PAI Cristal Italia S.r.l. makes abrasive pastes, polish compounds and detergents for surface treatment.
The willingness to invest in research and development as an important growth factor, in order to be able to offer the market original and innovative products, has allowed us to grow to become a reference for our customers, providing individual services and a wide range of products.
In this section we would like to explain in a simple and understandable way how we process your data and what happens to your personal data when you visit our web website. In accordance with our obligations under national and EU data protection legislation, this site respects and protects the privacy of our visitors and users.
WHO PROCESSES MY DATA?
The owner of the treatment of data on this website is:
PAI Cristal Italia S.r.l.
Via Risorgimento 35
32040 Domegge di Cadore BL, Italy
Phone: +39 0435 501668
The data controller is a natural or legal person who, alone or together with others, makes decisions regarding the purpose and means of the processing of personal data (for example, names, e-mail addresses or any other data by which the user can be identified, etc.). For any question regarding the protection of personal data you can contact the Owner at email@example.com.
HOW ARE DATA COLLECTED?
Data can be collected in two ways:
– through the spontaneous submission of data by the user
– through automatic collection by our computer systems.
In the first case it is the user himself to give his data, e.g. by filling in and submitting contact forms or registering on the website.
The second case, on the other hand, mainly concerns technical navigation data, such as information on the date and time when a user logged on to our website. The transmission of this information is implicit in the use of Internet communication protocols, which are essential to ensure the proper functioning of the platform. This data is collected automatically, as soon as you access our websites.
WHAT IS THE DATA USED FOR?
The data collected are used to:
– ensure the proper functioning of the site
– receive and manage your orders, provide you with the products and services requested, process payments and provide information/support on orders, products and services of interest to you
– perform statistical analysis on the operation and use of our websites
– analyze user behavior in order to optimize and customize our offerings to customers
– send commercial, promotional and/or advertising communications, if requested by the user.
Some of the treatments listed above require your explicit consent, while others may be carried out on the basis of legitimate interests of the owner, on the basis of contractual obligations between the parties or to fulfill a legal obligation.
WHAT IS THE DATA STORAGE LOCATION?
The processing operations connected to the web services of this site and to the personal data collected take place at the aforementioned headquarters of the Data Controller, or on servers, located within the European Union, of third party companies in charge and duly appointed as Data Processors. Should it become necessary to transfer this data to non-EU countries, the Data Controller hereby ensures that this will be done in compliance with the articles contained in Chapter V of the Regulations and with the applicable legal provisions.
TO WHOM WILL THE DATA BE COMMUNICATED?
Your data may be communicated to the Owner’s collaborators, who, as authorized persons, will process your data for the sole purpose of responding to your requests and offering the requested services.
In addition to the Owner, categories of authorized persons involved in the organization of the site (administrative staff, marketing, legal staff, system administrators) may have access to the data, as well as third parties, external service providers, who act on behalf of or in the name of Pai Cristal Italia s.r.l., duly appointed as Data Processors and who will process the data in accordance with the purpose for which the data was originally collected:
Finally, your data may be disclosed to public bodies, only in cases where this is required to fulfill legal obligations to which the owner is subject.
Your data will not be disclosed and will not be transferred to third party companies. In the event that some treatments include a transfer of data, the owner ensures that this will happen only in the presence of a valid consent from the person concerned.
The processing operations connected to the web services of this site and the personal data collected take place at the aforementioned headquarters of the Data Controller.
WHAT ARE MY RIGHTS?
The data subject, i.e. the person to whom the data relate, has the right to exercise the rights provided for in Articles 15-21 of the EU Data Protection Regulation 679/2016. These include the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to object and the right to data portability. This also includes the right to lodge a complaint with a Supervisory Authority, as well as the right to revoke previously given consent at any time without affecting the lawfulness of the processing given prior to revocation.
In order to exercise these rights, it is sufficient to forward a request via email to firstname.lastname@example.org.
WHAT ANALYSIS AND PROFILING TOOLS ARE USED?
When you visit our website your browsing behavior may be recorded and statistically analyzed, in order to obtain information on the use of the platform. The collection of data is carried out mainly by means of so-called cookies, while the analysis of browsing data is carried out by means of “web analytics” software.
The analysis of browsing behavior is usually carried out anonymously and is therefore impossible to trace the identity of the user. If you have given your consent, your browsing data can be traced back to your company and therefore to you personally when you log in and access your private area. You can explicitly deny your consent to this analysis or prevent it by refusing the use of certain tools.
EXCLUSION OF LIABILITY
The information on data protection of PAI Cristal Italia S.r.l. does not apply to products, services, applications, websites or social media functions of third party providers, accessible through the links offered for information purposes. By using these links the user leaves the site of PAI Cristal Italia S.r.l. and it is therefore possible that personal information may be collected by or transmitted to third parties. PAI Cristal Italia S.r.l. has no influence on third party sites and gives no guarantee about the data protection procedures used by them. We encourage you to read and review the privacy statements of all sites with which you may interact before authorizing them to collect, process and use your personal information.
For PAI Cristal Italia S.r.l. the protection of the data and the safeguard of the people concerned is fundamental. Our goal is to offer a quality service to the customer, which guarantees the simplicity of use and security of treatments. PAI Cristal is committed to complying with all the obligations established by the General Data Protection Regulation (EU 679/2016) and the Privacy Code (Legislative Decree 196/2003 and subsequent amendments), so as to ensure safe data processing.
PAI Cristal undertakes to process data in accordance with the principles listed in Article 5 of EU Regulation 679/2016, namely ensuring the:
– Lawfulness, fairness, transparency of processing.
– Purpose limitation
– Minimization of the data collected
– Accuracy of data processing
– Limitation and deletion of data no longer needed
– Data integrity and confidentiality
It must be remembered that the transmission of data via the Internet can never be considered risk-free. For this reason PAI Cristal adopts an approach based on risk assessment, aimed at identifying and minimizing the risk through appropriate security measures with respect to each treatment.
This site uses SSL and/or TSL encryption to protect the transmission of confidential content such as orders or requests sent to the website operator. An encrypted connection can be recognized by the presence in the browser address bar of “https://” instead of “http://” together with a padlock symbol. When SSL and/or TSL encryption is activated, the data transferred to us cannot be read by third parties.
Data protection regulations state that the processing of personal data is lawful only when at least one of the following conditions applies:
(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- b) processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the request of the data subject;
- c) the processing is necessary for compliance with a legal obligation to which the data controller is subject;
(d) processing is necessary for the protection of the vital interests of the data subject or another natural person;
- e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
(f) processing is necessary for the purposes of pursuing the legitimate interests of the controller or a third party, provided that the interests or the fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail, in particular where the data subject is a child.
The processing of data by PAI Cristal will take place in accordance with the law and exclusively under the conditions listed in points a), b), c) and f).
Period of conservation of data
The data provided will be kept for the entire duration of the contract with our Company and, subsequently, for as long as necessary to fulfill the regulatory obligations in the administrative-accounting, tax and civil law fields. Personal data not subject to storage obligations will be deleted once they become superfluous for the achievement of the individual purpose.
RIGHTS OF THE INTERESTED PARTY
Every data subject has numerous data protection rights, defined by Articles 7, 15, 16, 17, 18, 19, 20, 21, 22 and 77 of EU Regulation 679/2016. In the following points each of these rights will be described in detail.
To exercise these rights, simply make a request by email to email@example.com. For further information, please consult the full text of the GDPR (https://www.garanteprivacy.it/il-testo-del-regolamento) and the website of the Privacy Guarantor (www.garanteprivacy.it).
Art. 7.3 – Revocation of consent to data processing
Many personal data processing operations are only possible with the explicit consent of the user. Every data subject who has given consent has the right to revoke that consent at any time. To revoke the consent, it is sufficient to send an informal e-mail to firstname.lastname@example.org. The lawfulness of the data processing operation performed before the revocation remains unaffected.
Art. 15 – Right of access
The data subject has the right to obtain from the data controller confirmation as to whether or not personal data relating to him are being processed. The data controller shall provide a copy of the personal data being processed. In case of further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, and unless otherwise specified by the data subject, the information shall be provided in a commonly used electronic format.
Art. 16 – Right of rectification
The interested party has the right to obtain from the data controller the rectification of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the treatment, the person concerned has the right to obtain the integration of incomplete personal data, including by providing an additional statement.
Art. 17 – Right to cancellation
The person concerned has the right to obtain from the data controller the cancellation of personal data concerning him in the event that there is no longer any valid legal basis for the treatment and in the event that there is no legal obligation that requires the holder to their preservation.
Art. 18 – Right to limitation of treatment
The data subject has the right to obtain from the data controller the restriction of processing in the event that the data subject contests the accuracy of the personal data, the processing is unlawful, the data are necessary for the establishment, exercise or defence of legal claims, or in the event that a verification of whether the data controller’s legitimate reasons prevail over those of the data subject is awaited. In this case, the processing of the data in question will be suspended with the sole exception of processing for storage purposes.
Art. 19 – Obligation to notify in case of rectification, cancellation or limitation
In case of rectification, cancellation or restriction of data, the owner is required to forward this request to any recipients to whom the same data were previously transmitted.
Art. 20 – Right to data portability
The user has the right to receive personal data, processed by us in automated form on the basis of consent or for contractual fulfillment, in a commonly used and machine-readable format. Any request for direct data portability to another data controller will only be fulfilled if this is technically feasible.
Art. 21 – Right to object
The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data relating to him or her pursuant to the legal bases listed in letters e) or f) of this notice, including profiling on the basis of these provisions. The data controller shall refrain from further processing personal data unless he demonstrates the existence of compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Art. 22 – Automated decision-making process including profiling
The data subject has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or which similarly significantly affects his or her person.
Profiling means any form of automated processing of personal data consisting of the use of such data to evaluate certain personal aspects relating to a natural person by means of algorithms. An automated individual decision consists of the decision taken exclusively on the basis of algorithms without further control by the human being.
Art. 77 – Right of complaint to the supervisory authority in charge
In the event of a personal data breach, the data subject may lodge a complaint with the supervisory authority in charge. The supervisory authority in charge of data protection issues is the data protection officer of the country in which our company is based, in the Italian case the “Garante della privacy”.
“GDPR”: General Data Protection Regulation, i.e., EU Regulation 679/2016, available at: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/6264597
“Privacy Code”: Personal Data Protection Code, i.e., Legislative Decree 196/2003, available at: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9042678
“personal data”: any information concerning an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural or social identity;
“particular data” means any information revealing a data subject’s racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data or biometric data intended to uniquely identify a natural person and data concerning a person’s health, sex life, or sexual orientation.
“Processing” means any operation or set of operations, whether or not by automated means, applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction;
“restriction of processing” means the marking of personal data stored with the aim of limiting its processing in the future;
“profiling” means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects of that natural person’s professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
“pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures designed to ensure that such personal data is not attributed to an identified or identifiable natural person;
“repository” means any structured set of personal data that is accessible according to specified criteria, regardless of whether such set is centralized, decentralized, or functionally or geographically distributed;
“data controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria applicable to its designation may be established by Union or Member State law
“data responsible” means the natural or legal person, public authority, department or other body that processes personal data on behalf of the controller;
“recipient” means the natural or legal person, public authority, service or other body that receives communication of personal data, whether or not it is a third party. However, public authorities that may receive communication of personal data in the context of a specific investigation in accordance with Union or Member State law shall not be considered recipients; the processing of such data by such public authorities shall be in accordance with the applicable data protection rules according to the purposes of the processing;
“third party” means the natural or legal person, public authority, department or other body other than the data subject, the controller, the processor and the persons authorized to process personal data under the direct authority of the controller or processor;
“consent of the data subject” means any free, specific, informed and unambiguous manifestation of will by which the data subject indicates his or her assent, by way of a statement or unambiguous affirmative action, that personal data concerning him or her be processed;
“Legitimate interest”: is a legal basis on which a data processing operation may be based. Legitimate interests of the data controller may make the processing lawful, provided that they do not override the interests or fundamental rights and freedoms of the data subject (e.g. where there is a relevant and appropriate relationship between the data subject and the data controller, such as where the data subject is a customer or is employed by the data controller). The existence of legitimate interests also requires a careful assessment as to whether the data subject, at the time and in the context of the collection of personal data, could reasonably expect processing to take place for that purpose.
“personal data breach” means a security breach that accidentally or unlawfully results in the destruction, loss, modification, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed;
“supervisory authority” means the independent public authority established by a Member State pursuant to Article 51;
“gamification”: the use of game-like dynamics (e.g., points, levels, rewards) in non-game contexts, to solicit engagement and competitiveness, to stimulate problem solving, etc.
PAYMENT SERVICE PROVIDER
The site accepts payment via PayPal. If you choose to pay via PayPal, the data provided for the payment will be transmitted to PayPal.
The data will be transmitted to PayPal pursuant to Art. 6 Par. 1 (a) GDPR (consent) and Art. 6 Par. 1 (b) GDPR (processing for the performance of a contract). You may revoke your consent to the processing of your data at any time. The revocation does not affect the lawfulness of the processing provided before the revocation.
The provider of this service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).
The site accepts payment by credit card through Intesa Sanpaolo’s payment service provider.
If you choose to pay by credit card, the data provided for payment will be transmitted to Intesa Sanpaolo, your bank or credit card company and processed or stored exclusively by Intesa Sanpaolo. Detailed information about Intesa Sanpaolo is available at this link: https://www.intesasanpaolo.com/it/common/footer/privacy.html.
The data will be transmitted to Intesa Sanpaolo exclusively in accordance with Art. 6 Para. 1 (a) GDPR (consent) and Art. 6 Para. 1 (b) GDPR (processing for the performance of a contract). You may revoke your consent to the processing of your data at any time. Revocation does not affect the lawfulness of the processing provided prior to revocation.
Cookies are small text files that are used to store information. Cookies are stored on your device (whatever it is, PC, smartphone or tablet) when you visit our website from your browser (Microsoft Edge, Google Chrome, Mozilla Firefox etc.). Cookies may be used for different purposes, e.g., to make the website work properly, make it more secure, improve its performance, personalize your browsing experience and deliver personalized advertisements. Some cookies are automatically stored on your browsing device because they are necessary for the website to function properly. All other types of cookies require your explicit permission.
Most of the cookies we use are so-called “session cookies”. These cookies allow us, for example, to recognize your browser on subsequent visits. These cookies are automatically deleted at the end of the visit. Other cookies remain stored on your device until you delete them or the cookie expires.
Some of the cookies are necessary to provide you with some of the essential functions of our site (e.g. the shopping cart function). In this case, the legal basis of the treatment is identified in the legitimate interest of the owner to install these cookies to ensure the proper functioning of the online shop of PAI Cristal Italia S.r.l. (Art. 6 Section 1f of the GDPR). For customers registered on the portal, it is possible to identify an additional legal basis in the execution of the contract to which the data subject is a party (Art. 6 Section 1 b) GDPR). For profiling cookies, the legal basis for processing is identified in the consent given by the data subject, pursuant to Art. 6 Section 1 a of the GDPR.
Server log files
PAI Cristal Italia S.r.l., as manager of its sites, collects and stores information automatically in the so-called server log files. The transmission of this data is automatic and implicit in the use of Internet communication protocols. This data is not cross-referenced with data from other sources. These may include:
– Internet browser type and version
– Operating system in use
– Referring URL
– Host name of the accessing computer
– Time of the request to the server
– IP address
The legal basis for the processing is identified in the legitimate interest of the data controller to monitor its information systems in order to ensure an adequate level of security of its IT infrastructure and carry out “troubleshooting” activities in case of malfunctions (Art. 6 Section 1 f of the GDPR).
When the user submits a request for information via our contact forms, the data entered into the form by the user will be stored and processed by the company in order to process the request and answer the user’s questions.
The legal basis for the processing is identified in the consent given by the Data Subject (Art. 6 Section 1 a of the GDPR). Sending requests via the contact forms on the site represents a positive and unequivocal action, which manifests the consent of the interested party to proceed to the processing of his data for the processing of his request. If the purpose of the contact is the conclusion of a contract, an additional legal basis for the data processing is the performance of a contract to which the data subject is a party (Art. 6 Section 1 b of the GDPR).
The data entered in the contact form will remain archived at the company until the user explicitly requests deletion or until the purpose of archiving ceases to exist (e.g. when an inquiry has been processed). In the event that there are legal obligations regarding the retention of such data, it will be retained for the period of time necessary to fulfill those obligations.
Registration form in our online store
The user can register in our online store to take advantage of the additional functions available in the private area of our website. The data provided will be used for:
– Purposes instrumental to the establishment, management, execution and/or conclusion of the contract;
– Purposes related to the management of the contractual relationship referred to above, or to operational/management needs (eg accounting and tax, credit management, customer service, sales on the following channels: direct sales, point of sale, e-commerce, telephone sales, etc.);
– Purposes connected to the fulfilment of any other obligation deriving from national and community regulations which are applicable to the relationship, or orders given by Authorities legitimated by the Law.
The legal basis of the treatment is identified in the establishment, execution and possible termination of the contract between you and the Company and the obligations to the same contract and / or the same directly and / or indirectly arising (Art. 6 Section 1 b of the GDPR).
The acquired data are essential for the perfection of the contractual relationship and for the successive execution of the contractual relationship deriving from the same one. Any refusal to provide the requested data and/or their inaccuracy could make it impossible to provide:
- a) to comply with the statutory and regulatory provisions in force in civil, fiscal and tax matters as well as the provisions issued by the competent authorities;
- b) to guarantee the correct normative, technical and economic management of the contractual relationship;
- c) to act or defend a right in court or in the appropriate forums provided by the laws and regulations in force.
Only after your possible and explicit consent, the personal data provided may be processed by the Owner of the Treatment for marketing activities, that is to say for the sending by the Owner, also through External Managers of the Treatment, of communications for Marketing purposes, including cases of commercial, promotional and advertising communication of services and/or products and/or other activities offered by PAI Cristal Italia S.r.l., as well as for the organization of events, the carrying out of market research, opinion polls and statistical analysis for Marketing purposes. The processing of personal data for the exercise of Marketing purposes described above may take place through e-mail and/or SMS and/or other messaging services, as well as through traditional marketing methods such as calls with operator and/or communications forwarded by paper mail.
The legal basis for the processing of data for marketing purposes is identified in the consent freely expressed by the person concerned (Art. 6 Section 1 a of the GDPR). The data subject has the right to revoke their consent at any time, as well as to revoke their consent to the processing via a specific contact channel, by making a request to the data controller without any formalities at email@example.com.
The data provided will be kept for the entire duration of the contract with our Company and, subsequently, for as long as necessary, for purposes related to the fulfillment of regulatory obligations in the administrative-accounting, tax and civil.
The data provided may be made accessible to the following subjects
- a) to employees and collaborators of the Owner in their capacity as internal managers and/or persons authorized to process and/or system administrators;
- b) in general, to all subjects to whom communication is necessary for purposes strictly connected and instrumental to the management and execution of obligations arising from contractual and pre-contractual relationships with the Company (e.g. couriers, shippers, etc.);
- c) to persons, companies, associations or professional firms that provide services or activities of assistance and consultancy or provide services to the Company, with particular but not exclusive reference to matters of technology, accounting, administrative, legal, tax and financial matters (by way of example but not limited to: consultancy firms, legal firms, companies specializing in the collection and processing of balance sheet data etc.)
- d) persons, companies that carry out activities in outsourcing on behalf of the Company as external data processors (by way of example but not limited to: companies that carry out activities of assistance, advertising and sales to customers (e.g. call centers), companies or professionals specializing in the recovery of credits and assets, rating or auditing companies, etc.).
- e) banks and insurance companies
- f) to subjects to which is entrusted the maintenance and development service of our computer system, for the time strictly necessary for the optimal execution of this service.
In addition, the Owner may communicate your personal data, even without your express consent, to supervisory bodies, judicial authorities and to all other subjects to whom the communication is mandatory by law for the fulfillment of the above purposes.
Transfer of data at the conclusion of contacts in online stores, at retailers and for the shipment of goods
The company transfers personal data to third parties only if this is necessary for the fulfillment of the contract, for example, to companies responsible for the shipment of goods or the bank delegated to handle the payment. No other data will be transferred and/or, if applicable, only with your express consent. Your data will not be passed on to third parties, e.g. for advertising purposes, without your explicit consent.
The legal basis for the processing is identified in the performance of a contract to which the data subject is a party (Art. 6 Section 1 b of the GDPR).
Personalized product recommendations
If you have selected the appropriate cookie settings on our site, your browsing history may be used to provide you with personalized product recommendations when you access our sites or third party sites. Browsing history means the article pages and product categories you visit or search for on PAI Cristal Italia S.r.l. websites.
For profiling cookies, the legal basis for processing is identified in the consent given by the person concerned, pursuant to Art. 6 Section 1 a of the GDPR. Instead, for the installation of other categories of cookies, the legal basis of processing is identified in the legitimate interest of the owner to ensure the proper functioning of the platform. For customers registered on the portal, a further legal basis is given by the performance of the contract to which the data subject is a party (Art. 6 Section 1 b) GDPR).
Some services offered within our platforms may collect geo-location data in an anonymous form to facilitate the search for information and improve the service offered to the user/customer.
The legal basis for the processing is identified in the consent expressed by the data subject, pursuant to Art. 6 Section 1 a) of the GDPR. The data subject may deny consent to the collection of data, which would, however, compromise the usability of the automated search service.