Privacy Policy

Information on the processing of data of visitors browsing the website pursuant to Article 13 of Regulation (EU) 2016/679

This Privacy Policy aims to describe the management methods of the website www.pila.it, concerning the processing of personal data of users/visitors who browse it.

The Data Controller is not responsible for the processing of personal data by partner sites or third parties accessible through links on the website. These entities act as independent Data Controllers and are responsible for providing their own privacy policy.

Pila S.p.A., headquartered in Gressan, Fraz. Pila 16 – 11020, Aosta, Italy, VAT number 00035130079, phone +39 01 65521148, email info@pila.it, PEC pilaspa@pcert.it, as the Data Controller for personal data processing, ensures compliance with personal data protection regulations (Reg. 2016/679/EU, Legislative Decree 196/03, as amended by Legislative Decree 101/2018).

Users/visitors are encouraged to carefully read this Privacy Policy before submitting any personal information via email and/or filling out any electronic form on the website.

Data Controller

In addition to the company identified above as the Data Controller, partner websites that independently participate in data processing activities may also act as independent Data Controllers.

Data Protection Officer (“DPO” or “RPD”)

The Data Controller has appointed Alessandro Medori as the Data Protection Officer (DPO), who can be contacted for any information or requests at the email address medori@studiolegale46bis.it.

1 Subject of Processing

1.1 Browsing Data

The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified data subjects but, by its very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.

These data are used solely to obtain anonymous statistical information about the use of the site and to ensure its proper functioning.

1.2 Data Voluntarily Provided by Users/Visitors

If users/visitors, while connecting to this website, provide their personal data to access certain services, or send requests via email, or submit messages to institutional profiles/pages on social media (where this option is available), as well as through the completion and submission of forms on the site, they are aware that this implies the acquisition by the Data Controller of the sender’s address and/or any other personal data that will be processed exclusively to respond to the request or to provide the service.

Specific privacy notices will be published on the pages of the website prepared for the provision of particular services.

The personal data provided by users/visitors will be disclosed to third parties only if the communication is necessary to fulfill the requests of the users/visitors themselves or by law (such as in the case of invoicing).

1.3 Cookies

In addition to the data explicitly provided to the Data Controller, other data resulting from the user’s browsing on the site may be recorded. When the user accesses the site, it may send a “cookie” to the user’s device. A “cookie” is a small text file that the site can automatically send to the user’s computer when they view our pages.

“Cookies” are used to make browsing more convenient, to obtain information about the individual user’s navigation within the site, and to enable the functioning of certain services that require tracking the user’s path through different pages of the site.

For every access to the site, regardless of the presence of a “cookie,” the site records the type of browser (e.g., Internet Explorer, Chrome, Firefox), operating system (e.g., Windows, Macintosh), host, and the referring URL of the user, as well as data on the requested page.

These data may be used in aggregated and anonymous form for statistical analysis of site usage.

For complete management of cookies, please refer to this site’s cookie policy.

2 Processing Methods

The processing is carried out using automated tools for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, in compliance with current regulatory provisions.

Specific security measures are implemented to prevent data loss, unlawful or improper use, and unauthorized access, ensuring access only to individuals authorized or appointed in accordance with the applicable legal provisions.

3 Purpose and Legal Basis of Processing

In compliance with Article 5, paragraph 1, letter b) of the Regulation, we inform you that your personal data will be processed by the Data Controller for the following purposes:

3.1 Provision of Services or to enable navigation on this website;
3.2 To respond to user requests. The legal basis for processing is the legitimate interest of the Data Controller in fulfilling the user’s requests;
3.3 With the user’s explicit consent, to send informational and promotional communications (including newsletters) related to the services offered for sale on the website, as well as to conduct market research, including evaluations of user satisfaction (marketing purposes). The legal basis is the user’s free, optional, and explicit consent, which can be revoked at any time. Processing may be carried out via email, messages, or telephone contact.

4 To Whom Your Personal Data May Be Disclosed

In addition to the Data Controller, in some cases, categories of Responsible Parties and authorized individuals involved in the organizational structure (such as administrative, commercial, marketing, legal, accountants, and system administrators) may have access to the data.

Additionally, the Data Controller may use external entities (such as third-party technical service providers, couriers, hosting providers, cloud services, IT companies, and communication agencies) appointed as external Data Processors.

The updated list of Data Processors can always be requested from the Data Controller at the address provided above.

The data may also be disclosed to all entities that have access to the data by virtue of legal and/or administrative provisions (including public security authorities and judicial authorities).

5 Optional or Mandatory Provision of Data

Apart from what is specified for browsing data, which are automatically acquired, users/visitors are free to provide or not provide their personal data. Failure to provide such data may only result in the inability to obtain what is requested. The voluntary, explicit, and optional sending of emails to the addresses listed on this site entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests for services, products, or information, as well as any other personal data included in the email.

For marketing purposes, consent to processing is optional, and failure to provide it will have no impact on the possibility of registering on the site and/or making purchases.

6 Transfer to a Third Country

For sending our newsletters to users who have explicitly consented to receive marketing communications, we use Mailchimp, an email marketing management and delivery platform provided by The Rocket Science Group LLC, based in the United States. This may involve the transfer of users’ personal data, such as email addresses, to countries outside the European Economic Area (EEA). Such transfers are governed by the Standard Contractual Clauses approved by the European Commission, ensuring a level of personal data protection compliant with GDPR standards.

7 Data Processing Location

The data processing activities related to the web services of this site take place within the EU and, therefore, are considered compliant with Regulation 2016/679/EU as an adequate location.

8 Retention Period for Collected and Processed Personal Data

8.1 The Personal Data processed for the purpose described in section 3.1 will be retained by the Data Controller for the time strictly necessary to fulfill the aforementioned purpose.

8.2 The Personal Data processed for the purpose described in section 3.2 will be retained until you object to the processing by exercising your right provided under Article 21 of the Regulation.

9 Website Platform

Our website uses WordPress, a content management system (CMS) installed on our proprietary servers located within the European Union. Personal data collected through the site is processed directly by the Data Controller and stored in compliance with Regulation (EU) 2016/679 (GDPR).

9.1 Data Localization

All personal data processed and collected through our website is stored on servers located within the European Union. This ensures that data is processed in accordance with European data protection regulations.

9.2 Purpose of Processing

WordPress is used to manage the website’s functionalities, such as content publishing, contact forms, comments, and other interactions. These data may include technical information (e.g., IP addresses) and other data voluntarily provided by users (e.g., via contact forms or requests).

9.3 Data Security

We implement appropriate technical and organizational measures to protect personal data processed through the platform, including encryption, two-factor authentication for server access, and regular backups to ensure business continuity.

10 Analysis and Monitoring Tools

We use analysis tools to better understand how users interact with our website and to improve their experience.

These tools include:

Google Analytics: Provided by Google LLC, based in the United States, Google Analytics collects information about user navigation, such as pages visited, session duration, geographical origin, and interactions with the website. The personal data collected may include IP addresses (which can be anonymized). These data may be transferred to servers located outside the European Economic Area (EEA). Google implements security measures, such as the Standard Contractual Clauses (SCC) approved by the European Commission, to ensure data protection for transferred information. Data collection occurs only with the user’s consent, expressed through the cookie banner. For more details, refer to Google’s Privacy Policy. We have enabled Google Analytics’ IP anonymization feature to ensure greater personal data protection in compliance with European regulations.

Usermaven (Cookieless Mode): We use Usermaven to monitor our website’s performance in cookieless mode, which means it does not use cookies or collect identifiable personal data. The data processed by Usermaven is fully aggregated and anonymized and is used exclusively for statistical purposes. This tool allows us to gain insights into user interactions with the website without compromising their privacy. For more details on how Usermaven operates in cookieless mode, visit [this page](https://usermaven.com/docs/getting-started/cookieless-tracking#privacy-compliance) ([https://usermaven.com/docs/getting-started/cookieless-tracking#privacy-compliance](https://usermaven.com/docs/getting-started/cookieless-tracking#privacy-compliance)).

Meta Pixel: We use the Meta Pixel, provided by Meta Platforms, Inc. (Facebook), to monitor user actions on our website and optimize our advertising campaigns on platforms like Facebook and Instagram. The Pixel collects data related to user interactions, such as pages visited, conversions (e.g., purchases or form submissions), and other actions useful for improving our marketing activities. Data collected through the Pixel may be transferred to servers located outside the European Economic Area (EEA), such as in the United States. Meta uses Standard Contractual Clauses (SCC) approved by the European Commission to ensure a GDPR-compliant level of protection. The use of the Pixel occurs only with the user’s consent, expressed through the cookie banner.

10.1 Legal Basis for Data Processing

– Processing through Google Analytics and Meta Pixel is based on user consent, collected via the cookie banner.
– Processing through Usermaven in cookieless mode is based on the legitimate interest of the Data Controller, as it does not involve the collection of personal data or the use of cookies.

Users can manage their cookie preferences at any time using the cookie banner on our website.

11 Rights of Data Subjects

The individual to whom the personal data refers has the right, at any time pursuant to the GDPR, to obtain confirmation of the existence of such data, know its content and origin, verify its accuracy, or request its integration, updating, or correction.

Requests should be addressed to Pila S.p.A., headquartered in Gressan, Fraz. Pila 16 – 11020, Aosta, Italy, VAT number 00035130079, phone +39 01 65521148, email info@pila.it, PEC pilaspa@pcert.it, or to the Data Protection Officer, Alessandro Medori (medori@studiolegale46bis.it).

Users have various rights regarding the processing of their personal data, aimed at ensuring greater control and transparency. Below are the main rights provided by the GDPR.

11.1 Right of Access

Users can request confirmation as to whether their personal data is being processed and, if so, receive a copy of the processed data and information about the purposes of the processing.

11.2 Right to Rectification

Users have the right to request the correction of inaccurate personal data or the completion of incomplete data.

11.3 Right to Erasure (Right to Be Forgotten)

Users can request the deletion of their personal data in cases provided by law (e.g., if the data is no longer necessary for the purposes for which it was collected or if consent has been withdrawn).

11.4 Right to Restriction of Processing

Users have the right to obtain restriction of the processing of their personal data in certain circumstances, such as when disputing the accuracy of the data or objecting to the processing.

11.5 Right to Data Portability

Users can request to receive the personal data they have provided to us in a structured, commonly used, and machine-readable format and, where technically possible, to have it transmitted directly to another controller.

11.6 Right to Object

Users can object to the processing of their personal data based on a legitimate interest, including profiling, or to processing for direct marketing purposes.

11.7 Right to Withdraw Consent

Users can withdraw their consent for the processing of their personal data at any time without affecting the lawfulness of processing carried out before the withdrawal.

11.8 Right to Lodge a Complaint

Users have the right to file a complaint with the competent data protection authority, such as the Italian Data Protection Authority (http://www.garanteprivacy.it).

Protection of Minors

In accordance with Article 8 of the GDPR, no individual under the age of 16 may provide information to this website without prior consent from their parents or legal guardians, unless permitted by applicable laws.

If a parent or guardian believes that a minor has provided personal information without their consent, they can contact us at info@pila.it, and we will delete the data as quickly as possible.

Periodic Updates

Any updates to this Privacy Policy will be communicated to users via a notice on the website or, if necessary, through direct communications.

Last updated: January 7, 2025.