(EU Regulation 2016/679)
In this data protection policy, in line with art. 13 of EU Regulation 2017/679 (GDPR) and Legislative Decree no.196/2003, as updated with Legislative Decree no. 101/2018, operations on personal data of users are described; data are collected upon access, navigation and use of the Web site https://gruppopragma.it/, also referred to as Portal.
Who’s the Data Controller?
Gruppo Pragma S.r.l., (GRUPPO PRAGMA or Data Controller), based in AREA Science Park, Padriciano 99 – 34149 Trieste – Italy – Taxpayer and VAT number 03529171005 Ph. + 39 040 375 5711 e-mail firstname.lastname@example.org, is the Data Controller for user personal data collected in the use of the services of this Portal.
The Data Controller has appointed its Data Protection Officer (Data Protection Officer, e-mail: email@example.com, based in Gruppo Pragma S.r.l., AREA Science Park, Padriciano 99 – 34149 Trieste – Italy – Ph. + 39 040 375 5711), for any requests on processing.
What are the purposes of data processing?
GRUPPO PRAGMA processes personal data in compliance with the principles of lawfulness, fairness and transparency and any relevant regulations for the following purposes:
- Access to the Web site and navigation
- Queries and/or quotes based on the relevant online forms
- Newsletters on updates or offers.
Where are data processed?
Data processing resulting from Web services of this Portal is performed at the above registered office of the Data Controller and at the hosting providers of the service with servers located in the EU.
Are data transferred to any third parties?
No data are not transferred and are processed by internal staff only, who is trained and authorised to this purpose.
What personal data are processed?
IT systems and software procedures for the operation of this Web site collect some personal data whose transfer is implied in the use of Internet communication protocols.
These data are not collected to be associated to any identified data subjects, but, by their very nature, they may be further processed and associated with data stored by third parties to identify users.
This data category includes IP addresses or domain names of computers of users connecting to the Portal, URI (Uniform Resource Identifier) addresses, request time, the method used to send the requests to the server, the size of the file obtained as a reply, the numeric code showing the status of the server reply (successful, error, etc.) and other criteria on the operating system and the user IT environment.
These data are only used to extract anonymous statistical data on the use of the Portal and to check the proper operation; they are deleted immediately after processing. Data may be used to identify any responsibility in the event of IT crimes against the Portal or the Data Controller; save as this event, currently data on Web contacts are only stored for the duration prescribed in the applicable regulations.
Personal data provided by users
In the registration procedure on the use of the Portal, the following personal data are requested:
- Name and surname;
- E-mail address;
Which cookies do we use?
Principles applicable on data processing
GRUPPO PRAGMA processes personal data of users lawfully, fairly and transparently. The Data Controller only collects personal data of users for the purposes described in this Data Protection Policy and based on an approach compatible with such purposes. Data processed by GRUPPO PRAGMA are appropriate, relevant and limited to what is needed for the processing purposes.
What processing do we perform?
Use and administration of the Portal
GRUPPO PRAGMA processes personal data of users filling out the relevant online forms for the Portal registration procedure to enable its use (for instance, access, password reset, use of functionalities) and for any relevant notice with the staff of GRUPPO PRAGMA to manage, confirm and provide its services to users.
Data are only registered, stored and used for a proper use of the Portal and for the time needed to achieve the above purpose and until the user deletes its registration.
The legal basis for this processing is the implementation of the agreement and/or pre-contractual provisions requested by the data subject. The provision of data for such purpose is voluntary. However, if data are not provided or are provided in part or they are not accurate, GRUPPO PRAGMA may not be able to process and implement requests from users.
Queries and/or quotes
GRUPPO PRAGMA processes personal data of users filling out the relevant online forms for queries and/or quotes concerning the Portal to manage, confirm and provide the information that users have requested.
Data are only recorded, stored and used to process and confirm the requests from data subjects and for the time needed to achieve the above purpose.
The legal basis for this processing is the implementation of pre-contractual provisions requested by the data subject. The provision of data for such purpose is voluntary. However, if data are not provided or are provided in part or they are not accurate, GRUPPO PRAGMA may not be able to process and implement requests from users.
GRUPPO PRAGMA processes personal data of users filling out the relevant online forms in the Portal registration procedure to send informative newsletters.
Data are only recorded, stored and used to send informative newsletters to Portal users and they will be process until the opposition right is exercised by the user.
The legal basis of this processing is the legitimate interest of the Data Controller to inform its users on the new functionalities of the Portal and the interest of users to be updated on new technical and/or functional releases of the Portal. The provision of data for this purpose is performed in the registration and Portal sue procedure.
GRUPPO PRAGMA processes personal data of users filling out the relevant online forms in the Portal registration procedures to send commercial and promotional (discounts) newsletters to support the purchasing of the Portal services.
Data are used for the time that is strictly needed to achieve the above purpose and until the user exercises its opposition right.
The legal basis underlying this processing is the legitimate interest of the data controller to inform the data subject on any discounts and offers for the purchase of the Portal services (recital no. 47 GDPR and art. 130, recital 4, Legislative Decree no. 196/2003). The provision of data for such purpose is voluntary.
How is data processing performed?
Personal data are processed with automated and non-automated tools and for the time which is strictly necessary to achieve the relevant purpose. Data are processed by authorised technical staff on the basis of the instructions provided by GRUPPO PRAGMA. Specific safety measures are applied to prevent data loss, illegal or unfair use and unauthorised access.
Categories of subjects that may receive personal data (recipients)
Subjects receiving data from GRUPPO PRAGMA act as Data Officers appointed by the Data Controller on the basis of the relevant agreement or as authorised individuals under the direct authority of the Data Controller.
Data that are processes cannot be disclosed.
Portal users are entitled to:
Request to access personal data: users are entitled to obtain the confirmation from the Data Controller that a processing of their data is in progress and, in that case, they may access such data.
Access may cover the following data:
– purposes of the processing;
– categories of personal data;
– recipients or recipient categories that are going to receive or that have received the data, in particular if based in third countries or international organisations;
– duration of the retention of personal data or criteria that are applied to determine such duration;
– the existence of the right to request Data Controller to change or delete the date or require limits to the processing or opposition to the processing;
– the existence of an automated decision-making process.
Request to change personal data: data subjects are entitled to change their personal data, if inaccurate, and to obtain the integration of incomplete personal data.
Request to delete personal data: for the reasons described in art. 17 GDPR, data subjects are entitled to require the Data Controller to delete their data and the Data Controller must delete such data.
Request to limit data processing: In the events listed in art. 18 GDPR, data subjects are entitled to require limits to the processing of their data.
Request of data portability: data subjects are entitled to receive, in a structured format, of common and legible use, their personal data provided to the Data Controller and they are entitled to provide such data to a different Data Controller if processing is based on consent and performed with tools.
Request to oppose processing: data subjects are entitled to oppose their personal data processing at any time for reasons resulting from their personal situation. Data subjects are also entitled to file complaints to the Italian Data Protection Authority.
These requests must be sent to firstname.lastname@example.org