Prati s.r.l., with registered office in Faenza (RA), via Deruta, 2, Tax Code and VAT number 05592010481, as the controller of personal data, hereby informs you that the personal data of customers, suppliers and users of its website will be processed in the following ways and in compliance with the principles established by the GDPR (General Data Protection Regulation).
1. Purpose and legal basis of data processing
Personal data will be processed for:
1) entering into agreements with the Data Controller and managing the ensuing relationships in the pre-contractual, contractual, fiscal and accounting phases; (the legal basis of the aforementioned data processing is the fulfilment of both contractual obligations and legal obligations to which the Data Controller is subject).
2) any direct marketing activities in relation to pre-existing customers (sending newsletters, information activities, market research, advertising communication); (the legal basis of the aforementioned data processing is legitimate interest).
2. Processing methods and data storage period
Data processing will be carried out through the operations indicated in art. 4 n. 2 of the GDPR by using manual, IT and web-based systems. The data will be recorded, processed and stored in our paper and electronic archives.
The data will be processed by authorised persons.
For the activities referred to in art. 1.1., personal data will be stored until the processing of same will no longer be necessary for the purpose for which they had been collected and, in any case, not later than 10 years from the termination of the contractual relationship.
For the activities referred to in art. 1.2., personal data will be stored until the processing of same will no longer be necessary for the purpose for which they had been collected and, in any case, t later than 2 years from the termination of the contractual relationship.
3. Data Processing Recipients
The data may be made accessible to employees and/or consultants of the Data Controller in their capacity as persons authorised to process data or data processors.
The data may be disclosed to meet the obligations provided for by law or for a correct implementation of the existing contractual relationship to, for example, social security, welfare and insurance organisations, trade associations, tax and labour authorities, professional legal, commercial, and tax counselling offices, company auditors, banks and credit institutions.
The data will not in any case be disclosed to indeterminate entities.
4. Provision of personal data
The submission of data is mandatory for the purposes referred to in art. 1.1.; therefore, any refusal to submit such data or incorrect communication thereof implies the objective impossibility for the undersigned company to manage pre-contractual and contractual relationships.
However, the submission of data for the purposes referred to in art. 1.2. is optional; as the data subject, you may therefore decide not to submit any data or to exercise, even at a later stage, the right to object according to art. 21 of the GDPR.
In this case, your personal data may no longer be used for direct marketing (and therefore, you will no longer receive any newsletters, advertisements, etc.) but you will continue to be entitled to the services referred to in art. 1.1..
5. Rights of the data subject
In your capacity as the data subject, you may exercise the rights referred to in art. 15 GDPR and in particular, the rights to:
obtain confirmation of whether or not data concerning you are kept and, in this case, obtain access to data;
obtain access to the following information: a) purpose of data processing; b) categories of personal data in question; c) recipients or categories of recipients to whom your personal data have been or will be disclosed; d) where possible, the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period; e) the existence of the right to request from the controller access to and editing or deleting of personal data or restriction of processing rights concerning the data subject and to object to data processing; f) the right to file a complaint with a supervisory authority; g) if the data were not collected from the data subject, all available information on data origin; h) the existence of an automated decision-making process, including profiling, pursuant to art. 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as on the importance and expected consequences of this processing method for the data subject;
be informed of the existence of adequate guarantees pursuant to art. 46 relating to transfers for the case of transfer of personal data to a third-party country or to an international organisation;
where applicable, the data subject may exercise the rights referred to in Articles 16 to 21 of the GDPR (right to correct, right to delete, "right to be forgotten", right to limit processing, right to data portability, right to object);
the data subject may also: a) withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; b) receive timely notification of any unauthorised use of personal data within the limits of the provisions of art. 34; c) submit a claim to the Data Protection Authority.
6. Data exercise methods
The data subject may exercise his or her rights by contacting the Data Controller, Prati s.r.l., either by writing to the company's registered office in Faenza (RA), via Deruta, 2, or by sending an e-mail to the address email@example.com.
The use of session cookies (which are not permanently stored on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable a safe and efficient site.
Acquisition of personal identification data is not allowed on this site and session cookies avoid the use of technologies that could compromise the privacy of the users.
Below is a detailed list of all the cookies used. The user can deactivate them individually using the specific browser options.
Full address of the website. Example: "www.praticompany.com".
Level of the user connected. It always refers to user logged except in cases in which you log in as administrator (visitors can not login). Value always set to "40".
Display mode of the managing windows that are activated only when you log in as an administrator. Value always set to "normal".
ISO three-character that indicates the language used to navigate the public site. Value set to "ita" or "eng" depending on the configuration of your browser.
ISO three-character that indicaters the language used to navigate the control panel. Value set to "ita" or "eng" depending on the configuration of your browser.
ISO three-character code of the language currently used to display the contents of this site. Sample value: "ita".
System parameter to manage navigation within the index of the site pages. Sample value: "pagine = 98".
System parameter to manage navigation within the index of the site pages. Sample value: "pagine".
Internal parameter to manage navigation within the structure of the site pages. Sample value: "campiModulo".
Control code used in the contact form and forms like "work with us" to verify that a bot is not connected. Random value generated each page load. Sample value: "ZPX648".