pursuant to EU Regulation 679/2016 (“GDPR”)
Who we are
In carrying out its business, Panini S.p.A., with registered office in Turin (TO) Via Po 39 (hereinafter the “Company” or “Panini”) pays utmost attention to the security and confidentiality of the personal data of its users.
What personal data about you may be collected
The Company may collect the following categories of personal data concerning you (hereinafter, jointly, the “Data”):
- Personal details – information concerning name and surname, date of birth;
- Contact details – information concerning your address, postcode, nationality, telephone number and e-mail address;
- Interests – by way of example, information you provide us regarding your interests, including products that you are interested in;
- Payment details – information concerning any purchases you have made and the related payment (e.g. credit/debit card number, IBAN);
- Other personal data – information concerning the company for which you work;
How we collect your Data
The Company collects and processes your personal data in the following circumstances:
- upon the conclusion of one or more contracts with the Company;
- if you intend to contact the Company through the designated areas of the Website;
- if companies associated with Panini and/or other companies and/or business partners legitimately transfer your personal data to us.
If you provide personal data on behalf of someone else, you must ensure that the parties concerned have read this Privacy Disclosure in advance.
Please help us keep your personal data up to date by informing us of any changes.
Purposes for which your Data can be used
The Company may process your Data for one or more of the purposes set out below and on the legal basis indicated case by case.
a) Establishment and execution of contractual relationships and subsequent obligations, including any communication relating to services (such as to start after-sales services)
The Company may process data for the purpose of establishing and executing contractual relationships, providing services requested, and responding to reports and complaints. The Company may also use your contact details, and in particular your e-mail address, to provide you with information relating to the service.
Processing basis: fulfilment of contractual obligations.
The provision of data is mandatory to manage the contractual relationship. If it is not provided, we will not be able to proceed.
b) Reply to your questions and requests for information.
The Company may process your contact details, as well as any personal data you may provide voluntarily in the designated sections of the Website in order to reply to your questions and requests for information.
Processing basis: processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the latter.
Provision of such data is mandatory in order to reply to your questions and requests, otherwise we will be unable to do so.
c) Operational management and strictly related purposes for access to the website.
The Company may process your personal details, your contact details and the data relating to use of the website in order to allow you to use the Website and its services, as well as to verify that it is functioning correctly.
Processing basis: fulfilment of contractual obligations.
The provision of data is mandatory to respond to your requests. If it is not provided, we will not be able to proceed.
d) Sending communications for the promotion of products and services similar to those previously purchased, pursuant to and within the limits permitted by Art. 130, paragraph 4, of the Privacy Code.
The Company may process your e-mail address to send you promotional communications and material relating to products similar to those previously purchased.
Processing basis: legitimate interest of the Company in maintaining an effective contractual relationship with you.
Provision of the e-mail address is optional and failure to provide it does not have any consequences on contractual relationships.
e) Unprofiled marketing.
Subject to your specific consent, the Company may process your personal and contact details for marketing and advertising purposes, aimed at informing you about promotional sales initiatives, carried out through automated (e-mails, text messages, MMS, chats, instant messaging, WhatsApp, social networks and other bulk messaging tools, push notifications, etc.) as well as traditional contact methods (for example, telephone call with operator, traditional post, etc.), or for market research or statistical surveys.
Processing basis: consent of the data subject.
The provision of personal and contact details is optional and failure to provide the same does not have any consequences on contractual relationships.
This consent may be withdrawn at any time, with effect for subsequent processing, by writing to firstname.lastname@example.org. In addition, you may at any time indicate your preferred method of contact from among those listed above and may object to the receipt of promotional communications through all or only some of such contact methods.
With regard to contact methods that involve the use of your telephone numbers, we remind you that direct marketing activities by the Company will be carried out after verifying whether you are included in the Objection Register, as established pursuant to and by effect of Presidential Decree no. 178 of 7 September 2010, as amended and supplemented.
f) Customer Satisfaction Surveys
The Company may use your contact details to conduct surveys to measure the level of customer satisfaction of the services provided.
Processing basis: consent; failure to provide the same does not have consequences on contractual relationships.
This consent may be revoked at any time by writing to email@example.com.
g) Defence of rights in legal, administrative or out-of-court proceedings and in the context of disputes arising in connection with the services provided.
The Company may process your Data to defend its rights or to take action or also make claims against you or any third party.
Processing basis: legitimate interest of the Company to protect its rights.
Provision of Data for this purpose is mandatory since otherwise the Company would be unable to defend its rights.
h) Purposes connected with obligations provided for by laws, regulations or Community legislation, by provisions / requests of authorities entitled to do so by law and/or by supervisory and control bodies.
The Company may process your Data in order to fulfil its obligations.
Processing basis: fulfilment of a legal obligation.
Provision of Data for this purpose is mandatory since otherwise the Company would be unable to fulfil specific legal obligations.
How we keep your Data safe
The Company uses a wide range of security measures necessary to improve the protection and ensure the security, integrity and accessibility of your Data.
All your Data is stored on our protected servers (or suitable archived paper copies) or on those of our suppliers or business partners, and is accessible and usable according to our security standards and policies (or equivalent standards for our suppliers or business partners).
How long we retain your Data
We retain your Data only for the time necessary to achieve the purposes for which it was collected or for any other legitimate related purpose. Therefore, if the Data is processed for two different purposes, we will retain the Data until the purpose with the longer term no longer applies; nevertheless, we will no longer process Data for purposes whose retention period has ceased.
We limit access to your Data solely to those who need to use it for relevant purposes.
Your Data is irreversibly anonymised (and thus can be retained) or destroyed in a secure manner when it is no longer necessary, or if there is no longer a legal prerequisite for its retention.
The retention times in relation to the different purposes listed above are provided as follows:
a) Fulfilment of contractual obligations: data processed to fulfil any contractual obligation may be kept for the entire duration of the contract, and not longer than 10 years, in order to verify any outstanding amounts due, including accounting documents (e.g. invoices).
b) Reply to your questions and requests for information: Data processed for this purpose may be retained for the time necessary to manage your request and, in any case, no longer than the subsequent 10 years.
c) Operational management and strictly related purposes for access to the website: Data processed for this purpose may be retained for the entire duration of the contract but no longer than 10 years.
d) Sending communications for the promotion of products and services similar to those previously purchased: Data processed for this purpose may be retained for 24 months from the date of collection of the same or, in the event of objection to receiving further communications, for 30 days from receipt of such a request.
e) Unprofiled marketing: Personal Data processed for marketing purposes may be retained for 24 months from the date on which we obtained your last consent for such purpose or, in the event of objection to receiving further communications, for 30 days from receipt of such a request.
f) Purpose of customer satisfaction surveys: Data processed for this purpose may be retained for 24 months from the date on which we obtained your last consent for such purpose or, in the event of objection to receiving further communications, for 30 days from receipt of such a request.
g) Defence of rights in legal, administrative or out-of-court proceedings and in the context of disputes arising in connection with the services provided: Data processed for this purpose may be retained for the time strictly necessary to protect the Company’s rights.
h) Purposes connected with obligations provided for by laws, regulations or Community legislation, by provisions / requests of authorities entitled to do so by law and/or by supervisory and control bodies: Data processed for this purpose may be retained for the time strictly necessary to fulfil the specific obligation.
With whom we can share your Data
Your Data may be accessed by duly authorised employees as well as external suppliers appointed, where necessary, as data processors, who provide support for the provision of services.
Your Data may also be accessed by other companies associated with Panini, where necessary to fulfil legal and/or contractual obligations, or, subject to your consent for marketing purposes, also related to their products/services.
Please contact us at firstname.lastname@example.org if you wish to ask to see the list of data processors and other parties to whom we communicate your Data.
Transfer of Data to non-EU Countries
The Company is active at a global level and may, therefore, need to transfer your Data to countries that do not belong to the European Union (EU) or the European Economic Area (EEA), in which Panini, and/or companies associated with Panini and/or other companies and/or business partners are based or operate (hereinafter also referred to as “Third Countries”).
In this case, the Company will provide adequate safeguards and protections for such cross-border transfers, in accordance with data protection legislation, including the use of Standard Contractual Clauses approved by the European Commission. These clauses impose similar data protection obligations directly on the recipient, unless we are allowed by the applicable data protection law to transfer the data without such formalities. Some third countries, such as Canada and Switzerland, have been authorised by the European Commission because they provide protection similar to EEA data protection legislation and therefore no additional legal protection is required.
You may request a copy of this documentation and the list of countries to which the Company may transfer your data by contacting us at email@example.com.
The contact details of the Company, as data controller, are as follows:
Via Varallo, 24b
Panini has appointed a Data Protection Officer (hereinafter also referred to as “DPO”) who may be contacted at the following address: firstname.lastname@example.org.
Your data protection rights and your right to lodge a complaint with the Control Authority
Under the appropriate conditions, you have the right to ask the Company:
- to access your Data;
- for a copy of the Data that you have provided (portability);
- to correct the Data in our possession;
- to erase any Data for which we no longer have any legal basis for processing;
- to revoke your consent, if the processing activity is based on consent;
- to limit the way in which we process your Data, within the limits provided for by the law on the protection of personal data.
Right of objection: in addition to the rights listed above, you have the right at any time to object, for reasons related to your particular situation, to the processing of your Data carried out by the Company for the pursuit of its legitimate interest.
The objection request must be sent to the following address: email@example.com.
The exercise of these rights is free of charge and is not subject to any formal constraints. In the event that you exercise any of the aforementioned rights, it will be the Company’s responsibility to verify that you are entitled to exercise it and, as a rule, reply within one month.
If you believe that processing of the Data concerning you is in violation of the provisions of the GDPR, you have the right to lodge a complaint with the Personal Data Protection Authority, using the contact details available on the website www.garanteprivacy.it, or to bring the matter before the appropriate courts.