This Privacy Notice explains how PAT s.r.l. collects, processes and manages the personal data of its website visitors.
The Regulation (EU) 2016/679 (“General Data Protection Regulation”, hereafter GDPR) includes measures for the protection of natural persons in relation to the processing of personal data. According to this regulation, the processing of personal data referring to a subject is based on principles of lawfulness, fairness and transparency as well as on the protection of confidentiality and the rights of the data subject. In compliance with the above-mentioned standards, we would like to inform you that, due to the relationship you have established as Customer with our Company, our Organization is in possession of some data related to you, which have been acquired verbally, directly or through third parties that carry out operations related to your person or aimed at satisfying your requests.
In accordance with the GDPR, data related to your person must be qualified as “personal data” and must therefore benefit from the protection provided by these provisions. Specifically, according to the above-mentioned legislation, you are the subject benefitting from the protection of your personal data.
Pursuant to articles 12 et seq. of the GDPR, our structure, as Data Controller, will process the personal data you provided us in compliance with the regulation and with the utmost care, by implementing procedures and effective management processes, in order to ensure the protection of your personal data. For that purpose, the Author undertakes to protect the transmitted information by using material and management procedures, in order to prevent unauthorized access or disclosure, as well as to maintain the accuracy of the data and also to ensure that they are used only in appropriate ways.
This online Privacy Note applies to the information we collect on this website only and not to other websites accessible to the user via links.
In accordance with this premise, we provide our Visitors following information:
Collected personal data
– The Author, in his capacity as Data Controller, uses personal data in order to better perform the own activities.
Therefore, you could be asked to provide some of the following personal data:
– personal data, such as tax identification code, VAT number, name and surname, registered office, main residence, domicile and contact details;
– Data relating to the contractual relationship describing the type of contract, as well as necessary information about its execution and its fulfilment;
– Accounting data relating to the economic relationship with the Company, the amounts due, payments and the summary of the accounting status of this relationship;
– Data to better define the relationship with our structure and to make our cooperation and operational efficiency more effective;
– Data related to your employees and/or coworkers, on your profession or on your Company.
Data retention periods
The collected data will be retained for the entire duration of your relationship/collaboration with our Organization and 10 years after the contractual relationship has ended. In the case that data not relating to the fulfilment of administrative and accounting obligations need to be collected in order to fulfill the signed contract, these data will be retained exclusively for the time necessary to achieve the purpose for which they were collected. After this period of time, they will be deleted. You will be specifically informed of the retention periods of such data as soon as they are collected.
Mandatory or optional nature of providing data and consequences of a refusal
– It is mandatory to provide the Author with essential data aimed at fulfilling the contractual relationship, as well as data necessary to fulfill legal obligations, such as regulations, Community and national legislation or provisions issued by authorities empowered to do so by law or by supervisory and control bodies.
Data non-essential for the fulfillment of the contractual relationship must be clearly defined as additional information and the provision of such data, if required, is optional. However, any refusal to provide such data will result in less efficiency of our relationship with third parties.
It will be mandatory to provide “sensitive data or data presenting specific risks”, in case that said data are essential to fulfill the contractual relationship or specific services and legal obligations. Since the processing of these personal data requires an explicit written consent given by the data subject (articles 9 and 10 GDPR), you will be asked to consent to their treatment.
Personal data processing methods
– Pursuant to and as an effect of article 12 et seq. of GDPR, we wish to inform you that the personal data you provide will be recorded, processed and stored in our paper and electronic archives in conformance with appropriate security measures dictated by the technical specifications in Annex B to the aforementioned legislative decree and the provisions of article 32 GDPR. The processing of your personal data may consist in any operation among those indicated in article 4 paragraph 1 point 2 GDPR.
Personal data will be processed directly and/or by delegated third parties through manual, digital and electronic tools as well as suitable procedures in order to guarantee their safety and confidentiality. To correctly manage the contractual relationship and fulfill legal obligations, personal data may be included in the Company’s internal documentation and, if necessary, in the records and registers compulsory by law.
Possible outsourced activities
– The Data Controller has the right to occasionally request other operators to perform certain services on his/her behalf, such as processing or similar services; services aimed at executing the requested operations or services; shipments and deliveries; accounting records; administrative activities; support services; professional services to manage projects, maintenance and ASM activities.
If the delegated operator is a Company that provides payment services, tax and treasury services, banking and brokerage, the following services could be performed: massive operations related to payments, bills, checks and other securities; transmission, enveloping, transport and sorting of communications; filing of documentation, detection of financial risks; fraud prevention; credit recovery. The above mentioned operators will receive only the information they necessary need in order to be able to provide the commissioned services and will be required to respect the confidentiality clause, which prohibits them to use the provided data for purposes other than those agreed upon. In accordance with article 28 GDPR, operators usually not appointed to processing personal data must be designated as Data Processors and must then process data only to the extent strictly necessary to provide the commissioned service and exclusively for such purpose. Furthermore, it’s up to them to ensure that their customers have signed a confidentiality agreement. In case of different situations not mentioned in this Privacy Note, the aforementioned subjects are required to provide specific information regarding the processing of their personal data.
Transfer of personal data abroad
– The data you provide will only be processed in Italy. In the case that, during the contractual relationship, your data need to be processed in a non-EU state, you will be promptly informed and still enjoy the rights guaranteed by the Community legislation.
Purposes of data processing
– The Author’s main purpose for processing your personal data is to regularly establish, enhance and correctly administrate the relationship specified in the introductory part of this Information Note.
In particular, the purposes of personal data processing are the following:
• Administrative/accounting procedures, in particular:
o Fulfillment of tax or accounting obligations;
o Customer management services (customer care management, contract administration, orders, shipments and invoices, solvency and reliability check)
o Litigation management (breach of contractual obligation, warnings, transactions, credit recovery, arbitration, legal disputes);
o Internal audit services (security and productivity control, service quality, integrity of the Company’s assets);
o Management of commercial and marketing activities (market analysis and research surveys);
o Promotional activities;
o Measurement of the customer’s satisfaction degree;
o Support service;
o Professional services for project development or maintenance activities
Personal data will be processed in order to fulfill legal, as well as administrative, insurance and tax obligations set out in the current legislation. Furthermore, the processing of personal data will aim at meeting accounting and commercial purposes, or at regularly fulfilling contractual and legal obligations in accordance with the legal relationship established with the subject. Furthermore, the data provided may also be used to contact the data subject during market researches about products or services, as well as during commercial campaigns. In any case, the subject has the right to refuse to give consent to data processing for said purposes and can indicate how he/she would like to be contacted or to receive commercial information.
– The following categories of designated persons may be entitled to have access to your personal data, since they have been appointed by the Company to process them:
• Employees/Coworkers employed in or working as:
o In internal protocol and administrative offices;
o In survey and customer support offices;
o In accountancy offices also responsible for invoices;
o In marketing departments;
o As customer’s satisfaction officers;
o In fraud prevention offices;
o In regional and local offices;
o As external co-workers assigned to the enveloping service;
o At the help desk;
o As developers operating in third-level help-desk services;
o As consultants employed in project development, maintenance and ASM activities;
o As employees required to be available on standby;
o As consultants appointed for consultancy, assistance or support service to our structure;
o As managers and administrators;
o As members of control bodies;
o As agents, sales representatives and distributors.
Other subjects may also be entitled to access personal data by virtue of an agreement with the Company as well as with the Author and as described in the paragraph “Personal data processing methods”. The Author can delegate to these subjects the fulfilment of certain obligations or of particular acts, by virtue of the relationship with the subject concerned.
Data communication and dissemination
– The Author is entitled to communicate your personal data to one or more specific external subjects in order to fulfill all the necessary legal and/or contractual obligations. In particular, your data may be disclosed to:
1. Other companies of the Zucchetti Group, including parent, subsidiaries and affiliated companies;
2. Public offices, government agencies and supervisory or control authorities in accordance with legal and/or contractual obligations;
3. Banking institutions and/or credit institutions responsible for the management of payments deriving from the contractual relationship;
4. The writing subject is entitled to communicate your personal data as follows:
• To subjects who have the right to access data under the provisions of law, regulations or EU legislation, within the limits foreseen by such norms;
• To subjects who need to access your data for tasks related to the contractual relationship between the parties, to the extent strictly necessary to fulfill these tasks (examples include credit institutions and shipping agencies);
• To our consultants and/or professionals, to the extent strictly necessary to fulfill their tasks at our or their Organization, prior agreement through a letter of assignment sent by our Company in order to impose a duty of confidentiality and security.
In any case, your data may only be disclosed to operators appointed to the execution of acts aimed at fulfilling relationships with the data subjects.
Data dissemination – Your personal data will not be disseminated indiscriminately: Our Company will not provide your data to indeterminate subjects, not even for consulting purposes.
Rights described in articles 7 of Legislative Decree 196/2003 and 15 GDPR – Pursuant to article 15 GDPR you are entitled to obtain confirmation of the existence of your personal data at our Company. This right applies also to data that haven’t been registered yet and you are entitled to be informed about them in a comprehensible form. You have the right to obtain information on:
1. The source of the personal data;
2. The purposes and methods of data processing;
3. The categories of personal data;
4. The data retention periods;
5. The logic applied to the processing, if the latter is carried out with the help of electronic means;
6. The identity of the Data Controller, of data supervisors and of the designated supervisor for data protection;
7. The entities or categories of entities to whom or which the personal data may be communicated, or that have access to them in their capacity as designated local representatives or data processors.
As data subject, you also have right to obtain:
1. Updating, rectification or, if interested therein, integration of your data;
2. Erasure, anonymization or blocking of data processed in violation of law, including data that do not need to be retained to fulfill the purposes for which they were collected or subsequently processed;
3. Certification that the parties to which the data have been transferred or disseminated have been notified of the operations specified in points a) and b), also regarding their content, unless this specification results impossible to achieve or involves a manifestly disproportionate effort compared with the right that is to be protected.
4. The right to data portability does not apply to the context in which the Author, as delegated Data Controller, processes personal data.
5. For data requiring your explicit consent, you have the right to withdraw this at any time. In such cases, the Data Controller is required to immediately delete any personal data based on your consent.
You are entitled to fully or partially object to the processing of your personal data:
1. On legitimate reasons, even if said data are processed in a way which is pertinent to the purpose of their collection;
2. In case you don’t want them to be used to fulfill marketing purposes, such as direct selling, sending of advertising material, market or commercial communication surveys.
To exercise such rights, you can contact our Data Controller:
• at email@example.com;
• by calling the phone number +39 0423/600531;
• by sending a letter to our company PAT s.r.l. Our address is via San Gaetano n. 113, 31044 Montebelluna (TV).
You will receive a reply within 30 days of receipt of your formal request.
Should you experience a personal data breach, you have the right to lodge a complaint with a Data Protection Authority.
Identity of the Data Controller and, if designated, of the local data supervisor and representative.
Data controller – The Author of the present text: Pat Group – registered office in Via San Gaetano, 113, 31044, Montebelluna (TV). Tel: (+39) 0423 600 531; email: firstname.lastname@example.org.
Data supervisors and representatives – External companies that need access to your personal data in order to fulfill contractual agreements with our Company.
You can request the identity of the present and future designated data supervisors and representatives directly to the Data Controller by sending a letter to the above-mentioned address.
Notice is hereby given that the Author only, as Data Controller, shall handle the requests sent by interested parties. This task shall not be carried out by the above-mentioned data supervisors and representatives (ref. article 7 of Legislative Decree 196/03).
Designated local representatives – Please note that our Company, in accordance with art. 4 paragraph 1 point 17 GDPR, has not designated any local representative to apply the provisions regulating the processing of personal data.
Data not requiring the explicit consent of the data subject in order to be processed – Please note that the Author shall be entitled to process your personal data in case of necessity, even without your explicit consent, in order to:
• Fulfill legal obligations, regulations or Community legislation;
• Fulfill contractual obligations or specific requests before the conclusion of the contract signed between you and our Company.
Furthermore, your explicit consent is not required when the processing of your data:
1) Refers to data that can be found in public registers, lists or documents accessible to anyone, always in accordance with the limitations and conditions about data accessibility and publication established by the law, regulations or community legislation. Data related to economic activities must be processed in compliance with current regulations on corporate confidentiality and industrial secret;
2) Is necessary in order to safeguard a third party’s life or physical integrity. In this case, the data processor is required to inform the data subject that his/her personal data are being or have been processed. This requirement can also be fulfilled after the processing of said personal data, but without delay. Should such be the case, the consent must be expressed after the data subject has been informed.
3) Is necessary in order to conduct defensive investigations pursuant to the law 397/00, as well as to exercise or defend legal claims. In the above-mentioned case data can be processed exclusively for these purposes and for the period strictly necessary to fulfill them, in compliance with current regulations on corporate confidentiality and industrial secret;
4) Is necessary, as indicated by the Data Protection Authority in accordance with the principles defined by the Law, in order to pursue a legitimate interest claimed by the Data Controller or another third recipient of the data. Hereby are included the activities of bank groups and other affiliated or controlled companies, unless they violate the subject’s fundamental rights and freedoms, dignity or legitimate interests.
This information note is also based on the Recommendation 2/2001, that the European Authorities for the protection of personal data, grouped by art. 29 of Directive 95/46/EC, adopted on May 17, 2001. The purpose was to determine some minimum requirements for the online collection of personal data and, in particular, the methods, times and nature of the information that data controllers must provide to users when the latter connect to web pages, independently of the purpose of such connection.
The Recommendation and a brief description of its purposes are reported on other pages of this website.
By consulting this website, you may have access to, collect or process personal data related to both identified and identifiable subjects. The Controller of these data is PAT srl, headquartered in Via San Gaetano 113, Montebelluna (TV).
WHERE ARE YOUR DATA PROCESSED?
Data related to this website are processed in the above-mentioned headquarters in Montebelluna (TV), Italy. Data can only be handled by in-house technical staff assigned to the processing of data, as well as by other employees occasionally assigned to maintenance operations.
No data collected via web service shall be disclosed or disseminated to third parties.
Personal data provided by users requesting to receive information material (brochures, presentations, newsletters, answers to questions, etc.) are used exclusively to deliver the required service or performance and are disclosed to third parties only if this is necessary to fulfill said purpose.
TYPES OF PERSONAL DATA THAT MAY BE PROCESSED
Computer systems and software procedures on which this website is based are made so that they collect, during their ordinary activity, some personal data that are later sent implicitly through the web by systems based on the Internet protocol.
These data are not collected with the intent of associating them with identified parties but, by their very nature, they could lead to the identification of users, if said data are processed and associated with third parties’ data.
This category of data includes:
– IP addresses or domain names of the computers used to connect to the website;
– URI (Uniform Resource Identifier) addresses of the requested resources;
– The time at which the request was made;
– The method used to submit the request to the server;
– The dimension of the file obtained as response;
– The numeric code indicating the server response status (successful, error etc.)
– And other parameters involving the user’s operating system and IT environment.
These data are used solely to obtain anonymous statistical information about the use of the website and to check that it functions correctly and are deleted immediately after processing. Said data could be used to determine responsibility in case of potential cybercrimes against the website. With the exception of said cases, data regarding web contacts are currently not retained for more than seven days.
Data voluntarily provided by the user
The optional, explicit and voluntary act of sending e-mails to the addresses indicated on this website leads to the subsequent acquisition of the sender’s return address, which is necessary to reply to requests, in addition to any other personal data included in the messages.
Precise summary information dedicated to services on request will be provided or displayed on the specific website pages.
Personal data collected through forms are processed for the following purposes:
1. To interact with the user and to fulfill the user’s request for information on our offers, products and services;
2. In case of explicit consent, to carry out marketing and profiling activities, also by using softwares;
3. In case of explicit consent, to periodically receive e-mails and newsletters containing advertising material, updates on our activities, notifications on new posts on our blog, promotional messages and invitations to events, training courses, webinars, special promotions or invitations to take part in market analysis and surveys;
4. In case of the reception of curricula, exclusively for staff selection purposes.
Nature of data provision
Apart from what specified above concerning navigation data and data collected through forms on the website, the provision of data:
For the purposes referred to in letter a) – Data provision is optional but any refusal to provide such data will make it impossible for Pat to fulfill the user’s request.
For the purposes referred to in letters B) and C) – Data provision is optional and an explicit consent is required in order to be entitled to use said data. Any refusal to purpose B) will make it impossible for Pat to fulfill any requests to download information material or to grant the participation in training sessions or workshops. Any refusal to purpose C) will make it impossible for Pat to send you newsletters and advertising material or invitations to Company events and initiatives.
For the purposes referred to in letter D) – data provision is optional, but any refusal to it will make it impossible for Pat srl to fulfill its commitments aimed at recruiting and selecting personnel.
Personal data processing methods
Collected data will be processed by using electronic, automated, computerized and telematics tools or through manual procedures, in order to fulfill the purposes for which data were collected and, in any case, to guarantee their safety and confidentiality.
No personal data are intentionally acquired by our website.
The use of so-called session cookies (which are not permanently stored on the user’s computer and expire as soon as the browser is closed) is strictly limited to the transmission of session identification data, consisting of random numbers generated by the server. Said data are necessary to ensure a safe and efficient website browsing.
Session cookies on this website do not use any computer techniques that may potentially put at risk the confidentiality of the user’s navigation data. Furthermore, they prevent that third parties can access and collect the user’s identification data.
OPTIONALITY OF DATA PROVISION
Apart from what specified above concerning navigation data, the user is free to decide whether or not to communicate his/her personal data in PAT’s request forms or in emails to our Business Office aimed at requesting information material or at establishing other kinds of contacts.
Any refusal to provide said personal data may imply the impossibility to obtain what was requested.
Finally, notice is hereby given that in certain cases (not included in the ordinary management of this website) the Authority may be entitled to request reports and information pursuant to Article 157 of Italian Legislative Decree 196/2003, in order to monitor the processing of personal data. In such cases it is compulsory to reply, otherwise an administrative sanction might be applied.
Personal data processing methods
Personal data are processed by using automated tools exclusively for the period strictly necessary to fulfill the purposes for which data were collected.
Several safety and security measures have been adopted to prevent data loss, illegal or improper use and unauthorized access to data.
RIGHTS OF THE DATA SUBJECTS
Data subjects have the right to obtain information at any time on the existence, the content and the source of their data. Furthermore, they are entitled to verify the accuracy of the data, to request integrations, updates or corrections to them (Art. 7 of Italian Legislative Decree 196/2003).
In accordance with the same article, data subjects have the right to request the erasure, anonymization or blocking of data processed in violation of law, as well as to object to the processing of data on legitimate reasons.
Requests about data processing must be addressed to PAT’s Marketing office, by writing an email to: email@example.com.
This Privacy Notice can be retrieved automatically on the latest versions of your browser, due to an implementation of the P3P standard (“Platform for Privacy Preferences Project”) issued by the World Wide Web Consortium (www.w3.org).
Every effort will be made to ensure that this website and all of its features can interoperate with the automatic privacy control measures available in some products used by users.