In accordance with Article 13 of EU Regulation 679/2016 (the “General Data Protection Regulation”), and Recommendation No 2/2001 adopted in accordance with Article 29 of Directive No 95/46/EC, PIVA GROUP S.P.A. wishes to inform all users and/or visitors to the site pvc.pivagroupspa.com (respectively the “Users” and the “Site”) in relation to use of personal data, log files and cookies collected through the Site.
1. Controllers, Processors and Data Protection Officer
An up-to-date list of appointed Processors will be provided on request by the interested parties and/or Users.
The company has not appointed a Data Protection Officer.
2. Information collected automatically by the Site – Cookies
a) Information collected automatically
As with all other websites, our Site uses log files, which store information collected automatically during visits. The IT systems and software procedures used to power this website automatically collect some information during use, the transmission of which is implicit in the use of internet communications protocols.
Information collected is as follows:
- IP address and domain name of the device used;
- type of browser and parameters of the device used to connect to the Site;
- the addresses of the resources requested in URI (Uniform Resource Identifier) form or the method used to submit the request to the server;
- the name of the internet service provider (ISP);
- date and time of visit;
- the user’s originating site (referral) and exit page;
- possibly the number of clicks;
- the size of the file obtained on response;
- the numerical code indicating the status of the response given by the server (successful, error, etc.);
- other parameters relating to the operating system and the IT environment of the device.
Such information is processed automatically and collected exclusively in aggregate form to monitor the correct working of the Site.
Cookies are used on the Site. Cookies are text files recorded onto an IT medium that allow recording of some parameters and data communicated to the IT system through the browser used. They therefore allow analysis of typical Site use for different purposes: authentication, monitoring of sessions, recording of information on specific configurations regarding users accessing the server, recording of preferences, etc.
Cookies may be:
a. Technical Cookies: these facilitate browsing and provide requested services. Without the use of such cookies, certain operations would be rendered more complex and/or less secure.
b. Profiling Cookies: these are used to track browsing and create profiles on tastes, habits, choices, etc. They thus allow sending to devices of advertising messages in line with preferences recorded in previous online sessions.
Consent is not required for installation of Technical Cookies. Consent is however required for installing Profiling Cookies: if users do not wish their device to receive and record Profiling Cookies, they can change their browser’s security settings. The settings of the browser provide the option of deleting and/or preventing installation of cookies on the device used.
It should be noted, however, that deactivating use of Profiling Cookies may prevent full use of certain Site functions.
3. Personal data provided during Site use: purpose of processing.
We need the personal data requested and provided to allow access to the site pvc.pivagroupspa.com (the “Site”) and use of the following services (the “Site Services”):
- viewing of Catalogue/products/services;
- contacting users;
- accessing the sales point locator service.
Data are processed for the following purposes:
(i) performing technical management of the Site;
(ii) collecting personal details of users, through completion of the relevant form, for fulfilment of information/commercial requests;
(iii) disseminate technical and commercial information;
(iv) informing customers of the authorised entities they can contact if they so wish;
(v) allowing technical information on products and services to be downloaded.
The processing of data for the said purposes will be performed in accordance with the Italian Privacy Code, the General Data Protection Regulation and all applicable regulatory provisions including those contained in the Privacy Authority's “Rules on fidelity programmes” issued on 24 February 2005 and the “Guidelines on personal data processing and online profiling” of 19 March 2015.
In relation to the “Guidelines on promotional activities and spam prevention” of 4 July 2013, please note that where consent is given for sending commercial, promotional and marketing information via automated means, such consent will also extend to traditional means of contact.
Data provided will be processed mainly automatically under authorisation of the Controller, by specifically appointed, authorised and instructed persons in accordance with Articles 28 and 29 of the General Data Protection Regulation. Please note that suitable security measures have been put in place in accordance with Articles 5 and 32 of the General Data Protection Regulation to prevent loss of data, unlawful and improper use and unauthorised access.
4. Obligatory or optional nature of consent for provision of data, consequences of refusal and legal basis for processing
Please note that for the purposes specified in points (i) and (ii) of Article 3 above, provision of personal data is obligatory since refusal to do so may prevent access to the Services offered on the Site.
Please also note that erasure of the data may be requested at any time by sending a simple communication to the Controller, without further formalities, using the contact information given in Article 1.
For the purposes specified in points (i), (ii) and possibly also in the other points of Article 3 above, the legal basis for processing is fulfilment of the services provided through the Site on request (in accordance with Article 6(1)(b) of the Regulation).
5. Entities to which personal data may be disclosed and scope of disclosure.
The data may be disclosed within the EU, subject to full compliance with the provisions of the Italian Privacy Code and the General Data Protection Regulation, to the following entities:
(i) financial authorities and/or other public authorities, as required under the law or at their request;
(ii) external bodies and/or companies used by the Controller for activities relating to, required for or resulting from performance of the Site Services, including the cloud computing storage service, sending of the Newsletter and Profiling Activities;
(iii) external consultants (for example, for management of tax requirements), where they are not appointed in writing as Processors.
(iv) credit institutions for purposes relating to purchasing of goods/services as provided for in any part of the Site.
Information collected automatically by the Site in accordance with Paragraph 2 and certain anonymous data relating to the number and type of interactions for activities used strictly for the purposes of fidelity may be transferred to Third Party server clouds possibly located in non-EU countries, since such processing is necessary for providing the Site Services requested. The legal bases for such processing are therefore Article 49(1)(b) of the General Data Protection Regulation.
Please note that data subjects’ rights under Articles 15, 16, 17, 18, 20 and 21 of the General Data Protection Regulation can be exercised at any time by sending a written communication using the Controller’s contact details as given in Article 1 above, so as to:
- confirm whether or not personal data concerning them exist and specify their origin; check that they are correct or ask for them to be updated, rectified or completed;
- obtain access to, rectification or erasure of the data or to limit their processing;
- obtain erasure, anonymisation or blocking of data processed unlawfully.
The data subject may also object to processing of personal data previously provided.
In relation to the Newsletter, please note that the right to request cessation of processing conducted using any automatic means of contact also extends to traditional means. Furthermore, this right may also be exercised partially, in other words requesting cessation, for example, of sending of promotional messages using one or more of the means of contact for which consent was given.
7. Duration of processing
Without prejudice to the applicable legal provisions, personal data will be stored for a period determined in accordance with criteria based on the nature of the service provided.
It should be noticed that data stored for profiling or marketing purposes will be stored for a period of not more than 12 and 24 months respectively from the time they are recorded.
8. Security measures
Data are processed through the Site in accordance with the applicable legal provisions, using security measures in accordance with current regulations including Articles 5 and 32 of the General Data Protection Regulation.
To this end please note that appropriate security measures have been put in place aimed at preventing unauthorised access, theft, dissemination, alteration or unauthorised destruction of the data processed.
9. Changes to Privacy Notice
The Controller reserves the right to change the present Privacy Notice. In such cases, users will be informed in a timely manner, on their next access to the Site.
The present information was issued in October 2018