Privacy Policy

Information document pursuant to Article 13 EU Reg. 2016/679 – GDPR
Information notice for the processing of personal data collected from the data subject.

In compliance with EU Reg. 2016/679 (European Regulation on the protection of personal data), we provide you with the necessary information regarding the processing of the personal data you have supplied.
This notice is provided pursuant to Article 13 of EU Reg. 2016/679 and also conforms to Directive 2002/58/EC, as updated by Directive 2009/136/EC, regarding Cookies, as well as to the provisions issued by the Data Protection Authority on 08.05.2014 concerning cookies.

Personal data subject to processing: “personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (C26, C27, C30 EU Reg. 2016/679).

Specific notices
Specific information notices may be displayed on certain pages of the Website in relation to specific services or processing operations of the data provided.

1. DATA CONTROLLER

The DATA CONTROLLER, pursuant to Articles 4 and 24 of EU Reg. 2016/679, is P4F SRL – Via Erba, 14, Cusano Milanino, VAT no. 07053660960, represented by the legal representative pro tempore.

2. PURPOSES AND LAWFULNESS OF PROCESSING

The personal data provided will be processed in compliance with the lawfulness conditions set out in Article 6 EU Reg. 2016/679 for the following purposes:

A) Data processing management (Art. 6 letter b):
– browsing on this website;
– Contact Us area: personal data provided by the user during registration will be processed for purposes connected to the request for information submitted;
– fulfilment of contractual obligations, legal obligations and administrative/accounting purposes. For the purposes of data protection legislation, administrative/accounting processing includes activities relating to organisational, administrative, financial and accounting operations, regardless of the nature of the processed data. These include internal organisational activities, those functional to fulfilling contractual and pre-contractual obligations, and the provision of information.

B) Data processing management based on consent (Art. 6 letter a):
– subject to consent and until opposition, your data will be processed for direct marketing, promotional, commercial communication and general marketing purposes, including subscription to the newsletter/mailing list service for sending newsletters, promotional/informational/advertising communications regarding products/services/events. The Controller, for the purpose of comparing and improving communication results, uses newsletter and promotional communication sending systems with reporting features. Thanks to these reports, the Controller may learn, for example: number of readers, openings, unique clicks, devices and operating systems used, details of user interactions, details of emails sent, delivered, undelivered or forwarded. All such data is used to compare and, if necessary, improve communication outcomes.

3. RETENTION PERIOD OR CRITERIA

The processing will be carried out using automated and/or manual methods, with tools and procedures designed to ensure maximum security and confidentiality, by authorised personnel. In compliance with Art. 5(1)(e) EU Reg. 2016/679, personal data collected will be stored in a form permitting identification of data subjects for no longer than necessary for the purposes for which the personal data are processed. The retention period depends on the purpose:
– browsing on this website (session);
– requests for contact, information or booking visits (maximum 1 year);
– data collection for staff recruitment (maximum 24 months);
– receipt of newsletters or promotional communications via email (until opt-out is exercised);
– fulfilment of contractual, legal and administrative/accounting obligations (maximum 10 years, unless a longer or shorter period is required by law);
retention times determined according to criteria that the data subject may request by writing here.

4. NATURE OF DATA PROVISION AND REFUSAL

Except for navigation data, the user is free to provide personal data in the areas dedicated on the website. Providing personal data for the purposes indicated in section A) of this notice is necessary to complete specific functionalities and access the services offered by the Controller. Failure to provide such data may result in the inability to obtain the requested service or use the site's functionalities. Providing personal data and giving consent for the purposes indicated in section B) is optional. Failure to provide such consent may result in the Controller being unable to send newsletters, commercial or promotional communications, or offers relating to activities/products/services offered.

5. RIGHTS OF THE DATA SUBJECT

You may exercise your rights under Articles 15–22 of EU Reg. 2016/679 by contacting the Data Controller at this link.
You have the right to request access to your personal data at any time, as well as rectification, erasure, restriction of processing, and objection to processing (including automated processing such as profiling). You also have the right to data portability. Without prejudice to other administrative or judicial remedies, if you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Data Protection Authority. Under Art. 6(1)(a) and Art. 9(2)(a), you may also withdraw your consent at any time. If you request data portability, the Controller will provide your personal data in a structured, commonly used and machine-readable format, subject to paragraphs 3 and 4 of Art. 20 EU Reg. 2016/679.