Privacy policy

Privacy policy

1. Data controller

Pennelli Faro S.r.l. Whose registered office is via Ezio Vanoni, 37/A, 26041 Casalmaggiore (CR), C.F. e P.I. 00955910195, hereinafter referred to as “Data Controller”, provides for the compliance with the personal data protection providing information according to the data processing pursuant to art. 13 of the EU regulation 2016/679 (General Data Protection Regulation – GDPR) and following changes.
 
Privacy policy

2. Processed data, scopes and legal grounds for data processing

2.1 General website access data
The IT systems and software procedures enforced for the present website operation acquire, during their standard operation, some personal data whose transfer is integral to the use of the internet communication protocol.
The collected information could be:
  • Domain names;
  • Internet protocol address (IP);
  • Used operating system;
  • Brower and parameters of the device used to be connected to the website;
  • Visitor referral and exit page.
The information is automatically processed and collected in aggregated form as to check the website operation and for safety reasons.
The juridical ground justifying the processing is the Controller legitimate interest.

2.2 Data recorded for safety reasons
For safety reason (antispam filters, firewalls, virus detection), the automatically registered data can eventually include personal data such as the IP address, which could be used, in compliance with the regulations in force on the subject as to avoid any website possible damage or damages other users, or anyhow dangerous or criminal activities. Such data is never used to identify or profile the user but only to protect the website and its users.
The juridical ground justifying the processing is the Controller legitimate interest.

2.3 Data voluntarily supplied by the user
Personal data supplied by the user through the forms is collected and processed for the following reasons:
  1. To carry out any activity with the customer according to contract and/or pre-contact agreements;
  2. For administrative reasons and to comply with the regulations in force such as for accounting or fiscal purposes or to comply with the judicial authority request;
  3. After receiving the due consent, to periodical forward, through e-mail, the newsletter with updates on the company activities and the product development information, invitations to events, exhibitions, training courses, webinar, special promotions and the invitation to take part to market research and analysis;
  4. To occasionally forward information relating to bought or similar products (cd. “soft-spam”);
  5. In case a curriculum vitae is forwarded, for selection.

The juridical bases justifying the processing:
  • As for the compliance with goals in paragraph 2.3. Letters a), b) and c) it is the execution of contract which the affected party is a part or to execute pre-contract measures enforced on its request;
  • As for the compliance with paragraph 2.3. letter c), it is the free consent supplied by the party interested;
  • As for the compliance with paragraph 2.3. letter d) it is the legitimate interest of the Controller.
2.4 Data entered through comments
Should the website allow to enter comments, it automatically detects and records user identification data, including its e-mail address.
Such data is to be considered voluntarily supplied by the user, when asking for the service provision. Adding a comment or information, the user expressly accepts the privacy policy and more precisely it allows the entered contents to be freely spread out to third parties as well.

2.5 Data collected through the MailChimp platform
For more information, it is hereby specified that when forwarding any notice, the Controller profits from the newsletter and mail marketing platform Mail Chimp, which through statistical tracing (i.e. web beacons, pixels, etc.) allows to detect when the message is opened, any click on the hypertext links in the e-mail, from which IP address and which browser is used to open the e-mail and similar information.
The data collection is functional to the platform use and is integral to the message forwarding system functions.
The juridical bases justifying such data processing:
  • As for the compliance with paragraph 2.3. letter c) it is the free consent supplied by the party interested;
  • As for the compliance with paragraph 2.3. letter d) it is the legitimate interest of the Controller.
Privacy policy

3. Type of data transfer

With the exception of what specified for the surfing data and data collected through the MailChimp platform, the data transfer:
  • As for the compliance with goals according to paragraph 2.3 letter a), b) and c), it is not compulsory but any denial will not allow the Controller to comply with its contract commitments;
  • As for the compliance with paragraph 2.3. Letter c) it is not compulsory as well and it is conditioned by the due consent. Any possible denial will not allow the Controller to forward newsletters and advertising materials or invitations to events or its initiatives;
  • As for the compliance with goals according to paragraph 2.3 letter d), it is not compulsory but any denial will not allow the Controller to forward e-mails relating to the already bought or similar products.
Privacy policy

4. Treatment place and storage modes as well as data storage duration

The data collected from the website is processed by the controller website and by the web hosting datacenter. The web hosting Amazon AWS whose registered office is in Ireland, liable for the data processing, processing the data on behalf of the controllers is within the European Economic Space and therefore it complies with the European Union regulations.
The collected data is processed through IT means or automated, IT or telematics means, or through manual processing according to logics strictly depending on the goals which personal data is collected for and anyhow to provide its safety.
The data is stored for the time period strictly required to be able to manage the processed data itself (“general data processing regulations” art. 5 of the EU Regulation 2018/679) and in compliance with the expiring terms forecast in the regulations in force or in compliance with the statutory requirements.
Periodically data stored for the purpose of collection is checked as to define whether it is obsolete or not.
Collected data for surfing, used for safety reasons, is stored for 5 years.
Anyhow the Controller enforces rules avoiding data storage for an infinite duration and therefore its storage is limited in compliance with the limitation principle for the data processing.
More information on the GDPR compliance of the web hosting Amazon AWS is available here.
 
Privacy policy

5. Subjects authorised to process data, data processors and data communication

The collected data is processed by the Controller internal personnel, clearly identified and authorised to carry out any processing, according to the specific instructions provided by the regulations in force.
Collected data, within the limits and purpose of the processing and should it be instrumental or required for the purpose execution, could be treated by third parties, called external data processors or as the case may be, transferred to third parties as independent data controllers, and more precisely:
  • Companies belonging to the Group for the purposes specified in paragraph 2.3. letter a), b) and c);
  • People, companies, associations or professional cabinets providing for external consulting to the company, for the purposes specified in paragraph 2.3. letter b) and e);
  • Companies, institutions, associations liable for instrumental services to the hereinbefore mentioned purpose (market surveys and analysis, payment through credit cards, IT system service).
Reported data could be supplied on a legitimate request only in the cases forecast by the law, to the judicial authority.
Never and for whatsoever reason, data will be spread out.
The processing data controller and processors are identified in the Privacy policy, periodically updated.
 
Privacy policy

6. Data transfer in countries outside the EU

Collected data could be transferred outside the EU as well, in the forms ad modes forecast by the regulations in force, providing for an accurate security level.
The present website could share some collected data with localised services outside the EU. More precisely with Google, Facebook, Instagram e Microsoft (LinkedIn) through the social plugins and the Google Analytics service as well as the newsletter platform MailChimp. The transfer is authorised according to the specific decisions by the European Union and the personal data protection authority, more precisely the decision 1250/2016 (Privacy Shield - here the information page by the Italian protection authority), which no consent is required for. The above-mentioned companies provide for the compliance to the Privacy Shield.
More information of the use of data and the compliance with the GDPR is available in the following links:
Privacy policy

7. Subject’s rights

The subject is always entitled to ask the Controller to access its personal data, to adjust or remove it, to limit its processing or to contrast its processing, to ask for the data portability, to revoke the processing consent according to these and other rights included in the EUR Regulation 2016/679 (General Data Protection Regulation – GDPR) forwarding an e-mail to privacy@pennellifaro.it
The subject can forward a complaint to the competent protection authority.
 
Last update: 11/09/2018


Privacy policy suppliers

Privacy policy

1. Data controller

Pennelli Faro S.r.l. whose registered office is via Ezio Vanoni, 37/A, 26041 Casalmaggiore (CR), tax payers’ and VAT code 00955910195, hereinafter referred to as “Data Controller”,  provides for the compliance with the personal data protection providing information according to the data processing pursuant to art. 13 of the EU regulation 2016/679 (General Data Protection Regulation – GDPR) and following changes.
Privacy policy

2. Processed data, scopes and legal grounds for data processing

Personal data is collected and processed for the following reasons:
  1. To carry out any activity with the customer according to contract and/or pre-contact agreements;
  2. For administrative reasons and to comply with the regulations in force such as for accounting or fiscal purposes or to comply with the judicial authority request;
The juridical ground the processing is based on is the execution of a contract the party affected is a part of or the execution of pre-contract measures enforced on the person interested request or imposed by the law.
Privacy policy

3. Type of data transfer

Data is compulsorily to be granted according to what legally and contractually imposed and therefore any denial to provide it does not allow the data controller to execute the contract or to correctly carry out any connected obligation (fiscal requirements).
Privacy policy

4. Treatment place and storage modes as well as data storage duration

The data collected from the website is processed by the controller registered office.
The collected data is processed through IT means or automated, IT or telematics means, or through manual processing according to logics strictly depending on the goals which personal data is collected for and anyhow to provide their safety.
The data is stored for the time period strictly required to be able to manage the processed data itself (“general data processing regulations” art. 5 of the EU Regulation 2018/679) and in compliance with the expiring terms forecast in the regulations in force or in compliance with the statutory requirements.
Periodically data stored for the purpose of collection is checked as to define whether it is obsolete or not.
Anyhow the Controller enforces rules avoiding data storage for an infinite duration and therefore its storage is limited in compliance with the limitation principle relating the data processing.
Privacy policy

5. Subjects authorised to process data, data processors and data communication

The collected data is processed by the Controller internal personnel, clearly identified and authorised to carry out any processing, according to the specific instructions provided by the regulations in force.
Collected data, within the limits and purpose of the processing and should it be instrumental or required for the purpose execution, could be treated by third parties, called external data processors or as the case may be, transferred to other subjects to correctly comply with the purposes specified in paragraph 2.
Reported data could be supplied on a legitimate request to the judicial authority only in the cases forecast by the law.
Never and for whatsoever reason, data will be spread out.
The processing data controller and processors are identified in the Privacy policy which is periodically updated.
Privacy policy

6. Data transfer in countries outside the EU

Personal data can be transferred to countries inside the European Union or to third countries outside the European Union or to an international organisation, according to the purpose specified in paragraph 2.
The person interested will be the informed whether there is a suitability decision by the European Union Commission.
Privacy policy

7. Subject’s rights

The subject is always entitled to ask the Controller to access its personal data, to adjust or remove it, to limit or to contrast its processing, to ask for the data portability, to revoke the processing consent according to these and other rights included in the EUR Regulation 2016/679 (General Data Protection Regulation – GDPR) forwarding an e-mail to privacy@pennellifaro.it
The subject can forward a complaint to the competent protection authority.

Last update: 11/09/2018
Omeganet - Internet Partner