Privacy Policy

This information notice (hereinafter, "Privacy Notice") relates to the processing of your personal data while browsing the website www.felceazzurra.it (hereinafter, the "Site") carried out by Paglieri S.p.A., with registered office in SS 10 per Genova, km 98 - 15122 Alessandria, P. IVA 01681270060, email privacy@paglieri.com (hereinafter, the "Data Controller"), in accordance with the current regulations on the protection of personal data, including also the EU Regulation 2016/679 ("GDPR").

1. Identity and contact information of the Representative

As the Data Controller is established in the territory of the EU, no representative has been appointed.

2. Contact details of the data protection officer

The Data Controller has not appointed a Data Protection Officer ("DPO") pursuant to Article 37 GDPR.

3. Means of treatment

In order to complete the connection to the Site, some of your personal data is acquired. This set of data includes, for example:

• The IP address of the device you are using;
• The date and time of access;
• The type of browsing browser;
• The operating system used.

4. Purposes of processing, legal basis of processing and optionality of consent

Your personal data will be processed for the following purposes:

a. Personal data processed while browsing the Site: in this circumstance, your personal data will be processed in order to allow you to properly navigate the Site. For this purpose, the communication of your personal data is a contractual obligation, without which the Site's own services could not be made available properly functioning. Without communication of your personal data, the Data Controller will not be able to provide you with the services of the Site.

b. Personal data voluntarily provided via email or form: in this circumstance, your data will be processed by the Data Controller to follow up on your requests voluntarily made via form and/or email. Disclosure of your personal data for this purpose is purely optional. The legal basis for this processing is the legitimate interest of the Data Controller in following up and responding to your requests. In the absence of communication of your personal data, the Data Controller will not be able to respond to your requests.

c. Personal data processed for sending commercial communications: in this circumstance your personal data will be processed in order to send you direct marketing communications, newsletters, advertising material, by means of traditional contact systems and automated computer systems, including commercial or promotional communications by e-mail or SMS, or for market research and analysis. Disclosure of your personal data for this purpose is purely optional. The legal basis for this processing is your explicit consent to the processing of your personal data for this purpose. In the absence of your consent, the Data Controller will not proceed to send you commercial communications.

d. Personal data processed for profiling: in this circumstance, your personal data will be processed for activities to determine your habits and preferences with profiling treatments in order to provide you with a personalized service. The disclosure of your personal data for this purpose is purely optional. The legal basis for this processing is your explicit consent to the processing of your personal data for this purpose. In the absence of your consent, the Data Controller will not be able to provide you with personalized services.

e. Personal data processed for legal obligations: in this circumstance your personal data will be processed for purposes related to related legal obligations. The legal basis for processing is the legal obligation of the Data Controller to process personal data in accordance with applicable law.

5. Automated decision making and profiling

If you consent to the processing of your personal data in order to enjoy personalized services through profiling, your personal data may be subject to an automated decision-making process, with a specific algorithm that will decide which communications are best suited to your profile or which might be of most interest to you. The processing carried out in this way has, as expected consequences, by way of example, the sending of highly profiled commercial communications, the sending of discounts, the sending of invitations to events deemed to be of interest, etc.. In accordance with Article 22 GDPR, you have the right to:

• obtain human intervention in decision making by the Data Controller; 
• express your opinion;
• obtain an explanation of the decision achieved by the Data Controller;
• challenge the decision itself.

6. Source from which personal data originated

Only personal data provided in accordance with the Privacy Policy will be processed. The Data Controller will not process personal data from publicly accessible sources.

7. Recipients and categories of recipients of personal data

They may be recipients of personal data:

• communications companies that carry out commercial communications and profiling activities on behalf of the Data Controller, where the relevant consent has been given, which hold the status of data processors;
• Companies offering information society services, including, in particular, those offering hosting services;
• companies conducting statistical and market surveys, if the relevant consent has been given.

8. Categories of personal data processed

In accordance with this Privacy Policy, the following categories of personal data will be processed:

• browsing data necessary to complete your connection to the Site in accordance with the related purpose in Section 4;
• the personal and contact information you provide by email and/or form in accordance with the relevant purpose in Section 4;
• contact information and any others you provide to receive commercial communications in accordance with the relevant purpose set forth in Section 4;
• personal data related to your habits and preferences collected through profiling mechanisms in order to provide you with personalized services in accordance with the related purpose in Section 4;
• personal data necessary to fulfill specific regulatory obligations in accordance with the relevant purpose in Section 4.

9. Data Transfer

The Data Controller intends to transfer personal data to entities established in a country outside the European Union or to an international organization. Such entities could be represented, by way of example, by:

• provider of information society services.

The transfer of personal data to such entities, when established in a third country or an international organization, is made in the presence of an adequacy decision of the European Commission, which has verified how the third country, the territory or one or more specific sectors within the third country, or the international organization in question guarantee an adequate level of protection of rights. In any case, the Data Controller, if it nevertheless deems it appropriate, reserves the right to enter into specific separate agreements obliging such entities to take appropriate security measures, including organizational measures, designed to provide appropriate safeguards for your rights. Personal data may thus be transferred to the following countries: U.S.A.. To obtain a copy of such data or the place where it has been made available, simply send the relevant request to the Data Controller, at the addresses above.

10. Period of retention of personal data

In relation to personal data processed in accordance with this Privacy Policy, the Data Controller adopts the following retention periods:

• browsing data required to complete your connection to the Site will be retained for 6 months beginning when the browsing session is closed;
• the personal and contact information you provide via email and/or form will be kept for the time strictly necessary to follow up only and exclusively on your eventual requests;
• contact information and any others you provide to receive commercial communications will be processed and retained until you revoke your previously provided consent for this type of processing. The Data Controller, once the request has been handled, will proceed without undue delay to delete all your personal data pertaining to this processing;
• personal data related to your habits and preferences collected through profiling mechanisms will be processed and stored until you revoke the consent previously provided for this type of processing. The Data Controller, once the request has been handled, will proceed without undue delay to delete all your personal data pertaining to this processing;
• personal data required to fulfill specific regulatory obligations will be retained in compliance with relevant legal provisions.

11. Right of opposition

As a Data Subject, you have the right to object in the following terms:

• the right to object at any time, on grounds relating to your particular situation, to the processing of Personal Data concerning you in accordance with Article 6(1)(e) or (f) GDPR. The Data Controller shall refrain from further processing your Personal Data, unless the Data Controller demonstrates the existence of compelling legitimate grounds for processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims;
• where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data about you carried out for such purposes, including profiling insofar as it relates to direct marketing;
• if you object to processing for direct marketing purposes, your personal data is no longer processed for such purposes. You may object to the processing of your personal data for direct marketing purposes even in part, for example by objecting only to the sending of promotional communications carried out through automated and/or digital means, or to the sending of paper communications and/or the receipt of telephone communications;
• where your personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, on grounds relating to your particular situation you have the right to object to the processing of personal data, unless the processing is necessary for the performance of a task carried out in the public interest.

12. Other Rights

The Data Controller would also like to inform you of the existence of your following rights:

• Right of access: you have the right to obtain confirmation from Data Controller that personal data concerning you is or is not being processed, and access to your personal data and specific information, in accordance with Article 15 GDPR;
• Right of rectification: you have the right to obtain from the Data Controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration, in accordance with Article 16 GDPR;
• Right to data erasure, including the right to withdraw consent: you have the right to obtain from the Data Controller the erasure of your personal data without undue delay or to withdraw your consent to the processing, if the grounds defined in Article 17 GDPR exist. You have the right to revoke consent at any time, without affecting the lawfulness of the processing based on the consent you gave before revocation;
• Right to limitation of processing: you have the right to obtain from the Data Controller the limitation of processing, when the cases defined in Article 18 GDPR apply;
• Right to data portability: you have the right to receive, in a structured, commonly used, machine-readable format, your personal data provided to the Data Controller and you have the right to transmit it to another Data Controller without hindrance from the Data Controller named in this Privacy Notice, as provided for in Article 20 GDPR;
• Contractor's right to object to commercial communications: as a contractor, you have the right to object at any time, free of charge, to receiving commercial communications from the Data Controller;
• Right to lodge a complaint with the Data Protection Authority: you have the right to lodge a complaint with the Data Protection Authority, to complain about a violation of data protection regulations, in accordance with Article 77 GDPR.

13. How to exercise your rights

You will be able to exercise the rights indicated in the Privacy Policy by addressing instances directly to the Data Controller at the e-mail address privacy@paglieri.com, or by sending the relevant communication by registered letter with return receipt to the registered office of the Data Controller as indicated above. You will be able to lodge a complaint with the Data Protection Authority in the manner provided on the official website, addressing it to the contact details available at https://www.garanteprivacy.it/home/footer/contatti.

14. Accessibility of Privacy Policy

The Privacy Policy is available within the Site or at the Data Controller's premises.

15. Changes

The Data Controller may amend the Privacy Policy, including to adapt to changes in national and/or European Union legislation, or technological innovations. Any new versions of the Privacy Policy will be posted within the Site. We encourage you to check the Privacy Notice periodically. Any changes will still be communicated to you through a pop-up on the Site or different modalities and/or computer tools.

If the Data Controller substantially modifies the Privacy Policy, providing for new processing purposes and/or categories of personal data processed, the same will inform you, requesting the necessary consents, by means of a pop-up on the site or different modalities and/or computer tools.

Updating date: 11^th December 2023