PURPOSE OF THE DISCLOSURE NOTICE
This Disclosure Notice is intended to describe site administration methods concerning the processing of personal data of users who consult it, which are processed according to rules of lawfulness, correctness, relevance, and non-excess.
This information is provided by Pre Gel S.p.A., in its capacity as Data Controller, according to Articles 13 and 14 of the New EU General Data Protection Regulation (GDPR) no. 679/16 to those who interact with the web services of the Company itself.
- DATA PROCESSING LOCATION
The processing operations related to the web services of our websites – www.pregel.it, www.pregeltraining.com, www.pregelfamily.com, www.pinopinguino.eu, www.yoggi.it – take place at the offices of PREGEL SPA or the suppliers of Internet and hosting/housing services, in their capacity as Data Processors.
In the event that some of the aforementioned Data Processors are not located within the European territory, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions (Articles 44 et seq. GDPR).
The personal data supplied by the users who request dispatch of informative material (newsletters, information, catalogues, CD-ROMs, etc.) are used with the sole purpose of supplying or performing the service requested and are communicated to third parties only if necessary for this purpose (dispatching services of PREGEL SPA). Any other purpose will be the subject of specific information provided to the interested parties according to Articles 13 and 14 of the GDPR.
- PURPOSE OF PROCESSING – CATEGORIES OF DATA PROCESSED
The computer systems and software procedures ensuring the proper functioning of this Website collect certain personal data that are implicitly transmitted by the use of Internet communication protocols or are used to improve the quality of the service offered.
This information is not collected to identify interested parties, but the information could lead to user identification through processes and relations with data held by third parties due to its very nature.
This data category includes IP addresses, or domain names, of the computers used by users to connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, time of the request, the method used to submit the request to the server, size of the file obtained in response, numerical code indicating the server response status (successful, error, etc.), and other parameters on the user’s operating system, and IT environment.
Such data is solely used to compile anonymous statistics on the website’s use and verify its correct operation. The data could be used to ascertain responsibility in hypothetical cybercrimes to harm the Website and may be presented to the Judicial Authorities if the latter explicitly requests it.
Data deliberately provided by users
The Data Controller processes the personal identification data – for example: name, surname, tax identification number, user images recorded on social networks, address, telephone, email, reference company, main activity carried out – provided by the user when filling out the several forms published on the websites, in addition to the additional information voluntarily entered by the same user in the text messages.
- NATURE OF DATA PROVISION AND CONSEQUENCES OF NON-DISCLOSURE
The data identified in the several forms as compulsory must necessarily be provided to enable the Data Controller to process the requests made by the user and provide the services offered.
- PURPOSE OF DATA PROCESSING
Personal data are processed by the Data Controller on a contractual basis and, therefore, without the need for specific consent from the user for the following purposes:
- processing requests for information received (contact form);
- allow registration on the Website and access with their credentials (login/register).
The legal basis for the processing will instead be the consent freely given for the following purposes:
- provide the newsletter service to keep the user updated on the Data Controller’s news and commercial promotions (newsletter subscription);
- sending promotional messages for commercial purposes (landing pages).
Consent can be withdrawn at any time (including through the opt-out system at the bottom of email communications). Data processing that was carried out before the withdrawal is not affected by it.
- DATA PROCESSING METHODS
Personal data processing is carried out through operations indicated in Article 4, paragraph 2 of the GDPR: collection, recording, consultation, storage, extraction, communication, cancellation, and destruction. Personal data is processed both on paper and electronically.
The Data Controller will process personal data for the time necessary to fulfil the purposes as mentioned above and, in any case, will retain it:
– for the time necessary to process the services requested concerning the purpose outlined in point 4(a);
– until the deletion by the user of their profile, in any case, two years after the last use of the profile, for the purpose referred to in point 4(b);
– two years from the collection of consent, for the purposes referred to in point 4(c) and (d).
- DATA ACCESS
Personal data may be made accessible for the purposes listed above to:
- employees, collaborators, administrators of the Data Controller, in their capacity as authorised Data Processors;
- third party companies or other entities – for example: consultants, hosting/housing service providers, etc. – which perform outsourcing activities on behalf of the Data Controller in their capacity as Data Processors.
- DATA DISCLOSURE
Without the need for express consent, according to Article 6 (b) and (c) of the GDPR, the Data Controller may communicate personal data for the above purposes to Judicial Authorities and those subjects to whom communication is mandatory by law. These persons will process the data in their capacity as autonomous Data Controllers.
The data may also be disclosed to subsidiaries, parent companies and associates in any legal form to PREGEL SPA; if such communication takes place in non-EU countries, the Data Controller guarantees compliance with the applicable legal provisions (Articles 44 et seq. GDPR).
- RIGHTS OF DATA SUBJECTS
In relation to the processing of personal data, the user is entitled to:
– the right to be informed about: data and registered address of the Data Controller; the purposes and processing methods; data and registered address of the Data Processor;
– the right to obtain from the Data Controller or Data Processor, without delay:
1) confirmation of the existence of personal data and communication of such data and its origin in an intelligible form, along with the scope and purpose for which the data is gathered and processed;
2) the deletion of personal data concerning them, when: i) the data are no longer necessary in relation to the purposes for which they were collected, ii) consent has been withdrawn, and there is no other legal basis for the processing, iii) the data have been processed in breach of the law, iv) the Data Subject has objected to the processing, and there is no overriding legitimate reason to proceed with the processing, v) the Data Controller is under a legal obligation to delete the personal data;
3) the updating, the rectification or, should the Data Subject has an interest, the integration of the data;
4) a statement confirming: that the operations outlined in numbers 2) and 3) have been carried out, what is contained in viewable data, or parties with whom this data has been shared, except in cases where such fulfilment proves impossible or requires an investment of means manifestly disproportionate with respect to the protected rights;
– to object, on grounds relating to their particular situation to the processing of personal data concerning them, according to Article 6(1)(e) or (f);
– to object to the processing of personal data concerning them for direct marketing purposes;
– to file a complaint with a supervisory authority;
– to receive in a structured and machine-readable format the personal data concerning him or her and transmit such data to another Data Controller without hindrance from the Data Controller to whom he or she had initially provided them. In exercising their right to data portability, the Data Subject shall have the right to have the personal data transmitted directly from one Data Controller to another, where technically feasible;
– not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects their person in a similar manner.
The Data Controller shall provide a copy of the personal data being processed; if the Data Subject requests further copies, the Data Controller may charge a fee based on the actual administrative costs.
- HOW CAN THE DATA SUBJECT EXERCISE THEIR RIGHTS?
The user may at any time exercise the above rights by sending a letter to the attention of the Data Controller:
– a certified letter with return receipt to Pre Gel S.p.A., with registered office in Gavasseto (RE), Via Comparoni, 64;
– an email to email@example.com;
– by clicking on the appropriate link (unsubscribe/unsubscribe) at the bottom of the emails received (in relation to the right to withdraw consent).
Only persons over the age of 16 are allowed to enter data on the Controller’s websites. In the event that information is recorded on Data Subjects that are underage, the Data Controller will proceed with the immediate deletion of such data.
- DATA PROCESSORS
The updated list of Data Processors is held at the Data Controller’s registered office.
- DATA PROTECTION OFFICER
The Company has appointed as DPO (Data Protection Officer) Mrs Emanuela Arduini, who can be contacted at the following email address: firstname.lastname@example.org
The Website collects no personal data of users.
Cookies are not used to transmit information of a personal nature, nor are user-tracing and identification systems used.
The use of so-called cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the website and used for statistical purposes to detect unique monthly visitors.
Cookies can be deleted by the user using the functions of his/her browser.
PROFILING OR MARKETING COOKIES
In order to analyse the user behaviour, we use Google Analytics, web analytics and reporting software by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files stored on the Data Subject’s computer, to help the Website analyse how users use the Website. The information generated by the cookie about their website use (including Data Subject’s IP address) shall be transmitted to and stored by Google on servers in the United States.
Google shall use this information to evaluate their use of the Website, compile reports on website activity for website operators, and provide other services relative to website activity and internet usage.
Google may also give this information to third parties where required by law or where such third parties process the above information on Google’s behalf. Google will not associate their IP address with any other data held by Google.
- CHATBOT SERVICE INFORMATION
The Data Controller informs that a “chatbot” service is active on the Company’s Website and Facebook page that provides automatic replies to any requests for user information, also useful for undertaking marketing actions, i.e. sending promotional messages and notifications subject to the user’s consent (see Article 4).
Therefore, in the event of use of this service, the Data Controller informs that, in addition to the data indicated in Article 2, may obtain the following additional information:
- Social media profile;
- Information concerning the use of the chatbot (e.g. when, how often and for how long the Data Subject interacts with the service).
The Data Controller expressly requests not to send or communicate any particular personal data (e.g. information relating to health status, political or religious orientation, etc.) via the chatbot or any other means.
The Data Controller also informs that the processing of Personal Data carried out through chatbots is also aimed at the collection, for statistical purposes, data relating to the use of the application and the type of requests received.