Web privacy policy

WEB PRIVACY POLICY – PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679

 

General Information

Pama SPA, hereinafter referred to as the Company, has drafted this Privacy Policy in order to describe the management methods for the website www.pamamachinetools.com, with reference to the processing of personal data of its users/visitors. This policy is provided pursuant to article 13 of Regulation (EU) 2016/679 (GDPR) to those visiting the Company’s Website and using the corresponding web services supplied from the domain www.pamamachinetools.com. This policy is provided only for the above-mentioned site, and not for any other websites which may be accessible to users via links.

This privacy policy represents an integral part of our site and the services we offer. Access to and use of the site, as well as the purchase of products on the site, operates on the assumption that this Privacy Policy has been read and understood in its entirety. If you do not agree with the provisions of this Privacy Policy, please do not use the website.

The company may modify or update the entirety of this Privacy Policy or parts thereof. Any modifications or updates to the Privacy Policy will be made available to all users in the Privacy section of the site as soon as the updates are live, and will be binding as soon as they are published in this section of the website. If the user does not accept such modifications, they should suspend use of the website. Continued use of our website and our products and services following publication of the aforementioned modifications and/or updates equates to acceptance of the modifications and recognition of the binding nature of the new terms and conditions. The website www.pamamachinetools.com is owned by and entirely managed by the Company.

 

Types of Data Processed and Purpose of the Processing:

Navigation Data

The IT systems and software procedures responsible for the operation of this website acquire certain personal data during normal operation which are then implicitly transmitted in the use of the Internet communication protocols. This is information which is not gathered in order to be associated with identified parties, but due to its nature could, through processing and association with data held by third parties, permit identification of the users. This category of data includes the IP addresses or domain names of the computers used by visitors to the site, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to issue the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, failure etc.) and other parameters concerning the user’s operating system and IT environment. These data are used only to obtain anonymous statistical information on use of the site and to check it is operating correctly, and are deleted immediately after processing. The data may be used to ascertain responsibility in case of hypothetical computer crimes against the Site; aside from this eventuality, the data on web contacts are not stored for more than 24 months. The legitimate legal basis for processing of these data is article 6, para. 1, f) of Regulation (EU) 2016/679 (legitimate interest of the Controller).

 

Data Supplied Voluntarily by Users/Visitors

Whenever users/visitors accessing this site send their personal data to make requests via email or by compiling questionnaires of various kinds, this entails the acquisition by the Company of the sender’s address and/or any other personal data, which will be processed exclusively for the purposes specified in this policy. Site users/visitors can provide their data to contact the Company in the dedicated Contact Details section in order to receive a reply from the same, or in the Newsletter section to receive periodic updates. Failure to provide this data may only make it impossible to satisfy the request.

Once acquired, these personal data will be processed for purposes connected with fulfilling your specific requests, statistical analysis, fulfilment of contractual, tax, accounting, dispute and credit protection obligations, as well as any obligations provided for under applicable legislation.

Acceptance of the Company’s Privacy Policy is an essential requirement for making use of the Contact Details and Newsletter services. The legitimate legal basis for processing Newsletter’s data is article 6, para. 1, a) of Regulation (EU) 2016/679 (consent of the Data Subject).

Data Subjects can unsubscribe from the Newsletter service at any time via the dedicated link contained in all information emails.

 

Cookies

This website gathers certain personal information relating to web access through the use of cookies. For further information on the Company’s Cookie Policy, visit the following link (Cookie Policy).

Apart from the information specified for navigation data, users/visitors are free to decide whether to provide their personal data. As such, visitors are able to navigate the site without revealing personal data and information.

 

Controller – Data Protection Officer (DPO)

Pursuant to article 24 of Regulation (EU) 2016/679 (GDPR), the Controller with regard to any personal data gathered by this website is the company Pama S.p.A., register of companies reg. no. 01766560229, with registered office in Rovereto (TN), Italy, represented by its pro-tempore legal representative.

Personal data may be processed within the limits of, and by the methods specified in, this declaration, by employees and contractors of the company designated as Processors or operatives assigned to the processing, who receive adequate operating instructions and act under the direct authority of the Controller.

The Processor is the party responsible for IT security on a pro-tempore basis, with domicile at the Company premises.

The Data Protection Officer is Opus srl, which can be contacted as follows:

 

Transfer to third parties

The personal data will be transferred to Pama S.p.A. in order to allow it to respond to requests for information, or may otherwise be transferred to organisations and institutes in order to fulfil legal obligations, where required.

The Company also makes use of other companies and natural persons to carry out certain tasks such as sending emails, shipping packages, and making payments. The aforementioned parties have access only to the personal information strictly necessary to carry out their assigned tasks. The Company highlights the prohibition of using it for other purposes, as well as the obligation to perform processing in compliance with this Privacy Policy and all applicable legislation.

The Company does not deliberately gather special categories of personal information or data relating to criminal convictions and offences through this website.

Data belonging to special categories of personal information, as defined in article 9 (GDPR), include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Personal data relating to criminal convictions and offences, pursuant to article 10 (GDPR), include data able to reveal or identify proceedings pursuant to article 3, para. 1 a) — o) and r) — u) of Italian Presidential Decree no. 313 of 14 November 2002, governing criminal records and pending charges, or status of being either defendant or the subject of investigations pursuant to articles 60 and 61 of the Italian code of criminal procedure.

It is recommended not to supply such information through this website. In the event that transfer of such information is necessary (for example membership of a “protected category” when sending a CV for hiring purposes, in response to a situations vacant announcement or when expressing interest in working for the Company), it is recommended to send a specific declaration to the company’s registered office via “PEC” certified email or registered letter containing written consent to processing of the relative special categories of personal information. As regards navigation data and cookies, note that they may be transferred to parties outside of the European Economic Area (EEA). Such parties shall act in compliance with Regulation (EU) 2016/679. In this regard, please make reference to the following link (Cookie Policy).

 

Data Retention

The personal data and information of visitors/users gathered by this website, including data freely provided for the purpose of receiving information material or other communications by compiling the specific sections contained therein, shall be retained for the sole purpose of supplying the requested service and for a maximum duration of 40 days, with the exception of data provided for signing up to the Newsletter. Once the service has been provided in full, all personal data shall be deleted in accordance with this Privacy Policy, unless specified otherwise by the authorities or due to retention requirements laid out by law, or in accordance with indications to the contrary given in specific sections of the website.

 

Exercising Your Rights as Data Subject

Pursuant to articles 15-21 (GDPR), Data Subjects are guaranteed the following rights:

  • Right to access to data (Article 15, Regulation (EU) 2016/679)
  • Right to correction (Article 16, Regulation (EU) 2016/679)
  • Right to deletion (Article 17, Regulation (EU) 2016/679)
  • Right to limitation (Article 18, Regulation (EU) 2016/679)
  • Right to data portability (Article 20, Regulation (EU) 2016/679)
  • Right to object (Article 21, Regulation (EU) 2016/679)

When the acquisition by the Controller has been performed following consent provided by the Data Subject, the latter has the right to revoke this consent at any time.

Data Subjects may also, should they believe that one or more of their rights has been violated, make a complaint to the relevant supervisory authority (Italian Data Protection Authority – “Garante per la Privacy”) as specified in the following link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524

Please also note that Pama SPA does not make use of solely automated decision-making processes.

All rights laid out above can be exercised at any time and at no cost by writing to the following “PEC” (certified email address): amministrazione@pec.pama.it or by sending a written request to Pama SpA, Viale del lavoro 10, 38068 Rovereto (TN), Italy.

 

Data Security

The company protects personal data through the application of internationally recognised levels of security, as well as through specific security procedures to protect such data:

  • From unauthorised access
  • From improper use or release
  • From unauthorised modification
  • From loss or deletion, either accidental or criminal

 

Minors

The website www.pamamachinetools.com is not designed to be used by minors. We understand the importance of protecting information concerning minors, particularly in an online environment, and as such we do not deliberately gather or maintain data relating to minor persons.