Privacy & Cookie
Policy

1) Introduction

Pantani Group takes user privacy seriously and is committed to respecting it. This privacy policy (‘Privacy Policy’) describes the personal data processing activities carried out by PANTANI GROUP through the website www.pantanigroup.com and the related commitments undertaken by the Company in this regard. PANTANI GROUP may process the user’s personal data when they visit the Website and use the services and features available on the Website. In the sections of the Website where the user’s personal data is collected, a specific notice is normally published in accordance with Articles 13/15 of EU Regulation 2016/679.
Where required by EU Reg. 2016/679, the user’s consent will be requested before proceeding with the processing of their personal data. If the user provides personal data of third parties, they must ensure that the communication of the data to San Giovanni S.r.l. and the subsequent processing for the purposes specified in the applicable privacy policy complies with EU Reg. 2016/679 and applicable legislation.

2) Identification details of the data controller, data processor and data protection officer

Owner
PANTANI GROUP
Pantani Filippo – legal representative

info@pantanigroup.com

Via Fontana 11 – 20122 Milan

Data Processors
The complete list of Data Processors is available at the Data Controller’s headquarters.

3) Type of data processed

Visiting and browsing the Website does not generally involve the collection and processing of the user’s personal data, except for navigation data and cookies as specified below. In addition to the so-called ‘navigation data’ (see below), personal data voluntarily provided by the user when interacting with the Website’s features or requesting to use the services offered on the Website may be processed. In compliance with the Privacy Code, Pantani Group may also collect the user’s personal data from third parties in the course of its business.

4) Cookies and browsing data

The Website uses ‘cookies’. By using the Website, the user consents to the use of cookies in accordance with this Privacy Policy. Cookies are small files stored on the user’s computer hard drive. There are two main categories of cookies: technical cookies and profiling cookies.
Technical cookies are necessary for the proper functioning of a website and to allow the user to navigate; without them, the user may not be able to view pages correctly or use certain services.
Profiling cookies are used to create user profiles in order to send advertising messages in line with the preferences expressed by the user while browsing.
Cookies can also be classified as:

_ ‘session’ cookies, which are deleted immediately when the browser is closed;
_ ‘persistent’ cookies, which remain in the browser for a certain period of time. They are used, for example, to recognise the device connecting to a site, facilitating authentication operations for the user;
_ ‘first-party’ cookies, generated and managed directly by the operator of the website on which the user is browsing;
_ ‘third-party’ cookies, generated and managed by parties other than the operator of the website on which the user is browsing.

5) Cookies used on the website

The Website uses the following types of cookies:

1) first-party cookies, both session and persistent, necessary to enable navigation on the Website, for internal security purposes and system administration;
2) third-party cookies, both session and persistent, necessary to enable the user to use multimedia elements on the Website, such as images and videos;
3) NO ANALYTICAL COOKIES INSTALLED. OUR STATISTICS SYSTEM DOES NOT USE COOKIES. ALL REFERENCES TO https://matomo.org/?it-ga

6) How to disable cookies in browsers

7) Retention of personal data

Personal data is stored and processed using computer systems owned by the Pantani Group and managed by the Group itself or by third-party technical service providers. For further details, please refer to the section entitled ‘Scope of accessibility of personal data’ below. The data is processed exclusively by specifically authorised personnel, including personnel responsible for performing extraordinary maintenance operations.

8) Purposes and methods of data processing

The Pantani Group may process the user’s common and sensitive personal data for the following purposes: use by users of services and features on the Site, management of requests and reports from its users, sending newsletters, management of applications received through the Site, etc.
Furthermore, with the user’s additional and specific optional consent, the company may process personal data for marketing purposes, i.e. to send the user promotional material and/or commercial communications relating to the company’s services, to the contact details provided, both through traditional methods and/or means of contact (such as paper mail, telephone calls with an operator, etc.) and automated methods (such as communications via the internet, fax, e-mail, text messages, applications for mobile devices such as smartphones and tablets – known as APPS – social network accounts, e.g. via Facebook or Twitter, etc.). etc.) and automated means (such as internet communications, fax, e-mail, text messages, applications for mobile devices such as smartphones and tablets – so-called APPS -, social network accounts – e.g. via Facebook or Twitter -, automated telephone calls, etc.).
Personal data is processed both in paper and electronic form and entered into the company’s information system in full compliance with EU Regulation 2016/679, including security and confidentiality profiles, and inspired by the principles of fairness and lawfulness of processing. In accordance with EU Regulation 2016/679, data is stored and retained until the data subject requests its deletion.

9) Security and quality of personal data

PANTANI GROUP is committed to protecting the security of your personal data and complies with the security provisions set out in the applicable legislation in order to prevent data loss, unlawful or illegal use of data and unauthorised access to data. Furthermore, the information systems and computer programs used by Pantani Group are configured to minimise the use of personal and identifying data; such data is processed only for the specific purposes pursued from time to time. The company uses multiple advanced security technologies and procedures to promote the protection of users’ personal data; for example, personal data is stored on secure servers located in secure and controlled access locations. Users can help the Pantani Group to update and maintain their personal data by communicating any changes to their address, job title, contact information, etc.

10) Scope of communication and access to data

The user’s personal data may be disclosed to:

• all persons who are entitled to access such data under regulatory provisions;
• to our collaborators and employees, within the scope of their duties;
• to all those natural and/or legal persons, public and/or private, when communication is necessary or functional to the performance of our activities and in the manner and for the purposes described above;

11) Nature of personal data provision

The provision of certain personal data by the user is mandatory in order to allow the Company to manage communications, requests received from the user or to contact the user again to follow up on their request. This type of data is marked with an asterisk [*] and in this case, its provision is mandatory in order to allow the Company to follow up on the request, which otherwise cannot be processed. On the contrary, the collection of other data not marked with an asterisk is optional: failure to provide such data will not have any consequences for the user.
The provision of personal data by the user for marketing purposes, as specified in the section ‘Purposes and methods of processing’ is optional and refusal to provide such data will have no consequences. Consent given for marketing purposes is understood to extend to the sending of communications by both automated and traditional methods and/or means of contact, as illustrated above.

12) Rights of the data subject

12.1 Art. 15 (right of access), 16 (right to rectification) of EU Regulation 2016/679

The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to the personal data and the following information:

a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) the envisaged period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
e) the existence of the right of the data subject to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

12.2 Right referred to in Article 17 of EU Regulation 2016/679 – right to erasure (“right to be forgotten”)

The data subject has the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data controller has the obligation to erase personal data without undue delay if one of the following grounds applies:

a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been unlawfully processed;
e) the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of EU Regulation 2016/679.

12.3 Right referred to in Article 18 Right to restriction of processing

The data subject has the right to obtain from the data controller the restriction of processing where one of the following applies:

a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead that its use be restricted;
c) although the data controller no longer needs it for processing purposes, the personal data is necessary for the data subject to establish, exercise or defend a right in court;
d) the data subject has objected to processing pursuant to Article 21(1) of Regulation (EU) 2016/679 pending verification of whether the legitimate grounds of the data controller override those of the data subject.

12.4 Right referred to in Article 20 Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

13) Withdrawal of consent to processing

You have the right to withdraw your consent to the processing of your personal data by sending a registered letter with return receipt to the following address: Pantani Group Via Fontana 11 – 20122 Milan, accompanied by a photocopy of your identity document, with the following text: ‘withdrawal of consent to the processing of all my personal data’. Once this has been done, your personal data will be removed from our archives as soon as possible.

If you would like more information about the processing of your personal data, or to exercise the rights referred to in point 7 above, you can send a registered letter with return receipt to the following address: Pantani Group Via Fontana 11 – 20122 Milan. Before we can provide you with or modify any information, we may need to verify your identity and answer a few questions. A response will be provided as soon as possible.