INFORMATION ON THE TREATMENT OF PERSONAL DATA

art. 13 EU Regulation n. 2016/679 – art. 13 D.lgs. n. 196/2003

1) OBJECTIVE OF THE DATA TREATMENT

Penta Srl (hereinafter referred to as the “Data Controller“) informs the users of this website in accordance with EU Regulation no. 2016/679 (hereinafter referred to as the “GDPR“) and Article 13 of Legislative Decree no. 196/2003 (hereinafter referred to as the “Privacy Code“) regarding the methods for processing the personal data of users (hereinafter also referred to as only “Data Subjects“) who browse the website www.pentalight.com.
This information exclusively concerns what is published on the domain of Penta Srl and not the links published or contained therein.
Computer systems and software procedures used to operate this site acquire, in fact, during their normal operation, some personal data which transmission is implicit in the communication protocols of the Internet.
This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and computer environment.
These data, necessary for the use of web services, are also processed in order to obtain statistical information on the use of services (most visited pages, number of visitors per hour or per day, geographical areas of origin, etc.) and to check the correct operation of the services offered.
Navigation data are deleted immediately after their collection.
Data provided voluntarily by the user
The Data Controller also processes your personal data (i.e. identification data such as name, surname, address, telephone number, e-mail) which you voluntarily provide when filling in the “Follow us” form on the website www.pentalight.com.
The legal basis for the processing of such data is your request to subscribe to the newsletter service previously indicated and the fulfilment of legal and contractual obligations arising from it or related to it; these data are processed exclusively for the use of the service indicated above and for the fulfilment of legal and contractual obligations arising from it or related to it.
Cookies
We do not use cookies to transmit information of a personal nature, nor do we use persistent cookies of any kind, or systems for tracing users.
The use of session cookies (non-persistent) is strictly limited to what is necessary for secure and efficient navigation of the site. The memorization of the session cookies in the terminals or in the browsers is under the control of the user, whereas on the servers, at the end of the HTTP sessions, information related to the cookies remain recorded in the logs of the services.
The Data Controller uses the following services:
1) Statistics – services that allow the Data Controller to monitor and analyze traffic data and track User behavior. In particular, the Data Controller uses:

– Google Analytics (Google Ireland Limited)
Google Analytics is a web analysis service provided by Google Ireland Limited (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google.
Google may use Personal Data to contextualize and personalize the ads of its advertising network.
From the following link https://tools.google.com/dlpage/gaoptout?hl= you can find the browser add-on for deactivating Google Analytics made available by Google.
Personal Data collected: Cookies and Usage Data.
Place of processing: Ireland – Privacy Policy. Privacy Shield Participant.

– Google Analytics with anonymized IP (Google Inc.)
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this site, compiling reports and sharing them with other services developed by Google. This Google Analytics integration makes your IP address anonymous.
From the following link https://tools.google.com/dlpage/gaoptout?hl= iyou can find the browser add-on for the deactivation of Google Analytics made available by Google.
Personal data collected: Cookies and Usage data Place of processing: USA – Privacy Policy
2) Remarketing – services that allow the Data Controller and its partners to communicate, optimize and serve advertisements based on the User’s past use of this Site. This activity is carried out through the tracking of Usage Data and the use of Cookies, information that is transferred to the partners to which the remarketing and behavioral targeting activity is connected. In particular, the Data Controller uses:

– Facebook Remarketing (Facebook, Inc.).
Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook, Inc. that connects the activity of this Site with the Facebook advertising network.
Personal data collected: Cookies and Usage data Place of processing:
USA – Privacy Policy
– LinkedIn Website Retargeting (LinkedIn Corporation)
LinkedIn Website Retargeting is a remarketing and behavioral targeting service provided by LinkedIn Corporation that connects this Website’s activity with the LinkedIn advertising network.
Personal Data Collected: Cookies; Usage Data.
Place of processing: USA – Privacy PolicyOpt Out.
– Google Ads Remarketing (Google Inc.)
Remarketing Google Ads is a remarketing and behavioral targeting service provided by Google LLC or Google Ireland Limited, according to the location where this Website is used that links the activity of this Website with the Google Ads advertising network and the DoubleClick Cookie.
Users may opt out of the use of Google cookies for ad personalization by visiting Google Ads Settings.
Personal Data Collected: Cookies; Usage Data.
Place of processing: USA – Privacy PolicyOpt Out. Subject adherent to the Privacy Shield.

2) DATA CONTROLLER

The Data Controller is Penta Srl (c.f. 09272300154, p.iva 00950980961), with a registered office in Via Filippo Turati n. 6, 20121 Milan (MI).

3) PURPOSE AND LEGAL BASIS OF THE PROCESSING

The personal data indicated or otherwise contained in this website are used to advertise and promote the products and activities of the Data Controller.
The legal basis of the treatment is the execution of the request of the interested party.

4) RECIPIENTS OF DATA

The recipients of the data collected following the use of the website www.pentalight.com are the employees and persons in charge of the processing of personal data of the Data Controller.
Such data may also be communicated, exclusively for the purposes specified:
to subjects whose activity is necessary for the execution of contracts of which you are part of or to fulfil specific requests;
to third parties to whom the Owner may outsource certain activities and who consequently provide the writer with certain instrumental services, however, related to the treatments and purposes described above, such as administrative, accounting, tax, auditing, management of the information system, credit collection, mass storage, call centre. These third parties carry out processing on behalf of the Owner and are authorized to process them as
Data Processors according to the provisions of art. 28 of the GDPR.

5) PERIOD OF DATA RETENTION

Your personal data collected at the time of the conclusion of the contract with the Owner will be kept for the period of mandatory conservation of accounting documents (art. 2220 c.c.), equal to 10 years.

6) NATURE OF DATA PROVISION AND CONSEQUENCES IN CASE OF REFUSAL

The supplying of data is compulsory in order to fulfil legal and contractual obligations and therefore any refusal to supply them in whole or in part may make it impossible for the Data Controller to execute the contract or to correctly carry out all the obligations arising from it.

7) MODALITIES OF TREATMENT

Your personal data will be handled both with the use of computer systems and on paper, with methods and tools to ensure maximum security and confidentiality.

8) RIGHTS OF THE INTERESTED PARTIES

In your capacity as Data Subject, you have the rights as per art. 7 Privacy Code and art. 15 GDPR and precisely the rights to:
1.obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
2. to obtain the indication:
a) the origin of the personal data;
b) the purposes and methods of processing ;
c) the logic applied in case of treatment with the aid of electronic instruments;
d) the identity of the owner, manager and the representative appointed under Art. 5, paragraph 2 Privacy Code and Art. 3, paragraph 1, GDPR;
e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or agents;
3. obtain:
a) the updating, rectification or, when interested, the integration of data;
b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data which need not be kept for the purposes for which the data were collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
4. to oppose, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning you, even though they are relevant to the purpose of the collection;
b) the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and/or through traditional marketing methods by phone and/or mail. It should be noted that the right of the interested party to object, as set out in point b) above, for the purposes of direct marketing by automated means extends to traditional methods and that, in any case, the interested party may exercise the right to object even partially. Therefore, the interested party may decide to receive only communications by traditional means or only automated communications or neither of the two types of communication.

Where applicable, you also have the rights under Articles. 16 – 21 GDPR (Right of rectification, right to be forgotten, right to restriction of processing, right to data portability, right of opposition), as well as the right to complain to the Supervisory Authority.
You may exercise these rights at any time by sending a registered letter with a return receipt or an e-mail to the addresses of the Data Controller mentioned above.