INFORMATION PURSUANT TO ART. 13 OF REGULATION 2016/679 EU ON THE PROTECTION
OF NATURAL PERSONS WITH REGARD TO THE PROCESSING OF PERSONAL DATA
Introduction
LED S.p.A. (hereinafter also referred to as “LED” or “the Data Controller”) through this privacy
policy intends to inform you about how your personal data will be processed in relation to the
website www.led.it, in accordance with European Regulation 679/2016
(so-called “GDPR”).
Users are invited to read this Privacy Policy regularly as it may be subject to changes over time,
including due to updates and amendments to personal data protection laws or regulations, internal
decisions, or the addition of new services offered through the site.
Data Controller
The Data Controller is LED S.p.A., with registered office in Aprilia, Via Selciatella, 40, phone +39
06.92870045, email: [info@led.it](mailto:info@led.it).
Purpose and Legal Basis of Data Processing
The data collected, processed lawfully and fairly, will be used by LED S.p.A. solely for the following
purposes:
a) to provide the services offered by this site;
b) to verify user satisfaction;
c) to inform users about new products, initiatives, events, and services;
d) to communicate commercial offers related to products or services provided by LED S.p.A., or by
affiliated or subsidiary companies, or those with which LED S.p.A. has or will enter into commercial
agreements.
e) to comply with legal obligations.
The legal bases for the processing are as follows:
1. For the purposes referred to in letters a) and c), the legal basis is Article 6(1)(b) GDPR, as the
processing is necessary to allow the user to access the services provided by the site and to satisfy
an explicit request from the user.
2. For the purposes referred to in letters b) and d), the legal basis is the user’s consent (Article
6(1)(a) GDPR).
Data Processing Methods
Personal data is processed by the Data Controller using both paper and electronic/telematic tools
and is stored within its IT systems. Appropriate security measures are in place to prevent the loss
or alteration of data — even accidentally — and unauthorized or unlawful access.
Payment data (e.g., credit card information) will be managed by third-party data controllers,
governed by their respective privacy policies.
For profiling activities related to direct marketing under point d) of “Purpose of Data Processing,”
LED will analyze, through electronic and automated procedures, user preferences and/or
behaviors (e.g., type of information requested, frequency of service usage, type of services used).
Consequently, LED will process and select user data to provide personalized information, surveys,
and services aligned with user interests, avoiding unwanted communications.
Mandatory or Optional Data Provision
The forms to be filled in require the entry of data that is strictly necessary to fulfill your request.
Failure to provide the required fields, marked with an asterisk, will make it impossible to proceed.
Data Retention Period
Data will be stored in our systems based on the nature and purposes of the processing and in
accordance with legal timeframes.
As a general rule, LED uses the following retention criteria:
1. For purposes a) and c), data is retained for the time necessary to fulfill product or service
information requests;
2. For purposes b) and d), data is retained for the time necessary to carry out promotional or
update activities the user has subscribed to, and any related administrative tasks;
3. For purposes b) and d), data is retained until consent is withdrawn by the data subject.
After the specified periods, identifying data will be anonymized and used only for statistical
purposes, which do not allow the individual to be identified. Personal data will then be deleted or
destroyed unless otherwise required by regulatory authorities, law enforcement, or for legal claims.
Transfer of Personal Data Abroad
Although personal data is typically processed on servers owned by the Data Controller and/or
designated processors within the EU, LED may transfer data outside the EU when necessary. In
such cases, LED guarantees that the transfer will comply with applicable laws and that service
providers will offer adequate safeguards, including Standard Contractual Clauses as per Article 46
of the GDPR.
Disclosure and Distribution of Data
Your personal data may be processed directly by LED or by third parties acting on its behalf.
A complete and up-to-date list of data processors (and, where applicable, sub-processors
authorized by the main processor) is available upon request at LED S.p.A., Via Selciatella 40,
04011 Aprilia (LT), Italy.
Collected personal data will also be available to authorized personnel of LED, in accordance with
Article 29 GDPR, responsible for providing specific services and managing IT and administrative
functions.
Independent Third Parties
User data may be disclosed to third parties for various reasons. Below are the scenarios in which
this may occur:
1. To fulfill the services requested by the user, data may be provided to third parties, acting as
independent data controllers, that deliver services necessary to meet user requests (e.g.,
banks or credit card issuers for processing payments).
2. To comply with legal obligations or regulations, data must be shared with third parties acting
as independent data controllers.
3. Data may also be disclosed to regulatory bodies, law enforcement agencies, or courts to
assert or defend legal rights of LED or third parties.
Data Subject Rights and How to Exercise Them
Under Articles 15–22 of the GDPR, at any time you may:
request access to personal data and related information;
request rectification of inaccurate data or completion of incomplete data;
request erasure of personal data;
request restriction of processing;
request data portability;
object to data processing;
withdraw consent for one or more processing purposes, if processing is based on consent.
To exercise these rights or withdraw consent, please send an email to info@led.it with the subject “Consent Withdrawal Request.”
You may also file a complaint with the Italian Data Protection Authority
www.garanteprivacy.it by:
a) Registered letter to: Garante per la protezione dei dati personali, Piazza Venezia 11, 00187
Rome, Italy
b) Email to: garante@gpdp.it or protocollo@pec.gpdp.it]