PERSONAL DATA PRIVACY POLICY OF JACUZZI EUROPE S.p.A.

The Privacy Policy of JACUZZI EUROPE S.p.A. is provided, in the following sections, pursuant to Art. 13 and 14 of Reg. EU no. 679/2016 (GDPR), to describe how Jacuzzi Europe S.p.A. collects and processes the personal data of

A) customers and/or potential customers, B) visitors and users who interact with the website, C) partners, and/or related companies and/or suppliers,

specifying for each of them:

  • What personal data concerning you may be collected
  • For which purposes may your personal data be used

In addition, for all types of Data Subjects the contact details of the Data Controller are indicated, how we keep your personal data secure, how long we retain your information, with whom we may share your personal data, any transfers of data abroad, your data protection rights and the right to lodge complaints before the Supervisory Authority.

DATA CONTROLLER CONTACTS

The Data Controller is JACUZZI® EUROPE S.p.A., in the person of its pro-tempore legal representative, with registered office in Valvasone Arzene (PN), S.S. Pontebbana Km 97,200 (P. Iva IT00074410937), Phone: 0434-859111, Fax: 0434-85278.

For all requests regarding this policy, including the exercise of the rights of Data Subjects, as specified below, you can contact us at the following email address privacy@jacuzzi.eu.

A) CUSTOMERS AND POTENTIAL CUSTOMERS

This category includes all parties with whom a commercial, contractual, pre- or post-contractual relationship exists. Consequently, all necessary personal and business related data are processed for one or more of the following purposes:

1 - Purpose for which the provision is necessary for the execution of the contract, the commercial relationship or the request made.
a) Management of commercial and pre-contractual processes, in relation to all the activities which preceded the conclusion of the contract (commercial contacts, estimates, negotiations, requests for information and management of contacts received at events, trade fairs and events, etc.), and the related statistical activities;
b) Organizational management and related communications to our sales network, partners and/or related companies, technical assistance centres, entities and organizations related to the organization of events, such as hotels, travel agency, transportation of people, etc.) for the activities referred to in point a); c) Administrative, accounting, legal management (order processing, payment management, invoice management, handling legal disputes, fulfilling legal obligations, regulations or court orders, as well as defending a right in court, debt collection, returns, credit insurance, etc.);
d) Contractual management of supply, shipping and delivery services, installation and assistance of the characteristic solutions and products, also through partner and/or associated companies;
e) Contractual management of after-sales services, including repair under warranty, technical support of the product, etc.);

2 - Promotional, customer loyalty and marketing purposes
f) Commercial and promotional management either before or after sales, regarding solutions, services, event organization, in line with the services and solutions proposed (e.g. communication of information about our products and services, our local dealers, events, soliciting participation in competitions or prize operations organized by JACUZZI EUROPE S.p.A., or other promotional purposes).
g) Elaboration of statistics and market analysis, also through surveys and questionnaires or request for collection of reviews, market research and/or customer satisfaction surveys.

3 - Purpose of periodic communication or subscription to newsletters
h) Sending newsletters or periodic communications by email with information on offers, products, news, events concerning the world of JACUZZI EUROPE S.p.A.

B) VISITORS TO WEBSITES

This category of Data Subjects includes users who visit and interact with our website. Consequently, all data related to the following purposes are processed:

1 - The purpose for which the data are collected is connected to internet browsing, or necessary for executing the commercial relationship or the request made
a) Management of the website operation processes. The website acquires personal data as part of its standard operation; the transmission of such personal data is an inherent feature of the Internet communication protocols. This information is not collected for association with identified parties, those concerned, but may by their nature, through processing and association with data held by third parties, permit the identification of users. This category of data includes IP addresses or the domain names of the computers of the users connecting to the site, the URI (Uniform Resource Identifier) addresses of the required resources, the time of the request, the method used to submit the request to the server, the size of the file obtained as a reply, the numeric code of the status of the reply sent by the server (ok, error, etc.) and other parameters linked with the user’s OS and computer processing environment. All these data items are used to obtain statistical anonymous information on the use of the site and to check its correct operation. The data may be used to ascertain responsibility if computer crimes are committed against the web site upon request of the applicable authorities. Furthermore, while browsing the pages of the Jacuzzi® Europe S.p.A. websites, you may install cookies on your browser to improve your user experience, in particular cookies which are strictly necessary for the correct operation of the website.
b) Management of the user's requests (data provided voluntarily by the user): the personal data you provide voluntarily when consulting the www.jacuzzi®.it and www.jacuzzi®.eu website, as well as any other domain which may be linked to Jacuzzi® Europe S.p.A., even if otherwise named, such as contact forms, requests to receive information material, requests for assistance, requests to subscribe to newsletters, requests made via web chat, or requests made through the optional, explicit and voluntary sending of e-mail messages to the addresses indicated on this site, involves the acquisition of the information necessary to respond to requests, as well as any other personal data included in the request. The personal data collected for "Management of user requests" may also be processed for the further purpose of verifying the effectiveness of the response to your requests, to improve the service provided to its customers, by contacting you at the contact details provided.

2 - Promotional, customer loyalty and marketing purposes
c) Commercial and promotional management after the first contact, regarding solutions, services, event organization, in line with the services and solutions proposed (e.g. communication of information about our products and services, our local dealers, events, soliciting participation in competitions or prize operations organized by JACUZZI EUROPE S.p.A., or other promotional purposes).
d) Elaboration of statistics and market analysis, also through surveys and questionnaires or request for collection of reviews, market research and/or customer satisfaction surveys, also through the use of technical cookies. In compliance with the provisions of the Cookies and Other Tracking Instruments Guidelines issued by the Italian Privacy Supervisory Authority on 10 June 2021 (and applicable as of 10 January 2022), the undersigned has prepared specific cookie policies and has set up methods and processes for the specific management of informed consent. You will find more details about these cookies and related processing in our Cookie Policy.

3 - Purpose of periodic communication or subscription to newsletters
e) Sending newsletters or periodic communications by email with information on offers, products, news, events concerning the world of JACUZZI EUROPE S.p.A.

C) SUPPLIERS AND/OR PARTNERS AND/OR RELATED COMPANIES

This category includes all parties with whom a commercial, contractual, pre- or post-contractual relationship for the purchase of merchandise and services exists. Consequently, all necessary personal and business related data are processed for one or more of the following purposes:

1 - Purpose for which the contribution is necessary for the execution of the contract, the commercial relationship or the request.
a) Management of commercial and pre-contractual processes, in relation to all the activities which preceded the conclusion of the contract (commercial contacts, estimates, negotiations, requests for information and management of contacts received at events, trade fairs and events, etc.);
b) Administrative, accounting, legal management (order processing, payment management, invoice management, handling legal disputes, fulfilling legal obligations, regulations or court orders, as well as defending a right in court, debt collection, returns, credit insurance, etc.);
c) Contractual management of supply, shipping and delivery services, installation and assistance of the characteristic solutions and products; d) Contractual management of after-sales services, including repair under warranty, technical support of the product, etc.);
e) Elaboration of statistics and market analysis, also through surveys and questionnaires or request for collection of reviews, market research and/or customer satisfaction surveys.

As part of the supply relationship, Jacuzzi Europe S.p.A. may need to communicate personal data of its customers and/or other suppliers to you for purposes strictly necessary and indispensable for the performance of the activities for which your supply service is prearranged, and necessary for the proper performance of the services characteristic of Jacuzzi Europe S.p.A. (e.g. delivery and/or shipment of products, the performance of warranty work, etc.). In such circumstances you may act, according to the case may be and concerning the type of supply, in your capacity as autonomous Data Controllers or Data Processors pursuant to Art. 28 of Reg. 679/2016, in particular where the data communicated to you are processed on behalf of Jacuzzi Europe S.p.A. In the latter case, the relationship will be governed by an instrument of designation pursuant to said Art. 28.

LAWFULNESS AND LEGAL BASIS FOR PROCESSING

The processing of personal data by the Controller, as the case may be, is legitimated by the following conditions (Art. 6 of GDPR):

  • The Data Subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • The processing is necessary for the execution of a contract to which the Data Subject is a party and for the possible execution of pre-contractual or post-contractual measures adopted at the request thereof, or the processing is necessary for the correct use of services provided through the web.
  • The processing is necessary for compliance with a legal obligation to which the Data Controller is subject (in particular for administrative and accounting purposes).
  • The processing is justified by a lawful interest of the Controller, for example the sending of commercial and/or promotional communications relating to products and services similar to those covered by the contractual relationship, the reporting and invitation to events, the subscription to company newsletters, etc.

SCOPE OF DISSEMINATION AND CATEGORIES OF SUBJECTS TO WHOM THE DATA MAY BE COMMUNICATED, AND POSSIBLE AREAS OF RESPONSIBILITY

The collected personal data may also be communicated, within the limits and in the forms strictly pertinent to the above purposes, as the case may be, to the following subjects or categories of subjects:
i. Authorized personnel of our Company in their respective Offices and functions (e.g., Administrative, Sales, Marketing offices, etc.)
ii. Persons to whom notification is required by law, regulation or national and Community legislation and for the performance of contractual or pre-contractual obligations. Where we are required to do so, we will provide information about you to law enforcement agencies, regulations and judicial acts anywhere in the world.
iii. Credit Institutions, Insurance Companies and other entities for the execution of contractual or pre-contractual obligations (making payments, taking out compulsory insurance policies, etc.);
iv. External firms and professionals specialized in consulting for the management of accounting and fiscal aspects for the fulfilment of the law or functional for the provision of the service underlying the contract (e.g. labour consultants, accountant, auditing firm, Board of Statutory Auditors, Supervisory Body as per Legislative Decree no. 231/2001, etc.);
v. Companies in charge of transport and shipping activities of the goods subject to the customer's personal details.
vi. Subcontracting companies related to the provision of services related to the provision of solutions and services, with particular reference to web services and software applications;
vii. External agencies which support us in marketing campaigns and events
viii. Detective agencies
ix. Reference company of the brand, Jacuzzi® Brands LLC, and companies belonging to the Jacuzzi Group
x. Dealers, dealers and distributors belonging to the Jacuzzi sales network, according to a proximity criterion, for the finalization of the sale
xi. Authorized Technical Assistance Centres

This list is not exhaustive, as there are other circumstances in which we may be required to share information, e.g., if you have any questions or concerns:
- To meet our legal obligations
- In connection with legal proceedings (or when we have been instructed to do so by a court order)
- To protect the vital interests of an individual (in a life or death situation)

For communications to certain types of subjects mentioned above, the Company has a contract in place that assigns and regulates the responsibilities and methods of data processing (so-called Subcontractors).

Dealers, dealers and distributors belonging to the Jacuzzi sales network, as well as authorized Technical Assistance Centres, are independent companies, owners of the processing of personal data you provided as part of your sales and assistance requests as well as data collected on their sites. They will also process your data if they are transmitted by JACUZZI EUROPE S.p.A. Italia in compliance with current legislation on data protection.

Although this Privacy Policy also describes some of the processing operations that retailers, dealers and distributors belonging to the Jacuzzi sales network, as well as authorized Technical Assistance Centres, may perform on your personal data, we would like to inform you that they may collect further information about you when carrying out their services, providing their own privacy policy for this purpose. In this case, you will have to contact them directly about any changes or issues related to the use of your personal data.

DATA TRANSFER

JACUZZI EUROPE S.p.A. is part of an international group, consisting of Jacuzzi® Brands LLC and other companies located inside and outside the EU. Consequently, for administrative and related reasons (e.g. statistics, financial reporting, business process management) by the undersigned, some data relating to you or your organization could be transferred within the territory of a Member State of the European Union, of a state belonging to the European Economic Area or of a territory that the European Commission has identified as being able to guarantee an adequate level of protection of personal data under the GDPR, or even to non-EU countries. In this regard, the transfers of data to other Group companies are particularly important. In the latter case, the undersigned guarantees that the data transfer will take place based on an adequacy decision of the European Commission pursuant to art. 45 of the GDPR, or that the data transfer will be subject to adequate guarantees pursuant to Art. 46 of the GDPR, ensuring that those who receive the data are contractually bound to at least the same obligations as the Data Controller.

However, the undersigned reserves the right to use cloud services, in which case, service providers will be selected from those who provide adequate guarantees, as required by Art. 46 GDPR 679/16.

PROVISION OF DATA AND CONSEQUENCES OF FAILURE TO PROVIDE MANDATORY/NON-MANDATORY DATA

Data provision must be considered compulsory as regards the processing that the organization must perform to fulfil its obligations towards the person concerned based on the relationship (or contract) in place, as well as legal obligations, rules, regulations - see paragraph purposes, type 1) for the respective types of Data Subjects - Failure to provide such data may make it impossible for JACUZZI EUROPE S.p.A. to implement the existing relationship.

The provision is not mandatory for all other purposes and, even if conferred, can be revoked at any time by the person concerned. If consent is not given, the consequences will be assessed on a case-by-case basis. For type 3 purposes - Purpose of periodic communication or subscription to newsletters, communications will always be accompanied a data processing policy and will always be given the right to withdraw from communications of a commercial or promotional nature.

PERIOD OF DATA RETENTION

The data are retained only for the period necessary for the purposes for which they are processed, or for any other legitimate related purpose (for example, where they are relevant to defence against claims against us or in the presence of a lawful interest), or within the time limits provided by national and EU laws, rules and regulations with which the organization must comply (e.g. accounting and tax regulations, etc.). Therefore, if the personal data are processed for two different purposes, we will retain such data until the longer time for which the data is stored expires; however, we will no longer process personal data for that purpose for which the retention period has ceased. Periodical checks shall be carried out on an annual basis on the processed data and the possibility of erasing them if they are no longer necessary for the intended purposes.

For the sake of clarity, the retention periods for the main purposes are set out below:

Marketing purposes: Your personal data may be retained for the period reasonably necessary to carry out the specific functionalities, starting from the date on which we have obtained your last consent for this purpose (with the exception of the opposition to receive further communications or the exercise of your other rights). In any case, our systems are configured to periodically renew requests to be able to proceed with this purpose.

Fulfilment of contractual obligations: The data processed to fulfil any contractual obligation with you may be retained for the entire duration of the contract, and in any case in accordance with the provisions of their respective regulations, as well as for any subsequent periods, to address any assessment and/or dispute of an organizational, tax and/or legal nature.

In the event of disputes: If it is necessary to defend or take action or even make claims against you or third parties, we may retain personal data that we reasonably deem necessary to process for such purposes, for as long as such claim may be pursued.

DATA SECURITY

We have established security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized manner. We also restrict access to personal data to employees and third parties who have an obligation to know it.

We have procedures in place to manage any potential data breaches and will notify you and any relevant regulatory authority if required by law.

EXERCISE OF THE RIGHTS OF THE PERSONS CONCERNED

The Data Controller shall provide the Data Subject with feedback regarding any requests made in relation to the processing of data within 30 days, and if it is impossible to comply with these deadlines, to justify any extension of the time limits. The feedback will be free of charge, except in cases of groundlessness or excessive requests for which a contribution to expenses not exceeding the costs incurred for the research carried out may be charged.

Under current legislation, you have the right to ask us:

  • for more details on our processing methods,
  • for a copy of the personal data you have provided us with,
  • to update any inaccuracies in the data in our possession,
  • to erase any data for which we no longer have any legal basis for processing,
  • to withdraw your consent, if the processing is based on consent and relates to direct marketing activities, so that such processing ceases,
  • to object to any processing based on lawful interests unless the reasons for which we are obliged to do so outweigh any prejudice to your data protection rights,
  • to limit the way we process your personal data when investigating about a complaint.
  • You shall have the right, if the conditions are met, to lodge a complaint with the relevant supervisory authority.

The exercise of these rights is subject to certain exceptions aimed at safeguarding the public interest (e.g. the prevention or identification of crimes) and our interests. If you exercise any of the above rights, it will be our responsibility to verify that you are entitled to exercise them and we will normally respond within one month, as specified above.

If you revoke your consent or exercise your right of erasure, it will be necessary to consider that this operation will require a technical processing time that we will reduce to a minimum, but during which you may still be contacted as part of the marketing activities you have already undertaken.