info@principia.com
ICONA LNK
logo principia

INFORMATION NOTICE TO THE DATA SUBJECT PURSUANT TO ART. 13 OF EU REGULATION NO. 679/2016 (G.D.P.R.)
REGARDING THE PROCESSING OF YOUR PERSONAL AND SPECIAL CATEGORIES OF DATA

The Data Controller informs you, in your capacity as data subject, that your personal data, including any data falling under special categories, if required and provided by you, will be processed in compliance with the applicable legislation, and in particular with Regulation (EU) No. 679/16, Legislative Decree 196/03 as amended by Legislative Decree 101/18, the Guidelines and instructions issued over time by the Italian Data Protection Authority, as well as any special laws that specifically govern the processing of special categories of data, in order to ensure enhanced protection for the data subject.

DEFINITIONS

  1. Processing: any operation or set of operations, whether or not by automated means, performed on personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  2. Personal Data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity;
  3. Special Categories of Data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
  4. Browsing Data: The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. This data is used solely to obtain anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical cybercrimes to the detriment of the site: apart from this eventuality, web contact data (browsing data) does not persist for more than seven days.

DATA CONTROLLER

  1. The Data Controller is Principia S.p.A., via Cristina Belgioioso 171, 20157 Milan, Italy.

DATA PROTECTION OFFICER

  1. The Data Protection Officer (D.P.O.) can be contacted at the following address: rpd@principiaspa.it

PURPOSES OF PROCESSING AND LEGAL BASES

    1. The Data Controller will process your Personal Data, including browsing data, to pursue specific purposes and only in the presence of a specific legal basis under applicable data protection law. Specifically, the Data Controller will process your Personal Data only where one or more of the following legal bases applies:
    • You have given your free, specific, informed, unambiguous and explicit consent to the processing;
    • The processing is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures taken at your request;
    • There is a legitimate interest of the Data Controller;
    • The Data Controller is required by law to process Personal Data.

    Below are the purposes for which your Personal Data is processed and the related legal basis:

Purpose of Processing Legal Basis
Enabling the full functionality of the Website Contract performance
Monitoring proper operation of the Website Contract performance
Responding to data subject inquiries Pre-contractual measures requested by the data subject
Ascertaining liability in case of cybercrimes against the Website Legitimate interest
Enabling legal compliance checks Legitimate interest; Legal obligation
Enabling the Company to comply with legal and regulatory obligations (including administrative) or EU law Legal obligation
Detection, prevention, mitigation and investigation of fraudulent or unlawful activity in connection with services provided via the Website Legitimate interest; Legal obligation
  1. No automated decision-making as referred to in Article 22(1) and (4) of Regulation (EU) No. 679/16 is in place.

RECIPIENTS OF PERSONAL DATA

  1. Your personal data may also be processed, by virtue of specific contracts and for the above purposes, by external data processors appointed by the Data Controller, who carry out activities related and instrumental to the provision of services, including but not limited to:
  • Professionals tasked with performing specific services;
  • Suppliers of outsourced goods and/or services;
  1. Your personal data may also be transferred to third parties to fulfil legal or contractual obligations, and only for the time necessary to pursue such purposes. Examples include:
  • Public security authorities, judicial authorities (upon specific request), and other entities and/or authorities as required by law or regulation.
  1. Your data may also be processed by the Data Controller’s personnel expressly authorised to do so in accordance with the functions and purposes described above.
  2. Should your data be required for statistical purposes, it will be transferred in anonymous form.

TRANSFER OF DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

  1. Your personal data will be processed within the European Union and stored on servers located in the EU. If transferred to international organisations and/or non-EU countries, such transfers will take place in accordance with applicable law, via Standard Contractual Clauses approved by the European Commission, the selection of entities adhering to international data transfer frameworks (e.g., EU-USA), or those located in countries deemed adequate by the European Commission.

DATA RETENTION PERIOD

  1. Your personal data will be retained only for as long as necessary to achieve the purposes of processing set out above, in compliance with the principles of proportionality and necessity. In particular, your Personal Data will be retained for a maximum of 5 years, unless further retention is necessary for ongoing legal proceedings or to comply with specific legal obligations.
  2. Data will be retained exclusively in electronic form, with appropriate security measures in place to ensure the integrity, confidentiality and availability of the information, subject to periodic review.

RIGHTS OF THE DATA SUBJECT

  1. The data subject has the right to request from the Data Controller access to their personal data (i.e. to know which personal data is being processed), its rectification or erasure; the data subject may also request restriction of processing, object to processing, and has the right to data portability pursuant to Article 20 of Regulation (EU) No. 679/16.

RIGHT TO WITHDRAW CONSENT

  1. In cases where special categories of data are collected through the website upon explicit consent and purpose specification, the data subject has the right to withdraw their consent at any time. Such withdrawal does not affect the lawfulness of processing based on consent given before its withdrawal, nor does it permit the provision of services based on the previously granted consent.

RIGHT TO LODGE A COMPLAINT

  1. You also have the right to lodge a complaint at any time with the Italian Data Protection Authority, through:
  • Registered mail addressed to the official headquarters of the Italian Data Protection Authority (currently at Piazza Venezia, 11, 00187 Rome);
  • Email addresses available on the official website (currently: garante@gpdp.it or protocollo@pec.gpdp.it)

OPTIONAL OR MANDATORY PROVISION OF PERSONAL DATA

  1. The provision of your data, including any special categories of data, must be freely expressed by you. However, the provision of your Personal Data is necessary in all cases where processing is based on a legal obligation, or for the performance of a contract to which you are party, or for the implementation of pre-contractual measures requested by you. Any refusal may prevent the Data Controller from fulfilling the purpose for which the Personal Data is collected.
  2. You will be asked to provide written consent to the processing of your personal data in the cases where consent is required. In such instances, failure to consent will not affect the provision of services in cases where consent is not required.

COOKIES

  1. Our website uses cookies. For further information regarding cookies, please refer to our Cookie Policy.