Information and consent for the processing of personal data for Prize Contests

Controller and Data Protection Officer

We inform you that, pursuant to Art. 13 of EU Regulation 2016/679 (hereinafter the “Regulation” or “GDPR”), that the Controller, for the activities described below and related to your participation in the prize contest, including through the website, is Soffass Spa, with registered office in via Fossanuova n. 59 55016 Porcari, Lucca, Italy, recorded in the Register of Companies under No. IT01829730462. The Data Protection Officer (“DPO”) can be contacted via email at Purpose of data processing and legal basis Data are collected in order to:
  1. Manage your participation in the Controller’s prize contest, from an administrative and technical perspective. With regard to the prize contest, and with your specific consent where necessary, your personal data may be processed:
    1. To manage your participation and check your registration details in the prize contest, allowing you to obtain discount vouchers on future purchases of products and services or other free services or goods. The processing of information about you required to participate in the competition does not require your consent, since personal data processing is carried out in performance of a contract - the Competition Rules - to which you are party pursuant to Article 6.1(b) of the Regulation.
    2. Subject to your consent, obtained in the manner prescribed by applicable law, to the sending, by automated means (email, text message) and non-automated means (paper mail, telephone with operator), of information on the Controller’s products and initiatives, including those aimed at conducting market research and participation in prize contests and events organized by the Controller, whether generic or in line with your profile. The legal basis for the processing of your data for this purpose is Article 6.1(a) of the Regulation. Failure to provide your consent for such purposes will not impair your use of the services. In any case, should you wish to object to the processing of your data for marketing purposes carried out using the means indicated herein, or withdraw the consent given, you may do so at any time by contacting the Controller at:, without prejudice to the lawfulness of the processing based on consent carried out before its withdrawal. For processing carried out for the purposes of direct sending of advertising material or direct selling or for carrying out market research or commercial communications in relation to products or services of the Controller that are similar to those purchased, the latter may use, without the consent of the data subject, e-mail and postal addresses in accordance with and within the limits permitted by the regulations in force and by the Decision of the Italian Data Protection Authority dated 19 June 2008. The legal basis for the processing of your data for this purpose is Article 6.1(f) of the Regulation. The data subject may object to such processing at any time, whether initially or through subsequent communications, easily and free of charge, by emailing:;
    3. Subject to your consent, obtained in the manner prescribed by applicable law, to analyse details of your purchases, (e.g. place of residence, age, gender, types of payment instruments, your responses to market research, purchase volume, etc.), in order to define a profile of your preferences for statistical and/or commercial purposes. The legal basis for the processing of your data for this purpose is Article 6.1(a) of the Regulation. Failure to give your consent for these purposes will not affect your use of the services;
    4. To manage your participation in the prize draws organised for users by the Controller and to verify your identity should you win. You are not required to give your consent to this processing pursuant to Article 6.1(b) of the GDPR. The rules of the prize contest are available at the following address:
  2. Your data, collected for the purposes mentioned above, may also be processed for administrative/accounting purposes or for defensive purposes in the event of unlawful conduct, abuse or fraud.

Types of data

We will ask you for or in any case process a series of information about you, some of which are necessary in order for you to participate, such as your first and last name, your contact details, your email address, telephone number, and the purchases you made during the period covered by the programme. Providing the necessary data is essential with reference to the purposes of carrying out the activity you have requested and fulfilling any and all related legal obligations: if you refuse to provide such necessary data, we may not be able to respond to your request. Subjects to whom the data may be communicated or transmitted

Your personal data may be shared with natural persons authorised by the Controller to process personal data pursuant to Art. 29 of the GDPR in the performance of their duties (e.g. employees and system administrators, etc.); service providers (such as consultants, credit institutions, etc.) who typically act as processors pursuant to Art. 28 of the Regulation; subjects, entities or authorities to whom communication of your personal data is mandatory pursuant to legal provisions or orders issued by the authorities.

The complete and up-to-date list of recipients of your data may be requested from the Controller by contacting the addresses indicated above.

Your data will be processed by the Controller through its employees responsible for managing the prize contest, according to the needs and the purposes to be achieved, from time to time and having due regard to the consents and requests of the data subject.

Your data may be accessible to other companies in the Sofidel Group for the same purposes as above and/or for administrative/accounting purposes pursuant to Art. 6.1(f) and Recitals 47 and 48 of the Regulation. In the event of a win, as provided for in the Competition Rules, the names of the winners may be published on Controller’s websites and/or social media pages.

Transfer of data outside the EU

With regard to the possible transfer of the Data to Third Countries, the Controller informs you that processing will take place according to one of the methods permitted by current law, such as, for example, the consent of the data subject, the adoption of Standard Clauses approved by the European Commission, the selection of subjects who are members of international programmes for the free circulation of data (e.g. EU-USA Privacy Shield) or who operate in countries considered safe by the European Commission. Further information can be obtained, upon request, from the Controller by contacting the above addresses.

Storage of personal data

Your data will be kept only for the time necessary for the purposes for which they are collected, respecting the principle of data minimisation as per Art. 5.1(c) of the GDPR. The Controller may keep some data even after the termination of the contractual relationship, for the time necessary to fulfil contractual and legal obligations. Further information is available from the Controller.

Data processing methods

In relation to the above purposes, the data processing is carried out using manual, IT and telematic instruments with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure the security and confidentiality of the data and compliance with the specific obligations laid down by the law.

Your privacy rights

You have the right at any time to request from the Controller access to, rectification or erasure of your personal data or to object to the processing of such data. You also have the right to request the restriction of processing treatment in the cases provided for in Art. 18 of the Regulation, to withdraw the consent given under Art. 7 of the GDPR at any time. You also have the right to obtain the data about you in a structured, commonly used and machine-readable format, in the cases provided for in Article 20 of the Regulation and to lodge a complaint with the competent supervisory authority pursuant to Article 77 of the GDPR, if you believe that your data is processed in violation of the legislation in force.

You can object to the processing of your data under Art. 21 of the GDPR in which you give evidence of the reasons for your objection: the Controller reserves the right to evaluate your request, which will not be accepted if there are legitimate grounds for the processing which override your interests, rights and freedoms.

Requests must be made in writing and sent to the Controller or to the DPO at the above addresses.