THE PRIVACY POLICY OF THIS WEBSITE
PURPOSE OF THIS INFORMATION NOTICE

The purpose of this page is to describe the methods of managing the website with reference to the processing of personal data of users who consult it, which will be processed according to principles of lawfulness, fairness, relevance, and non-excessiveness.

This is an information notice provided by Pre Gel S.p.A., in its capacity as Data Controller, pursuant to Articles 13 and 14 of the new European General Data Protection Regulation GDPR – EU No. 679/16, to those who interact with the web services of the Company.

PLACE OF DATA PROCESSING

The data processing connected to the web services of our websites – www.pregel.it, www.pregeltraining.com, www.pregelfamily.com, www.pinopinguino.eu, www.yoggi.it – is carried out at the legal headquarters and offices of PREGEL SPA or by providers responsible for Internet and hosting/housing services, acting as Data Processors.

In cases where some of the aforementioned Processors are located outside the European territory, the Controller ensures in advance that the transfer of data outside the EU will be carried out in compliance with applicable legal provisions (Articles 44 et seq. of the GDPR).

Personal data provided by users who submit requests for the sending of informational material (newsletters, information requests, catalogs, CD-ROMs, etc.) is used solely to perform the service or provision requested and is disclosed to third parties only if necessary for that purpose (e.g., shipping services of PREGEL SPA). Any other purpose will be the subject of specific information provided to data subjects pursuant to Articles 13 and 14 of the GDPR.

SUBJECT OF THE PROCESSING – CATEGORIES OF DATA PROCESSED
Browsing Data

The computer systems and software procedures used to operate our websites acquire, during their normal operation, some personal data (so-called log files), the transmission of which is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified data subjects, but by its nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the response status (successful, error, etc.), and other parameters related to the user’s operating system and computer environment.

These data are used solely to obtain anonymous statistical information on the use of the site and to check its correct operation. The data may be used to determine liability in the event of possible computer crimes against the websites and may be presented to Judicial Authorities upon explicit request.

Data Provided Voluntarily by the User

The Controller processes personal identifying data – such as: name, surname, tax code, user images recorded on social networks, address, phone number, email, company name, and main business activity – provided by the user when filling out the various forms published on the websites, in addition to any further information voluntarily included in text messages.

NATURE OF DATA PROVISION AND CONSEQUENCES OF NON-COMMUNICATION

The data marked as mandatory in the forms must necessarily be provided in order to allow the Controller to fulfill the user’s requests and provide the requested services.

PURPOSES OF PROCESSING

Personal data is processed by the Controller based on a contractual relationship and, therefore, without the need for specific consent from the user for the following purposes:

a. responding to information requests (contact form);
b. enabling website registration and access using personal credentials (login/register);

The legal basis of the processing, on the other hand, is the freely given consent for the following purposes:

c. providing a newsletter service to keep users updated on the Controller’s news and promotional offers (newsletter subscription);
d. sending promotional messages for marketing purposes (landing page).

Consent may be revoked at any time (including through the opt-out link at the bottom of emails). Any processing carried out prior to revocation remains valid.

METHODS OF PROCESSING

The processing of personal data is carried out by means of the operations indicated in Art. 4 No. 2) of the GDPR, specifically: collection, recording, consultation, storage, extraction, communication, deletion, and destruction. Personal data is processed in both paper and electronic formats.

The Controller will process personal data for the time necessary to achieve the above purposes and will retain them as follows:

  • for the time needed to provide the requested services, with reference to point 4, letter a);
  • until the user deletes their profile or, in any case, after 2 years from the last profile activity, for the purpose in point 4, letter b);
  • for 2 years from consent collection, for the purposes in point 4, letters c) and d).

ACCESS TO DATA

Personal data may be accessed, for the above purposes, by:

  • employees, collaborators, and administrators of the Controller, as persons authorized to process data;
  • third-party companies or other entities – e.g., consultants, hosting/housing service providers – carrying out outsourced activities on behalf of the Controller as Data Processors.

DISCLOSURE OF DATA

Without the need for express consent – pursuant to Art. 6, letters b) and c) of the GDPR – the Controller may disclose personal data for the purposes mentioned above to Judicial Authorities, as well as to parties to whom communication is mandatory by law. These subjects will process the data as independent Data Controllers.

The data may also be disclosed to companies controlled by, controlling, or affiliated in any legal form with PREGEL SPA; in cases where such disclosure occurs to non-EU countries, the Controller guarantees compliance with applicable legal provisions (Articles 44 et seq. of the GDPR).

DATA SUBJECT’S RIGHTS

Regarding the processing of personal data, the user has the right to:

  • be informed of: the identity and location of the Data Controller; the purposes and methods of processing; the identity and location of the Data Processor;
  • obtain from the Controller or Processor, without delay:
  1. confirmation of whether or not personal data concerning them is being processed, and communication of such data in an intelligible form, including their origin and purposes;
  2. the deletion of personal data concerning them, when:
    i) it is no longer needed for the purposes it was collected for,
    ii) consent has been withdrawn and there is no other legal basis for processing,
    iii) data was processed unlawfully,
    iv) the data subject has objected to the processing and no overriding legitimate reason exists,
    v) the Controller is legally obliged to delete the personal data;
  3. the updating, correction, or, where interested, integration of the data;
  4. confirmation that the operations in points 2) and 3) have been notified, including their content, to those to whom the data was disclosed or disseminated, unless this proves impossible or requires disproportionate effort;
  • object, for reasons related to their particular situation, to the processing of personal data concerning them under Article 6(1)(e) or (f);
  • object to the processing of personal data for direct marketing purposes;
  • lodge a complaint with a supervisory authority;
  • receive personal data concerning them in a structured, commonly used, and machine-readable format and transmit such data to another Controller without hindrance from the original Controller. In exercising the right to data portability, the data subject has the right to obtain the direct transmission of data from one Controller to another, where technically feasible;
  • not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects them in a similar way.

The Controller provides a copy of the personal data undergoing processing; for any additional copies requested by the data subject, the Controller may charge a fee based on administrative costs.

EXERCISING RIGHTS

The user may exercise the above rights at any time by contacting the Controller:

  • via registered mail with return receipt to Pre Gel S.p.A., registered office in Località Arceto-Scandiano (RE), Via 11 Settembre 2001 No. 5/A and offices in Gavasseto (RE), Via Comparoni No. 64;
  • via email to privacy@pregel.it;
  • by clicking the appropriate link (unsubscribe/delete me) at the bottom of received emails (in relation to the right to withdraw consent).

MINORS

Providing data on the Controller’s websites is allowed only for individuals over 16 years of age. If information is collected about users under this age, the Controller will immediately delete such data.

DATA PROCESSORS

The updated list of Data Processors is kept at the offices of the Data Controller.

DATA PROTECTION OFFICER

The Company has appointed Attorney Emanuela Arduini as its DPO (Data Protection Officer), who can be contacted at the following email address: emanuela.arduini@studio.le.it

COOKIES – REFERENCE

Regarding the nature and operation of cookies used on this site, please refer to the cookie policy available at the following link: https://pregel.it/en/cookie-policy/

CHATBOT SERVICE INFORMATION – REFERENCE

For information on the nature and operation of the chatbot service active on the website, please refer to the specific information notice available at the following link: https://pregel.it/en/chatbot-service-information/