Privacy Policy pursuant to Regulation EU 679/2016

General Data Protection Regulation

In accordance with the mentioned provisions, data will be processed lawfully, fairly and in a transparent manner, so as to protect users’ rights and confidentiality.

This policy is addressed to users/visitors who interact with the website https://www.pascucci1826.com and it is published pursuant to Regulation EU 679/2016 “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” as well as to regulations concerning cookies on the Internet, in particular the Decision of the Garante della Privacy (the Italian Data Protection Authority) of 8 May 2014 “Individuazione delle modalità semplificate per l’informativa e l’acquisizione del consenso per l’uso dei cookie” (Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies) and the subsequent document "Chiarimenti in merito all'attuazione della normativa in materia di cookie” (Clarifications on Implementation of the Regulations concerning Cookies) dated 5 June 2015.

The policy only describes this website’s management procedures regarding the personal data of its users/visitors, and it does not apply to the external websites that users may access by clicking on links on this website.

Further information might be provided in specific sections.

1. TYPES OF PROCESSED DATA AND PURPOSES OF PROCESSING

1.1. Browsing data

During normal operation, the IT systems and applications used to manage this website obtain some personal data whose transmission is inherent in the use of Internet communication protocols.

This information is not collected with the aim of linking it to identified data subjects; however, due to its very nature, and by means of elaboration and association with data held by third parties, it might make it possible to identify users/visitors.

These data include IP addresses or domain names of computers used by visitors who access the site, URI (Uniform Resource Identifier) addresses of the requested resources, time of request, methods used to submit a request to a server, dimensions of the file obtained in response, numeric codes indicating the status of server responses (success, error, etc.) as well as other parameters concerning the user’s operating system and IT environment.

The above data are processed for the time needed to achieve the purposes for which they were collected, and only to obtain anonymous statistical information on the use of the website (number of visits) and to check its normal operation.

The data might be used to ascertain liability in case of computer crimes against the website.

1.2. Data voluntarily supplied by users

Sending e-mail to the addresses indicated on the website (for instance, to ask for information) entails the subsequent acquisition of the sender's address, as well as any other personal data included in the communication.

These data shall only be used to fulfill the request, and will be disclosed to third parties only insofar as this is necessary to process it (for example, to send requested documents). Should users be asked to disclose their personal data to obtain certain services, specific and detailed information on data processing under current legislation will be provided in those services’ sections, and processing limits, purposes and methods will be clearly explained.

1.3. Cookie

What are cookies?

Cookies are small text files that websites send to their visitors’ devices (usually to their browser). These files are stored there and sent back to the same websites on later visits, so that the users’ devices can be recognized.

However, cookies can be “installed” (more precisely, they are saved and accessed) not only by the managers of the websites actually visited by users (first-party cookies), but also by other sites which “install” and are able to recognize cookies (third-party cookies) through first-party sites. This happens because websites may include features (images, maps, sounds, links to pages on other domains, etc.) that are hosted on different servers.

Based on their purpose, cookies can be classified in technical and profiling cookies.

Technical cookies are “installed” only with a view to "carrying out the transmission of a communication on an electronic communications network, or insofar as this is strictly necessary to the provider of an information society service that has been explicitly requested by the contracting party or user to provide the said service".

They are generally used to allow efficient browsing, save users’ preferences (e.g. font size, language, country, etc.) and information on user-defined settings, manage authentication, etc. Some of these cookies (the so-called “strictly necessary cookies”, like session cookies used to manage shopping carts in e-commerce websites) enable functions that are essential to carry out certain operations.

Users’ prior consent is not necessary for technical cookies.

So-called analytical cookies are similar to technical ones; likewise, their installation does not require users’ consent or further regulatory fulfillments. They are used as first-party cookies (i.e., without involving any third party) to monitor visitors’ experience on a website with the aim of optimizing it, but they can also be created and provided by third parties and used by first-party websites for mere statistical purposes, provided that measures are taken to reduce their identification potential (for example, by masking significant portions of IP addresses) and the third parties involved expressly undertake not to cross-reference the information stored on these cookies with other data available to them.

Profiling cookies allow tracking users’ browsing activities and analyzing their behaviour for marketing purposes. Their purpose is to create user profiles and send adverts in line with the preferences expressed by users when surfing the web. These cookies can be installed on users’ devices only upon their prior consent, which must be stated as set forth in the Decision.

Based on their duration, cookies can be classified in persistent and session cookies. The former remain stored on users’ devices until they expire or until they are deleted by users; the latter are not saved permanently and disappear when the browser is closed.

Generally, profiling cookies are persistent.

Cookies used on this website

This website uses technical cookies to offer a safe and efficient browsing experience to its visitors and to monitor its own functioning.

How to delete cookies

Almost all web browsers are set by default to automatically accept first-party cookies. Users can change this predefined option through their browser’s settings menu; however, if cookies are disabled / blocked or deleted, this website or some areas of it may not work at their best. Cookie management methods depend on the browser used, and often on the specific browser version. In order to choose which types of cookies should be disabled and/or delete those that have been saved, users are normally required to open the Settings menu of their browser and adjust preset rules. Further information on how to change cookie settings can be found on the browsers’ Help menu; on a PC, this is generally accessed by pressing the F1 key or by clicking on the question mark icon featured on the browser. Please also refer to the main browsers’ instructions on how to delete cookies at the links below:

Google Chrome Chrome: https://support.google.com/chrome/answer/95647?hl=it

Firefox:  http://support.mozilla.org/it/kb/Eliminare%20i%20cookie

Internet Explorer: http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-10

Opera:  http://www.opera.com/help/tutorials/security/privacy/

Safari:  http://support.apple.com/kb/ph11920

2. METHODS OF PROCESSING

Personal data shall be treated by automated means (e.g. using electronic tools and procedures) and/or manually (e.g. on paper) for no longer than is necessary for the purposes for which the personal data are collected, and at any rate in accordance with current law provisions.

Data shall be processed according to organisation and use logics that are strictly related to the above purposes, and nevertheless in such a way as to guarantee data security, integrity and confidentiality, in accordance with the organisational, physical and logical measures set forth in the applicable legislation.

DATA PROVISION ON A VOLUNTARY BASIS

Without prejudice to the above paragraphs on browsing data and cookies, users can choose whether to provide their personal data or not, for instance when sending contact or information requests via e-mail, or when freely deciding to access services, utilities or applications. However, failure to provide personal data might make it impossible for users to obtain what they requested, and for Stamperia Pascucci 1826 S.n.c. to perform its obligations under the agreement.

4. CONTROLLER, PROCESSOR AND OTHER CATEGORIES OF SUBJECTS INVOLVED IN DATA PROCESSING

The Data Controller is Stamperia Pascucci 1826 S.n.c., in the person of its legal representative Giulio Pascucci; the company has its registered address in Via Verdi 18, 47035 Gambettola (FC), it was registered with the Forlì Chamber of Commerce under REA (Repertorio Economico Amministrativo - Economic and Administrative Index) number 166091, and its tax code and VAT no. is 00702580408.

All data processing in connection with this website’s services is carried out by duly mandated technical staff.

As well as by the Controller’s employees, some personal data processing operations may be executed by third parties, which are entrusted with

website management and maintenance activities by the Company. Should this happen, these persons shall be appointed as Processors.

Further information on processors can easily be obtained by sending an e-mail to info@pascucci1826.it.

Personal data shall not be disclosed to third parties.

5. DATA SUBJECT RIGHTS

Data subjects shall at all times have the right to obtain confirmation as to whether or not their personal data are being held, as well as to know their content and source, to verify their accuracy, and to request that they be completed, updated or rectified.

Data subjects shall also have the right to request erasure, transformation into anonymous form or blocking of data relating to them that have been processed unlawfully, and at any rate to object to processing on legitimate grounds.

Pursuant to Article 13 of EU GDPR, data subjects shall always have the right to know the identity and the contact details of the controller and, where applicable, of the controller's representative; the contact details of the data protection officer; the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; the legitimate interests pursued by the controller or by third parties appointed as controllers; the recipients or categories of recipients of the personal data, if any; the period for which the personal data will be stored; and whether the controller intends to transfer personal data to a third country or international organization.

Pursuant to Article 13 of EU GDPR 2016/679, data subjects can at any time exercise the right to:

- access their personal data;

- obtain rectification or erasure of personal data or restriction of processing concerning the data subject;

- object to data processing;

- use data portability;

- withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

- lodge a complaint with a supervisory authority (in Italy the “Garante Privacy”);

- receive information on whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as

- whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;

- receive information concerning the existence of automated decision-making, including profiling, and in those cases, receive meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Pursuant to Article 14 of EU GDPR, where personal data have not been obtained from the data subject, the controller shall provide the data subject with the following information:

1.a) the identity and the contact details of the controller and, where applicable, of the controller's representative;

b) the contact details of the data protection officer, where applicable;

c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;

d) the categories of personal data concerned;

e) the recipients or categories of recipients of the personal data, if any;

f) where applicable, that the controller intends to transfer personal data to a recipient in a third country and the existence or absence of an adequacy decision by the Commission, or in the necessary cases, reference to the appropriate or suitable safeguards and the means to obtain a copy of them or where they have been made available.

2. In addition to the information referred to in paragraph 1, the controller shall provide the data subject with the following information necessary to ensure fair and transparent processing in respect of the data subject:

a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;

b) the legitimate interests pursued by the controller or by a third party;

c) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing personal data concerning the data subject, and to object to processing as well as the right to data portability;

d) the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

e) the right to lodge a complaint with a supervisory authority (in Italy the “Garante Privacy”);

f) from which source the personal data originate, and if applicable, whether it came from publicly accessible sources;

g) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;

3. The controller shall provide the information referred to in paragraphs 1 and 2:

a) within a reasonable period after obtaining the personal data, but at the latest within one month, having regard to the specific circumstances in which the personal data are processed;

b) if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.

4. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were obtained, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2. For any information concerning data processing, users can

write an e-mail to info@pascucci1826.it.

This Privacy Policy is subject to updates.