Privacy policy

updated to EU Reg. 2016/679
(European Data Protection Regulation)

1) Introduction
Pantani Group takes your privacy seriously and is committed to respecting it. This privacy policy (“Privacy Policy”) describes the personal data processing activities performed by PANTANI GROUP through the website and the related commitments made by the Company in this regard.
PANTANI GROUP can process your personal data when you visit the Website and use the services and functionalities available on the Site. In the sections of the Website where your personal data are collected, a specific notice is normally published pursuant to art. 13 /15 of EU Reg. 2016/679.
Where required by EU Reg. 2016/679, your consent will be required before processing your personal data. If you provide personal data of a third party, you must ensure that the communication of the data to San Giovanni S.r.l. and the subsequent processing for the purposes specified in the applicable privacy policy complies with EU Reg. 2016/679 and applicable law.

2) Identification details of the controller, processor, and data protection officer

Pantani Filippo – legal representative
Via Fontana 11 – 20122 Milan
The complete list of Processors is available at the office of the Controller

3) Type of Data Processed
A visit to and consultation of the Site generally does not involve the collection and processing of your personal data except for navigation data and cookies as specified below. In addition to “navigation data” (see below), personal data that you voluntarily provide when you interact with the functionalities of the Site or request to use the services offered on the Site may be processed. In compliance with the Privacy Code, Pantani Group may also collect your personal data from third parties in the performance of its business.

4) Cookies and Navigation Data
This Site uses cookies. By using the Site, you consent to the use of cookies in accordance with this Privacy Policy. Cookies are small files stored on the hard disk of the user’s computer. There are two macro-categories of cookies: technical cookies and profiling cookies.
Technical cookies are necessary for the proper functioning of a website and to allow the user to navigate; without them the user may not be able to correctly view the pages or use certain services.
Profiling cookies create user profiles in order to send advertising messages in line with the preferences expressed by the user while navigating.
Cookies can also be categorized as:
- “session” cookies, which are deleted immediately when the browser is closed;
- “persistent” cookies, which remain in the browser for a certain period of time. They are used, for example, to recognize the device that connects to a site by facilitating authentication operations for the user;
- “first-party” cookies, generated and managed directly by the owner of the website through which the user is navigating;
- “third party” cookies, generated and managed by parties other than the owner of the website through which the user is navigating.

5) Cookies Used on This Site
This Site uses the following types of cookies:
1) first-party, session and persistent cookies, necessary to allow navigation through the Site, for internal security and system administration purposes;
2) third-party, session and persistent cookies, necessary to allow the user to use multimedia elements on the Site, such as images and videos;

6) How to Disable Cookies in Browsers

7) Storage of Personal Data
Personal data are stored and processed through computer systems owned by Pantani Group and managed by the same or by third-party technical service providers; for more details please refer to the section "Field of accessibility of personal data" below. Data are processed exclusively by specifically authorized personnel, including personnel in charge of performing extraordinary maintenance operations.

8) Purposes and methods of data processing
Pantani Group may process your common and sensitive personal data for the following purposes: use of services and functionalities on the Site, handling of requests and reports by its users, sending newsletters, managing applications received through the Site, etc.
Furthermore, with your additional and specific optional consent, the company may process personal data for marketing purposes, that is, to send you promotional material and/ or commercial communications related to the Company’s services, at the addresses indicated, both through traditional methods and/or means of contact (such as mail, phone calls with operator, etc.) and automated methods (such as Internet, fax, e-mail, sms, mobile applications for smartphones and tablets – APPS –, social network accounts – e.g. via Facebook or Twitter –, phone calls with automatic operator calls, etc.).
Personal data are processed both in paper and electronic form and entered into the company’s information system in full compliance with EU Regulation 2016/679, including security and confidentiality profiles and based on the principles of fairness and lawfulness of processing. In accordance with Reg. UE 2016/679, data are kept and stored until the request of erasure by the data subject.

9) Security and quality of personal data
PANTANI GROUP is committed to protecting the security of your personal data and complies with the security provisions of the applicable regulations in order to prevent data loss, illegitimate or illegal use of data and unauthorized access to them. In addition, the computer systems and programs used by Pantani Group are configured to minimize the use of personal and identification data; such data are processed only for the achievement of the specific objectives pursued from time to time. The company uses multiple advanced security technologies and procedures to facilitate the protection your personal data; for example, personal data are stored on a secure server located in places with protected and controlled access. You can help Pantani Group to update and maintain correct your personal data by communicating any changes related to your address, qualification, contact information, etc.

10) Scope of communication and data access
Your personal data may be disclosed to:
•    all entities to which the right of access to such data is recognized by virtue of regulatory measures;
•    our collaborators, employees, within the scope of their related duties;
•    all those natural and/or legal, public and/or private entities when the disclosure is necessary or functional for the performance of our activity and in the manner and for the purposes outlined above;

11) Nature of provision of personal data
The provision of certain of your personal data is mandatory to enable the Company to handle communications, requests received from you or to re-contact you to follow up on your request. This type of data are marked with an asterisk [*] and in this case the provision is mandatory to allow the Company to follow up on the request, which otherwise cannot be processed. On the contrary, the collection of the other data not marked with the asterisk is optional: failure to provide them will not result in any consequence for the user.
The provision of personal data by the user for marketing purposes, as specified in the section “Purposes and Methods of Processing”, is optional, and refusal to provide them will not have any consequences. The consent given for marketing purposes includes sending communications via both automated and traditional methods and/or means of contact, as exemplified above.

12) Rights of the Data Subject
12.1 Art. 15 (Right of Access), 16  (Right to Rectification) of Reg. EU 2016/679
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
h) the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
12.2 Right pursuant to art. 17 of EU Reg. 2016/679 - Right to erasure (“right to be forgotten”)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f)  the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of EU Reg. 2016/679.
12.3 Right pursuant to art. 18 Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1)  of EU Reg. 2016/679 pending the verification whether the legitimate grounds of the controller override those of the data subject.
12.4 Right pursuant to art.20 Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller

13 Withdrawal of consent to processing
The data subject shall have the right to withdraw his or her consent to data processing by sending a registered letter with return receipt to the following address: Pantani Group Via Fontana 11 – 20122 Milan (Italy) accompanied by a photocopy of his or her identity document, with the following text: “withdrawal of consent to the processing of all my personal data”. At the end of this operation, your personal data will be removed from the archives as soon as possible.
If you wish to have more information about the processing of your personal data, or to exercise your rights under Section 7 above, you may send a registered letter with return receipt to the following address: Pantani Group Via Fontana 11 – 20122 Milan (Italy). Before we can change or provide you any information, you may need to prove your identity by answering some questions. An answer will be provided as soon as possible.