Privacy policy

Privacy policy
Pennelli Faro S.r.l. with registered office in via E. Vanoni, 37/A, 26041 Casalmaggiore (CR), tax ID and VAT no. 00955910195, in its capacity as the data controller (=Controller), guarantees compliance with the law on the protection of personal data and invites you to read the following information on the processing of your personal data while browsing the website, for the distribution of its newsletter, and in the context of relations with its customers and suppliers pursuant to Arts. 13 and 14 EU Regulation 2016/679 and subsequent amendments (=GDPR).

1. WEBSITE

Privacy policy
1.1 PROCESSED DATA
The Controller processes personal data transmitted automatically when visiting its website (=Website). Specifically, the personal data that may be processed fall into the following categories:
Data categories
IP address; domain names; browser type; device data; use of links (origin and destination website)
Further, the Controller processes personal data voluntarily shared through the contact form. Specifically, the personal data that may be processed fall into the following categories:

Data categories
personal details; contact details (email, nickname, telephone number); work information (company)
Privacy policy
Privacy policy
1.2 PROCESSING PURPOSES AND LEGAL BASIS
The Controller processes your personal data for the following purposes and on the following legal basis:
 
Purposes Legal Basis
proper functioning and security of the Website legitimate interest of the Controller (Art. 6.1(f) GDPR)
answering the data subject’s request for contact consent (Art. 6.1(a) GDPR)
 
Privacy policy
1.3 METHODS OF PROCESSING AND RECIPIENTS
The personal data you provide are processed in accordance with the principles of accuracy, lawfulness, purpose, quality, relevance, proportionality, and transparency. The data are collected in automated form and are not combined or otherwise processed for identification or profiling purposes.
The Controller takes appropriate security measures to prevent the alteration, erasure, destruction, unauthorised access, or unlawful processing.
The data processing is carried out by the Controller’s staff, authorised to this end and trained to process personal data in compliance with the law, or by third parties appointed as Data Processors (e.g., web hosting, web design and software service providers), who guarantee compliance with the provisions of the law and the protection of your rights.
Personal data for the purpose of answering requests for contact may be processed using third-party services and software indicated by you. These third parties process your personal data as described in their data privacy notices (WhatsApp; Skype; Zoom).
The personal data you provide may be disclosed to other parties where required by law.
Privacy policy
1.4 RETENTION PERIOD
Your personal data are stored up to five years from the date of your visit to the Website; personal data collected with your consent is stored for up to two years from the last contact with the Controller.
Privacy policy
1.5 PROVISION OF DATA
The provision of your personal data that occurs automatically while browsing the Website is necessary for its use.
The provision of other personal data is necessary for the achievement of the specified purpose. Refusal to provide it or parts of it may result in the impossibility of following up on your request for contact.
Privacy policy
1.6 YOUR RIGHTS
You may at any time request access, rectification, or erasure of your personal data to the Controller by email to privacy@pennellifaro.it. You may further revoke consent, request the restriction of the processing or object to it. Finally, you may also lodge a complaint with the Data Protection Authority pursuant to Article 77 of the GDPR, find further information at https://garanteprivacy.it/web/garante-privacy-en/home_en

2.NEWSLETTER

Privacy policy
2.1 PROCESSED DATA
The Controller only processes personal data relevant and functional to the distribution of its newsletter (=Newsletter). In particular, the personal data that may be processed by the Controller fall into the following categories:
Data categories
personal details; contact details; newsletter interaction data; IP address; browser type, device information; use of links (origin and destination website);
Privacy policy
Privacy policy
2.2 PROCESSING PURPOSES AND LEGAL BASIS
The Controller processes your personal data for the following purposes and on the following legal basis:
 
Purposes Legal Basis
sending of the Newsletter containing updates on the Controller's
activities and product development information, invitations to events,
trade fairs, training courses, webinars, special promotions, and invitations
to participate in market research and analysis

improvement of marketing activities and services offered by the Controller
 
consent (Art. 6.1(a) GDPR)




consent (Art. 6.1(a) GDPR)
 
information, advertising and promotional campaigns, invitation to
events and trade fairs regarding products already supplied by the
Controller or similar products
legitimate interest of the Controller (Art. 6.1(f) GDPR)
 
Privacy policy
2.3 METHODS OF PROCESSING AND RECIPIENTS
The personal data you provide are processed in accordance with the principles of accuracy, lawfulness, purpose, quality, relevance, proportionality, and transparency. 
To send its Newsletter, the Controller uses the MailChimp platform which, by means of statistical tracking systems (e.g., web beacons, pixel identifiers, etc.) contained in the emails, makes it possible to detect the opening of a message, the clicks made on the hypertext links contained within the email, the IP address or the type of browser used to open the email, and other similar details. Further information on the processing of personal data by MailChimp can be found at this address: https://mailchimp.com/help/mailchimp-intuit-privacy-faq/
The Controller takes appropriate security measures to prevent the alteration, erasure, destruction, unauthorised access, or unlawful processing.
The data processing is carried out by the Controller’s staff, authorised to this end and trained to process personal data in compliance with the law.
Within the limits of the indicated processing purposes, some processing activities may be carried out on behalf of the Controller by third parties appointed as Data Processors (e.g. software and IT service providers), who ensure compliance with the provisions of the law and the protection of your rights.
The personal data you provide may be disclosed to other parties where required by law.
Privacy policy
2.4 EXTRA-EEA DATA TRANSFERS
Data processed through the MailChimp platform may be transferred outside the European Economic Area. The transfer ensures an adequate level of protection through the adoption of the measures described at https://mailchimp.com/help/mailchimp-european-data-transfers/, in particular the addendum on data processing (https://mailchimp.com/it/legal/data-processing-addendum/).
Privacy policy
2.5 RETENTION PERIOD
Your personal data are processed for the duration of your subscription to the Newsletter. Data relating to interaction with the Newsletter are stored for up to two years.
Privacy policy
2.6 PROVISION OF DATA
The provision of your personal data is necessary for the achievement of the specified purposes. Refusal to provide it or parts of it may result in the impossibility of sending you the Newsletter.
Privacy policy
2.7 YOUR RIGHTS
You may unsubscribe from the Newsletter at any time via the appropriate link. In addition, you may at request access, rectification, or erasure of your personal data to the Controller by email to privacy@pennellifaro.it. You may further request the restriction of the processing or object to it. Finally, you may also lodge a complaint with the Data Protection Authority pursuant to Article 77 of the GDPR, find further information at https://garanteprivacy.it/web/garante-privacy-en/home_en

3. RELATIONS WITH CUSTOMERS AND SUPPLIERS

Privacy policy
3.1 PROCESSED DATA
The Controller only processes personal data relevant and functional to the pre-contractual or contractual relationship with you or with our Partner or Customer with whom you work. In particular, the personal data that may be processed by the Controller fall into the following categories:
Data categories:
personal details; contact details; work information; fiscal, economic, and financial data
Privacy policy
Privacy policy
3.2 PROCESSING PURPOSES AND LEGAL BASIS
The Controller processes your personal data for the following purposes and on the following legal basis:
 
Purposes Legal Basis
negotiation, conclusion, execution, and management of contracts performance of pre-contractual measures
or of a contract (Art. 6.1(b) GDPR)
business relations management and accounting performance of a contract (Art. 6.1(b) GDPR);
legitimate interest of the Controller (Art. 6.1(f) GDPR)
fulfilment of legal and contractual obligations performance of pre-contractual measures or of
a contract (Art. 6.1(b) GDPR); legal obligation (Art. 6.1(c) GDPR)
information, advertising and promotional campaigns,
invitation to events and trade fairs regarding products
already supplied by the Controller or similar products
legitimate interest of the Controller (Art. 6.1(f) GDPR)
protection of the Controller’s rights legitimate interest of the Controller (Art. 6.1(f) GDPR)
Privacy policy
3.3 METHODS OF PROCESSING AND RECIPIENTS
The personal data you provide are processed in accordance with the principles of accuracy, lawfulness, purpose, quality, relevance, proportionality, and transparency. 
The Controller takes appropriate security measures to prevent the alteration, erasure, destruction, unauthorised access, or unlawful processing.
The data processing is carried out by the Controller’s staff, authorised to this end and trained to process personal data in compliance with the law, or by third parties appointed as Data Processors (e.g., accountants, software suppliers), who ensure compliance with the provisions of the law and the protection of your rights.
The personal data you provide may be disclosed to other parties where required by law or necessary to achieve the stated purposes (e.g., forwarding agents, carriers, banking and insurance companies).
Privacy policy
3.4 RETENTION PERIOD
Your personal data are processed for the duration of the contract and up to ten years after its termination for any reason whatsoever or, in the event of litigation, up to one year after the decision becoming final or the out-of-court settlement of the dispute, whichever is later. If a contractual relationship is not established, your personal data will be retained for up to two years after the last commercial contact.
Privacy policy
3.5 PROVISION OF DATA
The provision of your personal data is necessary for the achievement of the specified purposes. Refusal to provide it, even partially, may make it impossible for the Controller to fulfil its obligations and may result in the termination of the contract.
Privacy policy
3.6 YOUR RIGHTS
You may at any time request access, rectification, or erasure of your personal data to the Controller by email to privacy@pennellifaro.it. You may request the restriction of the processing or object to it. Finally, you may also lodge a complaint with the Data Protection Authority pursuant to Article 77 of the GDPR, find further information at https://garanteprivacy.it/web/garante-privacy-en/home_en.
Siglacom - Internet Partner