PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA FOR BROWSING THE WEBSITE AND COOKIES

pursuant to arts. 12 et seq. of Regulation (EU) 2016/679 (GDPR)

FOREWORD

In compliance with the provisions of EU Regulation 2016/679 (hereinafter referred to as GDPR) we hereby provide information regarding the processing of personal data provided by the data subject, relating to the relationships with PAT (hereinafter referred to as the Company). The information is provided pursuant to art. 13 GDPR.

1. IDENTITY AND CONTACT DETAILS

The Data Controller is PAT Srl with registered office in Via San Gaetano, 113, 31044 Montebelluna (TV) – tel +39 0423600531; fax: + 39 0423302077; email: info@pat.eu; pec: pat@legalmail.it.

2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER (DPO)

The Data Protection Officer is Mr. Mario Brocca, tel. +39 0371/ 594.3191, email: dpo@zucchetti.it; certified email: dpogruppozucchetti@gruppozucchetti.it.

3. PERSONAL DATA PROCESSING PURPOSES

For all website users, personal data may be used to:

• allow browsing of the public web pages on our website;
• respond to requests received via the e-mail addresses published on the website;
• collect anonymous statistical information about use of the website (e.g. analysis of the most visited web pages);
• collect anonymous statistical information about the geographical areas of arrival;
• check the proper functioning of the website;
• determine responsibilities for any illegal activity carried out to the detriment of the website.

In addition to the purposes described above, the personal data of users who register with the website will also be used for purposes connected with the services requested and, in particular, to:

• request information about the solutions offered by the Company;
• examine information about and demos of Company products and services;
• browse the private web pages on our website;
• register users for the requested service;
• fulfill the contractual obligations associated with the requested service, where applicable;
• send technical communications and/or those relating to the management and provision of the services requested;
• marketing and remarketing purposes;
• send advertising and promotional information by e-mail.

4. COOKIES

Technical cookies will be downloaded when browsing the website. These include:

• session cookies used to “fill the shopping cart” for on-line purchases; authentication cookies; cookies for multimedia content, such as Flash Player, that are deleted at the end of the session; customization cookies (e.g. to choose the browsing language), etc.;
• “analytics” cookies for the statistical analysis of access/visits to the website, which are used solely for statistical purposes and to collect information in an aggregated form.

There are also statistical and profiling cookies, also of third parties to which you may be redirected during browsing.

The complete and updated list of cookie types is available in the banner of the cookie detection and management tool.

5. LEGAL BASIS FOR PROCESSING

This website processes data based on consent. By using or consulting this website, the data subject implicitly consents to the possibility of storing only those cookies that are strictly necessary (“technical cookies”) for the functioning of this website. For other types of cookies, the data subject can provide or withhold the consent through the appropriate flags in the banner that appears when you open the website. Limited to access to internal portals that provide for a controlled access procedure, the legal basis is the legitimate interest of the Company, attributable to the safety of the service.

6. RETENTION PERIOD OF YOUR DATA:

The personal data collected during the browsing session will be retained for the time needed to carry out the specified activities and for no more than 26 months. Data provided voluntarily by the user will be retained until the user revokes the related consent given. Consents expressed with reference to non-technical cookies will be valid for 6 months, after which the consent will be requested again.

7. PERSONAL DATA COLLECTED AND MANDATORY OR OPTIONAL NATURE OF DATA PROVISION AND CONSEQUENCES OF ANY REFUSAL TO DO SO

Like all websites, this website also uses log files to retain the information collected during visits by users in an automated manner. The following types of information may be collected:

• internet protocol (IP) address;
• type of browser and parameters of the device used to connect to the website;
• name of the Internet service provider (ISP);
• date and time of the visit;
• the web page from which the visitor arrives (referral) and exits to;
• the number of clicks, if any.

The above information is processed automatically and collected in order to check the proper functioning of the website, as well as for statistical or security reasons.

For security reasons (anti-spam filters, firewall, virus detection), the data recorded automatically may also include such personal data as the IP address, which may be used in compliance with the relevant current legislation to block attempts to damage the website or other users or, in any case, to block other detrimental activities or crimes. Such data is never used to identify or profile the user, but solely to safeguard the website and its users.

As a consequence of normal use, the IT systems and software procedures dedicated to the functioning of this website acquire certain personal data whose transmission is inherent to the use of Internet communications protocols. This category of data includes the IP addresses or domain names of the computers used to link to the website, the addresses of the resources requested in URI (Uniform Resource Identifier) notation, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the reply given by the server (success, error, etc.) and other parameters relating to the operating system and IT environment of the user.

Except as specified for the browsing data, the user is free to provide additional personal data, with respect to that indicated above, when registering with the website.

Failure to provide this data may make it impossible to obtain the requested information or to provide certain services and the browsing experience on the website might be compromised.

The Company confirms that your “sensitive” data is never collected.

8. PROCESSING METHODS

Pursuant to and for the effects of Arts. 12 et seq of the GDPR, the personal data that the data subject provide to us will be recorded, processed and retained in the Company’ hard-copy and electronic files, with the use of adequate technical and organizational measures in order to safeguard such data. The processing of data subject personal data may consist in any operation or set of operations described in art. 4, para. 1, point 2 GDPR.

Personal data will be processed with the use of suitable tools and procedures that guarantee security and confidentiality. Such processing activities may be carried out directly and/or via delegated third parties using IT equipment or electronic instruments.

9. SCOPE OF KNOWLEDGE OF YOUR DATA

The data of the data subject may be processed by the employees of the corporate functions of the Companies assigned to the pursuit of the purposes indicated above. These employees have been expressly authorized to process the data and have received adequate operating instructions pursuant to and for the purposes of Article 29 GDPR.

The data may also be communicated by the Companies to:

• HR and Administrative Office;
• Commercial area;
• Marketing.

10. COMMUNICATION AND DISSEMINATION

The personal data of the data subject, provided through registration, may be communicated, meaning by this term the giving of knowledge to one or more specific subjects, by the Companies to third parties in order to implement all the necessary legal and/or contractual obligations. In particular, the personal data of the interested party may be communicated to public bodies or offices or control authorities in order to fulfil legal and/or contractual obligations.

Your data may be may communicated as follows:

• to parties able to access the data pursuant to laws, regulations or EU legislation, within the limits envisaged in such provisions;
• to parties that need to access your data for purposes ancillary to the relationship that exists between you and us, within the limits strictly necessary to carry out the ancillary tasks;
• to our consultants and/or professionals, within the limits required for them to carry out their work at our or their organization, following our appointment letter that imposes duties of confidentiality and security.

Dissemination – The Company will not disseminate your data indiscriminately, i.e. they will not make it known to unspecified parties or make it available for use or consultation.

Trust and confidentiality – The Company recognize the importance of the trust shown by data subjects who consent to the processing of their personal data and, therefore, undertake not to sell, lease or rent such personal information to others.

11. DATA TRANSFER TO COUNTRIES OUTSIDE THE EU

The data provided by the data subject will only be processed countries within the European Union. If the personal data of the data subjects are processed in a country outside of the EU, the data subject’s rights under EU legislation will be guaranteed and the data subject will be notified on a timely basis.

12. How to deactivate cookies?

Most browsers (Internet Explorer, Firefox, Chrome, etc.) are configured to accept cookies. The cookies stored on the hard disk of your device can however be deleted and, in addition, it is possible to deactivate cookies by following the instructions provided for the principal browsers at the links below:

Chrome                              https://support.google.com/chrome/answer/95647?hl=it

Firefox                                http://support.mozilla.org/it/kb/Eliminare%20i%20cookie

Internet Explorer               https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies#

Opera                                 https://help.opera.com/en/latest/web-preferences/#cookies

Safari                                  https://support.apple.com/it-it/HT201265

13. RIGHTS OF THE DATA SUBJECT

Pursuant to Articles 15 et seq of the GDPR, the data subject may exercise the following rights:

1. access: to obtain confirmation of whether or not the personal data of the data subject are being processed and the right to access them; requests that are manifestly unfounded, excessive or repetitive cannot be answered;
2. rectification: to correct/obtain the correction of personal data if incorrect or outdated and to complete data if incomplete;
3. erasure/to be forgotten: in some cases, to obtain the erasure of the personal data provided; this is not an absolute right, as the Companies may have legitimate or legal reasons to store them;
4. limitation: the data will be stored, but cannot be processed further, in the cases foreseen by the regulation;
5. portability: to move, copy or transfer data from the Companies’ databases to third parties. This applies only to data provided by the data subject for the performance of a contract or for which express consent has been given and the processing is carried out by automated means;
6. objection to direct marketing;
7. withdraw of the consent at any time if processing is based on consent.

Pursuant to Art. 2-undicies of Legislative Decree 196/2003, the exercise of data subjects rights may be delayed, restricted or excluded, following justification provided without delay, unless this might compromise the purpose of the restriction, for as long as and to the extent that this constitutes a necessary and proportionate measure, taking into account the fundamental rights and legitimate interests of the data subject, in order to safeguard the interests referred to in paragraph 1, letters a) (protected interests with regard to money laundering), e) (for the conduct of defensive investigations or the exercise of a right in court) and f) (for the confidentiality of the identity of the employee who reports offenses he becomes aware of on his duties). In such cases, data subjects’ rights may also be exercised through the Personal Data Protection Authority in the manner referred to in Article 160 of said Decree. In such case, the Personal Data Protection Authority will inform the data subject that it has carried out all the necessary checks or that it has carried out a review, as well as of the data subject right to take legal action.

It should also be noted that – before processing the requests – the Companies may ascertain the identity of the data subject, in order to evaluate the legitimacy of the same.

To exercise such rights, the data subject may contact the Data Controller at: privacy@pat.eu or by calling 0423 600531 or by sending a message to the PAT Privacy Office, Via San Gaetano, 113, 31044 Montebelluna TV. The Data Controller will reply to you within 30 days of receiving your formal request.

If the above-mentioned rights concerning data subject personal data are infringed, the latest may complain to the competent authority.

THE DATA

CONTROLLER