PRIVACY NOTICE
Pursuant to EU Regulation 2016/679 (hereinafter “GDPR“) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (“Privacy Code“), PR Industrial S.r.l., with registered office in Casole d’Elsa, Siena (SI), Località II Piano – 53031, VAT 06264860484, in its capacity as Data Controller, informs individuals (hereinafter “User(s)“) who access the following websites www.pramac.com, www.generacinternational.com, Home | Pramac Corporate, www.support.generacinternational.com, www.support.pramac.com, Lifter Mobile Robotics | Pramac Corporate, Pramac | No More Blackout, Generac | No More Blackout (hereinafter the “Site“) that the data collected on or through each Site will be processed for the purposes and in the manner described in this notice. The Data Controller is part of the Generac group of companies (“Generac Group”).
1) Types of data collected
The Data Controller collects the data provided voluntarily by the User on or through the Site such as: personal and identification data (name, title), telephone and e-mail addresses, physical address, company data, online identifiers, device/IP data, data provided by Users through free-text boxes in forms on the Site, and/or other common data for the pursuit of the purposes referred to in point 2 below.
2) Purpose of data processing and lawful basis
Your personal data is collected and processed for the following purposes and on the legal basis noted below each purpose:
a) to provide products and services Users request, and manage current and prospective customer relationships;
- this processing is necessary pursuant to Art. 6(1)(b) (performance of a contract) and 6(1)(c) (compliance with legal obligation) of the GDPR. Your provision of personal data for this purpose may be necessary to fully comply with your request.
b) to follow up on Users’s requests for information/contact;
- this processing is necessary pursuant to Art. 6(1)(b) (performance of a contract) and 6(1)(c) (compliance with legal obligation) of the GDPR. Your provision of personal data for this purpose may be necessary to fully comply with your request.
c) to allow the Data Controller to fulfil the obligations provided for by law, by current fiscal, administrative and accounting legislation;
- this processing is necessary pursuant to Art. 6(1)(c) (compliance with legal obligation) of the GDPR. Your provision of personal data for this purpose may be necessary to fully comply with your request.
d) to send information relating to the Data Controller’s products, as well as promotional and commercial offers;
- this processing is based on Art. 6(1)(a) (consent) and/or is necessary pursuant to Art. 6(1)(f) (legitimate interests of the Data Controller). The Data Controller has a legitimate interest in sending marketing content and communications to encourage commercial activities.
e) for profiling activities for marketing purposes;
- this processing is based on Art. 6(1)(a) (consent) and/or is necessary pursuant to Art. 6(1)(f) (legitimate interests of the Data Controller). The Data Controller has a legitimate interest in personalising its marketing content and communications to encourage commercial activities.
f) to transmit personal data within the business group for internal administrative purposes through the use of software and/or applications implemented at group level;
- this processing is based on Art. 6(1)(f) (legitimate interests of the Data Controller). The Data Controller has a legitimate interest in the proper internal administrative management and of the Generac Group.
g) to allow other companies belonging to the PR Industrial Group or Generac Group (within the EU or outside the EU), to carry out marketing activities and/or provide offers on products or services, as well as to process studies, statistical research;
- this processing is based on Art. 6(1)(a) (consent) and/or is necessary pursuant to Art. 6(1)(f) (legitimate interests of the Data Controller) The Data Controller has a legitimate interest in communicating information about its affiliates’ products and services, and conducting research to encourage sales.
h) to establish, exercise or defend a legal claim, as well as debt collection activities;
- this processing is based on Art. 6(1)(f) (legitimate interests of the Data Controller). The Data Controller has a legitimate interest relating to the right of defence and exercise of its rights or of a third party.
Providing data to fulfil a request is required to perform the contract. If a User fails to provide data (even partially), the Data Controller will not be able to perform the obligations arising from the contract or provide the requested services.
3) Methods of data processing and use
User’s personal data will be processed mainly with electronic or automated tools, in compliance with the GDPR and through the implementation of specific security measures intended to prevent the loss of data, illicit or incorrect use and/or unauthorized access.
Data are stored in electronic and/or paper form, and limited to the period of time necessary to achieve the purposes indicated above and may be stored for a longer period due to applicable legal obligations or on the basis of the User’s consent.
4) Communication and transfer of personal data
User’s data are collected and processed at the offices of the Data Controller or at the offices of the technical staff in charge of the maintenance of the Site, called External Data Processor.
Without prejudice to communications made to comply with legal obligations, personal data may be communicated for the pursuit of the purposes indicated above to other recipients or categories of recipients, as independent data controllers or, where necessary, data processors specifically selected and appointed pursuant to art. 28 of the GDPR., including, by way of example but not limited to:
- – the other company of the Generac Group;
- – insurance companies;
- – managers of the software and technological infrastructures used by the Data Controller, as well as providers of IT support services;
- – suppliers of Data Controller.
Furthermore, the personal data of the Data Subjects may also be disclosed to third parties in the following cases: (i) when the communication is required by applicable laws and regulations with respect to legitimate third party recipients of communications, such as authorities and economic and non-economic public bodies that process your data as independent data controllers for their respective institutional purposes, health bodies, medical and paramedical personnel, etc.; (ii) in the event of extraordinary transactions (e.g. mergers, acquisitions, sale of companies, etc.).
The Data Controller informs the User that, being part of the Generac Group, some data may be transferred to other companies of the Generac Group that are based in EU, UK or United States of America.
Considering that the United States do not guarantee an adequate level of protection of personal data compared to that provided for in the European Union, the Data Controller has taken steps to ensure that the transfer of the User’s personal data to that country takes place only in compliance with the conditions set out in art. 45/49 of the GDPR and, in particular: contractual agreements based on Standard Contractual Clauses (“SCCs”) drawn up by the European Commission pursuant to Article 46 of the GDPR. You have the right to contact us to obtain a copy of these clauses.
We also transfer personal data to service providers located in the United States. These service providers are in some cases certified to the EU-U.S. Data Privacy Framework, affording adequate protection to Data. In other cases service providers have adopted internal Binding Corporate Rules, or have signed SCCs with us. Should the Company intend to transfer the personal data of the Data Subjects to non-EU countries other than those mentioned above, such transfer will take place only in compliance with the conditions set out in art. 45/49 of the GDPR.
Transfer to the other companies of the PR Industrial Group (inside or outside the EU) for the purpose referred to in point 2.g) is based on the explicit consent of the User.
5) Data Retention
We retain your personal data for as long as required to satisfy the purpose for which it was collected and used (for example, for the time necessary for us to provide you with customer service, answer queries or resolve technical problems), unless a longer period is necessary to comply with legal obligations (such as fiscal or legal obligations) or to defend a legal claim. If you would like to receive further information on how long we store your personal information, please contact us using the contact details provided in the ‘Contact Us’ section and specify your request.
6) Your rights
Users may exercise certain rights regarding their personal data processed by the Data Controller.
In particular, Users have the right to do the following, to the extent permitted by law and subject to applicable restrictions and exceptions:
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their personal data.
- Object to processing of their persona data. As detailed below, Users have the right to object to the processing of their personal data based on grounds related to their personal situation if the processing is based on the Data Controller’s legitimate interest. Users also have the right at any time to object to the processing of their personal data for direct marketing (including profiling).
- Access their personal data. Users have the right to learn if personal data is being processed by the Data Controller, obtain disclosure regarding certain aspects of the processing and access and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their personal data and ask for it to be updated or corrected.
- Restrict the processing of their personal data. Users have the right to restrict the processing of their personal data. In this case, the Data Controller will not process their personal data for any purpose other than storing it.
- Have their personal data deleted or otherwise removed. Users have the right to obtain the erasure of their personal data from the Data Controller.
- Receive their personal data and have it transferred to another controller. Users have the right to receive their personal data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.
To exercise their rights, the User may, at any time, contact the Data Controller by sending an e-mail to the address: “privacy@pramac.com“.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority. The name and contact details of the European Union Supervisory Authorities are available at the following link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
7) Details about the right to object to processing
Where personal data is processed for a public interest, in the exercise of an official authority vested in the Data Controller or for the purposes of the legitimate interests pursued by the Data Controller, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their personal data be processed for direct marketing (including profiling) purposes, they can object to that processing at any time, free of charge and without providing any justification. Where the User objects to processing for direct marketing purposes, the personal data will no longer be processed for such purposes. To learn whether the Data Controller is processing personal data for direct marketing purposes, Users may refer to the relevant sections of this document.
8) Updates
The Data Controller reserves the right to make changes to this Privacy Notice at any time by notifying its Users on this page and possibly within this website and/or – as far as technically and legally feasible – sending a notice to Users via any contact information available to the Data Controller. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Should the changes affect processing activities performed on the basis of the User’s consent, the Data Controller shall collect new consent from the User, where required.
9) Contact Us
If you have any questions about this Privacy Notice, you can contact the Data Controller at privacy@pramac.com
Browsing the Site is subject to the Privacy Notice available at the following link: Pramac – Privacy policy. The User of the Site is therefore invited to periodically consult both Privacy Policies.