Privacy

PRIVACY POLICY
Art. 13 Reg. UE 2016/679

Under Article 13 of European Regulation 2016/679 (hereinafter referred to as “GDPR”), Promass S.r.l., as Data Controller, is required to provide users connecting to the domain: www.promass.com (regardless of the purpose of the connection) with certain information regarding the processing of personal data carried out therein.
This document constitutes the “Privacy Policy” (subject to future updates as necessary) of this site.
For the purposes of this notice, without prejudice to the definitions provided in Article 4 of the GDPR, the following terms shall mean:
The Company: Promass S.r.l., which is the Data Controller
Domain “www.promass.com”: the domain accessible through the world wide web service of the internet network at the address https://www.promass.com consisting of data, applications, technological resources, human resources, organizational rules, and procedures designated for the acquisition, storage, processing, exchange, retrieval, and transmission of information.
Collection Points: areas within the domain www.promass.com designated for the collection of personal data.

Reference Standards and Legal Basis for Processing
The processing operations, detailed below, have their legal basis in the laws governing the right to personal data protection, the right to privacy, and those that allow the expression or withdrawal, at any time, of informed consent to the processing operations, namely:

  • EU General Regulation 679 of April 27, 2016, regarding the protection of natural persons with respect to the processing of personal data, as well as the free movement of such data;
  • Informed consent, expressed in accordance with the current legal provisions on personal data protection (Article 6 GDPR);
  • Fulfillment of the contractual obligations assumed by Promass S.r.l. in favor of the user at the time of Service subscription (Article 6 GDPR);
  • Compliance with obligations or orders to which the Data Controller is subject by law or by order of the Authority (Article 6 GDPR).

Nature of the Data Subject to Processing
– The possible sending of emails to the addresses indicated on this site involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will progressively be provided or displayed on the pages of the site prepared for particular on-demand services. In any case – where required by law – your consent to the processing of your personal data will be requested from time to time.
– With prior consent, where necessary, the following categories of personal data related to the consenting individual (Data Subject) may be processed for the indicated purposes:

Common personal data, identification data, such as Name and Surname, Year of Birth, Gender, Address, City, Province, Email Address, Telephone Number, Postal Code, Links to profiles on the following social networks: Facebook, Instagram, and Twitter (provided, for example, through the Contact Form).

Technical Processing
The IP number and the type of browser used to connect to the domain www.promass.com (non-identifying data) are also processed, automatically recorded by logical protection and access control devices to the domain (LOG FILES). These personal data will be used exclusively for traffic control purposes towards the domain. They are not collected to be associated with identified Data Subjects but, by their very nature, could, through processing and association with data held by third parties, allow users to be identified. These data are used solely to obtain anonymous statistical information on site use and to ensure its proper functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this possibility, the data on web contacts do not persist for more than seven days.

Cookies
For more detailed information on the use of cookies on the site www.promass.com, you can consult the Cookies Policy.

Special Categories of Personal Data
If the collection of special categories of personal data ex Article 9 of Regulation EU 679/2016 is carried out through the domain www.promass.com, the user will be previously informed and enabled to express – in the ways provided by law – the relevant consent.

Nature of Data Provision, Data Sources
The provision of personal data is not generally mandatory but, in some cases, it is necessary, and therefore mandatory, to benefit from the services and functionalities of the site.

Data for which Provision is Necessary
The provision of certain personal data is necessary, and therefore mandatory, to fulfill specific requests such as providing feedback to contact requests; the user is always free not to provide their personal data, but in such cases, it might be impossible for the Data Controller to meet the requests, address needs, or allow the use, in their entirety, of all available functions on the site. Providing identifying personal data is necessary to register on the site and receive, along with other benefits, the desired information on Promass S.r.l.’s services. These identifying data will be processed both with paper and electronic means and will be stored by Promass S.r.l. only as long as the interested parties have received a response from the company regarding the formulated request or, in any case, for a maximum of 5 years from the last action taken within the site. At the end of the retention period, the identifying personal data will be automatically deleted.

Data Sources
We will collect data from the user directly through interactions with the site.

Purposes of Processing
The Company will, where necessary with the user’s consent, carry out the necessary operations to benefit from the services and functionalities of the site and, specifically:
1. Management of contact requests;
2. Purposes strictly connected and instrumental to the management of the aforementioned relationship (e.g., for acquiring pre-contractual information and executing services and operations as contractually agreed);
3. Purposes related to the monitoring of customer relations and the control of credit and fraud risks related to the services provided;
4. Fulfill specific requests of the interested party.

Processing Methods of Your Personal Data
In relation to all the purposes indicated in the previous paragraphs, personal data will be processed electronically and/or on paper and processed with techniques of pseudonymization and anonymization to personalize the services the Company can offer. The data processing will be conducted to ensure their logical and physical security and confidentiality and may be carried out through manual, IT, and telematic tools designed to store, transmit, and share the data. The processing logic will be strictly related to the purposes pursued.

Data Security and Retention
Personal data will be stored within the European Union, and the related security policies are reviewed in compliance with Best Practices in the field.

Access and Operation Traceability. Audit Log
Each access to data will be stored in specific Log tables. The relevant information will contain the timestamp of access, the user identifier who accessed the data; the type of data accessed, the data owner, the operation performed, the application from which access was made.

Profiling, Automated Decision-Making
We do not carry out profiling operations, in relation to the data collected through this website, other than what is necessary to allow us to perform the services that enable the use of the services offered on the site itself, except as specified in our cookie policy.

Scope of Communication and Disclosure
Those who may become aware of the personal data, as indicated in this notice, as external Data Processors and/or internal Data Processors are:
The qualified personnel of the Company, limited to their respective competencies and/or duties and based on the tasks assigned and instructions given;
External third parties specifically designated as external Data Processors, which the Company uses to perform specific services, limited to their respective competencies and/or duties and based on the tasks assigned and instructions given.
The Company, for ordinary management, accounting, commercial, and administrative activities, may communicate personal data, after any necessary acquisition of consent as provided by law, in compliance with security measures, to third-party service providers only to perform the requested service, such as: postal service companies, legal and notary firms, consultants, even in an associated form, other service companies, and further subjects in compliance with any legal obligations (such as insurance institutions, police forces, judicial authorities, etc.). The list of these subjects to whom the data may be communicated is available at the Data Controller’s office.

Transfer of Personal Data Abroad
The Company does not transfer personal data outside the EU on its own initiative. However, some third-party service providers might have their servers physically located outside the Union (as in the case of email providers). In such cases, the transfer of data abroad will occur solely within the framework and in compliance with Regulation EU 679/2016 Articles 44 et seq.

Data Subject Rights
Articles 15-22 GDPR grant data subjects the exercise of specific rights. Article 15 GDPR recognizes the right of data subjects to access their personal data and to obtain a copy of them. The right to obtain a copy of the data must not adversely affect the rights and freedoms of others. With the access request, the data subject has the right to obtain from the Data Controller confirmation of whether or not their personal data are being processed and to know the purposes and categories of data processed, the third parties to whom the data are communicated, and if the data are transferred to a non-EU country with adequate guarantees. The Data Subject also has the right to know the retention period of their personal data and has the right to request the rectification of inaccurate data and the integration of incomplete ones, the deletion (right to be forgotten) under the conditions indicated by Article 17 GDPR, the restriction of processing, the revocation of consent, data portability, and the right to object at any time, without having to provide justifications, to processing for direct marketing purposes.
The data subject who believes that the processing of their personal data violates the provisions of the GDPR or national legislation on personal data protection has the right to lodge a complaint with the Data Protection Authority based in Rome, pursuant to Article 77 GDPR, and/or to take legal action.
The rights can be exercised by sending a request to the email address info@promass.com, or by registered mail to the address Via XXV Aprile 10/12, 06039, Trevi (PG). The Controller and/or their potential DPO may need to identify the data subject by requesting a copy of their identity document.

Revocation of Consent – Privacy Questions – Access and Response
The data subject is recognized at any time the right to revoke consent to the processing of personal data by informing us via email at info@promass.com, or by registered mail to the address Via XXV Aprile 10/12, 06039, Trevi (PG).
In the same manner, information regarding the processing of their personal data may be requested.
Before the Company can provide or modify any information, it may be necessary to verify the identity of the data subject and respond to some questions. A response from us will be provided as soon as possible.

Data Controller
The Data Controller is Promass S.r.l. with its headquarters at Via XXV Aprile 10/12, 06039, Trevi (PG).

Data Processors
The complete list of Data Processors is available at the Company’s headquarters.
These mandatory information are subject to updates, depending on any changes in applicable legal provisions.