The purpose of this document is to inform the natural person (hereinafter "Data Subject") about the processing of his/her personal data (hereinafter "Personal Data") collected by the data controller, Pelrio srl, with registered office in G. E. Falck 3, Vobarno 25079, CF/VAT no. 04375670983, e-mail address firstname.lastname@example.org, PEC address email@example.com, telephone 3404730622, (hereinafter "Data Controller"), through and Pelrio (hereinafter "Application").
1. Categories of Personal Data processed
The Data Controller processes the following types of Personal Data voluntarily provided by the Data Subject:
Contact Data: first name, last name, address, e-mail, telephone, pictures, authentication credentials, any further information sent by the Data Subject, etc. Tax and payment data: tax code, VAT number, credit card details, bank account details, etc.
The Controller processes the following types of Personal Data collected in an automated manner:
Technical Data: Personal Data produced by the devices, applications, tools, and protocols used, such as, for example, information about the device used, IP addresses, browser type, type of Internet provider (ISP). Such Personal Data may leave traces that, in particular when combined with unique identifiers and other information received by the servers, can be used to create profiles of individuals.
Data on navigation and use of the Application: such as, for example, pages visited, number of clicks, actions performed, duration of sessions, etc. Failure by the Data Subject to provide Personal Data for which there is a legal or contractual obligation, or if they are a necessary requirement for the conclusion of the contract with the Controller, will result in the impossibility for the Controller to establish or continue the relationship with the Data Subject.
The Interested Party who communicates to the Controller Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication, or dissemination.
2. Cookies and similar technologies
Cookies are not used for the transmission of information of a personal nature, nor are persistent cookies of any kind or systems for tracing Data Subjects used. Therefore, the Application does not acquire the Personal Data of the Data Subjects using these technologies. Use is made of technical session cookies (not persistent), strictly limited to what is necessary for the safe and efficient navigation of the Application.
3. Legal basis and purpose of processing
The processing of Personal Data is necessary:
- for the performance of the contract with the Data Subject and specifically: performance of any obligation arising from the pre-contractual or contractual relationship with the Data Subject registration and authentication of the Data Subject: to allow the Data Subject to register on the Application, access and be identified, also via external platforms support and contact with the Data Subject to respond to the Data Subject's requests management of payments: to manage payments by credit card, bank transfer or other instruments.
- for the performance for legal obligations, namely: the fulfilment of any obligation under applicable laws, rules, and regulations, in particular, on tax and fiscal matters
- on the basis of the legitimate interest of the Controller, for:
- marketing purposes via email of the Controller's products and/or services in order to directly sell the Controller's products or services using the email provided by the Data Subject in the context of the sale of a product or service similar to the one being sold.
- management, optimisation, and monitoring of the technical infrastructure: to identify and solve any technical problems, to improve the performance of the Application, to manage and organise information in a computer system (e.g., servers, databases, etc.)
- security and anti-fraud: to ensure the security of the Controller's assets, infrastructure, and networks.
- statistics with anonymous data: to perform statistical analyses on aggregated and anonymous data to analyse the behaviour of the Data Subject, to improve the products and/or services provided by the Controller and better meet the Data Subject's expectations.
- based on the consent of the Data Subject, for:
- Profiling of the Data Subject for marketing purposes: to provide the Data Subject with information on the Controller's products and/or services by means of automated processing aimed at collecting personal information with the purpose of predicting or assessing the Data Subject's preferences or behaviour.
- marketing purposes of third-party products and/or services: to send information or commercial and/or promotional materials of third parties, to conduct direct sales activities or to perform market research of their products and/or services by automated and traditional means.
- communication of Personal Data for third party marketing purposes: to communicate Personal Data to third parties operating in the financial sector so that they can use it to send them information or commercial and/or promotional materials or to carry out direct sales activities of their products and/or services or to carry out market research by automated and traditional means.
Based on the legitimate interest of the Data Controller, the Application allows interactions with external platforms or social networks whose processing of Personal Data is governed by their respective privacy policies to which please refer. The interactions and information acquired by this Application are in any case subject to the privacy settings that the Data Subject has chosen on such platforms or social networks. This information - in the absence of specific consent to processing for other purposes - is used solely for the purpose of enabling the use of the Application and providing the information and services requested.
The Data Controller may also use the Data Subject’s Personal Data to protect itself before the competent courts.
4. Processing methods and recipients of Personal Data
The processing of Personal Data is conducted by means of paper and computer tools with organisational methods and logic strictly related to the purposes indicated and through the adoption of adequate security measures. Personal Data are processed exclusively by
- persons authorised by the Data Controller to process Personal Data who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality.
- subjects operating autonomously as separate data controllers or by subjects designated as data processors by the Data Controller in order to conduct all the processing activities necessary to pursue the purposes set out in this policy (e.g., business partners, consultants, IT companies, service providers, hosting providers)
- subjects or entities to whom Personal Data must be disclosed due to legal obligations or orders by the authorities.
The entities listed above are required to use appropriate safeguards to protect Personal Data and may only access Personal Data that is necessary to perform the tasks assigned to them.
Personal Data will not be disclosed indiscriminately in any way.
Personal Data will not be transferred outside the territory of the European Economic Area (EEA).
6. Period of retention of Personal Data
Personal Data will be kept for the period of time necessary to fulfil the purposes for which it was collected, in particular for purposes relating to the performance of the contract between the Data Controller and the Data Subject, it will be kept for the entire duration of the contractual relationship and, after termination, for the ordinary limitation period of 10 years.
In the event of legal disputes, for the entire duration of the same, until the time limit for appeals is exhausted for purposes relating to the legitimate interest of the Controller, they will be kept until such interest is fulfilled for the fulfilment of a legal obligation, by order of an authority and for legal protection, they shall be kept in compliance with the timeframes provided for by said obligations, regulations and, in any case, until the fulfilment of the prescriptive term provided for by the regulations in force for purposes based on the data subject's consent, they will be kept until the consent is revoked. For marketing purposes for a period not exceeding 24 months.
At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Data Subject.
7. Rights of the Data Subject
Data Subjects may exercise certain rights with respect to the Personal Data processed by the Controller. In particular, the Data Subject has the right to:
- be informed about the processing of his/her Personal Data to withdraw his/her consent at any time limit the processing of their Personal Data oppose the processing of their Personal Data access to their Personal Data verify and request rectification of your Personal Data obtain restriction of the processing of your Personal Data obtain erasure of your Personal Data transfer your Personal Data to another controller lodge a complaint with the data protection supervisory authority and/or take legal action.
- To exercise their rights, Data Subjects may send a request to the following e-mail address firstname.lastname@example.org. Requests will be taken up by the Controller immediately and processed as soon as possible, in any case within 30 days.
8. Personal Data Protection Officer
The Personal Data Protection Manager is Sebastiano Valentini, G. E. Falck, Tax Code VLNSST95T10L378U, e-mail address email@example.com, PEC address PELRIOSRL@PEC.IT, telephone 3404730622.