INFORMATION ON WEBSITE AND COOKIES.
In order to offer the personalized and non-personalized services provided by its website, PRASCO S.p.A., as Data Controller, must process some necessary identification data.
Pursuant to art. 13 of the GDPR 679/2016 - "European regulation on the protection of personal data" - and in relation to the visitor’s personal data which will be treated, PRASCO S.p.A. guarantees, as part of the regulatory provisions, that the processing of personal data is carried out in compliance with fundamental rights and freedoms, as well as the dignity of the interested party with particular reference to confidentiality, personal identity, law and data protection.
This document describes the management methods of the www.prasco.net website, with reference to the processing of personal data for those who interact with the services provided: the information is provided pursuant to the European Regulation on the protection of personal data 679/2016 (hereinafter referred to as GDPR) only for the site in question and not also for other sites whose link the user might click on, for which PRASCO S.p.A. is in no way responsible.
This policy is therefore drawn up and customized for visitors of the www.prasco.net website and this document completely replaces any other document that had been previously published on the subject of web privacy and cookies.
Specific additional and contextual information is reported on the pages of the website, created for particular services on demand contemplating forms for data collection.
TYPOLOGIES OF PROCESSED DATA
Personal data can be collected automatically during navigation and use of the website and the services provided therein, or they can be entered voluntarily by the user.
Among the personal data collected by the Data Controller independently or through third parties could be, by way of example and not limited to, cookies, usage data, password, name, surname and email address.
NAVIGATION DATA AND OTHER DATA
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This is information that is not collected to be associated to identified interested parties, but which by their very nature could, through processing and association with data held by third parties, produce the users’ identification. This data category includes the IP addresses or domain names of computers utilized by users who connect to the site, addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, ...) and other parameters relating to the operating system and the user's computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning, and are deleted immediately after processing. The data could be used upon demand by the competent Authorities in order to ascertain responsibility in case of hypothetical computer crimes committed against the website.
Failure by the user to provide some personal data may prevent the website from providing its services.
PERSONAL DATA PROVIDED VOLUNTARILY BY THE USER
At several points of this website the user has the possibility to transmit his personal data (for instance e-mail address, name, postcode and other personal data) also by filling in forms or sending e-mail messages . The provision of these data takes place on an optional, explicit and voluntary basis, and involves the subsequent acquisition of the sender's email address, necessary to respond to requests, as well as any other personal data entered for the purposes of the service and those further allowed by the user. Specific summary information is found on the pages featuring forms, with any indication of the obligation to provide the data necessary to use the specific service.
The user takes responsibility for the personal data of third parties that may be published or shared through this website and guarantees he has the right to communicate or spread them, setting the owner free from any liability to third parties.
LEGAL BASIS OF THE PROCESSING
Personal data are processed, as better highlighted in the next paragraph, exclusively for purposes related to the activity of PRASCO S.p.A. and the obligations connected to it; the legal bases can be found in the consent (for instance for the processing of "special categories of personal data" or for marketing / profiling) and/or in the execution of a contract or service managed by PRASCO S.p.A. the user is involved in, or in the execution of pre-contractual measures taken at the request of the user, and/or in fulfilling legal obligations the undersigned owner, in his/her legitimate interest, is subject to.
PURPOSE OF THE TREATMENT
User data is collected and processed for the following purposes:
- carrying out operations strictly connected and instrumental to the management of relationships with users or visitors to the site, such as:
-registration and authentication;
-consultation and/or download of any data and information -stored in the area dedicated to the user;
- user’s data collection, storage and processing for:
Further processing purposes could be implemented, prior the release of explicit consent, when necessary, in relation to the services that can be activated within the site. These include, by way of example but not only: interaction with social networks and external platforms, social media, payment management, interaction with supporting platforms, infrastructure monitoring, traffic optimization and distribution, interaction with live chat platforms, remarketing and behavioral targeting, management of e-mail addresses and messages, display of contents received from external platforms, commercial affiliation, heat mapping, users’ database management and management of the requests of support and contact.
RIGHT TO PROVIDE DATA, CONSEQUENCES OF THE REFUSAL AND MANAGEMENT OF CONSENT, WHERE PROVIDED
The provision of data is optional, except for those indicated as mandatory to allow the user to access the services offered.
The processing of data for the accomplishment of the purpose, referred to in point 1 of the previous paragraph, is mandatory and any lack of communication, or miscommunication, of one of the required pieces of information may limit and/or prevent the full use of the functions and services on the site.
With regard to the optional provision, more information is provided regarding the cookies on the site in the "Cookies Policy" document, accessible both here and on the banner published on the site.
Furthermore, it is only with the express consent of the user that the data may be used to make communications about market surveys or commercial information on the products as well as the promotional initiatives of the Data Controller through mails, e-mails, telemarketing, sms and mms.
At any time it will be possible to re-read the policy and possibly modify the consent previously provided, verify and/or modify the status of active services and request additional services, where available.
DATA TREATMENT METHODS
The processing of personal data may be carried out with or without the aid of electronic or only automated means, also by associating and integrating them with other databases, and also by means of cookies. In any case, the processing will be carried out in compliance with every precautionary measures guaranteeing its security and confidentiality, for the time necessary to perform the service requested by the user, or required by the purposes described in this policy, and the user may always ask for the interruption of the treatment of his data or its cancellation.
PRASCO S.p.A. has also set up all the IT security measures, in compliance with what is stated in the GDPR, through adopting the security measures it deems adequate in order to minimize the risk of violation of users' privacy by third parties, and updates them constantly and whenever it turns out to be necessary.
In particular, in order to access the reserved area, a key word (password) is provided, consisting of eight alphanumeric characters, which must be changed at the first access to the portal reserved area and then kept secret by setting up the appropriate precautions to its custody: user passwords are not held by the undersigned Data Controller, therefore in case of loss they will be reset and the user will have to enter a new password.
The data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For more information, you can contact the Data Controller at the addresses specified below.
Personal data will be processed for the time strictly necessary to achieve the purposes described above, to fulfill contractual, legal and regulatory obligations without prejudice to the statutory and law limitations, in compliance with the user’s rights and the relevant obligations.
In particular, the criteria used to determine the storage period are established by specific laws regulating the field in which PRASCO S.p.A. operates, and by tax legislation regarding the processing of administrative and accounting data.
With reference to the data collected for commercial purposes (referred to in point 2), the storage time limit is set to 1 year from the date of acquisition for the profiling activity, and 2 years for the direct marketing activity.
Last but not least, the personal data of the user of the site may also be kept to protect the legitimate interests of the Data Controller up to the time allowed by the Italian law (Article 2947, co. 1 and 3 of the Italian Civil Code).
DATA KNOWLEDGE AREAS
The processing of personal data will be carried out, within the limits of the general authorizations issued by the guarantor for the protection of personal data, by means of subjects expressly and specifically authorized by PRASCO SpA. The data may also be processed by third parties (outsourcers) used for the provision of services related to the purpose pursued, which our organization binds with specific contractual clauses or acts of formal appointment to External Managers for the treatments put in place by these. In all cases, these subjects will process the data in accordance with the instructions received from the Data Controller, according to operational profiles attributed to them in relation to the functions performed, limited to what is necessary and instrumental to the execution of specific operations in the context of the services requested and exclusively for the achievement of the purposes indicated in this policy. The list of data processors, constantly updated, can be requested by sending a communication in the manner indicated in the following point concerning the user’s rights.
COMMUNICATION AND SPREAD
The data may be communicated, meaning that it may be disclosed, to one or more specific subjects, in the following terms:
to public and private subjects who can access the data by virtue of the provisions of community law, regulation or legislation, within the limits set by these rules (for example, social security and welfare institutions, associations of local authorities, public administration, associations, foundations and/or insurance bodies);
- to subjects who need to access it for purposes involving the relationship between the parties, within the limits strictly necessary to carry out the auxiliary tasks (by way of example, banks and credit institutions, service supply companies, carriers and shipping companies);
- to our consultants, within the limits necessary to carry out their task at our organization, prior our letter of appointment imposing the duty of confidentiality and security;
- to companies providing auxiliary services, including IT, subject to the signing of appropriate contractual clauses imposing the duty of confidentiality and security.
DEFENSE IN JUDGMENT
The user's personal data may be used by the Data Controller in its own defense from any abuse done by the user in its use, also within any related services, in court or in the stages leading to a possible process. The user declares to be aware that the Data Controller might be required to disclose the data upon request by the public authorities.
The Personal Data Controller is PRASCO S.p.A., based in Via Volpiano, 53 - 10040 Leinì (TO) - ITALY.
The Data Controller keeps an updated list of the appointed managers, and guarantees that it can be read by the interested party at the aforementioned seat.
RIGHTS OF THE INTERESTED PARTY
The interested parties, to whom the personal data refer, may exercise their rights at any time (right of access to personal data and other rights), in particular: right to obtain confirmation of the existence of their personal data, to access it and to know its content and origin, to verify its accuracy, to request its integration or updating, limitation of processing or portability.
Any change to the data, as well as its block, may be requested in case the data is incomplete, erroneous or collected in violation of the current legislation, thus it is also possible to object, for legitimate reasons, to its processing or to any automated decision-making process (including profiling), as is It is also possible to request cancellation for the same reasons, as long as it is in compliance with the current regulations and if there are no other storage and processing obligations PRASCO SpA is bound to. The interested parties also have the right to object to the processing of their personal data for marketing purposes (as per point 2), even if it is carried out with automated contact methods; this right also extends to traditional contact methods, and the interested parties may exercise these rights wholly or partially (i.e. only in connection to communications via sms, e-mail or telephone or by opposing only the sending of promotional communications made through automated tools, etc.).
With regard to the exercise of their rights listed above, as well as in order to know the updated list of the people responsible for the processing of personal data, the interested party may address his/her requests through specific communication by mail addressed to the same Company, or via e-mail to email@example.com, in order to obtain a prompt reply.
If the interested party has given consent to the processing for a specific purpose, he/she keeps always the right to revoke it at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation.
We also remind that the interested party has always the right to lodge a complaint with the Guarantor for the protection of personal data, the exercise of his/her rights or any other matter relating to the processing of his/her personal data.
APPLICATION AND CHANGES TO THIS INFORMATION POLICY