Policy and permission for the use of personal data - Legislative Decree 30.06.2003 No.196, Art. 13

Toto Holding S.p.A. considers the 'privacy' of its users to be of the utmost importance and guarantees that the processing of personal data via the Toto website is performed respecting the fundamental rights, liberties and dignity of the person concerned. The Company pays particular attention to matters of confidentiality, personal identity and the right to protect personal data. To this end, Toto Holding S.p.A. has adopted and implemented a Privacy Policy that concerns the running of the website and the personal data of its users. The policy was drawn up in compliance with Article 13 of the 'Italian Personal Data Protection Code' (Legislative Decree no. 196/2003).

Please read the following Privacy Policy and check periodically for any updates or revisions that may be necessary.

Definition of 'personal data'

For the purposes of this Policy, 'personal data' - as better specified in Article 4 of the Code - means 'any information concerning a physical person, legal person, body or association, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number.'

This Privacy Policy applies to the personal data collected via the Toto Holding S.p.A. website and/or email of the same. It does not apply to personal data collected 'offline', unless that personal data is combined with other personal data collected online by Toto Holding S.p.A. Furthermore, this policy does not apply to other websites belonging to third parties that might be accessible via web link, as Toto Holding S.p.A. does not manage and control the content of these sites.

Toto Holding may collect the following personal data through its website: name, surname, address, email address, information collected for statistical purposes during consultation of the site, other information voluntarily provided by the user during online registration or the compilation of specific fields and forms, and information intended to improve and facilitate site navigation.

Data processing methods

Users can access different sections of the website without releasing any personal information. Toto Holding S.p.A. collects and processes personal data online through its website or email address; this processing occurs, for the most part automatically, via the following methods:

  1. Data released voluntarily by users

Toto Holding S.p.A. collects personal information and other data from registration forms or fields on the website, as well as anything sent to Toto Holding S.p.A. by email. This data might be information required to provide services requested by the person concerned (e.g. Newsletter) and/or to contact the person concerned (name, address, email address, telephone number, user ID and password), or the user's date of birth, professional credentials and hobbies and interests.

  1. Connection data collected by use of electronic instruments

The information systems and software procedures set up to run the Toto Holding S.p.A. website acquire, as part of their normal functioning, a series of personal information that is transmitted in the use of internet communication protocols (e.g. the user IP address or the domain name of the computer used to access the website, the URI of the requested resource, the time of request or duration of session, the method used to submit the query to the server, the size of the file received in response to the request, the numerical code concerning the status of the data response from the server and other information concerning the operating system and IT environment of the user). The Toto Holding website does not use technology such as cookies or similar to collect and/or transmit the personal data of its users. Toto Holding S.p.A. uses such technology exclusively for the purposes of gathering statistical information on the use of the website (e.g. total number of visitors to the site, number of visitors per single page, original domain name of internet service provider of visitors). More specifically, the use of session cookies (which are removed from the user's computer when the browser is closed) is strictly limited to the transmission of information relevant to the user's session, of fundamental importance for safe and efficient browsing of the website. Furthermore, the use of these session cookies strictly excludes recourse to other technical information that might be potentially damaging to the confidentiality of the user's session and does not permit the acquisition of their personal identification data. Toto Holding S.p.A. does not use any kind of persistent cookies.

Purposes of collecting data

Toto Holding S.p.A. collects the personal data from its users needed to enact the authorisation, activation and customisation processes for access to the various areas and related content of the Toto Holding S.p.A. website.

Toto Holding may use the personal data obtained online in order to offer products and services, monitor the authorised access system for data security and evaluate job applications sent by candidates (CVs). Only at the express request of the person concerned and by means of an online form may Toto Holding S.p.A. suggest commercial offers and promote marketing initiatives through its 'Newsletter'.

Toto Holding S.p.A., as 'Data controller', informs users that the data in question will be exclusively processed and used for the purposes outlined in this Privacy Policy.

Communication and/or diffusion of personal data

The personal data will be accessible to departments and employees of Toto Holding S.p.A., formally titled Data Supervisors or staff responsible for processing. The use and forwarding of personal data by external individuals and organisations that act on behalf of Toto Holding S.p.A. is regulated by contracts that ensure a sufficient level of personal data protection. Users' personal data will be used and issued by Toto Holding S.p.A. exclusively to individuals and organisations that work on its behalf, to comply with this Privacy Policy and current regulations.

Toto Holding S.p.A. manages the information contained on its website in collaboration with other service providers and web agencies, from which it may receive personal data concerning the users of that information. This online collaboration is regulated by specific contracts that ensure an adequate level of protection of the personal data processed.

In some cases, Toto Holding S.p.A. may be bound to release personal data concerning the users of its website, to comply with contractual obligations under current regulations or to meet the request for services by the person concerned; this release of information may occur in the following cases:

  1. When online users have authorised the release of information;

  2. When Toto Holding S.p.A. needs to communicate information concerning its users in order to provide services and fulfil the requests of an online user;

  3. When Toto Holding S.p.A. needs to communicate information to its partners who provide services for online users;

  4. When Toto Holding S.p.A. is bound, by judicial authorities, to release information concerning users, or to conform to local or international laws, regulations or mandates.

Other circumstances may arise, whereby for example Toto Holding S.p.A. decides, for commercial motives, to proceed with sales, mergers or capital acquisition operations. In the sphere of this reorganizational activity, personal data may be shared with current or potential purchasers. In these circumstances, Toto Holding S.p.A. will obtain written guarantees that personal data will be processed with a sufficient level of protection, in compliance with current regulations. With the exception of cases explicitly permitted by law, or outlined in this Privacy Policy, personal data will not be communicated or shared without the consent of the person concerned.

Toto Holding S.p.A. will not under any circumstances release personal data concerning users of its website to unauthorised third parties.

Personal Data Protection

In compliance with the principle of necessity stated in Article 3 of Legislative Decree 196/03, Toto Holding S.p.A. guarantees that processing with electronic instruments occurs with minimum use of personal data and is only used in cases where it is absolutely necessary in order to achieve the purposes for which the data was obtained. Furthermore, Toto Holding S.p.A. guarantees the adoption of and compliance with specific security measures to prevent the loss of data, its illicit or incorrect use and unauthorised access.

User data will be archived by Toto Holding S.p.A. until the person concerned requests its deletion; including data that does not need to be kept in order to fulfil the purpose it was collected for. This is has been in observance of the rights sanctioned by Article 7 of Legislative Decree 196/2003 and will occur as outlined in the following paragraph 'Your Rights'.

It is the responsibility of every single user to check and guarantee the possession and safekeeping of their password and relative access codes for web resources.

Consent for personal data processing

Toto Holding S.p.A. will only process data concerning its users/clients with their exclusive consent. However, where the user does not consent to data processing or requests the deletion of their data, they will no longer be able to access the restricted area of the Toto Holding S.p.A. website.

Data Controller

The Data Controller is Toto Holding S.p.A., with registered office in Viale Abruzzo No. 410, 66100 Chieti (CH).

Data processing connected to web services provided by the Toto Holding S.p.A. website takes place at the Rome Office and is only performed by the technical staff of the Office responsible for data processing (e.g. Area Internet), or by potential external collaborators (outsourcers) for the completion of occasional or periodic technical operations (e.g. Database maintenance).

Optional data

The user may choose to provide or not provide personal data in the request and/or registration forms on the Toto Holding S.p.A. website.

Absence of such data may make it impossible to fulfil requests.

It should be remembered that in some cases (not required for the standard running of this site), the Authorities may require news and information under Article 157 of Legislative Decree no. 196/2003, in order to monitor personal data processing. In these cases it is obligatory to respond and those who fail to do so risk incurring administrative penalties.

Your Rights

Users of the Toto Holding S.p.A. website can always contact the Data Controller and/or Data Supervisor - indicated above - to assert their rights as per Article 7 of Legislative Decree 196/2003 no. 196, which states:

1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exists, regardless of whether it has been already recorded or not. Such data shall be communicated in intelligible form.

2. A data subject shall have the right to be informed:

a) Of the source of the personal data;

b) Of the purposes and methods of the processing;

c) Of the logic applied to the processing, if the latter is carried out with the help of electronic means;

d) Of the identification data concerning data controller, data processors and the representative designated as per Section 5(2);

e) Of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know the data in their capacity as designated representative(s) in the State's territory, data processor(s) or person(s) in charge of the processing.

3. A data subject shall have the right to:

a) Update, rectify or, where interested therein, integrate the data;

b) Erase, make anonymous or block the data that has been processed unlawfully, including data that does not need to be kept in order to fulfil the purpose it was collected and subsequently processed for;

c) Certification to the effect that the operations as per letters a) and d) Be notified,in terms of their content, to the entities to whom or which the data was communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort for the right that is to be protected.

4. A data subject shall have the right to object, in whole or in part:

a) On legitimate grounds, to the processing of personal data concerning him/her, even though it is relevant to the purpose it was collected for;

b) To the processing of personal data concerning him/her, where it is carried out for the purpose of direct selling or sending advertising material or for the performance of market or commercial communication surveys.

In compliance with the present documents, and in addition to the other rights herein specified, Toto Holding S.p.A. offers users of its website the following options:

  1. No gathering of personal data: the User may choose not to provide online personal data to Toto Holding S.p.A., by deciding not to insert or issue personal information in the registration forms or fields online or by not using the personalised services available on the Toto Holding S.p.A. website. Some of the content and/or services on the Toto Holding S.p.A. website are exclusively offered to users that provide personal information or that use personalised services.

  2. Limited use and communication of personal data for different purposes: access to certain sections of content and/or services on the Toto Holding S.p.A. website may require consent from the user to use and release personal data for the purpose of implementing contact lists and/or identifying and offering supplementary services considered of interest for the user. Users may limit further processing of this information, by verifying or selecting the options to be set upon insertion of data. Furthermore, information provided after initial registration can be modified or deleted by changing the previous settings on the registration form for the Toto Holding S.p.A. website, by accessing the 'Newsletter' section on the homepage. It is also possible for users to access their personal data, released and archived online and, where permitted, to update and modify personal data online.

Modifications to the Privacy Policy

The Toto Holding S.p.A. Privacy Policy may be updated and/or modified in order to adopt and/or comply with national, European or international regulations or to adjust to technological innovation. Updates and/or modifications to this Privacy Policy will be reported on this web page, and made constantly visible via web link on the Toto Holding S.p.A. website, so that interested parties may be fully informed of the use of their personal data released through the Toto Holding S.p.A. website.

Please read this Policy upon every access to the Toto Holding S.p.A. website.

Entered into force: 14 November 2012


> Privacy

Copyright © 2012 Toto Holding SpA.
(P.I. 00134410695).

All rights reserved.