Dear Visitor of the Website,
“Personal Data”, in plain words, means any information that relates to an identified or identifiable identified or identifiable natural person (Data Subject). “Processing of Personal Data”, in plain words, means any operation or set of operations which is performed on Personal Data or on sets of Personal Data relating to any.
As an example, your e-mail address is considered Personal Data, therefore the acts of collecting and/or storing it imply that we are “processing” it. Transmission to third parties and erasure are other processing operations.
We are defined “Data Controller”, as we determine the purpose and means of the processing of Personal Data.
You, as a “natural person to whom Personal Data are related”, are defined “Data Subject” and you are entitled to be informed on who we are, which Data we process, why/how/how long we process them, your rights and obligations.
We would like to inform you that when you browse this Website we collect “Browsing Data”, namely data that allow you to use the world wide web, such as IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status, and other parameters related to the user's operating system and computer environment). Normally, collection of this data does not imply Processing of Personal Data, as we cannot immediately identify you through those data without resorting to additional information or activities. In any case, Browsing Data are erased immediately after being aggregated (except where judicial authorities need such data for establishing the commission of criminal offences).
In addition, since the Website invites you to contact us, it is possible that we will get to know some of your Personal Data as a result of your communications with us. In the event that happens, we will use Personal Data for the sole purpose of responding you and we will erase such data immediately after responding you. In any case, no contact detail is directly collected by means of the Website.
Who we are?
Progem S.r.l., a company duly existing and organised under the laws of Italy, with registered office in Via Monteu Roero, n. 12/16 – 10022 Carmagnola (TO), fiscal identification code/VAT number 07519750017 (“Progem” or “Data Controller”).
Why are we processing Personal Data?
- ensure the functioning of the Website, only where this Policy expressly states such a need;
- respond your communications only in the event that you contact us.
Why are we allowed to process your Personal Data?
Processing of your Personal Data may be based:
- on our legitimate interest to provide you with the Website (article 6 § 1 point f, GDPR) - purpose n. 1 above;
- necessary in order to take steps at your request (article 6 § 1 point b, GDPR) - purpose n. 2 above.
To whom do we transfer your Personal Data?
(Categories of Recipients)
In the minimum necessary extent in relation to the above purposes the Data Controller may disclose your Personal Data to:
- Service providers (e.g. IT) who carry out processing on our behalf, acting as Data Processors;
- persons who, under the direct authority of the Data Controller, are authorised to process Personal Data;
- public Authorities and Agencies, if required to do so by law or in response to their valid requests.
How long do we retain your Personal Data?
Browsing Data per se are generally retained for a shorter period of time, except when this data are used to strengthen the security or to improve the functionality of the Website, or the Data Controller legally obliged to retain such data for longer time periods. In the event that matching your Browsing Data with additional information results in getting any of your Personal Data, the Data Controller will erase such data immediately after such aggregation has taken place, unless judicial authorities need such data for establishing the commission of criminal offences.
Additionally, the Data Controller will store your Personal Data that you have transmitted in the very act of contacting the Data Controller only for as long as is necessary to respond to your request(s).
Do we transfer Personal Data outside the European Economic Area (EEA) or to international organisation?
Personal Data may be transferred to – and maintained on – computers and persons outside the EEA.
For some computer services the Data Controller uses Google Ireland Limited; the transfer is permitted on the basis that this company adheres to the EU-U.S. "Privacy Shield" agreement, a decision of adequacy which constitutes a guarantee for the concerned person in accordance with article 45 GDPR. https://www.privacyshield.gov/participant? id=a2zt0000001L5AAI&status=Active "
Do we do Profiling?
No, the Data Controller does not perform Profiling activities based on your Personal Data.
Are you obliged to provide your Personal Data?
No, you are not. Unless you intentionally and spontaneously contact the Data Controller, there is no way the Data Controller can directly get to know your Personal Data. You’re obliged to transmit Browsing Data, as far as they can be considered Personal Data.
What happens if you don’t provide your Personal Data?
There is no consequence since - as of today - the Website is not meant to collect, store or use your Personal Data in any form. You cannot object to the collection of Browsing Data (as far as they can be considered Personal Data).
Which are your rights?
You have the right to:
- request the access to the data we hold about you and have a copy of them, except where the exercise of the right would adversely affect the rights and freedoms of other natural persons;
- request the rectification of incomplete or inaccurate data;
- request the erasure of the information we have on you, except when the exclusions set out in article 17.3 GDPR apply;
- request the restriction of processing, if the conditions are met, except when the exclusions set out in article 18.2 GDPR apply;
- request and obtain an updated list of the persons/entities that process Personal Data on behalf of Progem (Data Processors), along with data useful for their identification).
- request data portability (i.e. to receive them in a structured, commonly used and machine-readable format, so that they can be transmitted to another data controller without hindrance), where technically feasible and within the limits of processing based on consent or performance of a contract;
- lodge a complaint with a Supervisory Authority, in particular, under the GDPR, in the EU Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing infringes the GDPR. Without prejudice to any available administrative or non-judicial remedy you also have the right to an effective judicial remedy before the courts of the EU Member State where the Data Controller have an establishment or, alternatively, where you have your habitual residence.
Details about the Right to Object: the Data Subject has the right to object to the Processing, on grounds relating to your particular situation, unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims, as provided under article 21.1 GDPR.
How you can contact us?
Our Website is not intended for, nor designed to attract individuals under the age of eighteen (18). Progem does not knowingly collect personally identifiable information from any person under the age of eighteen. In the event that information on minors is unintentionally collected, Progem will promptly erase it, at the request of the Data Subject or of the person exercising permanent or temporary parental authority or legal guardianship over the Data Subject.
- “Data Controller”: “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”, as defined in art. 4, subparagraph 1, no. 7, GDPR.
- “Data Subject”: “an identified or identifiable natural person”, as defined in art. 4, subparagraph 1, no. 1, of EU Regulation no. 2016/679 (“GDPR”).
- “GDPR”: EU Regulation no. 2016/679 concerning “the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”;
- “Personal Data”: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”, a defined in art. 4, subsection 1, no. 1, GDPR).
- “Processing”: “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”, as defined in art. 4, subparagraph 1, no. 2, GDPR.
- “Data Processor”: “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”, as defined in art. 4, subparagraph 1, no. 8, GDPR.
- “Profiling”: “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements”, as defined in art. 4, subparagraph 1, no. 4, GDPR
- “Recipient”: “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not”, a defined in art. 4, subparagraph 1, no. 9, GDPR.
- “Supervisory Authority”: the independent public authority of a Member State of the European Union or of the European Union itself that in entrusted with the task of assessing the application of Privacy Regulations (in the case of Italy, the “Garante per la Protezione dei Dati Personali”, http://www.garanteprivacy.it).
- “Visitor” means any possible user the Website that constitutes a Data Subject according to this Policy and the applicable data protection laws, including the GDPR.
- “Website” means this website available at http://www.progem.eu/ and/or any other domain belonging to Progem (and subdomains).
Last Updated: June 11th, 2020