according to the EU Reg. 2016/679 and current regulations
Introduction: the GDPR and the privacy
The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) with which the European Commission intends to strengthen and standardize the protection of personal data of citizens and residents of the European Union, inside or outside its borders. This regulation replaces the laws of the individual States in terms of privacy and is in force since 25th of May 2018.
For more information you can see the GDPR official text, the site of the data protection Authority and the dedicated page on Wikipedia.
According to the GDPR, this statement intends to explain clearly and simply which personal data are collected through this site, where they are stored, for how long, with what purpose and how you can update them or request their cancellation.
Who is the Data Controller: Palomar srl
Palomar srl (later “Company”) protects the confidentiality of personal data and guarantees to them the necessary protection from any event that could put them at risk of violation.
As required by the European Union Regulation n. 679/2016 (“GDPR”), and in particular in the art. 13, here below we provide the user (”interested party”) with the information required by law concerning the processing of their personal data.
www.palomarweb.it and www.palomarweb.com (to which we refer as “Website”) are sites owned by Palomar srl – VAT IT05103880489 to which later we simply refer as “Company”.
Palomar srl is based in Firenze, Via de’ Serragli, 9, ZIP CODE 50124 (Italy).
Company manages the sites listed above and controls the management of personal data as described in this statement, in accordance with the current privacy laws (General Data Protection Regulation (GDPR) – EU Regulation 2016/679).
You can contact us by email at email@example.com (PEC) or firstname.lastname@example.org
On which legal basis does Company collect and manage personal data?Company uses as a legal basis the need to process personal data for the execution of its services, which include the sale of products and tourist services, the transactional communication of orders in its website catalogue. Without collecting the requested data it would not be possible to provide the aforementioned services.
Company then relies on its legitimate commercial interest to provide its services, promote them, prevent fraud and spam and improve its services.
Where required by applicable law, we will ask for your consent before processing your personal data for direct marketing purposes.
What kind of data does Company collect on Website?
Company collects the information that you provide us through the contact and / or purchase forms on this site. For users who request information or purchase products or services, such data includes your name, email, phone number and any other indication that you choose to write in your request.
For users who wish to join our affiliate program we collect data relating to the company name, official website, phone number and email, business interests, city and province, in addition to the date of the request and the site from which the request was sent.
For each submission of a form on our sites we collect data related to the browser and operating system used and IP address, to combat spam and to identify any usability problems of our sites with particular configurations and devices.
When you visit our sites we automatically collect some information. For example, your IP address, date and time of access to our site, the hardware, software or browser you use and information about your computer operating system and language settings. We also collect information about your clicks and the pages you’ve viewed, as well as information about which sites or marketing campaigns you’ve used to reach our sites.
Company does not require to the interested party to provide “particular” c.d. data, that is, according to the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as genetic data, biometric data intended to uniquely identify a physical person, data relating to a person’s health or sexual life or sexual orientation. In the event that the service requested by Company imposes the processing of such data, the interested party will receive prior notice and will be required to give appropriate consent.
Why does Company collect this data on Website?
The data sent to us through the form of these sites are first used to provide information, including any offers, explicitly requested through the form itself.
For data relating to users wishing to join our affiliate program we collect the information that the user enters in the form in order to send, via email or phone, information and the contract to join the affiliate program as well as the related transactional communications of orders and anything else relevant to the service offered in case the user joins our affiliate program.
Only in case of explicit consent we can also send any offers relating to services related to visibility on our sites or in any case directed at products and services that we consider of your interest.
Company keeps the requests in its archives for statistical purposes and as a backup, in order to be able to send it again if necessary.
For those who make a request or a purchase, Company also sends an email confirming that the request or purchase has been correctly made and that email may contain information, including links to articles and offers on the sites of Company.
Only in case of explicit consent, Company may send further commercial communications by email or SMS containing information and offers on its Products and Services.
Further explicit consent may be required to send further commercial communications by e-mail or SMS containing information and offers from third parties or partners of Company.
Finally the data entered in the forms can be used to show you customized online advertising campaigns (remarketing) instead of generic advertisements, through specialized platforms such as Google Adwords, Bing Ads, Facebook Advertising and Criteo. In this case the users of the sites are grouped into virtual lists, in aggregate form not attributable to individual users, based on the information entered and the choices made on this site and on others owned by Company, based on the site and pages visited and actions performed on the site such as sending a request or subscribing to the newsletter. In this way we try to show you advertisements targeted to your interests, through advertising platforms such as Google Adwords, Bing Ads, Facebook Advertising and Criteo, rather than generic ads.
Where are the collected data stored and for how long?
The data collected by both our forms and browsing our sites are collected through the following platforms:
- Google Analytics – for data relating to navigation and purchase on the site.
- Google Tag Manager – for data relating to navigation and purchase on the site.
- Criteo – for data relating to purchase, navigation and choices made on the site.
- InspectLet – for data relating to navigation and purchase on the site.
- Bing Ads – for data relating to navigation and purchase on the site.
- Google AdWords – for data relating to navigation and purchase on the site.
- Google Gmail – Each form generates an email addressed to Company that keeps them in Gmail accounts (Google Suite)
- Pages Documenti Google – Data can be exported to documents stored in the Google service, Google Suite
- Mailchimp – for requests sent through the forms and inscriptions to our newsletter
- Amazon SES AWS – for requests sent through the forms and inscriptions to our newsletter
- On databases stored on our servers at the OVH.com provider
- On documents and databases kept at the headquarters of Company in Florence, Italy.
- On documents and databases stored at the Amazon AWS service
The transmission of personal data as described in this Privacy Notice may include the transfer overseas to countries that do not provide comprehensive and complete data protection laws such as those of European Union countries. Where required by Community law, we will only transfer personal data to recipients that offer a level of adequate protection of personal data. Google, Bing, Amazon, Facebook, Criteo and Mailchimp are international leading companies and their servers are located all over the world, including outside EU countries. OVH.com has its own servers in Beauharnois, Canada. In some cases, data may also be stored in other data centres of the OVH.com network. For more information, please consult the OVH.com data centres network or contact us. Company is based in Florence, Italy.
With whom are the collected data shared?
The data collected through the request and / or purchase forms arrive, in the form of an email, both at Company, which manages Website, and at the sender. Apart from the use stated in this statement, the data are not shared with any other third party.
The data collected through the forms with which the user wishes to join the affiliation program are not shared by Company with any third party.
Data relating to the browsing and use of sites collected through tools such as Google Analytics are only shared in aggregate form (not attributable to individual users) with collaborators and partners of Company.
We only share some personal data, including your e-mail address, with advertising partners for the purpose of advertising Website (to ensure that the most appropriate users target receives relevant announcements). We are committed to share e-mail addresses always in an encrypted format so that they can be matched to existing customer databases.
Third parties to whom Company entrusts the performance of certain activities such as tax compliance, IT or commercial consulting, fraud prevention, credit recovery. In these cases, the recipients of the communication are appointed as Data Processors.
How does Company manage children’s personal data?
The services offered by Company are only intended for persons aged over 16 years. For people under the age of 16, use of our services is permitted only with the consent of the parents or legal guardian. If we become aware of the processing of data of persons under 16 years of age without the valid consent of a relative or legal guardian, we reserve the right to delete such data.
How can you check, update and possibly delete the personal data you have shared with Company?
Upon request of the owner and in accordance with the current privacy laws (General Data Protection Regulation (GDPR) – EU Reg. 2016/679), Company undertakes to check, modify or delete personal data in its possession.
To do this, the easiest way is to send an email to email@example.com or firstname.lastname@example.org where you can ask us to check, update or permanently delete the data concerning you stored in our archives.
All our communication sent through the Mailchimp platform, the server of this website, through SMTP of the provider OVH.com or through Amazon SES AWS also provides a link from which you can update the data and consent and eventually choose not to be contacted again in future.
We do our best to respond promptly and comprehensively to every request as is our duty. In any case it is always the user’s right to submit a complaint with the supervisory authority.
This Policy may be amended in the future, so visit this page regularly to learn about all updates.
All the contents of the site, including text, photography and graphics are the property of Company, except for those photographic contents owned by third parties and used with permission. All contents of the site are protected by Italian and European copyright laws, no content may be copied or even partially imitated without the prior written consent of Company.