personal Data: means any information relating to an identified or identifiable natural person (“data subject”);

Processing of Personal Data: means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Special Categories of Personal Data: means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;

Website: means the DAE IAQ Website reachable at the following link: https://www.daikiniaq.com/

Data Controller and Data Protection Officer

The Data Controller is Daikin Applied Europe S.p.A., with its registered office in Ariccia (Rome), 00072, Via Piani di S. Maria n. 72, VAT no. 01318801006, telephone 06-937311, fax 06-9374014, email: dataprivacy@daikinapplied.eu.

The updated list of the Processors is available at the Controller’s registered office and can be obtained by sending a request to the email address dataprivacy@daikinapplied.eu.

The Data Protection Officer can be reached by clicking here.

2. Categories of Personal Data processed

DAE will process the following categories of Personal Data provided by the User:

• Browsing Data, such as, by way of example, the hardware model, the operating system, information about the mobile network and the country from which access is gained, the time of the request, the access time, the IP address, cookies, etc.

 

Browsing Data are Personal Data whose transmission is implicit in the use of internet communication protocols. In particular, this information is not collected in order to be directly associated with identified data subjects, but by its very nature could allow, in the abstract, through processing and combinations with other Personal Data transmitted by third parties (e.g., third-party providers of internet connectivity services) the identification of users.

 

With reference to the use of cookies, DAE hereby informs You that, in accordance with the Provision of the Italian Data Protection Authority (hereinafter the “Data Protection Authority”) of 8 May 2014, at the following link You can consult the Cookie policy of the Website containing all the information useful to understand, identify, use or delete the cookies used on the Website.

 

• Data provided by the User in active form, i.e., information sent by users on an optional and voluntary basis, by way of example filling in online registration forms online.

 

Such data may include, by way of example, name, surname, address, telephone, mobile, email address, country, etc.

 

3. Purposes and legal basis of the processing

Personal Data made available to DAE will be processed for the following purposes:

a)      Customers registration and use of the DAE IAQ Website

DAE will process Personal Data which You provided through online forms in order to manage the customer subscription to the service called Caelum and Daikin IAQ for the use of DAE IAQ Website in order to receive air quality reports and access historical data recorded by the sensor.

The processing of Personal Data for the achievement of such purpose does not require Your consent as it is necessary for the performance of a contract to which You are a party or in order to take steps at Your request prior to entering into a contract, pursuant to art. 6(1)(b) of the GDPR

b)      Service improvements

DAE will process Personal Data for purposes related to the improvement of the functioning of the units installed at the customer premises.

The processing of Personal Data for the achievement of such purpose does not require Your consent as it is necessary for the purposes of the legitimate interests pursued by the Controller pursuant to art. 6(1)(f) of the GDPR.

c)      Legal obligations

DAE will process Personal Data in order to comply with legal obligation to which it is subject.

The processing of Personal Data for the achievement of such purpose does not require Your consent as it is necessary for compliance with a legal obligation to which the Controller is subject, pursuant to art. 6(1)(c) of the GDPR.

d)     Claims

DAE will process Personal Data in order to safeguarding DAE rights in case of legal claims and disputes.

The processing of Personal Data for the achievement of such purpose does not require Your consent as it is necessary for the purposes of the legitimate interests pursued by the Controller pursuant to art. 6(1)(f) of the GDPR.

e)     Obligations related to the use of the DAE IAQ

DAE will process Personal Data in order to comply with obligations related to the use of the Website, such as, by way of example, the management and technical security maintenance to guarantee access to the Website and/or the services made available therein, etc.

The processing of Personal Data for the achievement of such purpose does not require Your consent as it is necessary for the purposes of the legitimate interests pursued by the Controller pursuant to art. 6(1)(f) of the GDPR.

4. Provision of Personal Data. Consequences in case of failure to provide Personal Data

Provision of Personal Data for purposes referred to in letters a) above is necessary for the performance of a contract to which You are a party or in order to take steps at Your request prior to entering into a contract. In this case, failure to provide such data or the provision of inaccurate data may make it impossible for DAE to respond to Your enquiries.

Provision of Personal Data for purposes referred to in letter c) above is necessary for compliance with a legal obligation to which the Controller is subject. In this case, failure to provide such data or the provision of inaccurate data may make it impossible for DAE to fulfil its legal obligations.

Provision of Personal Data for purposes referred to in letters b), d) and e) above is necessary for the purposes of the legitimate interests pursued by the Controller. In this case, failure to provide such data or the provision of inaccurate data may make it impossible for DAE to pursue such legitimate interests.

5. Modalities of processing

Personal Data which You provided will be processed primarily by electronic means under the authority of the Data Controller, by persons specifically appointed or authorised to process Personal Data pursuant to articles 28 and 29 of the GDPR. Adequate security measures will also be adopted pursuant to article 32 of the GDPR to prevent loss, destruction, unlawful or incorrect use of and unauthorised access to Personal Data.

6. Recipients or categories of recipients of Users’ Personal Data

Personal Data may be communicated and/or transferred to the following subjects in their capacity of Autonomous Controllers, Data Processors or persons authorized to process Personal Data, as duly appointed by the Controller:

• Third parties, natural or legal persons, providing DAE with services connected with the purposes of processing indicated above, such as, by way of example, Daikin Group Affiliates, data hosting, suppliers, subcontractors, internet services providers;
• the Police Force or the Judicial Authorities in the context of investigations or judicial police investigations for the purposes of prevention, verification or repression of crimes;
• Public Authorities, where this is required by law or upon their request;
• any other subject to whom the data must be communicated according to an express provision of law.

Whenever a third party acts as a Data Processor, DAE will ensure that it has entered into a contract with that third party, in accordance with Article 28 of the GDPR, that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data and categories of Data Subjects and the obligations and rights of the Controller.

7. Transfer of Personal Data to Third Countries

Within the purposes of the processing described above, DAE may transfer Personal Data to other Daikin Group’s companies also established in countries not belonging to the European Union, in accordance with current legislation.

In any case of transfer of Personal Data to a non-EU country, Daikin undertakes to ensure an adequate level of protection by establishing appropriate safeguards and complying with the provisions of Chapter V of the GDPR.

Transfer to extra-EU countries, in addition to cases where this is guaranteed by the European Commission’s Adequacy Decisions, is carried out in a way that provides appropriate and adequate guarantees according to Articles 46 or 47 or 49 of the GDPR.

8. Period of processing and retention period

Your Personal Data will only be processed for the time necessary to achieve the above-mentioned purposes.

Upon expiry, Personal Data will be cancelled or anonymised, unless there is no further purpose for storing the Personal Data.

For more information on the retention period of Personal Data, please refer to the Cookie Policy.

 

9. Minors

Through its Website DAE does not process any Personal Data of natural persons aged under 14, neither does it make commercial offers to or tries to contact them, unless consent to process their Personal Data is given or the processing is authorized by the holder of parental responsibility over the child.

If DAE accidentally collects children’s Personal Data without obtaining consent from the holder of parental responsibility over the child, DAE will delete the information as soon as possible after becoming aware of it.

10. Your rights as Data Subject

We hereby inform You that at any time, in relation to Your Personal Data, You may exercise the rights within the limits and under the conditions set out in Articles 7 and 15-22 of the GDPR.

You may exercise such rights, as described below, by contacting the Data Controller, at any time,

• by writing to Daikin Applied Europe S.p.A. and by sending via postal mail Your request to the address: Ariccia (Roma), 00072, Via Piani di S. Maria n. 72, or
• by submitting the form for the exercise of Your rights available here.

DAE will need to verify Your identity in as much detail as possible, in order to let You exercise Your rights and to avoid that someone else tries to exercise Your rights. You will therefore be asked to provide a valid identification document when making such a request.

Right of access to Your Personal Data

As Data Subject You shall have the right to obtain from the Controller confirmation as to whether or not Personal Data concerning You are being processed, and, where that is the case, access to the Personal Data and the following information:

• the purposes of processing;
• the categories of Personal Data concerned;
• the recipients or categories of recipient to whom the Personal Data have been or will be disclosed;
• the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
• the rights You may exercise related to our processing;
• the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.

Right to rectification, erasure or restriction of processing Personal Data

It can happen that certain Personal Data processed by DAE are not (or have ceased to be) correct or that You want to complete, erase or restrict Personal Data which You provided.

As Data Subject You shall have the right to obtain from the Controller without undue delay the rectification of inaccurate Personal Data concerning You. Taking into account the purposes of the processing, You shall have also the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

Furthermore, if the requirements of Article 17 of the GDPR are met, You shall have the right to obtain from the Controller the erasure of Personal Data concerning You without undue delay and the Controller shall have the obligation to erase Personal Data without undue delay.

Lastly, You shall have the right to obtain from the Controller restriction of processing of Personal Data at any time, if the cases referred to in Article 18 of the GDPR apply.

Right to Personal Data portability

As Data Subject, You shall have the right to receive the Personal Data concerning You, which You have provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the Personal Data have been provided, if the conditions referred to in Article 20 of GDPR are met.

Right to withdraw consent to the processing of Personal Data

Every time You give Your consent to the processing of Personal Data, You shall have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Right to object

As Data Subject You shall have the right to object at any time to processing of Personal Data concerning You which is carried out for the purposes of the legitimate interests pursued by the Controller. In case of objection, the Controller shall no longer process the Personal Data unless he demonstrates compelling legitimate grounds for the processing which override Your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to object and to withdraw consent in relation to processing for marketing purposes

With reference to the processing of Personal Data for purposes referred to in letter c) of paragraph “Purposes and legal basis of processing” above, You shall at any time withdraw Your consent or object to the processing,

• by writing to Daikin Applied Europe S.p.A. and by sending via postal mail Your request to the address: Ariccia (Roma), 00072, Via Piani di S. Maria n. 72, or
• by submitting the form for the exercise of Your rights available here.

The withdrawal of Your consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Objection to the processing carried out through these methods also extends to the sending of commercial communications through the postal service or telephone calls with an operator, without prejudice to the possibility of exercising this right in part, for example by objecting only to processing carried out using automated communication systems.

Right to lodge a complaint with the Data Protection Authority

Finally, pursuant to Article 77 of the GDPR, we remind You that You have the right to lodge a complaint with the Data Protection Authority, if You believe that Your rights under the GDPR have been infringed, in the manner indicated on the website of the Data Protection Authority accessible at the address www.garanteprivacy.it.

11. Changes to the Privacy Policy

This Data Protection Policy will be subject to updates.

The Controller therefore invites Users who wish to know how their Personal Data is processed to periodically visit this page

Last Update: May 2021

 

---

Contact DPO

If you want to exercise your rights, please fill in the following request form with the necessary information (the required fields are marked with an asterisk (*)).
Personal Data collected through the following form will be used by Daikin in accordance with the Regulation (EU) 679/2016, only to process your request.

---

Request form to exercise your rights

If you want to exercise your rights, please fill in the following request form with the necessary information (the required fields are marked with an asterisk (*)).
Personal Data collected through the following form will be used by Daikin in accordance with the Regulation (EU) 679/2016, only to process your request.