POLICY PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679 (GDPR)
Pentolo is an Aderfia S.r.l. product marketed by Aderfia S.r.l.
This information is provided pursuant to EU Regulation 679/2016 and subsequent national compliance legislation (hereinafter, collectively “GDPR”) and describes how the company Aderfia S.r.l. (“Data Controller”) collects and processes personal data of its customers through its website, www.pentolo.com.
The term “personal data” means any information concerning an identified or identifiable natural person. For example, personal data are name, an identification number, location data, and an online identifier.
The data collected are processed in accordance with the principles of fairness, lawfulness, transparency and protection of your privacy and rights.
Data processing is carried out by manual, online and computerized means; security measures are taken to avoid the risks of unauthorized access, destruction or loss, unauthorized processing or processing not in accordance with the purposes of collection.
The provision of personal data is compulsory limited only to the data strictly necessary to establish the relationship for the supply of products and services provided by Aderfia Srl.
1. Categories of personal data processed
1.1 Below is a description of the categories of data we process:
- Data provided directly by the interested party: are all personal data entered on the Website through registration at the appropriate page: https://www.pentolo.com/ (to proceed with online purchases or to register), or which are otherwise provided to Aderfia Srl in order for it to fulfill its obligations.
Examples of data provided directly by potential customers are: name; address and phone number. More generally, all data provided to enable the placing of a purchase order and the sending of newsletters, delivery of products with the provision of contact numbers or addresses (e.g. phone, e-mail, addresses), participation in events, etc.
- Data provided by third parties: this is any personal data that Aderfia Srl collects from other sources (e.g., postal service companies, couriers,), to carry out its services.
- Automatically collected data: this is the browsing data and/or collected by means of so-called “cookies”.
2. Purpose and legal basis for processing
2.1 The data provided are processed for the following purposes:
- commercial, to enter into and execute contracts for buying and selling and shipping goods;
- for administrative purposes and to fulfill legal obligations such as accounting, tax, or to give effect to requests from judicial authorities;
- in the presence of specific consent, to receive promotional communications and invitations to events, special promotions or to participate in market analysis and research;
- in the presence of specific consent, for the periodic sending, by e-mail and SMS, of newsletters and advertising material;
- in the presence of specific consent, to receive updates on our activities and reports on commercial offers;
2.2 For the execution of the contract and the fulfillment of legal obligations, Aderfia Srl may communicate personal data to the following categories of subjects:
- individuals who perform services of a technical and organizational nature on behalf of Aderfia;
- firms, consultants and companies as part of assistance and consulting relationships;
- public authorities, where the conditions are met.
These individuals will process the data as Joint Data Processors or as External Data Processors on behalf of Aderfia.
3. Duration of processing and retention period
3.1 Pursuant to Article 11(1)(e) of the Privacy Code and Article 5(e) of Regulation 2016/679, processed personal data shall be kept in a form which permits the identification of the data subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.
4. Rights of access, deletion, limitation, and portability
4.1 Data subjects are granted the rights set forth in Articles 15 to 20 of the GDPR. By way of example, each interested party may:
- Obtain confirmation of whether or not personal data concerning him/her is being processed;
- where a processing operation is in progress, obtain access to personal data and information related to the processing as well as request a copy of the personal data;
- obtain correction of inaccurate personal data and supplementation of incomplete personal data;
- Request the updating, rectification, integration, transformation into anonymous form, and blocking of data processed in violation of the law, including data no longer necessary for the furtherance of the purposes for which they were collected;
- obtain, in the cases provided for in Article 18 of the GDPR, the limitation of processing;
- Request deletion of your personal information by providing your username and registration e-mail, and within 30 days of sending the e-mail the account will be deleted.
- receive personal data concerning him/her in a structured, commonly used, machine-readable format and request its transmission to another data controller, if technically feasible.
5. Right to object
5.1 Each data subject has the right to object at any time to the processing of his/her personal data carried out in pursuit of a legitimate interest of the Controller. In the event of an objection, your personal data will no longer be processed, unless there are legitimate grounds for processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of a legal claim.
6. Right to withdraw consent
6.1 Where consent is required for the processing of personal data, each data subject may, likewise, revoke consent already given at any time. Consent can be revoked by emailing the address listed on the website under “Privacy”
6.2 Right to object and withdraw consent in relation to processing carried out for marketing purposes
6.3 With reference to the processing of data for the marketing purposes referred to in the “Purposes and legal basis of processing” section, each data subject may at any time revoke any consent given or object to their processing, through a specific request made by e-mail to: firstname.lastname@example.org
7. Right to lodge a complaint with the guarantor
7.1 In addition, each data subject may lodge a complaint with the Guarantor for the Protection of Personal Data if he/she believes that his/her rights under GDPR have been violated, in the manner indicated on the Guarantor ‘s website, accessible at: www.garanteprivacy.it. Exercising the rights of the data subject is free of charge.
7.2 Where the person giving the data is under the age of 18, such processing is lawful only if and to the extent that such consent is given or authorized by at least one of the holders of parental responsibility for whom the identifying data and copy of the identification document are acquired.
8. Data controller and data processor
8.1 Pursuant to Art. 4 of EU 679/2016, it is specified that the Data Controller is ADERFIA SRL with office in Via Matteotti no. 6, 73020 Serrano (Lecce), in the person of the pro-tempore legal representative.
The Data Processor, whom you can contact to exercise your rights under Art. 12 GDPR and/or for any clarifications regarding personal data protection, can be reached at: email@example.com
9. Data transfer to non-EU countries
10.1 This website may share some of the data collected with services located outside the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) through social Plugins and the Google Analytics service. The transfer is authorized under specific decisions of the European Union and the Data Protection Authority, in particular Decision 1250/2016 (Privacy Shield ), so no further consent is needed. The aforementioned companies guarantee their adherence to the Privacy Shield.
11.1 This policy may be subject to change. If substantial changes are made to the use of data relating to the user by Aderfia Srl, it will notify the user by publishing them as prominently as possible on its pages.