Skip to main content

Privacy Policy EN

Introduction

Personal data will be processed through this Website (“Site”) in compliance with the applicable regulations and the obligations of protection, confidentiality, and security that guide the activities of the Data Controller.

Data Controller

The processing of personal data carried out as a result of accessing and interacting with the Site will be conducted by Parmigiani Macchine di Daniele Parmigiani & C. S.a.s., represented by its pro tempore legal representative, with its registered office in Cremona (CR), via Sesto no. 44. The Data Controller can be contacted at the following addresses:

Categories of Data Processed

The categories of data processed are as follows:

  • Data directly acquired from the data subject through forms, such as during the completion of the “Contact us for more information or request a quote” form: personal identification data of private users and/or companies (e.g., name, surname, email, phone number, or others).
  • Data automatically acquired during website navigation: IP address, browser type, ISP, operating system and version, authentication logs (user ID, navigation data).
  • Information related to activities performed by the user within and/or through the Site, where consent has been provided.
  • Information regarding interactions with the Data Controller and/or third parties when using the Site’s functionalities available through social networks (e.g., “like” or “tweet” buttons).

Purposes, Legal Bases, and Retention Period

Purposes

A) Responding to contact requests or inquiries sent by the user.
B) Improving the functionality of the Site and introducing new features.
C) Communication, marketing, and contact activities, including for commercial purposes.

Legal Basis

A) Exercise of the Data Controller’s legitimate interest to maintain relationships with Site users.
B) Exercise of the Data Controller’s legitimate interest to improve the offering of goods and services.
C) Consent provided by the user for specific processing activities.

Retention Period

A) For a maximum of 10 years from the interaction with the data subject.
B) 24 months from the last action on the data, unless deletion or anonymization is requested.
C) 24 months from the consent or within the technical timeframes following the withdrawal of consent by the data subject.

Legitimate Interest of the Data Controller

If the data subject wishes to obtain more information regarding the balancing of the legitimate interests pursued by the Data Controller against the rights and fundamental freedoms of the individual, they may contact the Data Controller at the provided contact details. A response will be provided as soon as possible and within the legal time limits.

Maximum Retention Period

In the case of disputes with the user or third parties, or audits by competent Authorities, data retention may be extended until the expiration of the applicable limitation period.

Consequences of Failing to Provide Data

The provision of personal data indicated under points A and B is necessary to achieve the respective purposes. Failure to provide such data will result in the inability to process it and, consequently, the inability to use the Platform or specific functionalities.

The provision of personal data indicated under point C is optional and subject to explicit consent. Failure to provide such data prevents access to related services, but consent to processing can always be modified through the platform.

Automated Decision-Making Processes

No processing of personal data through automated decision-making processes is envisaged under the applicable regulations, particularly under Article 22, paragraphs 1 and 4, of the GDPR.
In any case, any automated processing will not produce legal effects or significantly affect the data subject unless specific informed consent is provided and in compliance with legal limits.

Data Processing Methods

The processing of personal data will be carried out in compliance with principles of fairness, lawfulness, and transparency, protecting the confidentiality and rights of the data subject. It will involve technological and physical tools suitable to ensure data protection and security until deletion or anonymization.

Categories of Recipients of Personal Data

Within the scope of the obligations, tasks, or purposes indicated above, personal data may be processed, made available, and/or disclosed to:

  • Employees and/or collaborators of the Data Controller.
  • Third parties designated as Processors (in particular, suppliers of goods or services), including their employees and/or collaborators.
  • Judicial, administrative, and/or public safety authorities in compliance with legal provisions.

The complete list of Processors and other third parties can be requested from the Data Controller at any time using the provided contact details.

Scope of Data Disclosure

Data will not be disclosed without the explicit and prior consent of the data subject, and only within the limits provided by law.

Transfer of Personal Data Outside the European Economic Area

Personal data may be transferred to countries outside the European Economic Area solely for technical needs. In any case, the transfer will be directed to entities located in countries recognized as “adequate” by the European Commission, entities adhering to personal data transfer agreements, or through the adoption of Standard Contractual Clauses approved by the European Commission.

Data Subject Rights

The data subject may exercise their rights under European Regulation No. 2016/679 at any time. In particular, they have the right to:

  • Access their personal data.
  • Obtain rectification or deletion of such data or restriction of its processing.
  • Object to processing.
  • Data portability.
  • Withdraw consent, where provided. The withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.
  • Lodge a complaint with the supervisory authority.

In Italy, the supervisory authority is the Garante per la protezione dei dati personali, located in Rome.

To exercise the aforementioned rights, the data subject may send a request to the Data Controller at the contact details provided above.