Privacy policy

Privacy Policy

Disclosure pursuant to EU Regulation 679/2016

1. Introduction

Pursuant to Articles 13 et seq. of EU Regulation 679/2016 (“GDPR”), the following information is provided regarding the processing of personal data of users (“User/Users”) in connection with the consultation and/or use of the services on the website www.promemoriagroup.com (“Website”).

This disclosure is provided solely for the Website and does not apply to any other websites that the User may access via links present on the Website.

2. Data controller

The Data Controller is Promemoria Srl, with registered office at Via Pomba 1, Turin (Italy).
Email: info@promemoriagroup.com
Phone: +39 011 19694875
DPO contact details: dpo@promemoriagroup.com

3. Types of data processed

3.1 Browsing Data

The computer systems and software procedures used to operate this Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified data subjects; however, by its very nature, it could allow for the identification of users.
This category of data includes: (i) IP addresses or domain names of the computers used by users connecting to the Website; (ii) URI (Uniform Resource Identifier) addresses of the requested resources; (iii) the time of the request; (iv) the method used to submit the request to the server; (v) the size of the file received in response; (vi) the numerical code indicating the status of the response given by the server (success, error, etc.); and (vii) other parameters relating to the user’s operating system and IT environment.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to ensure its correct functioning, and it is deleted immediately after processing.

3.2 Cookies

Regarding data processing via cookies, please refer to the relevant Cookie Policy available at the following link.

3.3 Data Provided Voluntarily by the User:

a) The optional, explicit, and voluntary sending of e-mails to the email addresses indicated on the Website entails the subsequent acquisition and processing by the Data Controller of such data, as well as any other information contained in such communications, for the purposes set forth in the following paragraph.

4. Purposes and legal basis of processing

The processing of the User’s personal data by the Data Controller is intended to:

pursue, in accordance with Art. 6.1, point (f) of the GDPR, its own legitimate interest, which consists of ensuring the security of the Website and the information exchanged on it; specifically, the Website’s ability to resist, at a given security level, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity, and confidentiality of personal data stored or transmitted, as well as the security of the related services offered or made accessible;

allow the User to communicate with the email addresses provided on the Website.

5. Mandatory or optional nature of data provision and consequences of refusal

The provision of data by the User is mandatory to enable the Data Controller to provide the requested services. In the event of a refusal to provide such data, it will be impossible to utilize the chosen service.

6. Processing methods and data retention periods

Personal data are processed using manual, electronic, and automated systems. To ensure the accurate processing of data, the data subject is required to promptly notify the Controller of any changes to their information.

7. Disclosure of data to third parties

Personal data will be processed by the Data Controller, the Data Processors appointed by the Controller, and strictly authorized personnel.
Furthermore, data may be disclosed following inspections or audits, if requested from the Company, to all supervisory bodies responsible for checks and controls regarding compliance with legal obligations.
The Data Controller ensures the utmost care to ensure that the disclosure of personal data to the aforementioned recipients involves only the data strictly necessary to achieve the specific purposes for which they are intended.

8. Duration of processing and personal data retention

The User’s personal data will be processed by the Controller only for the period of time necessary to achieve the purposes of the processing. Thereafter, the data will be stored solely in compliance with applicable legal obligations, for administrative purposes, and/or to assert or defend a legal claim in the event of litigation or pre-litigation disputes.

9. Rights of the data subject

As a data subject, the User may exercise, at any time, the rights toward the Controller provided for in Art. 7 of the Privacy Code and Art. 15 of the GDPR listed below, and may withdraw any consent granted through this policy at any time.

The User has the right to:
– obtain confirmation as to whether or not personal data concerning them exists, even if not yet recorded, and to receive its communication in an intelligible form;
– obtain information regarding: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the event of processing carried out with the aid of electronic tools; d) the identification details of the controller, processors, and the representative designated pursuant to Art. 5, paragraph 2 of the Privacy Code and Art. 3, paragraph 1 of the GDPR; e) the individuals or categories of individuals to whom the personal data may be communicated or who may become aware of it in their capacity as designated representatives within the State territory, processors, or authorized personnel;

– obtain: a) the updating, rectification or, when interested, the integration of data; b) the erasure, anonymization, or blocking of data processed in violation of the law, including data for which retention is unnecessary for the purposes for which the data was collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, including as regards their content, of those to whom the data was communicated or disseminated, except where this requirement proves impossible or involves an effort that is manifestly disproportionate to the protected right;

– object, in whole or in part: a) on legitimate grounds, to the processing of personal data concerning them, even if relevant to the purpose of collection; b) to the processing of personal data concerning them for the purpose of sending advertising material or direct sales, or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator, by e-mail, and/or through traditional marketing methods by telephone and/or paper mail. Please note that the data subject’s right to object to direct marketing through automated methods, as set out in point b) above, extends to traditional methods, and the data subject remains entitled to exercise the right to object even only in part. Therefore, the data subject may decide to receive only communications via traditional methods, only automated communications, or neither of the two.

Where applicable, the User also has the rights set forth in Articles 15-22 of the GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Data Protection Authority (Garante).