Privacy Policy

Privacy Policy

Welcome to the website www.corepla.it of COREPLA Consorzio Nazionale per la Raccolta, il Riciclo e il Recupero degli Imballaggi in Plastica (“Site”).

Through this policy, we inform users about how personal data – whether collected automatically or provided voluntarily – is processed, how to access and navigate the Site and use the services provided therein, as well as how cookies operate that have been installed or otherwise used on the Site. 

Browsing is free and does not require users to register. Personal data is only disclosed in the sections “Reserved Areas” and “Recycling with COREPLA”, where users can find more detailed information on how personal data is processed.

The Site may also contain hypertext links to third-party websites, pages or online services. As the multimedia content that you access by clicking on these links belongs exclusively to these third parties, we do not control this content or cover it in our policy. We therefore ask users to use caution when signing up for third-party services, to carefully read the data processing information provided by these third parties, over which we exercise no control and for which we will not be held responsible.

1.    Data Controller 

The Data Controller is COREPLA Consorzio Nazionale per la Raccolta, il Riciclo e il Recupero degli Imballaggi in Plastica (tax code and VAT registration No. 12295820158), whose head office is located at Via del Vecchio Politecnico 3, Milan, Italy, email address privacy@corepla.it and certified email address corepla@pec.it (“COREPLA”).

2.    Type of personal data processed

Personal data means any information concerning the user or that can be used to identify the user.

Processing specifically refers to:

  • Browsing data

    For Site access and browsing, we generally collect browsing data through cookies and other tracking technologies. The computer systems and software procedures used to operate the Site collect some personal browsing data to function normally and automatically. This data is sent automatically when using Internet communication protocols. This data on internet traffic is not by nature collected for the purposes of immediately identifying users. However, it could be processed and combined with data held by third parties to identify users. This category of data includes the IP address and domain names of the devices used to connect to the website, Uniform Resource Identifiers (URIs) or Uniform Resource Locators (URLs), the time of the request, the method used to submit the request to the server, the size of the file returned, a numerical code indicating the response status provided by the server (successfully completed, error, etc.) and other features about the user’s operating system and computer environment. This data can be used to access the Site, benefit from the services provided therein, verify the user’s identity if previously registered, obtain information about visits, perform anonymous and aggregate statistical analyses, and identify anomalies and misuse. The data is stored for no longer than one year and for the period of time expressly indicated in section 4) on Cookies, unless required by court authorities in a criminal investigation.

  • Data voluntarily provided by users

    We also process personal data voluntarily provided by users while interacting with services available on the Site, for example registration requests and subsequent access to these pages. In the specific sections of the Site where user data is collected, detailed information is published on data processing under Article 13 of the EU’s General Data Protection Regulation (GDPR). Information voluntarily disclosed by users includes: 

    - first name, surname, company position, phone number, email address, company name and company/entity VAT number, and type of user registering to use Reserved Areas and the services provided therein;

    - first name, surname, company position, phone number, email address, bank details, company name and company/entity VAT number, and type of user registering to use the “Recycling with COREPLA” area of the website;

("Data").

Data is also collected when users voluntarily send email messages to the addresses indicated on this Site. This data includes the sender’s email address and any other personal information voluntarily provided in the message. This information is used solely for the purpose of responding to the sender is not disclosed to any third parties.

3.    Purposes of data processing, lawful basis and data disclosure

When this Site and the services provided therein are used, data is processed for the following purposes:

  1.  to allow users to navigate the Site, gather anonymous statistics on how the Site is used, check that the Site is functioning properly, and determine liability in the event of computer crimes (“Site Navigation”). The lawful basis is the legitimate interest of COREPLA (Article 6.1 f) of the GDPR;
  2. to register users of the “Reserved Areas” of the Site, create and manage their website profile, and enable them to use the services available to registered users (“Reserved Areas”). The lawful basis is the performance of a contract at the user’s request (Article 6.1 b) of the GDPR;
  3. to register users of the “Recycling with Corepla” section of the Site, create and manage their profile, and enable them to use the services available to registered users (“Recycling Area”). The lawful basis is the performance of a contract at the user’s request (Article 6.1 b) of the GDPR;
  4. to exercise and defend COREPLA’s rights in any court, including judicial, administrative, arbitration and/or mediation and settlement procedures (“Defence”). The lawful basis is the legitimate interest of COREPLA (Article 6.1 f) of the GDPR.

Except for browsing data, which is collected automatically, user data must be provided to achieve the purposes set out in letters b) and c) above. Therefore, if the user fails to provide the data requested, COREPLA will be unable to fulfil the request, without compromising the pursuit of the purposes set out in point a) above, Site use and the right of defence.

4.    Cookies

We use technical, analytical and profiling cookies, including third party cookies, to allow you to navigate and use the Site, to analyse statistics on Site use, and to create user profiles to display ads based on user preferences. You can find additional information on the cookies used on the Site in our Cookie Policy

5.    Data processing

Within the scope of the purposes indicated in point 3) above, data is mainly processed electronically and automatically, as well as in paper form, in compliance with laws governing personal data processing and appropriate security measures. Data processing is managed by our internal staff, specifically authorised, trained and instructed to guarantee adequate security and privacy, as well as to prevent data loss, destruction, or access by unauthorised individuals.

6.    Data disclosure and dissemination

Data will not be disseminated. Strictly within the limits of the purposes indicated in point 3) above, data may be sent to: 

  •  recipients entitled by law or regulation, such as, but not limited to, public and court authorities;
  •  recipients who, acting as independent data controllers or processors as defined in Article 28 of the GDPR, carry out data processing activities (such as, but not limited to, the company that manages and maintains the Site’s computer systems).

You can request the updated list of data processors from COREPLA by sending an email to corepla@pec.it

7.    Data retention

We store data for the time strictly necessary to achieve the purposes for which the data was collected. Except as expressly stipulated in point 5) above, data collected to register users of:

  • Reserved Areas will be stored for the entire duration of the relationship with COREPLA and, in any case, until the rights arising from this relationship expire;
  • Recycling Areas will be stored for the entire duration of the relationship with COREPLA and, in any case, until the rights arising from this relationship expire; 

However, users retain the right to withdraw consent for data processing carried out on this lawful basis, the right to object to processing, as well as in compliance with specific legal obligations to store data and exercise of the right of defence in the event of a legal dispute.

8.    Rights of the data subject

With reference to their data held by COREPLA, in line with procedures set out in the GDPR and with the provisions and limitations set forth in Legislative Decree No. 196/2003 (Part I - Title I - Chapter III), data subjects have the following rights:

  • of access, in the cases stipulated in Article 15 of the GDPR;
  • to rectification of inaccurate data and incomplete data (Article 16 of the GDPR);
  • to erasure of data for reasons stipulated in Article 17 of the GDPR, such as when data is no longer needed to achieve the purposes for which it was collected or otherwise processed in compliance with the GDPR;
  • to restriction of processing in the situations listed in Article 18 of the GDPR, such as when data accuracy is contested and accuracy must be verified; 
  • to data portability, i.e. the right to receive data concerning the data subject (Article 20 of the GDPR), in a structured, commonly used and machine-readable format, and the right to transmit data to another data controller; 
  • to object, in the cases stipulated in Article 21 of the GDPR;

You can, at any time, withdraw your consent to data processing. This withdrawal will not affect the lawfulness of the processing based on consent carried out before your withdrawal. 

You may exercise all the rights listed above by sending a message to COREPLA via email to privacy@corepla.it or a registered letter to COREPLA’s post address, to the attention of the Legal and Corporate Affairs Department.

9.    Complaints

If you believe that the data processing violates the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority, as stipulated in Article 77 of the GDPR. 

10.  Data transfers outside the EU

Your data is stored on servers located in the European Union. We ensure that any data transfers to non-EU countries are carried out in compliance with the GDPR, and, specifically, in the presence of adequate safeguards (adequacy decisions, standard contractual clauses approved by the European Commission, etc.).