PRIVACY POLICY
The procedures of the personal data processing performed on the data collected after consulting our website pedrini-italia.it are described here below, in compliance with the legal obligation concerning the personal data pursuant to the EU Regulation 2016/679 or “Regulation”.
Legal references:
· Privacy Guarantor
o General directive on the data protection EU Regulation 2016/679 of the European Parliament and of the Council of 27th April 2016 (https://www.garanteprivacy.it/regolamentoue)
o INSERIRE IL LINK DI COLLEGAMENTO AL REGOLAMENTO
o Identification of the simplified procedures for the policy and the acquisition of the consent for the use of cookies – 08th May 2014 [3118884]
o Guidelines concerning the processing of personal data for on line profiling – 19th March 2015 [3881513]
o Policy and consent for the use of cookies
· European Data Protection Supervisor
o Directive 2009/136/EC - Repository
o Working Document 02/2013 providing guidance on obtaining consent for cookies
PEDRINI S.p.A. ad Unico Socio attaches the utmost importance to the respect of the privacy of its visitors. The following is referred to the website pedrini-italia.it and not to other websites, which may be reached via link and it is also intended as Policy for the visitors pursuant to Art. 13 and 14 of the EU Regulation 2016/679 and the European Legislation concerning the cookies (see references above).
data controller, managers and PROCESSORS
Visitors are informed that, after consulting this website, personal data processing may be performed, by the Data Controller PEDRINI S.p.A. ad Unico Socio - Via delle Fusine, 1 - Carobbio degli Angeli - 24060 - Bergamo - Italy - T. +39 035 4259111 - P.IVA: 03169850165 | C.F./P.IVA Iscr. Reg. Impr. di BG 03169850165 - R.E.A. di BG n° 355496 - Mec n° BG061862 - Cap. Soc. € 10.000.000 i.v., info@pedrini.it.
The personal data will be processed by the above mentioned Data Controller and by the personnel and persons expressly authorized by the same to the processing (“processors”).
Moreover, visitors are informed that the Data Controller and the processors may authorize third parties to access the site for limited periods of time and for technical requirements. Particularly, the subjects in charge for technical management and for hosting service provision (such as Aruba S.p.A.) upon Pedrini S.p.a. instructions, may access the site, prior authorization and instruction of the Data Controller.
processed data and purposes of the data processing
Browsing data
For exclusive IT security and performance monitoring purposes, the systems underlying the website pedrini-italia.it may acquire information potentially attributable to the user’s personal data.
This category may for example record data such as the IP address of the computer, the time of access to the site, the visited website pages, the URI addresses (Uniform Resource Identifier) of the required resources and other parameters related to the operating system and to the IT environment of the website browser.
These data are recorded in proper logs and can only be communicated to the Judicial Authority, in case of significant computer security events.
Otherwise (absence of security problems), the data are cancelled from the systems as quickly as the IT organization allows and, in any case, not later than a working week.
Data voluntarily provided by the User
The website pedrini-italia.it manages reserved areas for registered visitors and offers a newsletter service only for users wishing to join that service.
Some sections of the website may require personal data: business name, first name and last name, e-mail address, business address/home address, telephone/mobile, website. Should the user fail to provide some of the aforementioned data (business name, first name and last name, e-mail address) Pedrini Italia S.p.A. ad Unico Socio will not be able to answer to any User’s request and/or to send informative newsletters. The aforementioned data provided by the users will be used solely and exclusively for the functioning of the related services (e.g. answer to the requests, subscription to the informative newsletter, spontaneous submission of mails, etc.) and to perform the required request (e.g. material shipping, assistance service, etc.). The optional delivery of general e-mail services to the addresses registered in this website, through the section “contact form”, the newsletter or through the use of mail forms in this website involves the acquisition of the e-mail addresses and of other registered personal data. In particular, with the authorization the processing of the data registered in the “contact form” on our website pedrini-italia.it pursuant to EU Regulation 2016/679, these data are protected by the Data Controller and are used to answer to user’s questions, to provide the required information and/or to contact the user about the provided services and/or for possible promotions and/or offers.
storagE OF DATA
In compliance with the principles of the EU Regulation 2016/679 personal data will be stored for a period of time not exceeding the achievement of the purposes for which they are collected and processed. In particular, the browsing data will be stored for the time session and for the time in which the website is used, while the data voluntarily provided by the user (e.g. newsletter and “contact form”) will be stored for the necessary period to follow up the user’s needs and supply the required service or to carry out the obligatory checks to comply with the applicable legislation and subsequently, for the time in which the company is subject to storage obligations for tax purposes or for other purposes provided for by law, or no more than eleven years from the conclusion of the contractual relationship, without prejudice to existing litigation.
In case of withdrawal, closure of the site and / or cancellation of all pages connected to the website, the collected data will be deleted and destroyed without being transferred to third parties, subject to the conditions established by the hosting.
METHODS AND PLACE OF DATA PROCESSING
The provided personal data are mainly processed with automated tools. The place where the data related to the web services of this site are carried out is the aforementioned headquarters of PEDRINI S.p.A. ad Unico Socio and the data are processed only by the technical staff in charge of the processing, that is in the places where the Data Controller and the processors will be located at the time of access with credentials on the site. For needs related to site maintenance, the data may be processed by personnel of the aforementioned Company, appointed as Data Processor in accordance with Article 28 of EU Regulation 2016/679, at the offices of the same Company as well as at the place where the hosting service manager is located.
DATA DISCLOSURE
During the course of its ordinary business activities, the data may be disclosed to third parties, who provide services to the Data Controller and perform data processing on behalf of and on the latter's instruction, and in general to persons performing control, revision and certification of the activities carried out by the Data Controller, consultants and freelancers in the context of tax and judicial assistance and in the case of corporate transactions for which it is necessary to evaluate the company assets, to public and administrations bodies, as well as to persons legitimated for law to receive such information, namely Italian and foreign judicial authorities and other public authorities, for purposes related to the fulfilment of legal obligations, for carrying out the obligations arising from the contractual relationship, or for defence in court proceedings.
Specifically, within the limits of what is necessary and within the scope of the purposes set out above, personal data, in addition to being known by authorized parties as well as by the Data Controller, may also be disclosed to third parties such as, merely as an example and not exhaustive, consultants and freelancers in single or associated form, local authorities, government agencies, business companies, banks and credit institutions, non-bank financial intermediaries, associations of local authorities, public economic and non-economic bodies, other public administrations, institutional bodies, authorities and judicial offices, police forces, professional orders and colleges, employers, associations of entrepreneurs and companies, Central of risks, insurance companies, members, associated and registered subscribers, customers and users, suppliers, employees, freight forwarders, software employees, user’s family members, tax collection agencies.
DATA DISSEMINATION
TRANSFER OF DATA TO THIRD COUNTRIES
Within the scope of the purposes described above, personal data may be transferred to European Union countries as well as to third countries, subject to the express consent of the data subject.
In particular, processing may be performed on assets located in German and Italian territory.
In addition, cloud storage systems are deployed with servers located outside the European Union (for example, Dropbox) which not only relies on a wide range of legal mechanisms for the international transfer of personal data from the EU to the United States, including the well-known EU-US Privacy Shield Agreement (translated "EU-US Privacy Shield"), stipulated between the European Commission and the US Department of Commerce in order to protect the confidentiality of personal data of European citizens in the event of overseas transfer, but also relies on EU-type contractual clauses for international data transfer as well as internationally recognized guidelines for data protection in the cloud, such as the new ISO / IEC 27018:2014, which joins the previous ISO / IEC 27001 and ISO / IEC 27002 standards.
RIGHTS OF THE DATA SUBJECT
In relation to the processing of the above described data, the data subject may at any time exercise his/her rights against the Data Controller pursuant to the EU Regulation 2016/679, and in particular the right:
a) to obtain the confirmation whether or not his/her personal data are being processed and in this case, to obtain access to personal data and to the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; (d) where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the Data Controller the rectification or erasure of personal data or restriction of personal data concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information regarding their source; (h) the existence of an automated decision-making process, including the profiling referred to in Article 22 (1) and (4) and, at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
b) to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him/her, as well as to have incomplete personal data completed, including by means of providing a supplementary statement.
c) to obtain form the Data Controller the erasure of personal data concerning him/her without undue delay, where one of the following grounds applies: a) personal data are no longer necessary to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a) and whether there is no other legal basis for the processing; (c) the data subject objects to the processing pursuant to Article 21 (1) and there is no overriding legitimate reason to proceed with the processing, or the data subject objects to the processing pursuant to Article 21 (2); d) personal data have been unlawfully processed; e) personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject; (f) the personal data have been collected in relation to the offer of information society service referred to Article 8 (1);
d) to obtain from the Data Controller restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the Data Controller override those of the data subject;
e) to receive the personal data concerning him/her, which he/she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and b) the processing is carried out by automated means.
f) to object, on grounds relating to his/her particular situation, at any time to the processing of personal data concerning him/her pursuant to art. 6 (1) (e) or (f), including the profiling based on those provisions.
g) to withdraw his/her consent at any time.
h) not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or similar significantly affects him/her, unless the decision: a) is necessary for entering into, or performance of, a contract between the data subject and the Data Controller; b) is authorized by Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard the data subject’s right, freedoms and legitimate interests; c) is based on the data subject’s explicit consent.
COOKIE POLICY
Pursuant to EU Regulation 2016/679 cookies are considered personal data when the may be associated to a device. The information on the types of cookies is provided below.
Definitions
Cookies are small text strings that the sites visited by the user send to his terminal (usually the browser), where they are stored before being re-transmitted to the same sites at the following visit of the same user. While browsing a site, the user can also receive cookies on his/her terminal that are sent from different websites or web servers (so-called "third parties"), on which may reside some elements (such as, for example, images, maps, sounds, specific links to pages of other domains) on the site that the same is visiting.
Cookies, usually present in users' browsers in very large numbers and sometimes even with long temporal persistence, are used for different purposes: execution of computer authentication, monitoring of sessions, storage of information on specific configurations concerning users accessing the server, etc.
For the purposes of proper compliance with the Privacy regulations, the Privacy Guarantor has identified two classes of cookies:
a. Technical Cookies
Technical cookies are those used solely for the purpose of “carrying out the transmission of a communication over an electronic communication network, or to the extent strictly necessary to the provider of an information society service explicitly requested by the subscriber or user to provide that service” (art. 122, par. 1, D.Lgs n. 196/2003 – source: Privacy Guarantor).
They are not used for any further purpose and are normally installed directly by the owner or operator of the website. They can be divided into navigation or session cookies, which ensure normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas); analytics cookies, similar to technical cookies when used directly by the site operator to collect information, in aggregate, on the number of users and how they visit the site itself; functionality cookies, which allow the user to navigate according to a series of selected criteria (such as language, products selected for purchase) in order to improve the service provided to the same.
b. Profiling Cookies
Profiling cookies are used to create user profiles and to send advertising messages in line with the preferences expressed by the user when browsing the web. Due to the particular intrusiveness that such devices may have within the privacy of users, European and Italian law requires that the user must be adequately informed about the use of the same and thus express their valid consent. Source (Privacy Guarantor).
Browser settings for cookies
It is the user's right to allow or not the installation of cookies. Some functionalities - sometimes fundamental - of this Site may, however, not be available if one or more cookies are disabled. The settings related to this choice can be checked and changed in the browser preferences window. Below are links to manufacturers of the most common browsers, where you can get information on how to change your cookie settings:
· Mozilla
· Chrome
· Safari
· Opera
Or by visiting the following link: youronlinechoices.eu
TECHNICAL COOKIES
The website pedrini-italia.it uses the following technical links, strictly restricted to the transmission of session identifiers (consisting of random numbers generated by the server) which are necessary to allow the safe and efficient browsing of the site:
|
Name |
Domain |
Category |
Purpose |
Policy privacy |
|
SESSIONID |
pedrini-italia.it |
Technical cookies |
Optimize browsing |
Data retention
Technical cookies are deleted when the browser is closed.
PROFILING COOKIES
With the purpose to offer a better browsing experience, the website pedrini-italia.it uses media services of third parties, managed and controlled by cookies.
Such cookies, in addition to provide this functions, may detect the user activities and therefore be classified in the “profiling category” as defined by the Privacy Guarantor.
The browsing on the website pedrini-italia.it, if such cookies are not accepted, would still be possible, although some restrictions.
The possibility to share contents through Social Networks (such as Facebook, Twitter, YouTube) is disabled.
The list of cookies and of its related policy privacy is described below:
|
Name |
Domain |
Category |
Purpose |
Policy Privacy |
|
__atuvc |
pedrini-italia.it |
AddThis |
Registration of user preferences in sharing the site contents on social channels. |
|
|
__atuvs |
pedrini-italia.it |
AddThis |
Registration of user preferences in sharing the site contents on social channels |
|
|
bt |
.addthis.com |
AddThis |
Registration of user preferences in sharing the site contents on social channels |
|
|
di2 |
.addthis.com |
AddThis |
Registration of user preferences in sharing the site contents on social channels |
|
|
dt |
.addthis.com |
AddThis |
Registration of user preferences in sharing the site contents on social channels. |
|
|
loc |
.addthis.com |
AddThis |
Registration of user preferences in sharing the site contents on social channels. |
|
|
uid |
.addthis.com |
AddThis |
Registration of user preferences in sharing the site contents on social channels |
|
|
uit |
.addthis.com |
AddThis |
Registration of user preferences in sharing the site contents on social channels |
|
|
um |
.addthis.com |
AddThis |
Registration of user preferences in sharing the site contents on social channels |
|
|
uvc |
.addthis.com |
AddThis |
Registration of user preferences in sharing the site contents on social channels |
|
|
bt |
.addthis.com |
AddThis |
Registration of user preferences in sharing the site contents on social channels |
|
|
di2 |
.addthis.com |
AddThis |
Registration of user preferences in sharing the site contents on social channels |
|
|
B |
.addthis.com |
AddThis |
Registration of user preferences in sharing the site contents on social channels |
Data retention
The methods for storing cookies are indicated on the third parties related websites.
BROWSING STATISTICS
On the website pedrini-italia.it a statistical survey is activated through the use of Google Analytics tool, which uses cookies and other parameters according to the procedures shown on the document related to Google Privacy Regulations and on the specific document regarding the use of the information collected through Google Analytics.
Google Analytics cookies are directly used by the controller on the website pedrini-italia.it with the purpose to optimize (aggregate information collection on the number of users and how they visit the site) and therefore they are included in the technical cookies category, as specified by the Privacy Guarantor.
I cookie Google Analytics sono direttamente utilizzati dal Titolare nel sito pedrini-italia.it a fini di ottimizzazione (raccolta informazioni in forma aggregata sul numero degli utenti e su come questi visitano il sito) e rientrano pertanto nella categoria di cookie tecnici, come specificato dal Garante Privacy.
|
Name |
Domain |
Category |
Purpose |
Policy Privacy |
|
__utma |
.pedrini-italia.it |
Google Analytics |
Browsing statistics |
|
|
__utmb |
.pedrini-italia.it |
Google Analytics |
Browsing statistics |
|
|
__utmc |
.pedrini-italia.it |
Google Analytics |
Browsing statistics |
|
|
__utmt_ |
.pedrini-italia.it |
Google Analytics |
Browsing statistics |
|
|
__utmv |
.pedrini-italia.it |
Google Analytics |
Browsing statistics |
|
|
__utmz |
.pedrini-italia.it |
Google Analytics |
Browsing statistics |
|
|
_ga |
.pedrini-italia.it |
Google Analytics |
Browsing statistics |
|
|
_gat |
.pedrini-italia.it |
Google Analytics |
Browsing statistics |
Data retention
The statistical analysis is fully anonymous and cannot be linked back to single users. Therefore, they are stored until the company purposes are reached and then cancelled, normally within a working week.
We inform you that if the user has made his/her choices by browsing on the pages of the website pedrini-italia.it from a different device or browser, Pedrini Italia S.p.A. ad Unico Socio will not recognize the selected options and therefore, the privacy policy will be proposed again asking the user to make again its choices.
B) COOKIE
Quanto all’informativa e relativo consenso in materia di COOKIE consiglio anzitutto l’inserimento tramite Vostro tecnico software del banner di consenso ogni qualvolta si apre la pagina del Vostro sito web, banner questo che conterrà il link alla pagina web della Privacy Policy. A tal fine riporto la dicitura che dovrà essere inserita nel banner:
“This website or the used third-party tools make use of the necessary cookies for the browsing operation and for the browsing experience improvement, useful for the purposes described in the cookie policy. If you want more information or if you want to opt out of all or some cookies, please read the cookie policy. Closing this banner, scrolling this page, clicking on a link and kkeping on browsing otherwise, you give your consent to the use of cookies”.
I agree Read more (INSERIRE IL COLLEGAMENTO ALLA PAGINA PRIVACY POLICY)”
C) INFORMATIVA “FORM CONTATTO”
Nella pagina “form contatto” consiglio di aggiungere due checkbox: una relativa all’informativa privacy di cui alla Policy Privacy e l’altra relativa all’adesione alla newsletter.
Consiglio quindi di modificare nel modo seguente:
Vostra attuale dicitura: “Ho letto e accetto l’informativa ai sensi dell’art. 13 del Codice della Privacy e la policy del sito”
Da modificare come segue:
- aggiungere n. 1 checkbox sicché l’utente possa spuntare la relativa casella (senza tale spunta non potrà proseguire con completamento del form contatto e l’invio delle richieste) ed inserire la seguente dicitura: “I have read and accept the terms of the Privacy Policy pursuant to Regulation (EU) 2016/679)”