Information for the processing of personal data pursuant to art. 13 of Regulation (EU) 2016/679
This Notice describes how personal data is processed through the website “www.pladway.com” (hereinafter also the “Website“) with reference to individuals who consult it.
Pladway S.r.l., intends to ensure that the processing of personal data of each visitor to the Website, carried both with manual and automated means, is performed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, as well as the free movement of such data (hereinafter “GDPR“) and the additional applicable rules on the protection of personal data, also in relation to internet access made from abroad, in line with the provisions of this Notice.
Unless otherwise specified and regulated by a specific Notice on the processing of personal data provided pursuant to Article 13 of the GDPR, this Notice must also be understood as a document aimed at providing indications referred to in articles 13 and 14 of the GDPR to those who are browsing the Website and interact with the data controller through the services offered by the same website.
It should be noted that this Notice is applicable exclusively to the Website of Pladway S.r.l. and does not refer to other websites that may be consulted by the user during their navigation by clicking on links and / or banners on the Website.
- Data Controller and Data Protection Officer
Pladway S.r.l., in the person of its pro tempore legal representative, with registered office in Italy, Via Fra’ Luca Pacioli, 3 – 20144 Milano, e-mail email@example.com, VAT 10251710967, is the Data Controller of the personal data.
Data Protection Officer (DPO): Dr. Donato Eugenio Caccavella, e-mail adress: firstname.lastname@example.org
- Type of data processed, purpose of the processing and legal basis relating to navigation on the Website
Our website offers informative and sometimes interactive content. During navigation we can process information about users, in the following ways:
- Navigation data
The computer systems and software procedures used to operate the Website collect, during their normal operation, aspects of personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and the addresses of websites from which access or exit was made, information on the pages visited by users within the site, the time of access, the permanence on the single page, the analysis of the internal path and other parameters relating to the operating system and the user’s computer environment.
Legal basis: the legitimate interest of the Data Controller in the management and administration of the website as well as in the improvement and development of services provided online, pursuant to Article 6 paragraph 1 letter f).
- Data provided voluntarily by the users
These are all those personal data freely given by the visitor on the Website, for example, to register and / or access a reserved area, request information on a specific product or service through a form or use the newsletter service offered by the Company. The processing of such personal data will be carried out on the basis of all the information contained in the specific Notice provided pursuant to articles 13 and 14 of the GDPR by the data controller when providing personal data during registration as requested in the appropriate forms.
Legal basis: The processing carried out for this purpose is based on the execution of a contract or pre-contractual measures, pursuant to Article 6 para. 1 letter b). For the newsletter service, the relative legal basis is the consent freely given by the data subject, pursuant to Article 6 paragraph 1 letter a).
Legal basis: the legal basis for non-technical cookies is the consent freely given by the data subject, pursuant to art. 6 para.1 letter a).
- Methods of processing and transfer of data
The processing of personal data takes place through IT tools suitable to guarantee the security and confidentiality of the data and in compliance with security measures deemed adequate by the Data Controller pursuant to art. 32 GDPR, through secure communication protocols with SSL encryption algorithms.
The data may also be processed in an automated form, with or without the use of electronic tools (including e-mail, fax, telephone and any other remote communication technology) according to principles of correctness, lawfulness, transparency.
In addition, personal data may be processed by authorized personnel and / or system administrators who need to have access on the basis of their activity or by external parties who perform services on behalf of the Data Controller (for example the management of the IT system, agencies and communication companies) adequately appointed as data processors or who act as independent data controllers.
The data may be transferred to a third country on the basis of the adequacy decisions of the European Commission or on the basis of adequate guarantees provided for by current legislation.
- Redirects to external websites
The website may use the so-called “Social plug-ins”. Social plug-ins are special tools that allow you to incorporate the features of the social network directly into the Website (e.g. the Facebook “like” function).
All social plug-ins on the website are marked with the respective logo owned by the social network platform.
When you visit a page of the website and interact with the plug-in (e.g. by clicking the “like” button), the corresponding information is transmitted from your browser directly to the social networking platform (in this case Facebook) and stored by it.
- Retention period
The personal data collected will be stored, in accordance with Article 5 of the GDPR, for a period of time not exceeding that necessary to achieve the purposes for which they are collected and for the maximum time required by law. In particular, personal data will be processed for a period of time equal to the minimum necessary, as indicated from Recital 39 of the GDPR, i.e. until the termination of the existing relationships between the data subject and the data controller without prejudice to a further retention period that may be imposed by law as also provided for by Recital 65 of the GDPR.
More details on the specific retention periods in relation to the single proceedings will be found within the Notice provided, pursuant to Art. 13 and 14 of the GDPR, at the time of collection of personal data during registration as requested in the appropriate forms.
- Data subjects’ rights
As provided for in Article 15 of the GDPR, the data subjects can access their personal data, request its correction and updating, if incomplete or erroneous, request its cancellation if the collection has taken place in violation of a law or regulation, as well as oppose the processing for legitimate and specific reasons.
In particular, we report below all the rights that can be exercised, at any time, towards the data controller:
- Right to access: the right, pursuant to Article 15, paragraph 1 of the GDPR, to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and in this case, to obtain access to such personal data and to the following information: a) the purposes of the processing; (b) the categories of personal data concerned; c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4, of the GDPR and, at least in those cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
- Right to rectification: right to obtain, pursuant to Article 16 of the GDPR, the correction of personal data that are inaccurate, taking into account the purposes of the processing, in addition, it is possible to obtain the integration of personal data that are incomplete, also by providing a supplementary declaration.
- Right to erasure: right to obtain, pursuant to Article 17, paragraph 1 of the GDPR, the cancellation of personal data without undue delay and the data controller will have the obligation to delete your personal data, if there is even one of the following reasons: a) the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) you have revoked the consent on which the processing of your personal data is based and there is no other legal basis for their processing; c) the interested party has opposed the processing pursuant to Article 21, paragraph 1 or 2 of the GDPR and there is no longer any overriding legitimate reason to proceed with the processing of personal data; d) the personal data have been processed unlawfully; e) it is necessary to delete personal data to fulfill a legal obligation provided for by a community rule or national law. In some cases, as provided for in Article 17, paragraph 3 of the GDPR, the data controller is entitled not to provide for the cancellation of your personal data if their processing is necessary, for example, for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, for purposes of archiving in the public interest, scientific or historical research or statistical purposes, for the establishment, exercise or defense of a right in court.
- Right to restrict processing: right to obtain the limitation of processing, pursuant to Article 18 of the GDPR, in the event that one of the following hypotheses occurs, the interested party: a) has contested the accuracy of his personal data (the limitation will last for the period necessary for the data controller to verify the accuracy of such personal data); b) the processing is unlawful but has opposed the cancellation of the your personal data asking, instead, that its use be limited; c) although the data controller no longer needs it for the purposes of processing, the personal data are used for the assessment, exercise or defense of a right in court; d) has opposed the processing pursuant to Article 21, paragraph 1, of the GDPR and is awaiting verification of the possible prevalence of the legitimate reasons of the data controller with respect to his own. In case of restriction of processing, personal data will be processed, except for storage, only with consent or for the establishment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of important public interest.
- Right to data portability: right to request at any time and receive, pursuant to Article 20, paragraph 1 of the GDPR, all personal data processed by the data controller in a structured, commonly used and readable format or request its transmission to another data controller without hindrance. In this case, it will be the responsibility of the interested party to provide us with all the exact details of the new data controller to whom he intends to transfer his personal data by providing us with written authorization.
- Right to object: pursuant to Article 21, paragraph 2 of the GDPR and as also reiterated by Recital 70, you can object, at any time, to the processing of your personal data if these are processed for direct marketing purposes, including profiling to the extent that it is connected to such direct marketing.
- Right to lodge a complaint with a supervisory authority: without prejudice to the right to appeal to any other administrative or judicial office, if it is considered that the processing of personal data conducted by the data controller takes place in violation of the GDPR and / or applicable legislation, it is possible to lodge a complaint with the Guarantor for the Protection of Personal Data.
To exercise all the rights as identified above, simply contact the data controller or the DPO at the following and e-mail address: email@example.com
- Processing of minors’ data
The services on this Website are aimed at a general audience and are not intended for minors under the age of 14. The Data Controller does not reasonably collect personal data from users under this age group. In case of collection of personal data belonging to a minor under the age of 14, the Data Controller will immediately delete them.
- Updates to this policy
This Notice is applicable to the website from its publication and supplements and completes the Notices on the processing of personal data made at each stage of collection. The possible entry into force of new sector regulations, as well as the constant examination and updating of the general conditions of use of the website, could entail the need to vary these methods. It is therefore possible that this Notice will undergo changes over time, and we therefore invite each user to periodically consult this page. It is understood that any change in the Notice on the processing of personal data made during the collection phase will be communicated to each data subject by the data controller in the manner identified by the latter.