Privacy policy

PRIVACY NOTICE – WEBSITES

pursuant to Articles 13 and 14 of Regulation (EU) 2016/679

Updated version: 8 August 2025

DATA CONTROLLER AND CONTACT DETAILS

The Data Controller is Zucchetti Centro Sistemi S.p.A., with registered office at Via Lungarno 305 – 52028, Terranuova Bracciolini (AR), Italy.

Email: privacy@zcscompany.com

PEC: zcs@pec.it

The Data Protection Officer (DPO) can be contacted at: privacy@zcscompany.com

SCOPE OF APPLICATION

This privacy notice applies to the processing of personal data carried out by the Controller through the following owned and managed websites:

• www.zcscompany.com
• www.ambrogiorobot.com
• www.techlinerobots.com
• www.wipercompany.com
• www.nemorobot.it
• www.zcsazzurro.com
• www.zcsautomation.com
• www.zcshealthcare.com
• www.zcscloud.it
• www.zcssoftware.it
• www.smartycloud.it
• www.zcspeople.it

Some websites may contain links to external platforms or portals, managed directly by ZCS or by third‑party providers. This notice also governs such processing activities where the platform operates as an expressly integrated component.

The processing activities described are divided into:

• Processing common to all ZCS websites
• Processing specific to individual websites or groups of websites
• Processing related to ZCS’s presence on social networks

PURPOSES OF PROCESSING, CATEGORIES OF DATA PROCESSED AND LEGAL BASES

Processing common to all ZCS websites

Purpose	Processed Data	Legal basis	Nature of provision
Provision and use of the website (technical operation, connectivity, traffic routing, server load balancing, caching, CDN, DDoS protection)	Public IP address, date and time of connection, HTTP/HTTPS requests, requested URL, browser and operating system identifiers, routing information, firewall/CDN logs, certificates and session tokens	Art. 6(1)(b) GDPR – performance of the contract for access to the website; Art. 6(1)(f) GDPR – legitimate interest of the Controller in providing a secure and continuous service	Mandatory: without such data it is not possible to display the site or guarantee functionalities
Technical management and system security (data protection, monitoring, fraud prevention, reCAPTCHA)	System logs, IP address, technical browsing data	Art. 6(1)(c) GDPR (legal obligation) and Art. 6(1)(f) GDPR (legitimate interest)	Mandatory
Handling requests for contact, information, quotes, technical support	Identifying and contact data connected to the specific request, voluntarily provided by the user. Fields marked with “*” are mandatory for the purpose of processing the request.	Art. 6(1)(b) GDPR – performance of pre‑contractual or contractual measures at the User’s request	Mandatory in order to follow up on the request
Newsletter subscription management	Email address and marketing consents	Art. 6(1)(a) GDPR – Consent	Optional
Statistical analysis of website usage	Browsing data collected through cookies/tracking tools	Art. 6(1)(a) GDPR – Consent (through the cookie banner)	Optional

Note on cookies and tracking tools

All the websites use a consent management platform (CMP) – predominantly Cookiebot – for the installation of cookies and third‑party tools (e.g., Google Analytics, Google Tag Manager, Matomo). The installation of cookies and tracking tools takes place after specific information is provided and, where applicable, after the user’s consent. The purposes of these tools are indicated in the consent management interface and allow aggregated management of the individual providers that supply analytics services.

For more information, please refer to the Cookie Policy and the information about tracking tools on each website.

Processing specific to individual sites or groups of sites

Landbot Chatbot service

Websites: ambrogiorobot.com, zcsazzurro.com, zcspeople.com, zcssoftware.it, smartycloud.it.

Purpose: to provide automated answers to information or support requests via chatbot.

Processed Data: identifying and contact data entered by the user in the chat; content of the conversation.

Legal basis: Art. 6(1)(b) GDPR – performance of pre‑contractual measures.

Nature of provision: mandatory in order to use the service.

Technical support forms with product data

Websites: ambrogiorobot.com, techlinerobots.com, wipercompany.com, zcsazzurro.com.

Purpose: handling requests for technical assistance and warranty.

Processed Data: identifying and contact data; technical product data (model, serial number, year of purchase, point of sale); description of the issue; any attachments.

Legal basis: Art. 6(1)(b) GDPR – performance of pre‑contractual/contractual measures.

PROCESSING CONNECTED WITH ZCS’S PRESENCE ON SOCIAL NETWORKS

ZCS manages official pages and profiles on certain social platforms.

The processing of personal data related to social presence may differ depending on the interaction modalities.

Technical scenarios and roles in the processing

External link from the site to the social platform

If the user clicks on a link that refers to a ZCS official account/page on a social platform, the user is redirected to that platform, which acts as an independent controller for the subsequent processing (including any tracking). ZCS receives and processes personal data only if the user interacts directly with the account/page (e.g., comments, direct messages), for the purpose of handling requests or responding to interactions.

Legal basis: Art. 6(1)(b) GDPR (performance of pre‑contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in managing interactions).

Embedded social widgets/plug‑ins/iframes

Where present, these may involve the transmission of data to the social platform already upon page loading (e.g., IP address, user agent, device information). ZCS adopts technical solutions to minimise data before consent (e.g., “privacy‑enhanced” mode for YouTube).

Management of official pages, messages and content moderation

Users may interact with ZCS through private or public messages (e.g., comments, mentions, posts). ZCS processes such data in order to:

• provide answers and support;
• moderate content, removing content that is offensive, unlawful or irrelevant;
• retain, for the strictly necessary time, evidence of interactions in case of disputes or reports.

Moderation is carried out manually by authorised personnel, in compliance with the platform rules and applicable law.

Management of insight data

For platforms that provide aggregated statistical data on page/account usage (“Insights”), ZCS is joint controller with the platform provider solely with regard to the collection and receipt of such aggregated data, as set out in the respective joint controllership addenda. The platforms remain independent controllers for all further processing carried out on their systems.

Platform‑specific processing

Facebook (Meta Platforms Ireland Ltd.)

Purposes: management of the official ZCS page, interaction with users (comments, messages), receipt of aggregated insight data; possible use of Meta Business tools (e.g., pixel) subject to cookie consent.

Data processed by ZCS: content voluntarily provided by users (messages, comments, attachments), aggregated insight data.

Role:

• Joint controller with Meta for insight data only (Page Insights Controller Addendum).
• Independent controller for data received via messages/comments.
• Joint controllership or separate controllership for business tools on the site, according to the Meta Business Tools Terms.

Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR for direct interactions; Art. 6(1)(f) GDPR for insights.

Instagram (Meta Platforms Ireland Ltd.)

Purposes: content sharing, interaction with users, receipt of account insights.

Processed Data: content and messages sent by users; aggregated insight data.

Role: joint controller with Meta for account insights; independent controller for direct interactions.

Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR.

LinkedIn (LinkedIn Ireland Unlimited Company)

Purposes: institutional and commercial communications, interaction with users, recruiting activities, receipt of page insights.

Processed Data: content and messages sent by users; aggregated insight data.

Role: joint controller with LinkedIn for insights (LinkedIn Pages Joint Controller Addendum); independent controller for direct interactions.

Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR.

YouTube (Google Ireland Ltd.)

Purposes: publication and sharing of video content.

Processed Data: browsing and interaction data with videos on the channel; in the case of embedded videos on the site, data transmitted to Google/YouTube after cookie consent.

Role: independent controller for data collected on the YouTube channel; in case of embeds on the site, a separate controller from ZCS (which merely publishes the content).

Measures adopted: activation of the player only after consent; use of “privacy‑enhanced” mode (youtube‑nocookie.com) where possible.

Legal basis: consent for embeds on the site; Art. 6(1)(f) GDPR for direct interactions on the channel.

TikTok (TikTok Technology Limited)

Purposes: sharing of video content and interaction with users.

Processed Data: content and messages sent by users; data collected through any advertising/measurement tools or pixels (only subject to cookie consent).

Role: independent controller for the official profile; separate or joint controllership, limited to measurement/advertising tools on the site according to the TikTok Business Products (Data) Terms.

Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR for direct interactions; consent for tracking tools.

Consent management and further information

Activation of social widgets/plug‑ins/iframes on the site occurs only after express consent via the cookie banner.

For joint‑controllership processing related to insights, ZCS complies with the responsibilities allocated in the official addenda and forwards to the other party any rights requests falling under their competence.

More information about autonomous processing by social platforms is available in their respective privacy policies:

• Facebook/Instagram: https://www.facebook.com/privacy/policy
• LinkedIn: hhttps://www.linkedin.com/legal/privacy-policy
• YouTube/Google: https://policies.google.com/privacy
• TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy

RECIPIENTS OF THE DATA

Personal data collected through the Websites are processed by:

• Authorised ZCS personnel, duly instructed and bound by confidentiality;
• Service providers engaged by ZCS for technical and organisational activities, including:
• hosting and infrastructure management services;
• maintenance and technical support services;
• cybersecurity and monitoring services;
• statistical and marketing platforms (e.g., Google Analytics, Meta/Facebook Pixel), subject to the user’s consent via the cookie banner;
• any chatbot service providers (e.g., Landbot) where present, as specified in the relevant site section.

Where present, social networks and other third‑party platforms (e.g., Google, Meta, LinkedIn, YouTube, TikTok) act as independent controllers for the activities carried out on their respective platforms, according to their own privacy policies.

Some providers may be established or process personal data outside the European Economic Area (EEA). In such cases, ZCS ensures that the transfer takes place in compliance with Articles 44 et seq. of the GDPR, adopting appropriate safeguards such as the European Commission’s Standard Contractual Clauses or equivalent protective measures.

RETENTION PERIOD

ZCS retains personal data for no longer than is strictly necessary to achieve the purposes for which they were collected and processed, in accordance with the storage limitation principle (Art. 5(1)(e) GDPR).

Retention times vary according to the type of processing and the legal bases applied, as follows:

• Data sent via contact, support or information request forms: retained for the time necessary to respond to the request. Subsequently, the data are retained for the duration of the relationship and/or for the statutory periods required for administrative‑accounting, tax and legal defence purposes (up to 10 years).
• Data for newsletter subscriptions or promotional communications: retained until consent is withdrawn, which can be done at any time, or until a request is made to be removed from the mailing list.
• Browsing data and technical logs (e.g., IP addresses, access logs, security logs): retained for up to 18 months, unless further retention is required by law, for determining liability in case of security incidents, or upon request of the judicial authority.
• Data collected via cookies and similar technologies: retained for the period indicated in each Site’s Cookie Policy, depending on the type of cookie and the choices made by the user through the consent banner and, in any case, for no more than 14 months.
• Data sent via chatbot (where present): retained for the time necessary to manage the conversation and to close the request, without prejudice to longer periods if related to contractual relationships or legal obligations.
• Data processed through interactions on social networks: retained for the time necessary to manage interactions and, in any case, according to the terms set by the social platform acting as independent controller.

Once the retention period has expired, the data are deleted or irreversibly anonymised, unless otherwise required by law or for the legitimate interest of defence in legal proceedings.

DATA SUBJECT RIGHTS

As a data subject, you may exercise at any time the rights recognised by Articles 15–22 of Regulation (EU) 2016/679, including:

• Right of access: to obtain confirmation as to whether or not personal data concerning you are being processed and to receive the information provided for by law;
• Right to rectification: to obtain the correction of inaccurate data or the completion of incomplete data;
• Right to erasure: to request the deletion of personal data in the cases provided for by the GDPR;
• Right to restriction of processing: to obtain the restriction of processing when the conditions set out by law apply;
• Right to data portability: to receive your personal data in a structured, commonly used and machine‑readable format and to transmit them to another controller, where technically feasible;
• Right to object: to object, on grounds relating to your particular situation, to the processing of personal data in the cases permitted by law;
• Right to withdraw consent: to withdraw at any time any consent given, without affecting the lawfulness of processing based on consent before its withdrawal;
• Right to lodge a complaint: to contact the Italian Data Protection Authority (Garante per la protezione dei dati personali) or another competent supervisory authority.

The exercise of these rights is subject to the limits and conditions set out by the GDPR and national law. In some cases, the exercise of certain rights may be deferred, limited or excluded in order to comply with legal obligations or for the purposes of defence in legal proceedings.

To exercise your rights, you may send a written request to the Data Controller at privacy@zcscompany.com or via the other contact details indicated in this notice.

CHANGES TO THIS NOTICE

Any updates to this notice will be notified to users and published in the “Privacy Policy” section of the websites.