The purpose of this policy is to inform you that this Application collects some personal data of its Users. The data is processed in accordance with the criteria provided by the European regulation on the protection of personal data, Reg. 2016/679/EU, in force since 25 May 2018 (hereafter GDPR). According to the aforementioned regulation, the processing must be based on principles of lawfulness, fairness and transparency, aimed at protecting your privacy and your rights.
Pentax Industries S.p.A., with registered office in Viale dell’Industria, 1 – 37040 Veronella (VR) Italy – Tel.: +39 0442489500
Email address of the Controller
Types of data collected
The User assumes responsibility for the Personal Data of third parties which has been obtained, published or shared through this Application and guarantees that he/she has the right to disclose or disseminate it, releasing the Controller from any liability with respect to third parties.
Processing methods and recipients
The Controller takes appropriate security measures aimed at preventing the unauthorised disclosure, alteration, destruction or access to the Personal Data. The processing is performed using IT systems and/or computer telecommunications, adopting organisational procedures and logic strictly associated with the specified purposes. In addition to the Controller, other persons involved in the management of this Application (administrative, sales, marketing and legal personnel and systems administrators) might have access to the Data, or also third parties (such as developers or maintenance technicians of the database, hosting providers, IT companies, communication agencies) which are appointed, where necessary, as Processors by the Controller. A request for an updated list of Processors may be sent to the Controller at any time.
Legal basis of the processing and purposes
Personal data is collected for the following purposes and in accordance with the specific legal basis:
- allowing the fulfilment of the requests resulting from the use of the Application, including but not limited to: booking a maintenance intervention, monitoring remotely the operation of the pump, or simply editing previously communicated data. The legal basis is the execution of the signed contract (Art.6(1)(b) GDPR) and the nature of the provision is mandatory; otherwise, the service cannot be provided.
- allowing the Controller to monitor and analyse the technical data relating to the services provided for statistical purposes. The legal basis is the legitimate interest of the Controller (Art. 6(1)(f) GDPR).
- fulfilling a legal obligation which the Controller is subject to pursuant to Art. 6(1)(c) GDPR. In this regard, the User’s personal data may be used by the Controller in legal proceedings or in the preliminary stages prior to its potential establishment as a defence against misuse of this Application or its related Services by the User. The User declares that he/she is aware that the Controller may be required to disclose the Data if requested to do so by the public authorities.
- sending commercial communications related to services similar to those included in previous sales between the parties, through newsletters which do not require any consent, also defined as Soft-spam, (Art. 130(4) of Legislative Decree no. 196/2003).
- sending commercial communications using Newsletters which require consent (Art. 6(1)(a) GDPR).
The Data is processed at the operational venues of the Controller and in any other place where the parties involved in the processing are located. For further details, you can contact the Controller. The User’s Personal Data may be transferred to a country other than the one where the User is located. More information on the place of processing is available in the section providing details about Personal Data processing. If one of the aforesaid transfers takes place, the User may ask for information by contacting the Controller at the contact details shown above.
Data is processed and stored for the time required for the purposes for which it was collected. Therefore:
- Data collected for purposes relating to the execution of a contract between the Controller and the User will be retained until the execution of such contract is completed, and in any case for a time not exceeding 10 years;
- Personal Data collected for purposes related to the legitimate interest of the Controller will be stored until such interest has been satisfied;
- furthermore, the Controller may be obliged to store the Personal Data for a longer period in accordance with legal requirements or by order of an authority;
- until the data subject withdraws consent by sending a request to the Controller at the above-mentioned address.
Personal Data will be deleted at the end of the storage period. The right to the access, erasure and rectification of Personal Data and the right to data portability can, therefore, no longer be exercised after this period has expired.
How to exercise rights
Users may exercise certain rights with regard to the Data processed by the Controller. In detail, the User is entitled to:
- withdraw their consent at any time. Users may withdraw their previously-expressed consent to the processing of their Personal Data.
- object to the processing of their Data. Users may object to the processing of their Data when it takes place on a legal basis other than consent. More details on the right to object are available in the section below.
- access their Data. Users have the right to obtain information on the Data which is being processed by the Controller, on specific aspects of the processing, and to obtain a copy of any Data processed.
- check and ask for rectification. Users may check that their Data is correct and ask for it to be updated or corrected.
- request and obtain a restriction to processing. Under certain conditions, Users may ask for the processing of their Data to be restricted. In this case, the Controller will not process the Data for any purpose other than for its storage.
- have their Personal Data removed or deleted. Under certain conditions, Users may request the erasure of their Data by the Controller.
- have their Data sent to them or transferred to another controller. Users have the right to receive their Data in a structured, commonly- used and machine-readable format, and where technically feasible, to have it transferred to another controller without hindrance. This provision is applicable where the Data is processed by automated means and processing is based on User consent, in compliance with a contract to which the User is a party or contractual measures thereto.
- lodge a complaint. Users may lodge a complaint with the competent supervisory authority for data protection or take legal action.
In order to exercise the User’s rights, Users may send a request to the Controller by using the contact details specified in this document. Requests shall be filed free of charge and will be processed by the Controller as soon as possible, within one month at the latest.
Further information on the processing
System logs and maintenance
This Application and any associated third-party services may collect system Logs, which are files that record interactions and may also contain Personal Data, such as the User IP address, for operational and maintenance purposes.
Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time to the Controller by using the contact details.