Privacy Policy

Privacy Policy

Introduction

Through this Privacy Policy, we want to provide you with all the necessary information regarding the processing of personal data, which we collect directly or indirectly from you, when you interact with us.

We are committed to ensuring the privacy and protection of your personal data, and yet we are completely transparent about the situations, purposes and means in which we carry out our processing activities.

When we request personal data, we shall in particular ensure that it is adequate, relevant and limited to what is necessary in relation to the specified, explicit and legitimate purposes.

We pay special attention to your rights and respond to your requests when you need additional information.

At the end of this Privacy Policy, you can access the Privacy Notices, where the main processing activities are detailed.

 

Who are we and how you can contact us?

We are PNAT SRL (PNAT), incorporated and registered in Italy, with company number IT06433400485.

Our registered office is located in Firenze, via delle Cernaia 12.

When we process your data for purposes and means of processing established by us, we are a controller, and we have the responsibility to fulfil all legal requirements regarding the processing of your personal data.

You can contact us by post at our mentioned addresses or by email at  info@pnat.net

We have not appointed a data protection officer, so any enquiries about our use of your personal data should be addressed to the contact details above.

 

Who this privacy policy addressed to ?

This privacy policy is aimed at you, as a visitor, customer, partner, legal representative, user, employee, participant in various projects or campaigns etc., when:

  • You access and use our website https://www.pnat.net/ and of its subdomains.
  • We provide you with our products and services under a contract.
  • You communicate with us by email, social media or other online channels.
  • You are part of our marketing campaign.
  • You agreed to publish your information (opinions, biography, pictures, videos orany other information about you) on our website for different purposes (e.g. “meet the team”, interviews, etc.)
  • Other situations referred to in the Privacy Notices.

We may also refer to you as the “data subject”.

 

What is the data protection legal framework that we are operating?

We are processing your personal data in accordance with national and european provisions on the protection of personal data, in particular:

  • The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) ;
  • Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications);
  • Legislative Decree 101/2018, that entered into force on 19 September 2018 and amended a number of provisions of the Legislative Decree 196/2003 (the ‘Privacy Code’).

We will refer to them as “data protection laws”.

We will also take into account:

  • Recommendations of the Garante per la protezione dei dati personali (the ‘’Garante’’) regarding the processing of personal data or other authorized institutions;
  • Any other national and european legal regulations that we are obliged to respect, regarding the processing of your data.

 

Why we process your personal data?

The purposes for which we process your data are varied. We generally process your personal data in order to:

  • Provide you with our products and services;
  • Inform you about our projects, work, events, etc.
  • Promote our products and services and other marketing activities.
  • Handling your request, comments on our website and generally to communicate with you whenever is necessary;
  • Manage your comments on our website;
  • Fulfil our legal obligation;
  • Fulfil out contractual obligation in relation to you;
  • Protect our legitimate interests, etc.

 

The legitimate interest concerns:

 

  • Preventing risk and fraud;
  • Prevention of financial losses;
  • Recovery of damages;
  • Defending our rights in court;
  • Security of information networks;
  • Improving our products and services;
  • Taking the necessary steps to identify you, when necessary;
  • Protecting our image;
  • Maintaining the functionality of our website;
  • Promoting our products and services;
  • Promoting events and marketing campaigns;
  • Solving the requests that you send to us;
  • Providing technical support;
  • Other similar situations.

 

The processing of your data by us or other third parties for the situations mentioned above will nevertheless be carried out on the basis of a thorough analysis which results in the need for processing and that it will not unduly affect fundamental rights and freedoms.

We will also use the consent as legal basis, whenever we process your data based on your prior consent, in various situations, such as Newsletter sign-up.

Please, refer to our privacy notices to obtain detailed information on the legal bases and purposes that are used in connection with the processing of your data.

Your data may also be disclosed to other third parties such as IT service providers, financial and accounting services providers, payment processors, marketing service providers, website developers, market research providers, consultants, lawyers, legal advisers, auditors, or other similar recipients.

We disclose your data to them only when necessary, taking into account the risks and applying appropriate measures of protection.

Some of the above-mentioned recipients shall process your data for our purposes only on documented instructions given by us. They are known as data processors for which we are entirely responsibly.

We only use trusted processors who provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing of your data complies with the requirements of data protection legislation. The processing of your personal data by our processors is always governed by a contract or other legal act before we disclose the data.

Please access the Third-Party Processors Privacy Notice to get more information about our main processors.

Other recipients will be acting as data controllers whenever they process your data for their own purposes or when the processing is being made in accordance with their legal obligations. (e.g., accountants, banks, payment processors, etc.). In this case they shall have the same legal obligation as we have, in regard to your personal data processing.

It is also possible to transmit your data to authorities or certain state institutions only when we are legally obliged to do so or when we have a well-grounded legitimate interest.

When you access third-party links on our website, you will be redirected to external websites for which we are not responsible. We don’t share your data with them while you are accessing our website. When doing so, please check their privacy policies.

Last but not the least, when we use your data for marketing purposes, we may post information about you on our website. In this case, an unlimited number of people will have access to it.

 

Where we send your data?

Generally, the data which we collect from you is processed in Italy, but it may also be processed within the European Union, where similar legal provisions on data protection apply.

Your data may also be transferred to countries providing an adequate level of protection (e.g. the United Kingdom of Great Britain and Northern Ireland, but also the US), as decided on the appropriate level adopted by the European Commission.In other words, transfers to these destinations are considered as safe as transfers between Member States of the European Union. Transfers made under these conditions shall not require any special authorisation. The full list of adequate countries can be checked here https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

We may also transfer your personal data to third countries such international organisations that do not provide an adequate level of data protection in accordance with the European Commission’s requirements. In this situation, we shall take all appropriate protection measures to protect your data and to provide you with effective means of redress for exercising your rights.

In this context, we shall make sure that there will be standard contract terms, approved by the European Commission, which will be signed with companies from these third countries, as well as contracts on data processing if these companies are our processors.

Where we cannot find other appropriate safeguards, we will transfer data to these destinations only under the following conditions:

  • We ask for your prior consent, after informing you of possible risks;
  • We transfer the data only at your request for the performance of a contract or the application of necessary pre-contractual measures in relation to us;
  • The transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person;
  • The transfer is necessary for important reasons of public interest;
  • The transfer is necessary for the establishment, exercise or defense of a right in court;
  • The transfer is necessary to protect your vital interests or those of others when you are not in a physical or legal capacity to express your consent;
  • Other situations stipulated by law.

We shall ensure that any international transfer of personal data is handled with care in order to protect your rights and freedoms.

 

How we protect your data?

We are focusing on preserving and protecting your personal data throughout its lifecycle to prevent, reduce and eliminate the risks posed by personal data processing activities.

Our privacy program ensures that all necessary measures are effectively handled to meet legal requirements by implementing policies and procedures adapted to the specific characteristics of our activity.

We have a cross-functional team, including legal and information security experts

that define PNAT’s Information security strategy and policies.

We have taken into consideration the potential impact on you that a breach may cause and implemented measures that prevent that to happen.

We conduct Data Protection Impact Assessments whenever a certain processing activity may pose a risk to your fundamental rights and freedoms, before starting the processing your data.

We impose special conditions to our processors before we transmit your personal data to them, in accordance with data protection laws.

We always take into consideration the concept of Data Privacy By Design and By Default when developing new systems or new activities of processing.

Where required by data protection laws, we maintain records that contains details of your data processing, under our responsibility.

We have limited the retention of personal data in accordance with legal requirements and our legitimate interests and we ensure their safe destruction.

We regularly audit IT systems in order to improve security measures, by ensuring an optimal level of security in line with the technological development of the market.

 

What rights do you have?

Under the conditions laid down in data protection laws, as a data subject, you shall have the following rights:

  • The right to be informed, i.e. the right to receive details regarding the processing of your personal data as described in this Policy;
  • The right of access to data, i.e. the right to obtain our confirmation of the processing of personal data, as well as details of the processing activities;
  • The right to rectification, i.e. the right to obtain the correction of inaccurate or incomplete personal data.
  • The right to erasure data without undue delay (“the right to be forgotten”), in the cases and under the conditions laid down by the data protection laws;
  • The right to restriction of processing to the extent that you contest the accuracy of the data, the processing is illegal and you oppose the deletion, requesting instead the restriction of use, or when PNAT has no longer any purpose to process your data, but you request it for the determination, the exercise or defense of a right in court or when you oppose the processing of data for the time necessary to confirm the legitimate rights we claim.
  • The right to portability of data to another controller, in accordance with the conditions laid down by law;
  • The right to object processing at any time, free of charge and without any justification, where the data is processed for direct marketing purposes or where the processing is based on our legitimate interests, unless we can demonstrate that there are legitimate and overriding reasons justifying that processing;
  • The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or affects you in a significant extent in the same way.
  • The right to lodge a complaint with a supervisory authority, if you consider that the processing of your personal data infringes data protection laws.

 

How can you exercise your rights?

If you wish to exercise any of the above-mentioned rights, or get additional information, please email us at info@pnat.net.

We shall provide information on action taken on your request within one month of receipt of the request.

Considering the complexity and number of the request that we receive, we may extent this period by two further months. We will always inform you about that extension in advance, together with the reason for the delay.

When the information you provide to us is insufficient to identify you or investigate and resolve your request, we may ask you for additional information.

Before responding to any request, we will always ensure that we have sufficient information to identify you as the holder of the data being requested. If we cannot identify you, we may refuse to provide you with the requested information that may not belong to you.

We may also refuse to comply with your requests in situations where they are repetitive, excessive or ungrounded.

 

Privacy notices

By accessing the following privacy notices, you will get specific information regarding the main personal data processing activities.

  • Contact us and enquiries privacy notice
  • Newsletter signup privacy notice
  • Third-Party processors privacy notice
  • Marketing and media activities privacy notice
  • Contractual relationship privacy notice

If you didn’t find what you were looking for, please contact us!

 

“Cookies” and other similar tracking technology

We use cookies and similar tracking technologies on our websites.

We provide you detailed information about what cookies are, how do we use them and why, how long do we need information collected and other important information.

For getting details, please check our Cookie Policy

 

Changes to this policy

We will update the privacy policy to the extent necessary to reflect any change in the processing of your personal data, in relation to our processing activities and legislative changes that may occur in the data protection laws.

Periodically, please visit this page to make sure you always have the information up to date.

 

Privacy Notice – Marketing and Media activities

Privacy Notice – Contractual Relationship

Privacy Notice – Contact us and Enquiries

Privacy Notice – Third-Party Processors

Privacy Notice – Newsletter sign up

 

Last update: October 2024

info@pnat.net

Operational headquarters

Via delle Cascine 35
co/Manifattura Tabacchi
Florence – Italy

Corso Silvio Trentin 24
San Donà di Piave
Venice – Italy

Legal address

Via della Cernaia, 12
50129 Florence – Italy