Institutional Website Privacy Policy Palazzoli

1 - Who we are and what we do with personal data

Palazzoli S.p.A., with registered office at via Federico Palazzoli no.31, 25128 Brescia (BS), as the Data Controller, is concerned with the confidentiality of the personal data provided.

Palazzoli has identified an internal privacy contact who can be reached at the email address privacy@palazzoli.it.

In compliance with legal obligations, personal data will be processed by Palazzoli's authorised suppliers who manage the website to implement procedures for preventing their violation, alteration, or loss, adhering to the principles of correctness, lawfulness, and transparency.

2 - Data collected by Palazzoli S.p.A. and purposes

2.1 - Management of the Data Controller's websites

When we receive an information request, we collect the following data: the IP address of the requestor and their identifying personal data, such as name, surname, address, and email, provided at the time of the request/registration.
These are digitally stored on a server located in Italian territory and are used and potentially communicated to third parties and/or recipients solely for the purpose of fulfilling the requested service. Any other communication that does not meet these purposes will be subject to prior consent.
Personal data will not be transferred outside the EU space, nor will it be disseminated or disclosed to undetermined and unidentified subjects in any way.

2.2 - Commercial promotions and sending newsletters

With explicit consent, the processing of personal data may occur to propose products and services and to send advertising material or commercial messages. The processing of data such as name, surname, physical address, landline and/or mobile phone number, personal photograph, will utilize the following means of communication:

email;
SMS;
social network;
postal mail.

In the case of communications via email or social network, we may monitor the response to the message and store it, anonymously, to verify the effectiveness of the messages we send.

2.3 - Market analysis and marketing

With explicit consent, the data may be used for market research and marketing analysis. The activity will be carried out by authorised and competent personnel, both internally within Palazzoli group companies, and by external third parties such as: marketing service companies, companies providing business information consultancy or solutions, direct marketing, geomarketing, etc. These entities will process the data (name, surname, job activity, physical address, email, landline and mobile phone number) on behalf of the Data Controller for the specified purposes and will keep the data within the EU.
In this case, the data may be disclosed to third parties such as service companies related to profiling activities, companies providing business information consultancy or solutions, direct marketing, etc. These entities will process the data (name, surname, physical address, email, landline and mobile phone number, information relating to business and/or work activity, information regarding your latest purchases, etc.) for profiling purposes carried out on behalf of the Data Controller.
We may also record the data in our CRM to begin carrying out targeted commercial activities.

2.4 - Personnel selection

If you fill out the form in the 'Work with us' section, we will process the data for the purpose of personnel recruitment, with the aim of fixed-term or permanent employment. We will create short lists and may communicate the data within our organisation to verify the presence of characteristics compatible with those we are looking for.

3 - Disclosure to third parties

Except for the obligations imposed by current legislation, data may be disclosed to third parties/recipients only if:
it is necessary to fulfil obligations arising from the contract and legal regulations that govern it (e.g., for the defence of rights, for reporting to control authorities, etc.);

the communication is made to:

companies within the group to which Palazzoli S.p.A. belongs for administrative purposes;
companies and law firms for the protection of contractual rights;
IT service companies for the management and maintenance of services; or financial administration bodies, and public supervisory and control bodies to which Palazzoli must fulfil obligations arising from the specificity of the activity carried out.

What happens if data is not provided? The personal data collected is necessary for the specified purposes but is entirely optional.
If consent is denied, the processing of personal data cannot take place; this will not affect the processing of data for the main purposes (access to the site and request for information), nor for those for which consent has already been given. If authorisation has been given and subsequently revoked or if one wishes to oppose processing for marketing, profiling, and newsletter sending purposes, there will be no consequences or prejudicial effects.

4 - How and for how long data is stored

Data processing is carried out using both electronic and manual means and tools made available to subjects acting under the authority of the Controller and duly authorised and trained for this purpose.
Personal data is stored in electronic archives protected by effective security measures adequate to counter the risks of violation considered by the Controller. Data is kept for the time necessary to fulfil requests for information and sending communications of such exclusive nature that the Controller performs following a request, and in any case for no longer than 1 year from the date of the last modification, except in cases where events occur that involve the intervention of Authorities (also in collaboration with third parties/recipients tasked with the Controller’s data cybersecurity activities) competent to conduct any investigations into the causes that led to the event.
Personal data for marketing purposes (direct marketing, research and market surveys) will be stored for 5 years, unless consent is withdrawn and/or unless there is opposition to processing.
Personal data processed for profiling purposes will be stored for 2 years unless consent is withdrawn and/or unless there is opposition to processing.
Personal data processed for personnel selection purposes will be stored for 1 year from the date of the last modification in the 'Work with Us' section, unless consent is withdrawn and/or unless there is opposition to processing.

5 - Data subject’s rights

Within the limits, particularly temporal, established for the processing of personal data, the recognized rights allow always having control over the data. These rights are:

access;
rectification;
deletion;
restriction of processing;
objection to processing;
portability;

file a complaint to the supervisory authority (Data Protection Authority).
In particular, for rights of access, rectification, and modification of consents, it is possible to act through the personal profile page once registered on the site.
The rights are guaranteed without charges and particular formalities for the request of their exercise, which is essentially free of charge. It is possible to:

obtain a copy, also in electronic format, of personal data. In case further copies are requested, the Controller can charge a reasonable fee;

obtain the deletion of the same or the restriction of processing or also the updating and rectification of the data, and that the request is also complied with by third parties/recipients in the event they receive the data, unless there are compelling legitimate grounds overriding those that led to the request (e.g., environmental investigations and risk containment managed by the Controller);

obtain any useful communication regarding activities carried out following the exercise of one's rights without delay and in any case within one month from the request, unless a motivated extension of up to two months is duly communicated.

For any further information and to submit the request, it is necessary to contact the address privacy@palazzoli.it.

6 - Who to file a complaint to

Without prejudice to any other administrative or judicial action, a complaint can be filed to the competent supervisory authority or the one that performs its duties and exercises its powers in Italy where the residence or domicile of the data subject is located, or if different, in the Member State where the violation of Regulation (EU) 2016/679 occurred.