The Data Controller of the processing of personal data relating to the website www.pgsrl.eu is PG srl, with registered office in Via Sant’Agata, 14, 22066 Mariano Comense CO, pursuant to Articles 4 and 28 of Legislative Decree 30 June 2003, n. 196 – Privacy Code (hereinafter the “Code”) and Articles 4, no. 7) and 24 of EU Regulation 2016/679 of 27 April 2016., pursuant to Articles 4, no. 7) and 24 of EU Regulation 2016/679 of April 27, 2016, regarding the of personal data provided in the course of the provision of services, aimed solely at performing contractual obligations and fulfilling your specific requests, as well as regulatory obligations, in particular accounting and tax obligations, as well as providing you with commercial information about our products and services.

The Controller will process the following personal data for the purposes mentioned in Section 4: first name, last name, and e-mail address.

The personal data that PG SRL processes are collected from the data subject.

Your personal data will be processed for the following purposes: A. market research, sending of informative and promotional material, marketing and advertising activities regarding the products and services of the undersigned company, as well as other associated and/or controlled companies. The provision of data is optional in nature. For the processing referred to in letter A. it should be noted that the legal basis is represented by the express consent. Failure to consent to the processing of the same for the purposes set forth in letter A. will result in the inability to provide the promotional services set forth in letter A. We will not use your personal data for purposes other than and in addition to those described in this notice, unless we inform you in advance and, where necessary, obtain your consent.

Personal data will be processed by computer and/or by manual processing for the time necessary to achieve the purposes for which they were collected for the definition of data retention please refer to Article 9. Said processing will include – in compliance with the principles of correctness, lawfulness, transparency and protection of confidentiality – the operations strictly necessary for the purpose. Furthermore, it is worth noting that your personal data will not be subject to profiling, nor subject to any fully automated decision-making process.

The data are currently processed and stored at the registered office located at Via Sant’Agata, 14, 22066 Mariano Comense CO as well as at the offices of the Data Processors (designated by PG srl pursuant to Art. 28 of Reg. EU 2016/679) and are handled only by technical or administrative staff, expressly authorized and trained for this purpose, with logics strictly related to the purposes for which the data are collected and, in any case, in such a way as to ensure their security and confidentiality in compliance with the provisions of EU Reg. 2016/679 and Legislative Decree 196/03, as amended by Legislative Decree 101/18.

Data of a personal nature provided may be disclosed to appropriately appointed recipients who will process the data as data processors and/or as authorized persons. The Data Controller does not disclose any of the data subjects’ information to third parties without their consent, except where required by law. The dissemination of processed personal data is in any case excluded. The full list of data processors, co-owners and persons in charge of the processing of personal data can be obtained by sending a special request to the e-mail address on the site.

Your Personal Data is processed by the Data Controller within the territory of the European Union and is not disseminated.

The personal data provided in reference to point 4, letter A., will be processed in the manner provided for in point 5 for 2 (two) years from the time of issuance of the specific and express consent to the processing, unless revoked. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. It should be noted that also for the purposes of anti-money laundering legislation, the data, relating to the services covered by the aforementioned legislative discipline, will be, as required by Law, kept for ten years from the completion of the service. Opposition to the processing may be made by the Data Subject in accordance with the provisions of Section 10 of this policy.

The user (pursuant to Articles 15, 16, 17, 18, 19, 20, 21 and 22 of EU Reg. 2016/679) may, at any time, exercise the rights set forth below.

a. Withdrawal of consent: data subjects have the right to withdraw their consent at any time. Revocation of consent does not affect the lawfulness of the processing based on the consent before revocation;

b. Access to personal data: to obtain confirmation or otherwise that data concerning him or her is being processed and, if so, access to the following information: the purposes, the categories of data, the recipients, the period of storage, the right to lodge a complaint with a supervisory authority, the right to request rectification or erasure or restriction of processing or opposition to processing itself as well as the existence of an automated decision-making process;

c. Request for rectification or deletion of the same or restriction of processing concerning him/her; “restriction” means the marking of retained data with the aim of limiting their processing in the future;

d. Objection to processing: to object on grounds related to your particular situation to the processing of data for the performance of a public interest task or the pursuit of a legitimate interest of the Data Controller;

e. Data portability: in the case of automated processing carried out on the basis of consent or in performance of a contract, to receive in a structured, commonly used, machine-readable format the data concerning him or her;

f. To lodge a complaint pursuant to Article 77 of the GDPR with the competent supervisory authority based on your habitual residence, place of work or the place of violation of your rights; for Italy, the competent authority is the Garante per la protezione dei dati personali, which can be contacted through the contact details given on the website http://www.garanteprivacy.it. The aforementioned rights may be exercised by sending an appropriate request through the contact channels indicated in point 1 of this notice.

The provision of data is mandatory for all that is required by legal and contractual obligations and therefore any refusal to provide it in whole or in part may result in GSLex’s inability to execute the contract or to properly carry out all the fulfillments set out in section 4.