"*" indicates required fields

Name
This field is for validation purposes and should be left unchanged.

PRIVACY POLICY


GDPR PRIVACY POLICY
Information provided pursuant to Art.13 of Reg. EU 2016/679 (hereinafter GDPR)

General information
Users (data subjects, as GDPR, Art.4, c1) are informed of the following general profiles, valid for all areas of processing:

● all personal data are processed in compliance with the applicable privacy regulations in force (EU Reg. 2016/679 and Legislative Decree
196/2003, as amended by Legislative Decree 101/2018);
● all User data are processed in a lawful, correct and transparent manner, in compliance with the general principles set out in Article 5 of the
GDPR;
● specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access, pursuant to Article 32 of the
GDPR.

Titolare del trattamento
The Data Controller is the undersigned Company (in the person of its pro-tempore legal representative) who can be contacted for any request regarding
privacy or to exercise the rights listed below, at the following addresses:

DATA CONTROLLER:

Name: Cantiere del Pardo Spa

Email: info@cantieredelpardo.com

DATA PROTECTION OFFICER (DPO):

Name: Sistema Privacy

Email: info@sistema-privacy.com


Data subject’s rights
● right to request the presence and access to personal data concerning him (Article 15 “Right of access”);
● right to obtain the rectification / integration of inaccurate or incomplete data (Article 16 “Right to rectification”);
● the right to obtain, if there are justified reasons, the cancellation of data (Article 17 “Right to erasure”);
● right to obtain the limitation of processing (Article 18 “Right to restriction”);
● right to receive the data concerning him in a structured format (Article 20 “Right to portability”);
● right to object to the processing and to automated decision-making processes, including profiling (Articles 21, 22 “Right to object”);
● right to revoke a previously given consent;
● the right to submit, in the event of non-response, a complaint to the Data Protection Authority.

The following specific information is provided below, referring to:
1) data processing connected to the functioning of this website
2) data processing of customers / suppliers


1) DATA PROCESSING CONNECTED TO THE FUNCTIONING OF THIS WEBSITE


1.1 Navigation data
The IT systems and the software procedures used in the operation of this web site acquire, in the course of their normal processing, some personal data,
the transmission of which is necessary in the use of the Internet communication protocols. These deal with information that is not gathered to be associated
to identified parties, but which by their nature could, through processing and associations with data held by third parties, allow the identification of the users.
Under this category of data we find the IP addresses or the computer domain names used by the users that connect to the site, the addresses in URI
(Uniform Resource Identifier), notation of the resources requested,the time of the request, the method used in submitting the server request, the dimension
of the file received, the numeric code indicating the status of the answer given by the server (successful, error, etc.) and other parameters related to the
operating system and the user’s IT environment.

Purpose and legal basis of the processing
(GDPR-Art.13, paragraph 1, letter c)
This data is used only for the purpose of receiving anonymous statistical
information on the use of the site and to control its correct functioning. The data
could moreover be used to ascertain the responsibility in case of presumed IT
crimes to the damage of the site (legitimate interests of the owner).
Scope of knowledge
(GDPR-Art.13, paragraph 1, letter e,f)
The data is processed exclusively by in-house staff, duly authorised and trained in
data processing (GDPR-Art.29) and shall not be disclosed to external parties,
diffused, or transferred to countries outside the EU. Only in cases of investigation,
this data may be placed at the disposal of the competent authorities.
Data retention
(GDPR-Art.13, paragraph 2, letter a)
This data is usually kept for brief periods, with the exception of possible prolonged
connections related to investigation activities.
Data provision
(GDPR-Art.13, paragraph 2, letter f)
The data is not submitted by the party involved but acquired automatically by the
site’s technological systems.



1.2 Cookies
The management of cookies is aligned with the relevant regulatory requirements:

● “Guidelines for cookies and other tracking tools” of 10 June 2021 (Published in the Official Gazette no. 163 of 9 July 2021);
● “Guidelines 5/2020 on consent” pursuant to regulation (EU) 2016/679, adopted by the European Data Protection Board.

Users can check the types of cookies and set their preferences through the appropriate banner (if provided), as well as through the appropriate tools
provided by the main navigation browsers. Some general information about cookies and similar technologies is provided below.

What cookies are Cookies are brief fragments of texts (letters and/or numbers) that allow the web server to memorise on the client browser information to
be reused in the course of the same visit to the site (session cookies) or subsequently, also after days (persistent cookies). The cookies are memories,
according to the user’s preferences, by the single browser on the specific device used (computer, tablet, smartphone). Similar technologies like for
example, web beacons, transparent GIFs and all the types of local storage introduced with HTML5, can be used to gather information on the user’s
behavior and the use of the services. After this circular letter we shall refer to the cookies and all the similar technologies by using only the term “cookie.”
The following table shows the main types of cookies.

TYPE PURPOSE PREFERENCE MANAGEMENT
Technical session
cookies
Ensure normal navigation and use of the
site
Through the main browsers it is possible to:
• Block the reception of all (or some) types of
cookies by default
• View the analytical list of cookies used
• Remove all or some of the cookies installed.
For information on the settings of individual
browsers, see the specific paragraph. It should
be noted that blocking or deleting cookies could
compromise the navigability of the site.
Analytical cookies Collect information on the number of
visitors and pages viewed
Functional
technical cookies
Allow navigation according to a series of
selected criteria
Profiling cookies Create user profiles in order to send
advertising messages in line with
preferences
TYPE PURPOSE PREFERENCE MANAGEMENT
Technical session
cookies
Ensure normal navigation and use of the
site
Through the main browsers it is possible to:
• Block the reception of all (or some) types of
cookies by default
• View the analytical list of cookies used
• Remove all or some of the cookies installed.
For information on the settings of individual
browsers, see the specific paragraph. It should
be noted that blocking or deleting cookies could
compromise the navigability of the site.
Analytical cookies Collect information on the number of
visitors and pages viewed
Functional
technical cookies
Allow navigation according to a series of
selected criteria
Profiling cookies Create user profiles in order to send
advertising messages in line with
preferences


The site may contain links to third-party sites and third-party cookies; for more information, we invite you to view the privacy policy of any linked sites.
Management of the preferences through the main navigation browsers The user may declare whether or not he accepts the cookies by using the
settings of his own browser (note that as a default, almost all the web browsers are set to automatically accept the cookies). The settings may be modified
and defined in a specific way for the various web sites and applications. Furthermore the best browser allows different settings to be defined for the
“proprietor” cookies and for those of “third parties.” Usually the configuration of the cookies is done by the menus, “Preferences,” “Instruments” or “Options.”
Here below is a list of links to the guides for the management of cookies of the main browsers:

● Internet Explorer: http://support.microsoft.com/kb/278835
● Internet Explorer [mobile version]: http://www.windowsphone.com/en-us/how-to/wp7/web/changing-privacy-and-other-browser-settings
● Chrome: http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647
● Safari: https://www.apple.com/legal/privacy/it/cookies/
● Safari [mobile version]: http://support.apple.com/kb/HT1677
● Firefox: http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies
● Android: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DAndroid&hl=it
● Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Further information
www.allaboutcookies.org (for more information on the cookie technology and their functions)
www.youronlinechoices.com/it/a-proposito (allows users to oppose the installation of the main profiling cookies)
www.garanteprivacy.it/cookie (set of main norm interventions on matters by the Italian Supervisory Authorities).

1.3 Web-Site specific features
Some pages of the site could involve a request for information from the navigator in relation to specific services (eg:
request information, user registration, work with us, etc.).

Purpose and legal basis of the processing
(GDPR-Art.13, paragraph 1, letter c)
Only the data necessary for the correct provision of the service and necessary to
give a correct and exhaustive response to the interested parties will be requested.
The treatment is subject to the acceptance of specific, free and informed consent
(GDPR-Art.6, comma1, lett.a)
Scope of knowledge
(GDPR-Art.13, paragraph 1, letter e,f)
The data is processed exclusively by duly authorized and trained personnel
(GDPR-Art.29) or by any persons in charge of maintaining the web platform
(appointed in this case as external managers). The data will not be disclosed or
transferred to non-EU countries (unless subject to compliance with the provisions
of chapter V of the GDPR).
Data retention
(GDPR-Art.13, paragraph 2, letter a)
The data is kept for times compatible with the purpose of the collection
Data provision
(GDPR-Art.13, paragraph 2, letter f)
The provision of data referring to the mandatory fields is necessary in order to
obtain an answer, while the optional fields are aimed at providing the staff with
further elements useful for facilitating contact.


1.4 Data provided voluntarily by Users
The optional, explicit and voluntary sending of messages to contact addresses, private messages sent by users to institutional profiles/pages on social
media (where this possibility is provided), as well as the compilation and forwarding of any forms/modules present , involve the acquisition of the sender’s
contact details, necessary to reply, as well as all personal data included in the communications. The sender therefore remains personally responsible for the
accuracy of the data provided, as well as their pertinence and non-excess with respect to the requests in question.
For further information on the data processing connected to the website and cookies, it is possible to consult the specific information:

● Web policy https://www.iubenda.com/privacy-policy/10015257
● Cookie policy https://www.iubenda.com/privacy-policy/10015257/cookie-policy


2) DATA PROCESSING OF CUSTOMERS / SUPPLIERS


2.1 Object of the processing
The company processes personal identification data of customers/suppliers (for example, name, surname, company name, personal/fiscal data, address,
telephone, e-mail, bank and payment references) and their operational contacts (name, surname and data contact details) acquired and used in the context
of the provision of the products/services supplied.

2.2 Purpose and legal basis of the processing
The data is processed for:

● conclude contractual/professional relationships and provide related services;
● fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications
connected to them;
● fulfill the obligations established by law, by a regulation, by community legislation or by an order from the Authority;
● exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defense in court, the protection of credit positions;
ordinary internal operational, managerial and accounting needs).

Failure to provide the aforementioned data will make it impossible to establish the relationship with the Data Controller. The aforementioned purposes
represent, pursuant to Article 6, paragraphs b, c, f, suitable legal bases for the lawfulness of the processing. If you intend to carry out treatments for
different purposes (eg: marketing communications, production of photo/video content, etc.) a specific consent will be requested from the interested parties.

2.3 Processing methods and storage time
The processing of personal data is carried out by means of the operations indicated in the Art. 4 no. 2) GDPR and precisely: collection, registration,
organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation
and destruction of data. Personal data is subjected to both paper and electronic processing. The Data Controller will process the personal data for the time
necessary to fulfill the purposes for which they were collected and related legal obligations (usually coinciding with the relationship with the interested party,
without prejudice to the extension with reference to the obligations to keep administrative documentation and of business correspondence).

2.4 Scope of processing
The data is processed by duly authorized and trained internal subjects pursuant to Article 29 of the GDPR. It is also possible to request the scope of
communication of personal data, obtaining precise indications on any external subjects who operate as independent data processors or data controllers
(eg: consultants, technicians, banks, carriers, etc.). The data may be communicated to any subsidiary/associated company for various reasons. The data
are not subject to dissemination or transfer outside the EU (they may be transferred outside the EU only in compliance with the conditions set out in
Chapter V of the GDPR, aimed at ensuring that the level of protection of the data subjects is not compromised “Art.45 Transfer on the basis of an adequacy
decision, Art.46 Transfer subject to adequate guarantees, Art.47 Binding corporate rules, Art.49 Specific exceptions”). The data are not subject to
automated processes that produce significant consequences for the data subject.


3) POLICY UPDATE


It should be noted that this information may be subject to periodic review, also in relation to the relevant legislation and jurisprudence. In the event of
significant changes, appropriate evidence will be given on the home page of the site for a reasonable time. In any case, the interested party is invited to
periodically consult this policy.