Privacy Policy
Privacy Policy
1. INTRODUCTION
By means of this document, we will explain in a simple way what we do with your personal data that we collect when you access and use our Pry-ID application (‘Pry-ID’ or the ‘Service’).
The applicable legislation, mainly consisting in the Regulation (EU) 2016/679 (General Data Protection Regulation, ‘GDPR’) and relevant member States’ implementation laws, together with the European Data Protection Board’s and national Supervisory Authorities’ decisions and provisions (all together, the ‘Privacy Law’), identifies a number of actors which must – or simply may – go on the stage, taking part in the personal data processing operations. Their roles and responsibilities vary based on their decision-making power and degree of involvement as to how and why the data will be processed.
The main actor, named ‘data controller’, freely determines the purposes, methods and tools of the processing, being therefore required to guarantee the security of your personal data and to protect all of your rights under the Privacy Law.
In its quality as developer and owner of the Service, the data controller of the processing operations carried out through Pry-ID is Prysmian S.p.A., a company duly incorporated under the laws of Italy, with registered office in Milan, via Chiese 6, 20126, VAT/registration number 04866320965 (‘Prysmian’, ‘Controller’ or ‘we/us’).
There may be other players on the scene who play a supporting role in favour of the data controller. More in detail, the Privacy Law establishes that one or more specific data processing activities can be entrusted by the controller to reliable external providers, named ‘data processors’, who are only allowed to act on behalf and upon written instructions – and so as an ‘operating arm’ – of the controller.
Keep in mind that whenever in this policy we refer to a ‘processing’ of data, it will be an operation carried out, whether or not by automated means, with or through personal data, such as by way of example collection, recording, organization, storage, extraction, modification, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison and deletion of data.
That being said, it must be specified that ‘personal data’ are not only those immediately referable to you (e.g. name and surname), but also those which, in combination with other information available to us or to any third party, would still allow your identification (e.g. the IP address of the device by which you access the Service).
2. THE SERVICE SETTINGS TO PROTECT YOUR PRIVACY
The Service has been designed and set up in such a way as to reduce as much as possible the collection and use of your personal data, excluding the processing in all cases when it is possible to rely on less privacy-intrusive methods.
This Privacy Policy governs exclusively the data processing operations carried out through Pry-ID and must never apply to third parties’ websites, applications and web platforms accessible in any manner from or via Pry-ID, including for authentication purposes.
We therefore invite you to carefully read any third party’s privacy policy before accessing its websites, platforms or applications, or using its services, in order to better understand how your personal data will be processed by them.
3. TYPES OF DATA COLLECTED AND PROCESSED
The data that we will collect and process for the purposes described in Par. 4 are the following:
(A) Web browsing necessary data
The computer systems used to ensure the proper functioning of the Service gather, during their normal operation, some data which are necessary for the use of Internet network protocols (e.g. the IP address of the device you use to access Pry-ID). In the absence of additional information, this type of data only allows us to enable your access and navigation and proper use of the Services, without identifying you.
(B) Contact details
We will collect the data you will provide to us in connection with and in the context of any request you may make related to the Service.
Should you write to Prysmian for any kind of information, support or technical assistance, using the contacts and the forms we made available within Pry-ID, we will receive your e-mail address, as well as any other information and personal data you will decide to share with us in the subject, content and any attachment of your communication.
Please do not share any personal data, unless it is necessary to allow us to reply and give effect to the specific requests you make from time to time. In most cases, we will delete any unneeded data, except when Prysmian is explicitly permitted to process them under the applicable Privacy Law.
(C) Registration and account data
You will be required to register, or log-in (if you are already registered), in order to access and use the Service.
To this purpose, we will ask your name and surname, the name of the company you work for (this information is not mandatory), your corporate e-mail address and your phone number, as well as to choose a suitable personal password, to be then kept secure and confidential under your sole responsibility. This data, in addition to your roles in all the companies and projects you work for, will constitute your account data.
Moreover, if you are an administrator user in charge of registering your company, we will process some of your data (i.e. name, email, phone number) in order to finalize such registration procedure.
(D) GPS location data
In order to take full advantage of the features of Pry-ID, and in particular the location-based services, we may also process your location data collected through the GPS of the device by which you are using the Service. This will only take place with your prior, freely given and specific consent (see Par. 4).
We do not need any additional or different data than those listed above. Therefore, please do not send, provide or upload any unnecessary personal data through Pry-ID. This also applies to the option of uploading photos and/or videos from the installation field, which must capture only products and not identified or identifiable persons. In most cases we will delete any unneeded personal data (namely, identifiable images) immediately, unless an appropriate legal basis exists under the GDPR that justifies our processing of such data.
4. PURPOSE AND LEGAL BASIS OF THE PROCESSING
Control over what is done with your personal data is and must remain solely in your hands.
For this reason, it is our duty to provide you with any necessary details about all the processing operations we can carry out through the Service and, for each of them, indicate the legal basis that permits us to perform such activities.
- Browsing the Service
We will collect and process only few technical data which are needed to enable you to easily access and smoothly navigate on Pry-ID, using the Service without slowdowns or hindrances deriving from the functioning of Internet protocols (Art. 6.1, b), of the GDPR). Note that this information does not allow us to single-out any specific person without matching it with separate additional personal data. - Responding to your contact and support requests
If you decide to contact us for any reason, such as requesting information or assistance regarding the Service, we will process your personal data for the exclusive purpose to reply and follow-up on your request (Art. 6.1, b) of the GDPR). In absence of your data, we will not be able to process and respond to your request. - Managing your registration to the Service and your Pry-ID account
In order to allow you to access and use the Service (Art. 6.1, b) of the GDPR), you will be required to finalize your registration, providing us with those data which are necessary for the creation of your Pry-ID account (Art. 6.1, b) of the GDPR). If you prefer not to sign in, you will not be able to access the Service.
We will use your registration and account data, including your e-mail address, also to send you communications related to the Service, with no commercial nature or purpose, solely in connection with the management of your Pry-ID account and the functioning of the Service. - Provision of location-based services
We will process your location data, to provide you with the location-based services of Pry ID, only as long as you give us your free and specific consent (Art. 6.1, a), of the GDPR). You can easily withdraw your consent at any time, without this affecting in any manner the lawfulness of the processing operations carried out before.
- Soft-spam marketing
Unless you object to this processing at any moment, we will use solely the email address provided during your registration to Pry-ID to pursue our legitimate interest (Art. 6.1, f), of the GDPR) to inform you regarding other similar products and services offered by Prysmian. -
Other purposes
In addition to the above, we can process your data described in Par. 3:
• based on our legitimate interest to prevent and fight crimes and frauds committed on or through the Service, as well as to establish or exercise legal claims or defend our rights before competent • Courts (Art. 6.1, f), of the GDPR);
• based on our legitimate interest to elaborate and generate aggregate statistics that no longer allow your single-out (Art. 6.1, f), of the GDPR);
• in order to comply with a legal obligation to which we are subject or to fulfill an order or a decision by public competent Authorities (Art. 6.1, c), of the GDPR).
5. WHO CAN ACCESS AND PROCESS YOUR PERSONAL DATA
The access to your data will be allowed exclusively to Prysmian’s personnel, duly trained on the applicable privacy and security safeguards and authorized in writing to process only those data which are necessary to carry out their specific and respective tasks.
Should we outsource any data processing activity relating to the functioning of the Service, each vendor engaged will be bound to guarantee at least the same levels of protection of your data offered by us, by signing a specific agreement with Prysmian under Art. 28.3 of the GDPR, in quality as our data processor.
Your data will not be disclosed in any way, nor communicated to third parties, except to comply with orders or provisions issued by competent authorities.
In any case, we have adopted a series of technical and organizational measures to ensure appropriate levels of security, so to prevent all reasonably foreseeable risks that may jeopardize your personal data, with particular but not limited reference to accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access to such data.
Under no circumstances your personal data may undergo automated decision-making processes, including profiling.
6. TRANSFER OF DATA TO THIRD COUNTRIES
Your personal data will not be transferred outside the European Economic Area.
Should the transfer to any third country become necessary in the future to achieve one or more of the purposes described in Par. 4 above, it will be our duty to inform you before any transfer takes place and ensure that appropriate safeguards are adopted pursuant to Chapter V of the GDPR (e.g. by signing with the data importer the Standard Contractual Clauses set out by the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 and, where needed, carrying out a ‘Transfer impact assessment’) especially in view of ensuring that you are allowed, without any limitation, to enforce all of your rights and legal remedies, as established in the applicable EU Privacy Law.
7. FOR HOW LONG WE WILL PROCESS YOUR DATA
We will retain your personal data only for the time necessary to achieve the purposes described above. This means that the data collected:
- to allow your access and use of the Service, will be processed for the sole time of your navigation on Pry-ID, or until you decide to delete them (e.g. by eliminating technical and functional cookies);
- in relation to your contact or support requests, will be processed only for the time necessary to provide you with the needed information and/or assistance, so as to properly handle and follow-up your request. The data will be deleted at the latest 1 (one) year after the last response sent by us to you;
- to allow and manage your registration to the Service, will be processed until you decide to delete your personal account on Pry-ID, or in any case of termination of the agreement with Prysmian under the applicable Terms & Conditions;
- to provide you with the Pry-ID location-based services (i.e. your location data collected through the GPS of the device by which you are using the Service), will be processed only while you are using the Service and without being stored by us (we will only store the geolocation data of products without any reference to you/other individuals);
- with specific reference to soft-spam, the e-mail associated with your Pry-ID account will be used to send you communications regarding other services and products offered by Prysmian, until you object, at any moment, to this processing.
Following the expiry of the terms set out above, we will be entitled to keep processing your data for those purposes which are permitted, or even mandatory, under the laws in force from time to time (e.g. to establish and/or exercise legal claims and/or defend our rights before competent Courts).
As soon as no longer necessary in accordance with the above, your data will be cancelled.
8. YOUR RIGHTS
- Access: accessing your personal data, obtaining evidence – among others – of the purposes of the processing by Prysmian, the categories of data involved, the recipients to whom the data may be disclosed, the applicable storage period, the existence of any automated decision-making process;
- Rectification: having incorrect personal data referred to you rectified without any undue delay;
- Erasure: having your data erased, unless a specific exemption applies, when such data (i) are no longer necessary in relation to the purposes for which they were collected or otherwise processed; or (ii) have been unlawfully processed; or (iii) are subject to a processing that you have objected to on the basis of your particular situation, as set out in point f. below, and there are no overriding legitimate grounds which allow us to keep processing the data; or (iv) are undergoing a processing for direct marketing purposes; or (v) have to be erased for compliance with a legal obligation applicable to Prysmian;
- Restriction of processing: obtaining restrictions to the processing operations concerning your data, when (a) you contest the accuracy of your personal data (solely for the period enabling us to verify their accuracy); (b) the processing is unlawful and you oppose the erasure of your data and request the restriction of their use; (c) we do no longer need your personal data for the purposes identified above, but you require them for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your data, pending our verification as to whether overriding legitimate grounds exist which allow us to keep processing your data;
- Portability: requesting to receive in a structured, commonly used and machine-readable format the data you have provided to us or, where technically feasible, having them transmitted directly to another controller;
- Objection: impeding at any time the processing of your data for direct marketing purposes (soft spam) and, on grounds relating to your particular situation, any processing activity based on our legitimate interest (Art. 6.1, f), of the GDPR), as described in Par. 4 above;
- Enforce your rights: lodging a complaint to the competent Supervisory Authorities (link)
You can at any moment withdraw the consent you may have given, without this affecting in any manner the lawfulness of the processing operations carried out by us before.
To exercise your rights and to request any kind of information or clarifications regarding the data processing operations described in this Privacy policy, please just send us a written request at any time, by paper mail, to Prysmian S.p.A., via Chiese 6, Milan (20126), or via e-mail to [email protected].
Last Update: 26/07/2023