Articles 13-14, European Regulation 679/2016 and, as far as applicable, art. 13, Leg. Dec. 196/2003
(includes or refers to the processing of browsing data and of cookies)

PALLINI S.p.A., a Company with registered office in Via Tiburtina 1314, 00131 ROME. VAT no.: 01786991008;
Phone: 064190344, e-mail: info@pallini.com, processing controller in pursuance of European Regulation 679/2016 and, as far as applicable, of Leg. Dec. 196/2003, (hereinafter, for the sake of brevity, Controller)

INFORMS

users who connect to the website www.pallini.com , registered and non-registered, that the personal data collected by the firm, acquired from third parties or spontaneously supplied by the parties concerned through the various options existing on the site (work with us, newsletter, competitions and events, etc.), will be processed in a legal and proper way, in compliance with the principles decreed by EEC and Italian regulations.

Data subject to processing
Browsing data: IP address, operating system and browser used for browsing, date and time of connection and disconnection, time remaining on the site, pages visited, activity conducted, locating (if the related service is active) and anything else made available by your computer, on the basis of the security settings.
Personal data: name, surname, e-mail address, phone or radiotelephone, fax, physical addresses, where available, data existing in the CV if forwarded through the “work with us” section.

Purpose and legal basis of the processing
Collection and any other activity of processing the data of the parties concerned obtained through the website are done by the Controller at the offices of the firm, in compliance with the security measures and rules laid down by European Regulation 679/2016 and, as far as applicable, by Leg. Dec. 196/2003, or by parties delegated by it (specifically selected and possessing the necessary professional skills), with manual and computerized procedures, to enable the user to have a simple and gratifying browsing experience, to collect elements appropriate for improving the offer of products and services by means of the web, for executing specific requests by the party concerned, for fulfilling pre-contractual and contractual obligations, for the routine administrative, financial and accounting activities,  for ensuring proper management of customers during the marketing and sale of the products, for after-sales assistance, for fulfilment of legal obligations. Processing is also aimed at the processing of statistics in an anonymized or pseudonymized form.

At the request of the party concerned, or after obtaining specific consent, processing may also be done through CRM and customer care, for ascertaining the level of satisfaction, the tastes, the preferences and habits of the party concerned, for sending trade information or advertising material, for direct marketing campaigns, for participating in games, competitions or prize-winning operations, for involvement in events and shows, for providing services, for market research and other operations either directly or indirectly related to marketing activities.

The legal bases of the processing are the legitimate interest of the controller in managing the users' browsing data so as to improve the offer of products and services through the website, the consent given by the parties concerned and the obligations related to the pre-contractual and contractual phases of the relationship. In any case it is always possible to ask the Controller to clarify the concrete legal basis of each processing and, in particular, to specify whether the processing is based on the law, required by a contract, or needed to conclude a contract.

Sources and type of the data
Collection of the data may be done through the firm's website, by analysing browsing cancor by spontaneous insertion by the party concerned, using the special forms.
With regard to the registered user, the Controller does the processing of personal particulars, of phone and telematic contacts and of any banking data submitted for payments, as well as other data indispensable for meeting the requests of the parties concerned or for fulfilling obligations undertaken.
Provision is therefore obligatory since in the event that consent is not given or is cancelled processing cannot be done.
It should be pointed out that any erroneous or insufficient communication of the required data may result in total or partial impossibility of executing the requests of the party concerned or of performing the obligations related to the commitments undertaken, with possible consequent lack of compliance of the results of the processing with the agreements made or the obligations imposed by rules and regulations.
The other data, instead, are collected only for the purpose of adapting the promotional campaigns, the offers and, generally speaking, the firm's business, to meet the interests of the customer and of the other parties in any way involved. Their provision is therefore not obligatory, and any refusal of the processing or cancellation of the consent does not prejudice the establishment or prosecution of the main relationship.

Data of Minors
Persons under the age of 16 years may not supply data without the consent of the parent or of a guardian, if any.
The controller will in no way be responsible for any false statements given by minors and, if it ascertains the falsity of the statement, it will immediately delete every personal datum and any information acquired. In any case, consent to the processing of the data by minors more than sixteen years old is authorised for minors under eighteen years of age only for access to the services of the information company. In any case persons under the age of 18 may not approve and sign terms and conditions of service.

Browsing data
The IT system and the software used for the firm's web portal acquire, while working normally, some personal data the transmission of which is implicit in the use of the Internet communication products. This information is not stored for identifying the parties concerned but, due to its nature, it can, through processing and association with other data handled by third parties, permit identification of the user.
This category of data concerns the IP address and names in the domain of the computer used by the user for connecting to the site, the URL (Uniform Resource Locator) addresses of the required resource, the time of the request, the method used for sending the request to the server, the size of the file received, the numerical code used for indicating the status of the reply given by the server (done or error, etc.) and other parameters related to the operating system and the user's computer. These data are only used for creating anonymous statistics on the use of the site and for controlling its proper operation. They are normally deleted immediately after processing. They can be used and supplied to the police forces and the judiciary to ascertain the responsibility in the case of damage to the site or of offences perpetrated through the web.

Data provided by the user
Filling in any of the forms existing on the pages of the site involves the acquisition of the data in the system's memory. The information is protected by an authentication system and can only be used by whoever holds the credentials. It is also updated and adequately protected on the basis of the best available practice.
Requests for information by e-mail involve storage of the user's e-mail address, needed for replying to the sender's requests. The data stored in the message are included. The Controller advises its customers, during their requests for services and information, not to send the data or personal information of third parties unless that is absolutely necessary.

Cookies
Like the case with most websites, information concerning browsing the site is kept for statistical reasons. Information can be collected thanks to the use of cookies. Cookies are in a small file that is transferred to the computer's hard disk when it connects with a website.
These data are not of a personal kind since they do not enable the specific identification of the user. The data collected concern the geographic location of the supplier of services, the type of browser used, the IP address, the pages visited, etc. The information collected in this way makes it possible to see the frequency of the visits to a site and the activity conducted while browsing.
In this way, with time, it is possible to improve the contents of the site and facilitate its use.
Firms that send contents to the site or whose sites are accessible by a link can also use the cookies when the user selects the related connection.
In these cases, the use of the cookies is not under the direct control of the Controller of the processing. Most browsers accept the cookies automatically, but it is possible to reject them or only select some, according to the preferences set by the user. However, if the user prevents the loading of the cookies, some parts of the site might stop working and some pages might be incomplete.

Essential technical cookies
These are cookies required for ensuring proper and fluid working of the website: they permit browsing the pages, sharing content, storage of the access credentials for making entrance into the site faster and for keeping the preferences and credentials active while browsing and improving the browsing or purchasing experience. Without these cookies it is impossible to provide, in whole or in part, the services for which users access the site.

Statistical cookies
These cookies make it possible to understand how the users use the site so as to be able then to evaluate and improve working and create ever more appropriate contents for the preferences of the users. For example, such cookies make it possible to know which are the pages more and less frequented, how many visitors there are to the site, how much time is spent on the website by the average number of users and how visitors arrive to the website. In this way it is possible find what are the best operations and the best liked contents and how the contents and functionality of the pages can be improved. All the information collected by these cookies is anonymous and connected with the personal data of the user.

Profiling cookies of third parties
These are cookies used by third parties, not directly controlled by the Controller. The firm cannot give guarantees regarding the use that will be made of the data, the processing of which is done directly by an outside party.
The cookies originating from those third-party operators make it possible to offer advanced functions, as well as more information and personal functions. This includes the possibility of sharing contents through the social networks and of having an experience of the site personalized according to the preferences expressed through the pages visited.
If there is an account available or if the services of those other controllers of the processing are used, they could be able to know that the user had visited the firm's site. The use of the data collected by those outside operators by means of cookies is subject to their policies on privacy. The cookies for profiling third parties are identified with the names of the operators concerned and can be deactivated.

Managing the cookies
By selecting the OK button shown on the overprinted banner, authorisation is given for installing the cookies on the device being used by the party concerned. The settings of the cookies downloaded through the functions of the browser can be changed. By doing this it is also possible to prevent the installation of cookies by third parties and to remove the cookies previously installed, including those containing the preferences with regards to cookies. To regulate or change the settings of the browser you need to consult the guide of the producer of the software or the application. Disabling the cookies can cause malfunction of the site or of part of it.

Sites of third parties
The site could, even only periodically, contain connections with the sites and applications of third parties (Widgets of Google Adwords, Analytics, Youtube, Vimeo, etc.), to provide the user with further services and information. When the user uses these connections, it leaves the firm's site and accesses other resources that are not under the direct control of the Controller of the processing, which therefore will not be responsible for the procedures related to browsing, to security and to the processing of personal data done by other sites, even when there is co-branding or display of the firm's symbol. It is advisable to make a careful examination of the security and confidentiality procedures of the site visited, which could transmit more cookies, read those already existing on the user's hard disk and request / acquire more personal information.

Services of managing the newsletters
The newsletter is managed by software that uses a database of e-mail addresses for sending a communication to the registered users (through the appropriate section of the site) and that has an automatic cancellation procedure that the party concerned can use autonomously, recalled by every communication sent through that application.

Interaction with social networks and outside platforms
By means of widgets and buttons the site can interact with outside platforms and social networks. In that case the information acquired depends on the settings of the profiles used by the user on each social network and not by the administrator of this site.
The “Like” button of Facebook, “tweet” of Twitter”, “Recommend” of Linkedin, etc., make it possible to share the pages or subjects of the website with different social platforms and acquire data of the party concerned. More information can be obtained at the sites of the firms that offer the service. In that case the data are not processed by the website of the controller of the processing, which only connects those buttons to offer another service to the party concerned but has no control over them

Communication and dissemination
The data processed by means of the website are solely of a common kind and are not intended for dissemination. The Controller does not require and is not interested in collecting data classified by the Regulations as “particular” (health, genetic, biometric, etc.) or “penal", except for legal obligations.
The data must be given to third parties in compliance with the obligations arising from laws or regulations (Institutions, Police Forces, Judicial Authorities, etc.) or for activities directly or indirectly related to the relationship established. The following are quoted by way of example and not exhaustively:

• Parties that need to access the data of the party concerned for purposes concerning the relationship with the Controller (Credit institutions, Financial brokers, Institutions of electronic money and management of payments, Debt collection companies, Customer control companies, Carriers, etc.);
• Consultants, collaborators, service companies, within the limits needed for performing the function assigned by the Controller;
• Subsidiary and/or associate companies that can access the data, within the limits strictly necessary for performing tasks assigned by the Controller.

The data may be communicated to parties operating within the European Union or in countries that guarantee the same level of protection laid down by European Regulation 679/2016 and by Leg. Dec. 196/2003 where applicable. The up to date list of processing controllers can be obtained from the office of the Controller at the addresses shown above.

The data of the party may be communicated to parties operating in non-EU countries where specifically agreed by the party concerned. In any case the processing of the data carried out in the various countries shall be compliant with the most restrictive regulations in order to ensure in any case the maximum level of protection.
They can be given to third parties, even against payment, if the party concerned has given specific consent, for purposes directly or indirectly related to the Controller's activity.

Times for keeping the data
Except for legal obligations, the data processed by the Controller are kept until a specific request for deletion is made by the party concerned and in any case are checked periodically, even with automatic procedures. in order to ensure that they are up to date and actually comply with the purposes of the processing. If the purpose for which they were acquired is lacking, the data will be deleted, unless they have to be processed for the protection of rights at law, for regulation obligations, or at the specific request of the party concerned. At the end of the processing and following deletion the rights of the party concerned may not be exercised.

Rights of the party concerned
The parties have the rights referred to in articles 15 to 22 of GDPR 679/2016 and, as far as still applicable, those referred to in art. 7 of Leg. Dec. 196/2003. In particular, the party concerned has the right at any time to cancel its consent to processing of the data, request its correction updating, conversion into anonymous form, limit its use even partially, request its portability and possibly cancellation. The rights may be exercised to the extent in which processing is not obligatory in accordance with the law or regulations. Requests related to exercising the rights of the party concerned may be addressed to the Controller of the processing at the following address: privacy@pallini.com. If not satisfied with the response to its requests by the Controller of the processing or the person in charge of data protection, the party concerned may make a complaint to the Personal Data Protection Authority, with office in Rome, Piazza di Monte Citorio no. 121, www.garanteprivacy.it