Updated according to the EU Regulation 2016/679
(European Regulation regarding the Personal Data Protection)
Personal data of the holder, the manager and of the Privacy Officer
The holder of the personal data processing is PUMA S.r.l. (hereinafter, the “Holder”), with registered office in Settimo Milanese (MI), registered in the company register of Milan, tax identification and VAT number IT10114440158.
The site’s personal data processing manager is Mr. Mauro Muselli availing himself of his work colleagues for the execution of his functions, responsible for the operational management of the personal data for the processing and the purposes below clarified as Typology of the processed data.
Typology of the processed data
Visiting and consulting the site generally does not implicate collection and processing of the user’s personal data, except for the browsing data and the cookies as specified below. In addition to the so-called “browsing data” (see below), also the personal data voluntarily provided by the user could be processed when he interacts with the site’s functions or requests to make use of the services offered on the site. Respecting the Privacy Code, PUMA S.r.l. could also collect user’s personal data from third parties while carrying out its own activity.
Cookies and browsing data
Furthermore, cookies could be classified as:
- “Session” cookies: they are deleted immediately after the closure of the browser;
- “Persistent” cookies: they remain inside the browser for a determined period of time. They are used, for example, to recognise the device connected to the site, facilitating the authentication operation for the user;
- “Own” cookies: they are generated and managed directly by the person managing the website on which the user is browsing;
- “Third parties” cookies, generated and managed by parties other than the manager of the website on which the user is browsing.
Cookies used on the site
The site uses the following typologies of cookies:
- Own cookies, session and persistent, necessary to consent browsing on the site, for internal security and system administration purposes;
- Third parties cookies, session and persistent, necessary to consent the user to use media elements present on the site, as images and videos;
The site could include links to other websites (the so-called third-party sites).
PUMA S.r.l. does not carry out any access or control on the cookies, web beacons and other tracing technologies of the users that could be used by third-party sites, which the user can reach through the site;
PUMA S.r.l. does not carry out any control on contents and materials published by or obtained through third-party sites, nor on the related user’s personal data processing modality, and explicitly declines any liability in such a case.
Retention of personal data
Personal data are electronically stored and processed by PUMA S.r.l. and managed by PUMA S.r.l. or by third party technical services providers; for further information please refer to the following section “Scope of the personal data accessibility”. The data are processed exclusively by specifically authorised personnel, included the personnel appointed to conduct extraordinary maintenance operations.
Purposes and methods of data processing
PUMA S.r.l. can process user’s common sensitive personal data for the following purposes: for the use of services and functions on the site by the users, for the management of requests and reports by its own users, to send newsletters, for the management of the applications received through the site, etc. Moreover, with the additional and specific optional consent of the user, PUMA S.r.l. could process personal data for marketing purposes, that is to send to the user promotional material and/or commercial communications regarding Company’s services, at the set out details, both by traditional ways and/or means of contact (as paper mail, phone calls with an operator, etc.) and by automated ways (as internet communications, fax, e-mail, sms, mobile applications for smartphones and tablets –the so-called APPS-, social network accounts -as Facebook or Twitter-, phone calls with an automatic operator, etc.). Personal data are processed both in paper and electronic format, and are entered in company’s Information System in full compliance with the EU Reg. 2016/679, including security and confidentiality profiles, and basing on the principles of correctness and lawfulness of processing. Accordingly to the EU Reg 2016/679 the data are kept and stored for a maximum period of 10 years.
Security and quality of the personal data
PUMA S.r.l. undertakes to protect the security of user’s personal data and respects the security arrangements provided for by the relevant regulations with the purpose to avoid loss of data, illegitimate or illegal use of the data and unauthorized access to them, with particular reference to the Technical Regulations regarding minimum security measures. Furthermore, the information systems and computer softwares used by PUMA S.r.l. are designed to reduce at the minimum the use of personal and identifying data; these data are processed only to achieve the specific purposes from time to time pursued. PUMA S.r.l. uses multiple security advanced technologies and procedures conducive to the protection of user’s personal data; for example, personal data are kept on secure servers located in places with protected and controlled access. The user can help PUMA S.r.l. to update and maintain correct his own personal data by giving notification of any change regarding the address, the qualification, the contact information, etc.
Scope of communication and data accessibility
User’s personal data could be transmitted to:
- All subjects whose access to the data is recognised by legislative measures;
- Our collaborators and employees, within the realm of their duties;
- All those natural and/or legal, private and/or public persons, in case such communication is necessary or functional to carry out our business in the manners and for the purposes shown above;
Nature of the personal data conferment
The conferment of some personal data by the user is mandatory in order to allow the company to manage the communications and the requests received from the user, or to contact him in order to act on his request. This type of data are marked with the asterisk symbol [*], and in this case the conferment is mandatory to allow the Company to act on the request that, in fault, could not be handled. On the contrary, other data collection, which are not marked with the asterisk, is optional: the missing conferment will not have any consequences for the user. The conferment of personal data by the user for marketing purposes, as specified in the “Purposes and methods of processing” section is optional and the refusal to provide them will not have any consequence. The consent given for marketing purposes is to be understood as extended to the sending of communications carried out through procedures and/or means of contact both automatic and traditional, as illustrated above.
Rights of the data subject
11.1 Art. 15 (the right of access), 16 (the right of rectification) of the EU Reg. 2016/679
The data subject is entitled to obtain from the data processing Holder the confirm if his data are being processed or not and if so, to obtain the access to his personal data and to the following information:
- Purposes of processing;
- Categories of the concerned personal data;
- Recipient, or categories of recipients, to whom the personal data have been or will be provided, particularly if recipients in third countries or international organisations;
- Planned retention period of the personal data or, if not possible, the criteria used to determine this period;
- The existence of the right of the data subject to ask the data processing Holder for the rectification, the deletion or the processing limitation of the personal data regarding him, or to oppose to their processing;
- The right to lodge a complaint with a supervisory authority;
- The existence of an automated decision process including the profiling and, at least in these cases, relevant information about the used logic, as well as the importance and the expected consequences from that processing for the data subject.
11.2 Art. 17 of the EU Reg. 2016/679 – the right of erasure («right to be forgotten»)
The data subject is entitled to obtain from the data processing Holder the deletion of the personal data regarding him, without undue delay, and the data processing Holder has the obligation to erase without undue delay the personal data, for one of the following reasons:
- Personal data are not necessary any more for the purposes for which they have been collected or otherwise processed;
- The data subject withdraws consent on which the processing is based accordingly to Art. 6 (1)(a), or to Article 9 (2)(a), and if there is no valid legal basis for the processing;
- The data subject objects to the processing of personal data pursuant to Article 21 (1), and there is no overriding legitimate reason for the processing, or he objects to the processing pursuant to Article 21 (2);
- Personal data have been unlawfully processed;
- Personal data must be erased for compliance with a legal obligation provided by Union law or by the law of the Member State to which the data processing Holder is subject;
- Personal data have been collected with regard to company’s services offer of the information in accordance with Article 8 (1) of the EU Reg. 2016/679.
11.3 Art. 18 The right of restriction of processing
The data subject is entitled to obtain from the data processing Holder the restriction of processing for one of the following reasons:
- The data subject contests the accuracy of the personal data, for the period necessary to the data processing Holder to verify the accuracy of these personal data;
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- Though the data processing Holder does not need them any more for processing purposes, personal data are necessary to the data subject for the establishment, exercise or defence of a right in judicial proceedings;
- The data subject objects to the processing pursuant to Article 21 (1) of the EU Reg. 2016/679, pending verification with regard to the possible prevalence of the data processing Holder legitimate reasons compared to those of the data subject.
11.4 Art.20 The right to data portability
The data subject is entitled to receive in a structured format, in common use and readable by automatic device, the personal data regarding him that are provided to a data processing Holder, and has the right to transmit those data to another data processing Holder without hindrance from the data processing Holder.
Withdrawal of consent to the processing
The data subject has the right to withdraw the consent to process his personal data by sending a registered letter to the following address: Puma s.r.l Via A. Volta 17 20019 Settimo Milanese (MI) accompanied by a photocopy of his identity document, with the following object: withdrawal of the consent to the processing of all my personal data. At the end of this operation his personal data will be removed from the archives as quickly as possible. Before providing or modifying any information, it could be necessary to verify data subject’s identity and to answer few questions.