Privacy Policy

Data Controller

The Data Controller is Cartiere Paolo Pigna S.p.A., with registered office at Via Daniele Pesenti 1, 24022 Alzano Lombardo (BG), Italy. Tel. +39 035 519111. For information regarding the processing of personal data carried out by the Data Controller, as well as to exercise the rights of data subjects (pursuant to Articles 15–22 of EU Regulation 679/2016 “GDPR”), please use the dedicated email address: privacy@pigna.it.

Data Protection Officer (DPO)

The Data Controller has appointed, pursuant to Article 37 of the GDPR, a Data Protection Officer (“DPO”). The DPO can be contacted at the following email address: dpo@pigna.it. Email address of the Data Controller: privacy@pigna.it.

Types of Data Collected

Among the Personal Data collected by this website, either independently or through third parties, are:

• Tracking Tools
• Usage Data
• Number of Users
• Session statistics
• Date of birth

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or through specific information notices displayed prior to data collection. Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using this website. Unless otherwise specified, all Data requested by this website are mandatory. If the User refuses to provide them, it may be impossible for this website to provide the Service. Where this website indicates certain Data as optional, Users are free to refrain from providing such Data, without this having any impact on the availability or functioning of the Service. Users who have doubts about which Data are mandatory are encouraged to contact the Data Controller. Any use of Cookies – or other tracking tools – by this website or by the owners of third-party services used by this website is intended to provide the Service requested by the User, in addition to the other purposes described in this document and in the Cookie Policy. The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this website.

Methods of Processing

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. Processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, access to the Data may be granted to other parties involved in the organization of this website (administrative, commercial, marketing, legal staff, system administrators) or to external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies), appointed, where necessary, as Data Processors by the Data Controller. An updated list of Data Processors may always be requested from the Data Controller.

Place

The Data are processed at the Data Controller’s operating offices and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controller. The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the place of processing, the User may refer to the section concerning details on the processing of Personal Data.

Retention Period

Unless otherwise indicated in this document, Personal Data are processed and stored for the time required by the purpose for which they were collected and may be retained for a longer period due to legal obligations or based on the Users’ consent.

Purposes of Processing the Collected Data

User Data are collected to allow the Data Controller to provide the Service, comply with legal obligations, respond to requests or enforcement actions, protect its rights and interests (or those of Users or third parties), detect fraudulent or malicious activity, as well as for the following purposes:

• Statistics
• Displaying content from external platforms
• Tag management
• Creation and management of this website
• Traffic optimization and distribution

For specific information about the Personal Data used for each purpose, the User may refer to the section “Details on the Processing of Personal Data”.

Details on the Processing of Personal Data

Privacy Policy

Cookie Policy

this website uses Tracking Tools. To learn more, Users may consult the Cookie Policy.

Legal Basis of Processing

Personal Data are processed on the basis of the following legal grounds, in relation to the specific purposes:

Reference: art. 6(1) of the GDPR.

Additional Information on Data Retention

Unless otherwise stated in this document, Personal Data are processed and stored for the time required by the purpose for which they were collected and may be retained for a longer period due to legal obligations or based on the Users’ consent. Therefore:

• Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User shall be retained until such contract has been fully performed.
• Personal Data collected for purposes related to the legitimate interest of the Data Controller shall be retained until such interest is satisfied. Users may obtain further information regarding the legitimate interest pursued by the Data Controller by referring to the relevant sections of this document or by contacting the Data Controller.
• Where processing is based on the User’s consent, the Data Controller may retain Personal Data for a longer period until such consent is withdrawn. Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period in order to comply with a legal obligation or by order of an authority.

At the end of the retention period, Personal Data shall be deleted. Therefore, once this period expires, the rights of access, erasure, rectification and data portability can no longer be exercised.

User Rights under the General Data Protection Regulation (GDPR)

Users may exercise certain rights with regard to their Data processed by the Data Controller. In particular, and within the limits provided by law, Users have the right to:

• withdraw their consent at any time;
• object to the processing of their Data;
• access their Data;
• verify and request rectification;
• obtain restriction of processing;
• obtain erasure or removal of their Personal Data;
• receive their Data or have them transferred to another controller;
• lodge a complaint with the competent supervisory authority or take legal action.

Users also have the right to obtain information regarding the legal basis for Data transfers abroad and the security measures adopted by the Data Controller.

Details on the Right to Object

Where Personal Data are processed in the public interest, in the exercise of official authority vested in the Data Controller, or for the purposes of the legitimate interests pursued by the Data Controller, Users may object to such processing on grounds relating to their particular situation. Users are informed that, where their Data are processed for direct marketing purposes, they may object to such processing at any time, free of charge and without providing any justification.

How to Exercise User Rights

Any requests to exercise User rights may be addressed to the Data Controller using the contact details provided in this document. Requests are free of charge and will be answered by the Data Controller as early as possible and in any case within one month.

Legal Defense

The User’s Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages thereof for the defense against abuses in the use of this website or related Services. The User declares to be aware that the Data Controller may be required to disclose Personal Data upon request of public authorities.

System Logs and Maintenance

For operation and maintenance purposes, this website and any third-party services used by it may collect system logs, i.e. files that record interactions and which may also contain Personal Data, such as the User’s IP address.

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page. Where the changes affect processing activities based on the User’s consent, the Data Controller shall collect new consent from the User, where required.