PRYSMIAN OCEAN RACING
This Policy is aimed at illustrating the means and purposes of the processing of personal data carried out by Prysmian S.p.A. and POR s.a.s., in their quality of joint controllers (hereinafter, together, the “Controllers” or the “Companies”), through the website available at www.prysmianoceanracing.com (hereinafter the “Website”).
The processing of personal data of the User will take place in full compliance with the applicable legislation, with particular regard to the Regulation (EU) 2016/679 (the “GDPR”) concerning the protection of natural person with regard to the processing of personal data, as well as free movement of such data.
1. DATA CONTROLLERS
The Controllers are Prysmian S.p.A., with registered office in Via Chiese 6, 20126, Milan (MI); and POR s.a.s., a subsidiary of Prysmian S.p.A., with registered office in Bat A 6 parc de la Haute Maison 2 allée Hendrik Lorentz Champs ssur Marne, 77447, Marne la Vallee CEDEX 2.
2. THE WEBSITE
This Website aims to provide information and news regarding Prysmian Ocean Racing, a project powered and sponsored by Prysmian S.p.A. and PRO s.a.s..
It has been designed in order to minimize the collection and the processing of Users’ personal data, as well as to exclude the processing of such data in all cases when the purposes described below can be achieved with different and more privacy-preserving means.
3. PURPOSE OF THE PROCESSING
The User’s personal data will be processed by the Controllers for the sole purposes of:
a) allowing the correct navigation on the Website and informing the Users about the activities regarding Prysmian Ocean Racing . As this processing is needed to run the Website and to allow the User to access the contents requested, User’s consent is not required;
b) fulfill any request made by the User through the Website. As this processing is necessary to provide the Users with the information directly requested by them, noir consent must not be acquired;
c) complying with the obligations provided by applicable laws and to ascertain responsibilities in the case of computer crimes against the Website. As this processing is mandatory by law, User’s consent is not required;
d) delivering the newsletter regarding Prysmian Ocean Racing. As this processing is optional, User’s consent must be acquired to deliver commercial communications.
4. CATEGORIES OF PERSONAL DATA COLLECTED
a) Traffic data
The computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes: IP addresses, browser type, operating system, the domain name and website addresses from which you are logged in or out, the information on pages visited by User within the site, the time of access, time period of User’s staying on a single page, the internal path analysis and other parameters regarding the User’s operating system and computer environment.
These technical / IT data are collected and used only in an aggregated and not immediately identifiable manner. They could be used to ascertain responsibilities in case of hypothetical crimes against the Website or upon public authorities’ request.
b) Personal data provided directly from User
The provision of personal data by the User (email address) implies the acquisition of such data by the Controllers and their subsequent processing aimed at the sole purpose of sending the newsletter and/or fulfilling any User’s requests received though the Website.
5. COMMUNICATIONS TO THIRD PARTIES
The personal data collected by the Controllers will not be shared or communicated to third parties, unless upon specific consent of the data subject or as otherwise required by applicable laws.
Should communication to third-party suppliers or partners of the Controllers (such as service providers, mail carriers, hosting providers, IT companies, communication agencies) be necessary for organizational, administrative or support needs, it will be the Controllers’ responsibility to appoint such parties as data processor by virtue of the capacity, experience and reliability demonstrated.
It remains understood that the Users’ personal data can be made available to third parties, such as competent and police authorities, whenever this is required by applicable law or by an order issued by them.
6. TRANSFER OF DATA ABROAD
Given the international nature of the Companies’ Group, the data may be transferred outside the European Economic Area (hereinafter, the “EEA”) and processed, for the sole purposes described above, by other legal entities of the Group or by partners established in third countries.
In any case, in case of transmission of data outside the European Economic Area, specific data protection guarantees will be implemented, particularly through the adoption of Standard Contractual Clauses as approved by the European Commission, or other equivalent safeguards provided for by the GDPR.
7. METHODS OF THE PROCESSING, DATA RETENTION AND DATA SECURITY
The personal data are collected and processed lawfully and fairly, for the above purposes and in accordance with the fundamental principles established by the applicable legislation. Personal data may be processed either manually, through information technology tools or electronically, but always under technical and organizational measures that enable ensuring their security and confidentiality, especially for the purposes of reducing the risks of destruction or loss, including accidental, of the data, unauthorized access, or unauthorized processing or processing that is not compliant with the purposes of the collection.
The processing will be performed only by those subjects who have been duly authorized to do so by the Controllers, in compliance with the provisions set forth by applicable data protection laws and regulations.
The same personal data will be kept in a format that allows User’s identification only for the time strictly necessary to fulfill the purposes for which the data have been originally collected and, in any case, within the limits set forth by applicable laws and regulations, as well as to enforce or protect the rights of the Controllers, where necessary.
When no longer necessary, the data will be immediately cancelled.
8. REDIRECT TO OTHER WEB SITES
The Website incorporates links which allow the User to connect to other websites run both by the Controllers’ partners and by third parties. The Controllers assume no responsibility regarding the processing of personal data which may take place through and/or in connection with third-parties’ websites.
Therefore, each User who accesses such web pages and/or social platforms through the Website must carefully read the relevant privacy policies in order to better understand how their personal data will be processed by the third parties which, as autonomous controllers, will provide and manage such websites.
9. DATA SUBJECTS’ RIGHTS
The Users, in compliance with applicable law, can exercise their rights at any time, including:
a) accessing their personal data, obtaining evidence of the purposes pursued by the Controllers, the categories of data involved, the recipients to whom they may be disclosed, the applicable storage period, the existence of automated decision-making processes;
b) having incorrect personal data referred to them rectified without delay;
c) having their data erased in the cases provided for by the law;
d) obtaining restrictions to processing, where possible;
e) requesting portability of the data provided to the Controllers, i.e. receiving them in a structured, commonly used and machine-readable format, also for transmitting such data to another controller, without any hindrance by the Controllers, in all situations where it is required by the law in force;
f) lodge a complaint to the data protection Supervisory Authority.
To exercise these rights, or for any further information and/or clarifications, please write to the Controllers, by sending an email to the Data Protection Officer at firstname.lastname@example.org.