Privacy Policy


Privacy Policy for Website Visitors: www.picadorsrl.com
Information on the Processing of  Data of  Visitors Consulting this Website

WHY THIS INFORMATION

In accordance with Regulation (EU) 2016/679 (hereinafter "Regulation"), this page describes the methods of processing personal data of visitors/users consulting the website of PICADOR s.r.l., a single-member private limited liability company, accessible online at the address: www.picadorsrl.com.This information does not concern other sites, pages, or online services that may be reached through hyperlinks published on the site but that refer to resources external to the domain of Picador s.r.l. unipersonale.Following the consultation of the above-mentioned site, data related to identified or identifiable individuals may be processed.

DATA CONTROLLER

The data controller is Picador s.r.l. a single-member private limited liability company, represented by the legal representative pro tempore (VAT: 01579730514), located at Loc. Quarata n. 272 – 52100 Arezzo (Ar); Email: info@picadorsrl.com; PEC: picadorsrl@pec.it; phone: +39 (0)575 356299.

LEGAL BASIS FOR PROCESSING

The personal data indicated on this page are processed by the Controller if and to the extent that at least one of the following conditions applies:• the data subject has given consent to the processing of personal data for one or more specific purposes;• processing is necessary for the performance of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the data subject;• processing is necessary to fulfill a legal obligation to which the data controller is subject;• processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject that require the protection of personal data do not prevail, especially if the data subject is a minor.

TYPES OF PROCESSED DATA, PURPOSES OF PROCESSING, LEGAL BASIS, AND CONSEQUENCES OF NON-COMMUNICATION OF DATA

Navagation dataThe computer systems and software procedures involved in the operation of this website acquire, during their normal operation, some personal data, the transmission of which is implicit in the use of Internet communication protocols.This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL addresses (Uniform Resource Identifier/Locator) of requested resources, the date and time of the visit, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user's operating system and computer environment.
These data, necessary for the use of web services, are processed automatically, aggregated, and anonymized for the purpose of:
obtaining statistical information on the use of services (most visited pages, number of visitors per time or day range, geographical areas of origin, etc.);
checking the correct functioning of the offered services;
ascertaining any responsibility in case of crimes against (or through) the site (e.g., unauthorized access to computer systems, spamming, malware attempts).
These data are deleted immediately after processing.
User-Provided Data
Apart from what is specified for navigation data, users are free to provide or not provide their personal data.
The processing of personal data consists of and is directed towards achieving the following purpose:
to respond to your requests: the optional and voluntary sending of messages to the contact addresses of the Controller, private messages sent by users to business profiles/pages on social media (where this possibility is provided), phone calls to the contact numbers of the Controller, as well as the completion and submission of forms on this site, involve the acquisition of the sender's contact data, necessary to respond, as well as all personal data included in the communications.
The legal basis for the processing is the legitimate interest of the Controller in following up on user requests.
The provision of data by the user is optional, but refusal will result in the impossibility for the Controller to respond to the received requests.
For any additional purposes: connected to the execution of the contract, including the possible pre-contractual phase, specifically for the compilation of population registers, keeping accounts, invoicing, making communications both in paper and electronic form, tax compliance, organizational management of requested services and contract stipulation, scheduling appointments, order processing, deliveries, bureaucratic compliance related to requested services. Your data may be used for sending, on paper or via email, commercial and/or promotional communications related to products and services similar to those subject to the contractual relationship, unless you object.• Your data may be processed for internal statistical purposes.
Your personal data will be processed for the performance of a contract concluded with you or for the performance of pre-contractual measures taken at your request.
The sending of commercial and/or promotional communications related to products and services similar to those subject to the contractual relationship is based on the legitimate interest of the Controller.
Failure to provide personal data will make it impossible for us to carry out contracts and other related obligations, as well as to manage mutual commercial relationships properly.


Cookies and Other Tracking Systems

Cookies are text strings that websites visited by the user place and store inside the user's terminal device, to be retransmitted to the same sites on the next visit.
Cookies from so-called "third parties" are instead set by a website different from the one the user is visiting: this is because on a site there may be elements (such as maps, links to other sites) that reside on servers different from that of the visited site.The "Cookie Policy" page provides information on the cookies used by the data controller.

RECIPIENTS OF DATA

Personal data are processed within the company organization by the Controller and any authorized persons under the responsibility of the same Controller, for the purposes mentioned above and based on specific instructions provided regarding the purpose and method of processing.
None of the personal data provided by the User will be disclosed unless, possibly, in anonymous and aggregated form for statistical or research purposes.
Your data may also be communicated to third parties, for technical and operational needs strictly related to the aforementioned purposes, and in particular to the following categories of subjects:
a) bodies, professionals, companies, or other structures appointed by us to carry out treatments related to the fulfillment of administrative, accounting, and management obligations related to the ordinary conduct of our economic activity, also for debt recovery purposes;
b) public authorities and administrations for purposes connected to the fulfillment of legal obligations or to subjects legitimately entitled to access them by law, regulations, community regulations;
c) banks, financial institutions, or other entities to whom the transfer of the aforementioned data is necessary for the conduct of our company's activities in relation to our fulfillment of contractual obligations towards you.
d) Providers of installation, assistance, and maintenance services for computer and telematic systems, as well as all services functionally connected and necessary for the fulfillment of the obligations under the Contract.
e) Any entities or businesses providing functional services necessary for the proper fulfillment of the contract or user and visitor requests on the site.

SECURITY METHODS AND MEASURES

Data processing may occur electronically, telematically, and/or on paper, using tools designed to ensure data security, always in compliance with the principles of fairness, lawfulness, transparency, proportionality, confidentiality, and current regulations.
This site employs the HTTPS security protocol, regularly implementing updates and adjustments necessary to ensure and protect the integrity and confidentiality of data exchanges with user devices.


PROCESSING LOCATION

The processing related to the web services of the site takes place at the Owner's headquarters and is carried out by authorized personnel committed to confidentiality.


RETENTION PERIOD

In compliance with the principles of lawfulness, purpose limitation, and data minimization, the data will be retained for a period not exceeding the achievement of the purposes ("principle of storage limitation," Article 5 of the Regulation) and/or until the user revokes consent (if provided, for example, for receiving newsletters, if applicable) and/or in accordance with legal deadlines.
At the end of the retention period, the data will be deleted unless a different new consent has been provided by the user in the meantime.
Personal data may be kept for a longer period, coinciding with the time necessary for any legal defenses in the event of legal disputes or pre-litigation situations related to the processing of such data.

TRANSFER TO A THIRD COUNTRY
The Data Controller does not transfer personal data to third countries or international organizations. However, it reserves the possibility of using cloud services, in which case, service providers will be selected based on providing adequate guarantees, as stipulated in Article 46 of GDPR 679/16. In any other case, if data is transferred outside the European Economic Area, the Data Controller ensures that the transfer will comply with current legal provisions, guaranteeing a level of protection adequate to European standards.

DATA SUBJECT RIGHTS

In accordance with Articles 13, paragraph 2, and 15 to 21 of the Regulation, we inform you that regarding the processing of your personal data, you may exercise the following rights:
a) Right to obtain access to personal data and the following information:
- confirmation of whether or not the processing of personal data is underway;
- purposes of the processing;
- categories of personal data;
- recipients or categories of recipients to whom the personal data has been or will be disclosed;
- if the data is not collected from the data subject, all available information about their origin;
- the existence of automated decision-making, including profiling;
- a copy of the personal data undergoing processing.
b) Right to rectify and integrate personal data;
c) Right to erasure of data ("right to be forgotten") if one of the following reasons exists:
1. personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
2. the data subject withdraws consent to the processing, and there is no other legal basis for the processing;
3. the data subject objects to the processing, and there is no overriding legitimate reason for the processing;
4. personal data have been unlawfully processed;
5. personal data must be erased to comply with a legal obligation under Union or Member State law to which the data controller is subject.
If the data controller has made personal data public and is obligated to erase them, they must inform other data controllers processing the data of the request to erase any links, copies, or reproductions of the data.

d) Right to limit processing in cases where:
1. the data subject disputes the accuracy of personal data for the period necessary for the data controller to verify the accuracy of such personal data;
2. the processing is unlawful, and the data subject opposes the erasure of personal data and instead requests the restriction of their use;
3. although the data controller no longer needs them for the purposes of processing, personal data are necessary for the data subject to establish, exercise, or defend a legal claim;
4. the data subject has objected to the processing, pending verification of whether the legitimate grounds of the data controller override those of the data subject.

e) Right to lodge a complaint with the Data Protection Authority, following the procedures and instructions published on the official website of the Authority www.garanteprivacy.it, as provided for in Article 77 of the Regulation, or to bring proceedings before the appropriate judicial authorities (Article 79 of the Regulation).
f) Right to data portability, meaning the right to receive personal data concerning the data subject in a structured, commonly used, and machine-readable format and to transmit those data to another data controller, where processing is based on consent or a contract and is carried out by automated means. Where technically feasible, the data subject has the right to have personal data transmitted directly from one data controller to another.
g) Right to object at any time to the processing of personal data, including profiling, especially when:
1. the processing is based on the legitimate interest of the controller, with a clear explanation of the grounds for objection;
2. personal data are processed for direct marketing purposes.
h) Right not to be subject to a decision based solely on automated processing, including profiling, except in cases where the decision is: necessary for the conclusion or performance of a contract between the data subject and a data controller, authorized by Union or Member State law to which the data controller is subject, or based on the explicit consent of the data subject.
i) Right to withdraw consent at any time; data, if not based on another legal basis (including compliance with a legal obligation or the performance of a contract), must be deleted by the data controller. The exercise of rights is not subject to any formality and is free of charge.

EXERCISE OF RIGHTS PROCEDURE

The data subject may exercise their rights at any time by sending:- a registered letter with acknowledgment of receipt to PICADOR s.r.l. unipersonale, located at Loc. Quarata n. 272 – 52100 Arezzo (Ar);- an email to the address info@picadorsrl.com

SOCIAL MEDIA

The Data Controller uses some Social Media for communication and promotion purposes, accessible also through links from the website.
The processing of users' personal data by these Social Media is not under the control of the Data Controller and will comply with the policies in use on the platforms used, which can be consulted at any time on the website of these platforms.
Data shared by users through private messages sent via these platforms will be processed in accordance with Italian privacy law.

SENSITIVE DATA/JUDICIAL DATA

The Data Controller does not process special categories of data (so-called sensitive data), such as those revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, union membership, health, life, or sexual orientation data, genetic data, biometric data, nor judicial data.

ADDITIONAL PROCESSING PURPOSES

With your specific and separate consent, your data may also be processed for each of the following purposes:- sending commercial and/or promotional communications or advertising material on products or services provided by our company or for assessing the level of satisfaction with their quality.

[CONSENT TO THE PROCESSING OF PERSONAL DATA FOR DIRECT MARKETING PURPOSES]
I, the undersigned (name and surname) __________________________________, having read the above information, consent to the processing of data by Picador s.r.l. unipersonale for the purpose of direct marketing by the data controller to carry out informative, commercial, advertising, and promotional activities, also by sending communications using electronic or paper means.

Date________________ Legible signature__________________

Last update: October 4, 2023

 

 


Picador Lab
Sustainability