PRIVACY POLICY

INFORMATION ON THE PROCESSING OF PERSONAL DATA

of natural persons visiting the website of the Company Fratelli Pisa S.r.l. concerning the requirements of Article 13 of Regulation (EU) 2016/679.

 

PURPOSE

 

Dear user, visiting our website, accessible via telematic means at the addresses linked to the domains registered to the Company, such as www.pisa1940.com; www.pisaorologeria.com; www.pisaorologeria.it., generally does not result in the processing of personal data, beyond information required to access the site, unless you interact with us for example through using specific contact points and/or functions available on the site.

In accordance with current regulations for the protection of personal data, we set out below how and why we process any information which concerns you, including anonymous information which is processed while navigating the site.

This information sheet does not concern other sites, pages or online services which may be reached following any hypertext links published on any site linked to us but referring to resources external to our domains.

 

DATA CONTROLLERS AND DATA PROTECTION OFFICERS

 

The Data Controller, or the decision-maker for the purposes, means, and security of personal data, is the company Fratelli Pisa S.r.l. with registered office in Milan – Postal code 20121, No. 9 via Montenapoleone, corner via P. Verri, tel. 0276021998, Certified Electronic Mail Address f.llipisa@legalmail.it, email compliance@pisa1940.com.

The Data Protection Officer, otherwise referred to by the acronym DPO, monitors compliance with regulations in force concerning the protection of personal data and co-operates with the supervisory authority (Authority for the Protection of Personal Data).

The Data Protection Officer can be contacted:

-           via email at the address dpo@pisa1940.com.

-           via traditional paper-based post to the registered office of the company;

-           in person at the registered office by appointment.

 

PURPOSE AND LEGAL BASIS FOR PROCESSING

 

Personal data which may be provided by you and/or which may be gathered during navigation of our site may be processed for the legal purposes hereafter described:

 

PURPOSE

 

(Why we process your data)

Legal Basis

 

(The legal provisions on which we base processing.)

Consequences of refusal of permission for processing

 

(What happens if you refuse to provide personal data and/or refuse permission for processing)

To enable use of the site limited only to information strictly required for technical purposes (e.g., IP addresses).

Art. 6(1)(f)[1] GDPR – legitimate interests of the controller for the functionality of its own website.

Not all the functionality of the site will be available.

To enable us to respond to any requests you may have an to allow you to interact with us.

Art. 6(1)(b) GDPR – processing is necessary to carry out precontractual measures adopted at the request of the interested party him/herself.

We will not be able to implement your request.

To enable us to keep you informed of our future initiatives which may be of interest to you through sending you communications, even if only periodically via electronic means, including email (e.g., newsletters).  

Art. 6(1)(f) GDPR – Legitimate interest of the controller to publicise its own activities to interested parties who have shown interest.

You are informed that, at any time, you can exercise your right to object via the “unsubscribe” function or by making a request to the controller at the e-mail address as indicated above. In this case, exercising the right to object will prevent new communications being sent.

To enable us to keep you informed of our future initiatives which may be of interest to you through traditional means (e.g., articles).  

Art. 6(1)(f) GDPR – Legitimate interest of the controllers to publicise its own activities to interested parties who have shown interest.

You are informed that, at any time, you can exercise your right to object on request to the controller via the contact points indicated above. In this case, exercising the right to object will prevent new communications being sent.

 

 

TYPES OF DATA PROCESSED AND PURPOSE OF PROCESSING

 

Navigation data  

 

During the ordinary course of operations, the IT systems, and the software procedures for the site, gather certain personal data transmitted to it which is implicit in the use of Internet protocols and communications.

 

Included in this category are IP addresses or the names and domains of computers and terminals used by users, URI/URL addresses  (Uniform Resource Identifier/Locator) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in the reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

 

Such data, necessary for the use of web services, are also processed for purposes of: obtaining statistical information on the use of services (most visited pages, number of visitors in an hourly or daily time frame, per geographic area of origin, etc.);

monitoring the proper functioning of the services offered.

 

 

Data provided by the user

 

The optional, explicit, and voluntary sending of messages to our contact address, private messages sent by users to institutional profiles/pages on social media (where this possibility is provided for), as well as the compilation and submission of any form on our site, including the contact data of the sender, required to respond to and interact with the interested party, as well as all additional personal data included in the communications.

 

Cookies and other tracking systems

 

Session cookies are also used (non-persistent) in an extremely limited manner as necessary for secure and efficient navigation of the site. Storage of session cookies on terminals or browsers is under the control of the user, where the server, at the end of the HTTP sessions, information relating to the cookies remain registered on the server logs, with retention times which are not, in all cases, more than seven days as is the case with navigation data. These cookies do not collect personal data.

Further technical information and additional details are available on the page https://pisa1940.com/pages/cookie-policy.

 

Third-party cookies on the site

 

Our site uses several services which install third party cookies on the user’s computer. These latter fall under the direct and exclusive responsibility of the third-party operator and, to revoke consent, please refer to the third-party internet site or refer to the site www.youronlinechoices.com/it/ to obtain information on how to delete or manage cookies on the browser used and to manage third-party profiling cookies.

 

If the user does not wish to receive third-party cookies on his/her own device, his/her choice can be made directly using the banner which appears on opening the link, or where consent has been given and now wish to revoke such consent, using the specific button with the symbol of an open padlock at the bottom left-had side of all pages.

 

 

 

DATA RECIPIENTS

 

Personal data which concerns you will be processed by the following categories of recipients: (i) by our personnel specifically appointed and duly authorised and trained, (ii) as well as by any professionals and/or Companies assisting them or providing services associated with the sites traceable to us who have been specifically designated by us as data processors in accordance with Article 28 of the Regulation.

 

EXPORT OF DATA

 

Personal data is not transferred outside of the European Union.

 

RETENTION CRITERIA

 

Personal data which is subject to processing are retained according to the criteria set out below.

 

Document

CRITERIA FOR DURATION OF RETENTION

Navigation data

Navigation data does not persist for more than seven days (except for any requirement to investigate an offence by Judicial Authorities).

Contact data

Five years commencing from the last interaction unless the right to object is exercised earlier.

 

RIGHTS OF INTERESTED PARTIES

 

Interested parties have the right to obtain from the controller, Fratelli Pisa S.r.l., in circumstances provided for, for access to their own personal data and for correction or deletion of same or restrictions on processing which concerns them or to object to processing (Articles 15 et seqq of the Regulation). The appropriate application should be submitted to the points of contact of the controller shown above.

 

RIGHT TO SUMBMIT A COMPLAINT

 

Interested parties who consider that the processing of personal data concerning them which is carried out through this site is taking place in breach of the provisions of the Regulation, has the right to submit a complaint to the Authority, as provided for in Art. 77 of the Regulation, or to approach a competent court (Art. 79 of the Regulation).

 

 

COLLABORATION

 

The protection of data which concerns you and in compliance with the principles contemplated by the regulation, with particular reference to the principle of transparency, are values of primary importance for us, and we would be grateful if you would help us by notifying us as to any lack of clarity in this document or refer any suggested improvements to us via the controller as shown above.

 


[1] Research of this section of the GDPR indicates that the correct reference should be Art. 6(1)(f). All sections have been amended in the similarly.