This information is provided pursuant to and in accordance with the EU Regulation No. 2016/679 on data protection (GDPR, EU General Data Protection Regulation No. 2016/679).

This page describes how the personal data of the www.prealpi.com website(s) visitors

· are processed.

The information is provided only for the websites indicated and not for other addresses that can also be reached by the user through links.

1. DATA CONTROLLER

The Data Controller is:

Prealpi Srl

For any information or to exercise the rights referred to in Articles from 15 to 22 of EU Regulation No. 2016/679, you can contact the Data Controller at the following addresses:

· Email: prealpi@certimprese.it; antonio.zanini@prealpi.com

· Address: Via Arno 4, 21043 Castiglione Olona (VA), Italy

· Telephone: +39 0331 850601

2. GENERAL AND VALID INFORMATION FOR ANY PROCESSING

All processing carried out through this website is based on the principles of lawfulness, fairness and transparency.

At any time, you can exercise the rights shown in the articles of law previously mentioned by making an explicit request to the Data Controller or Data Processor. You can request precise information about the subjects who process the data on behalf of the Data Controller (Managers, Agents, etc.).

During the processing, an adequate level of protection and confidentiality will be guaranteed in accordance with the provisions of Art. 32 of the GDPR.

In the event that the website uses personal information for purposes other than those established in this information, the User will be asked for a specific consent.

3. SPECIFIC INFORMATION FOR EVERY KIND OF PROCESSING

a. Data collected from the use of our services by the User: we can collect information on the services displayed and/or used by the User, as well as on the method of use (for example when the User interacts with our contents);

This category of data includes IP addresses or domain names of computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used when submitting the request to the server, the size of the response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

These data, necessary for the use of web services, are also processed for the purpose of:

obtaining statistical information on the use of services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);

checking the correct operation of the services offered.

The web surfing data do not persist for more than seven days and are canceled immediately after their aggregation (except for any need for the investigation of crimes by the Judicial Authority).

b. Cookies and similar technologies: our Website uses different technologies to collect and store information when one of our services is visited, which could include the use of cookies and/or similar technologies to identify the user’s browser or device; we also use these technologies to collect and store information when the User interacts with and/or purchases our services and/or the ones of our partners. For more information, see our Cookie Policy.

INFORMATION WE SHARE

The Website provides personal data to third parties in the following cases:

A – With the consent of the User: the Website, in case of need to share sensitive personal data, with companies, organizations and persons unrelated to the Website, requires the authorization to the User;

B – To domain administrators: the domain administrator and/or third-party resellers who provide assistance in using the service may have access to the personal data of the parties concerned;

C – For external processing: the website provides personal information to its affiliates and/or companies and/or trusted persons to process them according to the instructions provided and in compliance with the privacy regulations applied by the website (as well as in respect of others any appropriate measures relating to confidentiality and security);

D – For legal reasons: the website provides personal information to companies, organizations and/or people that are not part of the website team if it believes that access, use, protection or disclosure of such information are necessary for:

– Complying with the laws or regulations in force, a judicial procedure and/or a mandatory government request;

– Applying the applicable terms of service, including assessments of potential violations;

– Detecting, preventing or managing fraudulent activities or problems relating to safety or technical nature;

– Protecting the rights, property and/or security of the website, our Users or the public, as required and permitted by the Law.

The website may share information that do not allow personal identification with own partners, for example, to show trends related to the general use of our services and/or purchase preferences.

If the Website Owner is involved in a merger, acquisition and/or transfer, he/she will continue to guarantee the confidentiality of personal information and will notify Users concerned of the transfer of personal information or the application of privacy regulations other than those implemented here.

SUBJECTS TO WHICH THE DATA MAY BE DISCLOSED

Where necessary, the disclosure of data will be carried out only to competent authorities, trusted subjects appointed by the Website Owner for the performance of technical and/or organizational tasks (provision of legal, accounting, tax, consulting services, etc..).

Personal data are not subject to dissemination.

RIGHTS OF THE DATA SUBJECT

(Arts. 15-21 of the EU Regulation No. 679/2016)

1. The Data Subject has the right to obtain confirmation that his or her personal data are being processed, even if not yet recorded, and that they are disclosed in an intelligible form.

2. The Data Subject has the right to obtain access to personal data and to the following information:

A – the indication of:

– the purpose of the processing;

– the categories of personal data in question;

– the recipients or categories of recipients to whom personal data have been or will be disclosed; in particular, if they are recipients of third countries or international organizations;

– the period of storage of the personal data provided or the criteria used to determine this period;

– the existence of the right of the Data Subject to request the Data Controller to correct or delete personal data or limit the processing of personal data concerning him/her or to oppose their processing;

– the right to lodge a complaint with a supervisory authority;

– if the data are not collected from the Data Subject of all available information on their origin;

– the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the expected importance and consequences of this processing for the Data Subject.

B – the correction of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the Data Subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration;

C – the cancellation of personal data concerning him/her without undue delay; the Data Controller has the obligation to cancel personal data without unjustified delay if one of the following reasons applies:

– personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;

– the Data Subject revokes the consent on which the processing is based and if there is no other legal basis for the processing;

– the Data Subject opposes the processing and there is no legitimate prevailing reason to proceed with the processing;

– personal data have been processed illegally;

– personal data must be deleted in order to fulfill a legal obligation established by the law of the Union or of the Member State to which the Data Controller is subject;

– personal data have been collected regarding the offer of information company services.

D – the limitation of processing when one of the following hypotheses occurs:

– the Data Subject disputes the accuracy of the personal data for the period necessary for the Data Controller to verify the accuracy of such personal data;

– the processing is unlawful and the Data Subject opposes the deletion of personal data and requests instead that their use is limited;

– although the Data Controller no longer needs them for the purposes of processing, personal data are necessary for the Data Subject to ascertain, exercise or defend a right in Court;

– the Data Subject has opposed the processing pending verification regarding any prevalence of the legitimate reasons of the Data Controller with respect to those of the Data Subject;

– the Data Subject who has obtained the processing limitation is informed by the Data Controller before the said limitation is revoked.

3. The Data Controller informs each of the recipients to whom the personal data were sent of any adjustments or deletions or limitations of the processing carried out.

4. The Data Subject has the right to receive in a structured format, commonly used and readable by automatic device, the personal data concerning him/her provided to a Data Controller and has the right to transmit such data to another Data Controller without hindrance by of the Data Controller to whom he/she has supplied them. While exercising his/her rights with respect to data portability, the Data Subject has the right to obtain direct transmission of personal data from one Data Controller to the other, if technically feasible.

5. The Data Subject has the right to object:

– at any time, for reasons related to his/her particular situation, to the processing of his/her personal data, including profiling. The Data Controller refrains from further processing personal data unless he/she demonstrates the existence of legitimate cogent reasons for processing that prevail over the interests, rights and freedoms of the data subject or for verification, exercise or the defense of a right in Court;

– if personal data are processed for direct marketing purposes, including profiling to the extent that it’s connected to such direct marketing;

– if the Data Subject objects to the processing for direct marketing purposes, the personal data are no longer processed for these purposes.